Linux kernel CVE announcements
 help / color / mirror / Atom feed
- recent:[subjects (threaded)|topics (new)|topics (active)]
2026-06-29  4:52 CVE-2026-53325: agp/amd64: Fix broken error propagation in agp_amd64_probe()
2026-06-26 19:40 CVE-2026-53324: net: mana: Use pci_name() for debugfs directory naming
2026-06-26 19:40 CVE-2026-53323: net: dsa: remove redundant netdev_lock_ops() from conduit ethtool ops
2026-06-26 19:40 CVE-2026-53322: vfio/pci: Clean up DMABUFs before disabling function
2026-06-26 19:40 CVE-2026-53321: io_uring/napi: cap busy_poll_to 10 msec
2026-06-26 19:40 CVE-2026-53320: nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty()
2026-06-26 19:40 CVE-2026-53319: blk-wbt: remove WARN_ON_ONCE from wbt_init_enable_default()
2026-06-26 19:40 CVE-2026-53318: wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_tx_check_aggr()
2026-06-26 19:40 CVE-2026-53317: wifi: mt76: mt7921: Place upper limit on station AID
2026-06-26 19:40 CVE-2026-53316: drm/amd/ras: Fix NULL deref in ras_core_ras_interrupt_detected()
2026-06-26 19:40 CVE-2026-53315: drm/amd/ras: Fix NULL deref in ras_core_get_utc_second_timestamp()
2026-06-26 19:40 CVE-2026-53314: padata: Put CPU offline callback in ONLINE section to allow failure
2026-06-26 19:40 CVE-2026-53313: drm/amd/display: Avoid NULL dereference in dc_dmub_srv error paths
2026-06-26 19:40 CVE-2026-53312: iommu/riscv: Remove overflows on the invalidation path
2026-06-26 19:40 CVE-2026-53311: fuse: fix uninit-value in fuse_dentry_revalidate()
2026-06-26 19:40 CVE-2026-53310: soc/tegra: cbb: Fix cross-fabric target timeout lookup
2026-06-26 19:40 CVE-2026-53309: ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison
2026-06-26 19:40 CVE-2026-53308: power: supply: max77705: Free allocated workqueue and fix removal order
2026-06-26 19:40 CVE-2026-53307: pinctrl: pinconf-generic: Fully validate 'pinmux' property
2026-06-26 19:40 CVE-2026-53306: tty: hvc_iucv: fix off-by-one in number of supported devices
2026-06-26 19:40 CVE-2026-53305: usb: typec: ps883x: Fix Oops at unbind
2026-06-26 19:40 CVE-2026-53304: scsi: sg: Resolve soft lockup issue when opening /dev/sgX
2026-06-26 19:40 CVE-2026-53303: f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show()
2026-06-26 19:40 CVE-2026-53302: crypto: eip93 - fix hmac setkey algo selection
2026-06-26 19:40 CVE-2026-53301: reset: amlogic: t7: Fix null reset ops
2026-06-26 19:40 CVE-2026-53300: net: enetc: fix NTMP DMA use-after-free issue
2026-06-26 19:40 CVE-2026-53299: net: airoha: Move ndesc initialization at end of airoha_qdma_init_tx()
2026-06-26 19:40 CVE-2026-53298: net: airoha: Move ndesc initialization at end of airoha_qdma_init_rx_queue()
2026-06-26 19:40 CVE-2026-53297: net: mana: Guard mana_remove against double invocation
2026-06-26 19:40 CVE-2026-53296: mailbox: mailbox-test: free channels on probe error
2026-06-26 19:40 CVE-2026-53295: mailbox: add sanity check for channel array
2026-06-26 19:40 CVE-2026-53294: mailbox: mailbox-test: don't free the reused channel
2026-06-26 19:40 CVE-2026-53293: drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG
