linux package
kernel
pkg:linux/kernel
Vulnerabilities (1,755)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-71193 | — | >= 4.17.0, < 6.6.122 | 6.6.122 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend Enabling runtime PM before attaching the QPHY instance as driver data can lead to a NULL pointer dereference in runtime PM callbacks that expect va | ||
| CVE-2026-23048 | — | >= 6.18.0, < 6.18.6 | 6.18.6 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: udp: call skb_orphan() before skb_attempt_defer_free() Standard UDP receive path does not use skb->destructor. But skmsg layer does use it, since it calls skb_set_owner_sk_safe() from udp_read_skb(). This the | ||
| CVE-2026-23047 | — | >= 4.7.0, < 5.10.248 | 5.10.248 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: libceph: make calc_target() set t->paused, not just clear it Currently calc_target() clears t->paused if the request shouldn't be paused anymore, but doesn't ever set t->paused even though it's able to determin | ||
| CVE-2026-23046 | — | >= 6.15.0, < 6.18.6 | 6.18.6 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix device mismatch in devm_kzalloc/devm_kfree Initial rss_hdr allocation uses virtio_device->device, but virtnet_set_queues() frees using net_device->device. This device mismatch causing below devr | ||
| CVE-2026-23045 | — | >= 6.17.0, < 6.18.6 | 6.18.6 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/ena: fix missing lock when update devlink params Fix assert lock warning while calling devl_param_driverinit_value_set() in ena. WARNING: net/devlink/core.c:261 at devl_assert_locked+0x62/0x90, CPU#0: kwor | ||
| CVE-2026-23044 | — | >= 6.15.0, < 6.18.6 | 6.18.6 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Fix crash when freeing invalid crypto compressor When crypto_alloc_acomp() fails, it returns an ERR_PTR value, not NULL. The cleanup code in save_compressed_image() and load_compressed_image() u | ||
| CVE-2026-23043 | — | >= 6.18.0, < 6.18.6 | 6.18.6 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL pointer dereference in do_abort_log_replay() Coverity reported a NULL pointer dereference issue (CID 1666756) in do_abort_log_replay(). When btrfs_alloc_path() fails in replay_one_buffer(), wc-> | ||
| CVE-2026-23042 | — | >= 6.17.0, < 6.18.6 | 6.18.6 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: idpf: fix aux device unplugging when rdma is not supported by vport If vport flags do not contain VIRTCHNL2_VPORT_ENABLE_RDMA, driver does not allocate vdev_info for this vport. This leads to kernel NULL pointe | ||
| CVE-2026-23041 | — | >= 6.18.0, < 6.18.6 | 6.18.6 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix NULL pointer crash in bnxt_ptp_enable during error cleanup When bnxt_init_one() fails during initialization (e.g., bnxt_init_int_mode returns -ENODEV), the error path calls bnxt_free_hwrm_resources | ||
| CVE-2026-23040 | — | >= 6.18.0, < 6.18.6 | 6.18.6 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel 149 and not 5475 which is not actually a valid channel. This could result in a NULL poi | ||
| CVE-2025-71192 | — | >= 4.15.0, < 6.1.161 | 6.1.161 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix a double free in snd_ac97_controller_register() If ac97_add_adapter() fails, put_device() is the correct way to drop the device reference. kfree() is not required. Add kfree() if idr_alloc() fai | ||
| CVE-2026-23039 | — | >= 6.18.0, < 6.18.7 | 6.18.7 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/gud: fix NULL fb and crtc dereferences on USB disconnect On disconnect drm_atomic_helper_disable_all() is called which sets both the fb and crtc for a plane to NULL before invoking a commit. This causes a | ||
| CVE-2026-23038 | — | >= 4.0.0, < 5.10.249 | 5.10.249 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() In nfs4_ff_alloc_deviceid_node(), if the allocation for ds_versions fails, the function jumps to the out_scratch label without freeing the alread | ||
| CVE-2026-23037 | — | >= 5.13.0, < 5.15.199 | 5.15.199 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: allow partial RX URB allocation to succeed When es58x_alloc_rx_urbs() fails to allocate the requested number of URBs but succeeds in allocating some, it returns an error code. This causes es58x | ||
