372837 matches found
CVE-2026-64066
The CVE applies to the Linux kernel, specifically the netfs subsystem. A fault in netfs_read_to_pagecache() could cause ongoing subrequests to continue after a subrequest already issued has failed; the fix pauses generation of new subrequests when a subrequest fails. This update clarifies and lim...
CVE-2026-64067
The CVE-2026-64067 entry describes a Linux kernel netfs vulnerability where stream->subrequests is accessed locklessly, allowing potential data-race conditions on subreq->flags. The fix introduces barriers-based synchronization: (1) list_add_tail_release() uses a release barrier when append...
CVE-2026-64065
CVE-2026-64065 concerns a Linux kernel issue in the netfs path: a VM_BUG_ON_FOLIO() problem within netfs_write_begin() can trigger a kernel BUG at mm/filemap.c:1504 (observed as an Oops with a reproduction via generic/013). The provided descriptions indicate this is a resolved vulnerability in th...
CVE-2026-64063
CVE-2026-64063 concerns the Linux kernel netfs subsystem, where streaming writes could partially overwrite dirty folios without correctly updating state. The issue occurred when a partially written streaming page was overwritten by a subsequent write: netfs_perform_write() could copy over the pag...
CVE-2026-64064
The CVE-2026-64064 entry concerns a Linux kernel netfs issue where netfs_invalidate_folio() could leave a folio’s dirty state inconsistent after truncation, potentially causing a read path (netfs_read_folio) to oops when mmap reads a dirty folio. A fix was implemented to call folio_cancel_dirty()...
CVE-2026-64062
The CVE-2026-64062 issue affects the Linux kernel netfs subsystem, specifically a deadlock risk in write-through mode. The fix in netfs_advance_writethrough() ensures the supplied folio is always unlocked and marked dirty if not yet at the end; however, writeback cannot occur until the folio is d...
CVE-2026-64061
CVE-2026-64061 affects the Linux kernel netfs implementation. The issue is a use-after-free in the data-path when reading data via TCP sockets, traced to netfs_read_gaps() and the handling of a sink page used to cover gaps during a single read. The bug manifests through a KASAN report in _copy_to...
CVE-2026-64060
In the Linux kernel netfs subsystem, CVE-2026-64060 fixes a leak of the request reference in netfs_write_begin() when an error occurs in netfs_wait_for_read(). The issue was resolved by adjusting error handling to avoid leaking the request’s ref. This entry contains concrete details about the aff...
CVE-2026-64059
The CVE affects the Linux kernel netfs code, specifically netfs_perform_write(), where folio->private was not reliably managed across NULL, NETFS_FOLIO_COPY_TO_CACHE, and netfs_folio/group pointers. This could lead to multiple attachments of private data, folio ref leaks, and leaks of netfs_fo...
CVE-2026-64058
The CVE-2026-64058 entry applies to the Linux kernel, addressing netfs_read_folio() so it waits for an ongoing writeback to finish before trusting folio->private and the dirty flag. The underlying issue allowed a race where folio->private could be cleaned up by the collector before writebac...
CVE-2026-64057
The CVE-2026-64057 entry describes a Linux kernel issue in the afs filesystem related to symbolic link handling via afs_get_link(). The root causes are: (1) lack of locking around afs_read_single() allowing races between concurrent get_link() calls with potential leaks; (2) no RCU barrier usage w...
CVE-2026-64056
The CVE affects the Linux kernel net: ethernet: cortina driver. The issue arises from a static local RX SKB used to assemble fragments in gmac_rx() on Gemini devices with two ethernet ports, which can cause races between ports. The fix makes the RX SKB a per-port variable carried in the port stru...
CVE-2026-64055
CVE-2026-64055 involves the Linux kernel driver for Cortina Ethernet (net: ethernet: cortina). The issue occurs in gmac_rx() where the NAPI poll builds SKBs from a ring buffer; if the ring buffer is emptied mid-cycle, the fragment counter (frag_nr) is reset on the next invocation while a packet i...
CVE-2026-64054
CVE-2026-64054 concerns the Linux kernel net: shaper GROUP request handling. The issue in net_shaper_nl_group_doit() failed to deduplicate NET_SHAPER_A_LEAVES entries, causing the same old-parent pointer to be added twice to old_nodes[]. The cleanup loop could then double-free the same parent, pa...
CVE-2026-64052
Technical details (affected product/component, root cause, impact, affected versions, or remediation specifics) are not publicly available in the provided documents. Monitor for updates as more information may be released or updated.
CVE-2026-64053
The CVE-2026-64053 issue affects the Linux kernel’s block layer: in bio_integrity_copy_user(), bip_vcnt could be overwritten, causing gap-merge checks to read past the bip_vec[] array. The problem stems from not copying bip_vcnt in bio_integrity_clone() and BIP_CLONE_FLAGS excluding BIP_COPY_USER...
CVE-2026-64051
In the Linux kernel vulnerability CVE-2026-64051, the issue arises in accel/qaic: remap_pfn_range used during mmap can map beyond the VMA when the BO is large, risking use-after-free if munmap() only unmaps the VMA region. The root cause is insufficient size checks before remapping in qaic_gem_ob...
CVE-2026-64050
In CVE-2026-64050, the Linux kernel's drm/msm/dpu subsystem had a use-after-free during driver teardown due to mixing devm and drmm memory management functions. Specifically, wb connector data could be destroyed because devm_kzalloc() was used while the WB connector still interacted with via drmm...
CVE-2026-64049
In the Linux kernel, the drm/msm/adreno driver fixes a userspace-triggered crash on a2xx–a4xx by adding a guard in adreno_get_param() to check for UBWC configuration and return sane defaults when UBWC params are queried but not supported. Before this, older generations wouldn’t fetch UBWC params,...
CVE-2026-64048
The CVE-2026-64048 entry describes a Linux kernel issue in the SMC subsystem (net/smc) where a CHID-0 match against an empty ism_dev slot can trigger a NULL dereference during smc_conn_create, potentially causing a fault if an SMC-Dv2 peer replies with CHID 0. The root cause is that slot 0 (reser...