2026-06-26 19:40 CVE-2026-53292: net: phonet: do not BUG_ON() in pn_socket_autobind() on failed bind
2026-06-26 19:40 CVE-2026-53291: ALSA: hda/conexant: Fix missing error check for jack detection
2026-06-26 19:40 CVE-2026-53290: drm/xe/eustall: Fix drm_dev_put called before stream disable in close
2026-06-26 19:40 CVE-2026-53289: ice: fix NULL pointer dereference in ice_reset_all_vfs()
2026-06-26 19:40 CVE-2026-53288: arm64: Reserve an extra page for early kernel mapping
2026-06-26 19:40 CVE-2026-53287: audit: fix incorrect inheritable capability in CAPSET records
2026-06-26 19:40 CVE-2026-53286: idpf: fix double free and use-after-free in aux device error paths
2026-06-26 19:40 CVE-2026-53285: drm/amd/display: Wrap DCN32 phantom-plane allocation in DC_RUN_WITH_PREEMPTION_ENABLED
2026-06-26 19:40 CVE-2026-53284: btrfs: only release the dirty pages io tree after successful writes
2026-06-26 19:40 CVE-2026-53283: iommu/amd: Bounds-check devid in __rlookup_amd_iommu()
2026-06-26 19:40 CVE-2026-53282: x86/kexec: Push kjump return address even for non-kjump kexec
2026-06-26 19:40 CVE-2026-53281: iommu/vt-d: Avoid NULL pointer dereference or refcount corruption
2026-06-26 19:40 CVE-2026-53280: iommu: Fix NULL group->domain dereference in pci_dev_reset_iommu_done()
2026-06-26 19:40 CVE-2026-53279: drm/gma500/oaktrail_lvds: fix hang on init failure
2026-06-26 19:40 CVE-2026-53278: arm_mpam: Check whether the config array is allocated before destroying it
2026-06-25  8:42 CVE-2026-53277: KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT emulation
2026-06-25  8:42 CVE-2026-53276: Bluetooth: ISO: Fix a use-after-free of the hci_conn pointer
2026-06-25  8:42 CVE-2026-53275: ipv6: mcast: Fix use-after-free when processing MLD queries
2026-06-25  8:42 CVE-2026-53274: net/smc: fix sleep-inside-lock in __smc_setsockopt() causing local DoS
2026-06-25  8:42 CVE-2026-53273: tee: optee: prevent use-after-free when the client exits before the supplicant
2026-06-25  8:42 CVE-2026-53272: erofs: fix use-after-free on sbi->sync_decompress
2026-06-25  8:41 CVE-2026-53271: ksmbd: fix NULL-deref of opinfo->conn in oplock/lease break notifiers
2026-06-25  8:41 CVE-2026-53270: ipvs: clear the svc scheduler ptr early on edit
2026-06-25  8:41 CVE-2026-53269: netfilter: synproxy: add mutex to guard hook reference counting
2026-06-25  8:41 CVE-2026-53268: netfilter: conntrack_irc: fix possible out-of-bounds read
2026-06-25  8:41 CVE-2026-53267: netfilter: nft_ct: bail out on template ct in get eval
2026-06-25  8:41 CVE-2026-53266: netfilter: bridge: make ebt_snat ARP rewrite writable
2026-06-25  8:41 CVE-2026-53265: dm cache policy smq: check allocation under invalidate lock
2026-06-25  8:41 CVE-2026-53264: net/sched: act_api: use RCU with deferred freeing for action lifecycle
2026-06-25  8:41 CVE-2026-53263: 6lowpan: fix off-by-one in multicast context address compression
2026-06-25  8:41 CVE-2026-53262: l2tp: pppol2tp: hold reference to session in pppol2tp_ioctl()
2026-06-25  8:41 CVE-2026-53261: devlink: Release nested relation on devlink free
2026-06-25  8:41 CVE-2026-53260: tcp: Add preempt_{disable,enable}_nested() in reqsk_queue_hash_req().