| CVE-2026-23036 | — | >= 6.13.0, < 6.18.7 | 6.18.7 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: btrfs: release path before iget_failed() in btrfs_read_locked_inode() In btrfs_read_locked_inode() if we fail to lookup the inode, we jump to the 'out' label with a path that has a read locked leaf and then we | ||
| CVE-2026-23035 | — | >= 5.12.0, < 6.12.67 | 6.12.67 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv mlx5e_priv is an unstable structure that can be memset(0) if profile attaching fails. Pass netdev to mlx5e_destroy_netdev() to guarantee it will w | ||
| CVE-2026-23034 | — | >= 6.16.0, < 6.18.7 | 6.18.7 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix fence reference leak on queue teardown v2 The user mode queue keeps a pointer to the most recent fence in userq->last_fence. This pointer holds an extra dma_fence reference. When the queu | ||
| CVE-2026-23033 | — | >= 3.6.0, < 5.10.249 | 5.10.249 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: omap-dma: fix dma_pool resource leak in error paths The dma_pool created by dma_pool_create() is not destroyed when dma_async_device_register() or of_dma_controller_register() fails, causing a resour | ||
| CVE-2026-23032 | — | >= 6.4.0, < 6.6.122 | 6.6.122 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: null_blk: fix kmemleak by releasing references to fault configfs items When CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, the null-blk driver sets up fault injection support by creating the timeout_inject | ||
| CVE-2026-23031 | — | >= 3.16.0, < 6.1.162 | 6.1.162 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak In gs_can_open(), the URBs for USB-in transfers are allocated, added to the parent->rx_submitted anchor and submitted. In the complete callback g |
- CVE-2025-71193Feb 4, 2026affected >= 4.17.0, < 6.6.122fixed 6.6.122
In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend Enabling runtime PM before attaching the QPHY instance as driver data can lead to a NULL pointer dereference in runtime PM callbacks that expect va
- CVE-2026-23048Feb 4, 2026affected >= 6.18.0, < 6.18.6fixed 6.18.6
In the Linux kernel, the following vulnerability has been resolved: udp: call skb_orphan() before skb_attempt_defer_free() Standard UDP receive path does not use skb->destructor. But skmsg layer does use it, since it calls skb_set_owner_sk_safe() from udp_read_skb(). This the
- CVE-2026-23047Feb 4, 2026affected >= 4.7.0, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: libceph: make calc_target() set t->paused, not just clear it Currently calc_target() clears t->paused if the request shouldn't be paused anymore, but doesn't ever set t->paused even though it's able to determin
- CVE-2026-23046Feb 4, 2026affected >= 6.15.0, < 6.18.6fixed 6.18.6
In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix device mismatch in devm_kzalloc/devm_kfree Initial rss_hdr allocation uses virtio_device->device, but virtnet_set_queues() frees using net_device->device. This device mismatch causing below devr
- CVE-2026-23045Feb 4, 2026affected >= 6.17.0, < 6.18.6fixed 6.18.6
In the Linux kernel, the following vulnerability has been resolved: net/ena: fix missing lock when update devlink params Fix assert lock warning while calling devl_param_driverinit_value_set() in ena. WARNING: net/devlink/core.c:261 at devl_assert_locked+0x62/0x90, CPU#0: kwor
- CVE-2026-23044Feb 4, 2026affected >= 6.15.0, < 6.18.6fixed 6.18.6
In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Fix crash when freeing invalid crypto compressor When crypto_alloc_acomp() fails, it returns an ERR_PTR value, not NULL. The cleanup code in save_compressed_image() and load_compressed_image() u
- CVE-2026-23043Feb 4, 2026affected >= 6.18.0, < 6.18.6fixed 6.18.6
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL pointer dereference in do_abort_log_replay() Coverity reported a NULL pointer dereference issue (CID 1666756) in do_abort_log_replay(). When btrfs_alloc_path() fails in replay_one_buffer(), wc->