2026-06-25  8:41 CVE-2026-53259: ipv6: anycast: insert aca into global hash under idev->lock
2026-06-25  8:41 CVE-2026-53258: wifi: fix leak if split 6 GHz scanning fails
2026-06-25  8:41 CVE-2026-53257: wifi: cfg80211: enforce HE/EHT cap/oper consistency
2026-06-25  8:41 CVE-2026-53256: Bluetooth: RFCOMM: hold listener socket in rfcomm_connect_ind()
2026-06-25  8:41 CVE-2026-53255: Bluetooth: MGMT: validate advertising TLV before type checks
2026-06-25  8:41 CVE-2026-53254: Bluetooth: RFCOMM: validate skb length in MCC handlers
2026-06-25  8:41 CVE-2026-53253: Bluetooth: bnep: reject short frames before parsing
2026-06-25  8:41 CVE-2026-53252: Bluetooth: fix memory leak in error path of hci_alloc_dev()
2026-06-25  8:41 CVE-2026-53251: Bluetooth: ISO: Fix not releasing hdev reference on iso_conn_big_sync
2026-06-25  8:41 CVE-2026-53250: xsk: cache csum_start/csum_offset to fix TOCTOU in xsk_skb_metadata()
2026-06-25  8:41 CVE-2026-53249: ipv4: restrict IPOPT_SSRR and IPOPT_LSRR options
2026-06-25  8:41 CVE-2026-53248: net: airoha: Fix use-after-free in metadata dst teardown
2026-06-25  8:41 CVE-2026-53247: net: ethernet: mtk_eth_soc: Fix use-after-free in metadata dst teardown
2026-06-25  8:41 CVE-2026-53246: sctp: validate cached peer INIT chunk length in COOKIE_ECHO processing
2026-06-25  8:41 CVE-2026-53245: net/802/mrp: fix vector attribute parsing in mrp_pdu_parse_vecattr
2026-06-25  8:41 CVE-2026-53244: VFS: fix possible failure to unlock in nfsd4_create_file()
2026-06-25  8:41 CVE-2026-53243: rseq: Fix using an uninitialized stack variable in rseq_exit_user_update()
2026-06-25  8:41 CVE-2026-53242: ALSA: PCM: Fix wait queue list corruption in snd_pcm_drain() on linked streams
2026-06-25  8:41 CVE-2026-53241: ALSA: seq: dummy: fix UMP event stack overread
2026-06-25  8:41 CVE-2026-53240: xfrm: iptfs: fix use-after-free on first_skb in __input_process_payload
2026-06-25  8:41 CVE-2026-53239: xfrm: policy: fix use-after-free on inexact bin in xfrm_policy_bysel_ctx()
2026-06-25  8:41 CVE-2026-53238: netlabel: validate unlabeled address and mask attribute lengths
2026-06-25  8:41 CVE-2026-53237: gpio: mvebu: fix NULL pointer dereference in suspend/resume
2026-06-25  8:41 CVE-2026-53236: tcp: restrict SO_ATTACH_FILTER to priv users
2026-06-25  8:41 CVE-2026-53235: net: add pskb_may_pull() to skb_gro_receive_list()
2026-06-25  8:41 CVE-2026-53234: net: ibm: emac: Fix use-after-free during device removal
2026-06-25  8:41 CVE-2026-53233: netdev: fix double-free in netdev_nl_bind_rx_doit()
2026-06-25  8:41 CVE-2026-53232: net: phy: clean the sfp upstream if phy probing fails
2026-06-25  8:41 CVE-2026-53231: net: phy: don't try to setup PHY-driven SFP cages when using genphy
2026-06-25  8:41 CVE-2026-53230: net/mlx5: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list
2026-06-25  8:41 CVE-2026-53229: net/mlx5e: xsk: Fix DMA and xdp_frame leak on XDP_TX xmit failure
2026-06-25  8:41 CVE-2026-53228: ipv6: sit: reload inner IPv6 header after GSO offloads
2026-06-25  8:41 CVE-2026-53227: net: openvswitch: fix possible kfree_skb of ERR_PTR
2026-06-25  8:41 CVE-2026-53226: gpio: rockchip: fix generic IRQ chip leak on remove
2026-06-25  8:41 CVE-2026-53225: sctp: fix uninit-value in __sctp_rcv_asconf_lookup()
2026-06-25  8:41 CVE-2026-53224: sctp: validate embedded INIT chunk and address list lengths in cookie
2026-06-25  8:41 CVE-2026-53223: net: guard timestamp cmsgs to real error queue skbs
2026-06-25  8:41 CVE-2026-53222: ptp: ocp: fix resource freeing order
2026-06-25  8:41 CVE-2026-53221: ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup()
2026-06-25  8:41 CVE-2026-53220: netfilter: revalidate bridge ports
2026-06-25  8:41 CVE-2026-53219: netfilter: x_tables: avoid leaking percpu counter pointers
2026-06-25  8:41 CVE-2026-53218: netfilter: nft_exthdr: fix register tracking for F_PRESENT flag
2026-06-25  8:41 CVE-2026-53217: net: mvpp2: sync RX data at the hardware packet offset
2026-06-25  8:41 CVE-2026-53216: net: mvpp2: limit XDP frame size to the RX buffer
2026-06-25  8:41 CVE-2026-53215: net: mvpp2: refill RX buffers before XDP or skb use
2026-06-25  8:41 CVE-2026-53214: ipv6: Fix a potential NPD in cleanup_prefix_route()
2026-06-25  8:41 CVE-2026-53213: drm/vc4: fix krealloc() memory leak
2026-06-25  8:41 CVE-2026-53212: netfilter: nft_tunnel: fix use-after-free on object destroy
2026-06-25  8:40 CVE-2026-53211: netfilter: nft_meta_bridge: fix stale stack leak via IIFHWADDR register
2026-06-25  8:40 CVE-2026-53210: tee: shm: fix shm leak in register_shm_helper()
2026-06-25  8:40 CVE-2026-53209: Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend
2026-06-25  8:40 CVE-2026-53208: Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig
2026-06-25  8:40 CVE-2026-53207: mm/memory-failure: fix hugetlb_lock AA deadlock in get_huge_page_for_hwpoison
2026-06-25  8:40 CVE-2026-53206: accel/ivpu: Add bounds check for firmware runtime memory
2026-06-25  8:40 CVE-2026-53205: accel/ivpu: Add bounds checks for firmware log indices
2026-06-25  8:40 CVE-2026-53204: firmware: stratix10-rsu: Fix NULL deref on rsu_send_msg() timeout in probe
2026-06-25  8:40 CVE-2026-53203: accel/ivpu: Add buffer overflow check in MS get_info_ioctl
2026-06-25  8:40 CVE-2026-53202: accel/ivpu: Fix signed integer truncation in IPC receive
2026-06-25  8:40 CVE-2026-53201: Revert "drm/xe: Skip exec queue schedule toggle if queue is idle during suspend"
2026-06-25  8:40 CVE-2026-53200: KVM: arm64: nv: Fix handling of XN[0] when !FEAT_XNX
2026-06-25  8:40 CVE-2026-53199: hv_netvsc: use kmap_local_page in netvsc_copy_to_send_buf
2026-06-25  8:40 CVE-2026-53198: ksmbd: fix use-after-free of a deferred file_lock on double SMB2_CANCEL
2026-06-25  8:40 CVE-2026-53197: xfrm: iptfs: fix ABBA deadlock in iptfs_destroy_state()
2026-06-25  8:40 CVE-2026-53196: USB: serial: io_ti: fix heap overflow in get_manuf_info()
2026-06-25  8:40 CVE-2026-53195: USB: serial: io_ti: fix heap overflow in build_i2c_fw_hdr()
2026-06-25  8:40 CVE-2026-53194: USB: serial: kl5kusb105: fix bulk-out buffer overflow
2026-06-25  8:40 CVE-2026-53193: ALSA: timer: Forcibly close timer instances at closing
2026-06-25  8:40 CVE-2026-53192: ALSA: timer: Fix UAF at snd_timer_user_params()