- CVE-2026-23042Feb 4, 2026affected >= 6.17.0, < 6.18.6fixed 6.18.6
In the Linux kernel, the following vulnerability has been resolved: idpf: fix aux device unplugging when rdma is not supported by vport If vport flags do not contain VIRTCHNL2_VPORT_ENABLE_RDMA, driver does not allocate vdev_info for this vport. This leads to kernel NULL pointe
- CVE-2026-23041Feb 4, 2026affected >= 6.18.0, < 6.18.6fixed 6.18.6
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix NULL pointer crash in bnxt_ptp_enable during error cleanup When bnxt_init_one() fails during initialization (e.g., bnxt_init_int_mode returns -ENODEV), the error path calls bnxt_free_hwrm_resources
- CVE-2026-23040Feb 4, 2026affected >= 6.18.0, < 6.18.6fixed 6.18.6
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel 149 and not 5475 which is not actually a valid channel. This could result in a NULL poi
- CVE-2025-71192Feb 4, 2026affected >= 4.15.0, < 6.1.161fixed 6.1.161
In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix a double free in snd_ac97_controller_register() If ac97_add_adapter() fails, put_device() is the correct way to drop the device reference. kfree() is not required. Add kfree() if idr_alloc() fai
- CVE-2026-23039Jan 31, 2026affected >= 6.18.0, < 6.18.7fixed 6.18.7
In the Linux kernel, the following vulnerability has been resolved: drm/gud: fix NULL fb and crtc dereferences on USB disconnect On disconnect drm_atomic_helper_disable_all() is called which sets both the fb and crtc for a plane to NULL before invoking a commit. This causes a
- CVE-2026-23038Jan 31, 2026affected >= 4.0.0, < 5.10.249fixed 5.10.249
In the Linux kernel, the following vulnerability has been resolved: pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() In nfs4_ff_alloc_deviceid_node(), if the allocation for ds_versions fails, the function jumps to the out_scratch label without freeing the alread
- CVE-2026-23037Jan 31, 2026affected >= 5.13.0, < 5.15.199fixed 5.15.199
In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: allow partial RX URB allocation to succeed When es58x_alloc_rx_urbs() fails to allocate the requested number of URBs but succeeds in allocating some, it returns an error code. This causes es58x
- CVE-2026-23036Jan 31, 2026affected >= 6.13.0, < 6.18.7fixed 6.18.7
In the Linux kernel, the following vulnerability has been resolved: btrfs: release path before iget_failed() in btrfs_read_locked_inode() In btrfs_read_locked_inode() if we fail to lookup the inode, we jump to the 'out' label with a path that has a read locked leaf and then we
- CVE-2026-23035Jan 31, 2026affected >= 5.12.0, < 6.12.67fixed 6.12.67
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv mlx5e_priv is an unstable structure that can be memset(0) if profile attaching fails. Pass netdev to mlx5e_destroy_netdev() to guarantee it will w
- CVE-2026-23034Jan 31, 2026affected >= 6.16.0, < 6.18.7fixed 6.18.7
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix fence reference leak on queue teardown v2 The user mode queue keeps a pointer to the most recent fence in userq->last_fence. This pointer holds an extra dma_fence reference. When the queu
- CVE-2026-23033Jan 31, 2026affected >= 3.6.0, < 5.10.249fixed 5.10.249
In the Linux kernel, the following vulnerability has been resolved: dmaengine: omap-dma: fix dma_pool resource leak in error paths The dma_pool created by dma_pool_create() is not destroyed when dma_async_device_register() or of_dma_controller_register() fails, causing a resour
- CVE-2026-23032Jan 31, 2026affected >= 6.4.0, < 6.6.122fixed 6.6.122
In the Linux kernel, the following vulnerability has been resolved: null_blk: fix kmemleak by releasing references to fault configfs items When CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, the null-blk driver sets up fault injection support by creating the timeout_inject
- CVE-2026-23031Jan 31, 2026affected >= 3.16.0, < 6.1.162fixed 6.1.162
In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak In gs_can_open(), the URBs for USB-in transfers are allocated, added to the parent->rx_submitted anchor and submitted. In the complete callback g
Page 11 of 88