2026-06-25  8:40 CVE-2026-53191: io_uring/net: inherit IORING_CQE_F_BUF_MORE across bundle recv retries
2026-06-25  8:40 CVE-2026-53190: drm/virtio: fix dma_fence refcount leak on error in virtio_gpu_dma_fence_wait()
2026-06-25  8:40 CVE-2026-53189: mm/huge_memory: update file PMD counter before folio_put()
2026-06-25  8:40 CVE-2026-53188: RDMA/core: Validate the passed in fops for ib_get_ucaps()
2026-06-25  8:40 CVE-2026-53187: RDMA/core: Validate cpu_id against nr_cpu_ids in DMAH alloc
2026-06-25  8:40 CVE-2026-53186: RDMA/srp: bound SRP_RSP sense copy by the received length
2026-06-25  8:40 CVE-2026-53185: zram: fix use-after-free in zram_bvec_write_partial()
2026-06-25  8:40 CVE-2026-53184: udp: clear skb->dev before running a sockmap verdict
2026-06-25  8:40 CVE-2026-53183: mptcp: allow subflow rcv wnd to shrink
2026-06-25  8:40 CVE-2026-53182: wifi: nl80211: reject oversized EMA RNR lists
2026-06-25  8:40 CVE-2026-53181: vsock/vmci: fix sk_ack_backlog leak on failed handshake
2026-06-25  8:40 CVE-2026-53180: timers/migration: Fix livelock in tmigr_handle_remote_up()
2026-06-25  8:40 CVE-2026-53179: staging: rtl8723bs: fix buffer over-read in rtw_update_protection
2026-06-25  8:40 CVE-2026-53178: staging: rtl8723bs: rtw_mlme: add bounds checks before ie_length subtraction
2026-06-25  8:40 CVE-2026-53177: bnxt_en: Fix NULL pointer dereference
2026-06-25  8:40 CVE-2026-53176: IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN
2026-06-25  8:40 CVE-2026-53175: inet: frags: fix use-after-free caused by the fqdir_pre_exit() flush
2026-06-25  8:40 CVE-2026-53174: ovl: keep err zero after successful ovl_cache_get()
2026-06-25  8:40 CVE-2026-53173: accel/ethosu: fix OOB write in ethosu_gem_cmdstream_copy_and_validate()
2026-06-25  8:40 CVE-2026-53172: accel/ethosu: fix IFM region index out-of-bounds in command stream parser
2026-06-25  8:40 CVE-2026-53171: accel/ethosu: fix arithmetic issues in dma_length()
2026-06-25  8:40 CVE-2026-53170: accel/ethosu: reject DMA commands with uninitialized length
2026-06-25  8:40 CVE-2026-53169: accel/ethosu: reject NPU_OP_RESIZE commands from userspace
2026-06-25  8:40 CVE-2026-53168: fuse: reject fuse_notify() pagecache ops on directories
2026-06-25  8:40 CVE-2026-53167: fuse: limit FUSE_NOTIFY_RETRIEVE to uptodate folios
2026-06-25  8:40 CVE-2026-53166: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock
2026-06-25  8:40 CVE-2026-53165: iomap: avoid potential null folio->mapping deref during error reporting
2026-06-25  8:40 CVE-2026-53164: iommu/dma: Do not try to iommu_map a 0 length region in swiotlb
2026-06-25  8:40 CVE-2026-53163: locking/rtmutex: Skip remove_waiter() when waiter is not enqueued
2026-06-25  8:40 CVE-2026-53162: memcg: use round-robin victim selection in refill_stock
2026-06-25  8:40 CVE-2026-53161: misc: fastrpc: fix use-after-free of fastrpc_user in workqueue context
2026-06-25  8:40 CVE-2026-53160: misc: fastrpc: fix use-after-free race in fastrpc_map_create
2026-06-25  8:40 CVE-2026-53159: misc: fastrpc: fix DMA address corruption due to find_vma misuse
2026-06-25  8:40 CVE-2026-53158: misc: fastrpc: Fix NULL pointer dereference in rpmsg callback
2026-06-25  8:40 CVE-2026-53157: net: phonet: free phonet_device after RCU grace period
2026-06-25  8:40 CVE-2026-53156: nvmem: core: fix use-after-free bugs in error paths
2026-06-25  8:40 CVE-2026-53155: mm/huge_memory: use correct flags for device private PMD entry
2026-06-25  8:40 CVE-2026-53154: mm/hugetlb: restore reservation on error in hugetlb folio copy paths
2026-06-25  8:40 CVE-2026-53153: mm/list_lru: drain before clearing xarray entry on reparent
2026-06-25  8:40 CVE-2026-53152: mmc: dw_mmc-rockchip: Add missing private data for very old controllers
2026-06-25  8:39 CVE-2026-53151: rxrpc: Fix the ACK parser to extract the SACK table for parsing
2026-06-25  8:39 CVE-2026-53150: thunderbolt: Reject zero-length property entries in validator
2026-06-25  8:39 CVE-2026-53149: thunderbolt: Bound root directory content to block size
2026-06-25  8:39 CVE-2026-53148: thunderbolt: Clamp XDomain response data copy to allocation size
2026-06-25  8:39 CVE-2026-53147: thunderbolt: Validate XDomain request packet size before type cast
2026-06-25  8:39 CVE-2026-53146: thunderbolt: Limit XDomain response copy to actual frame size
2026-06-25  8:39 CVE-2026-53145: drm/gem: Try to fix change_handle ioctl, attempt 4
2026-06-25  8:39 CVE-2026-53144: drm/amdkfd: fix NULL dereference in get_queue_ids()
2026-06-25  8:39 CVE-2026-53143: drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11
2026-06-25  8:39 CVE-2026-53142: drm/xe/display: fix oops in suspend/shutdown without display
2026-06-25  8:39 CVE-2026-53141: drm/v3d: Fix global performance monitor reference counting
2026-06-25  8:39 CVE-2026-53140: drm/v3d: Fix vaddr leak when indirect CSD has zeroed workgroups
2026-06-25  8:39 CVE-2026-53139: drm/v3d: Skip CSD when it has zeroed workgroups
2026-06-25  8:39 CVE-2026-53138: drm/amd/display: Bound VBIOS record-chain walk loops
2026-06-25  8:39 CVE-2026-53137: drm/amd/display: Clamp HDMI HDCP2 rx_id_list read to buffer size
2026-06-25  8:39 CVE-2026-53136: drm/amd/display: Clamp VBIOS HDMI retimer register count to array size
2026-06-25  8:39 CVE-2026-53135: drm/amd/display: Fix NULL deref and buffer over-read in SDP debugfs
2026-06-25  8:39 CVE-2026-53134: netfilter: nft_fib: fix stale stack leak via the OIFNAME register
2026-06-25  8:39 CVE-2026-53133: RDMA/umem: Fix truncation for block sizes >= 4G
2026-06-25  8:39 CVE-2026-53132: vsock/virtio: fix potential unbounded skb queue
2026-06-25  8:39 CVE-2026-53131: netfilter: require Ethernet MAC header before using eth_hdr()
2026-06-24 16:32 CVE-2026-53130: fs/omfs: reject s_sys_blocksize smaller than OMFS_DIR_START
2026-06-24 16:32 CVE-2026-53129: fs/mbcache: cancel shrink work before destroying the cache
2026-06-24 16:32 CVE-2026-53128: drbd: Balance RCU calls in drbd_adm_dump_devices()
2026-06-24 16:32 CVE-2026-53127: block: fix zones_cond memory leak on zone revalidation error paths
2026-06-24 16:32 CVE-2026-53125: md: fix array_state=clear sysfs deadlock

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox