VYPR

linux package

kernel

pkg:linux/kernel

Vulnerabilities (1,755)

  • CVE-2026-23017Jan 31, 2026
    affected >= 6.7.0, < 6.18.6fixed 6.18.6

    In the Linux kernel, the following vulnerability has been resolved: idpf: fix error handling in the init_task on load If the init_task fails during a driver load, we end up without vports and netdevs, effectively failing the entire process. In that state a subsequent reset will

  • CVE-2026-23016Jan 31, 2026
    affected >= 6.18.0, < 6.18.6fixed 6.18.6

    In the Linux kernel, the following vulnerability has been resolved: inet: frags: drop fraglist conntrack references Jakub added a warning in nf_conntrack_cleanup_net_list() to make debugging leaked skbs/conntrack references more obvious. syzbot reports this as triggering, and

  • CVE-2026-23015Jan 31, 2026
    affected >= 6.13.0, < 6.18.6fixed 6.18.6

    In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: fix reference leak in gpio_mpsse_probe() error paths The reference obtained by calling usb_get_dev() is not released in the gpio_mpsse_probe() error paths. Fix that by using device managed helper f

  • CVE-2025-71184Jan 31, 2026
    affected >= 2.6.39, < 6.6.130fixed 6.6.130

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL dereference on root when tracing inode eviction When evicting an inode the first thing we do is to setup tracing for it, which implies fetching the root's id. But in btrfs_evict_inode() the root

  • CVE-2025-71183Jan 31, 2026
    affected >= 4.6.0, < 6.1.161fixed 6.1.161

    In the Linux kernel, the following vulnerability has been resolved: btrfs: always detect conflicting inodes when logging inode refs After rename exchanging (either with the rename exchange operation or regular renames in multiple non-atomic steps) two inodes and at least one of

  • CVE-2025-71182Jan 31, 2026
    affected >= 5.4.0, < 5.10.248fixed 5.10.248

    In the Linux kernel, the following vulnerability has been resolved: can: j1939: make j1939_session_activate() fail if device is no longer registered syzbot is still reporting unregister_netdevice: waiting for vcan0 to become free. Usage count = 2 even after commit 93a27b589

  • CVE-2025-71181Jan 31, 2026
    affected >= 6.18.0, < 6.18.6fixed 6.18.6

    In the Linux kernel, the following vulnerability has been resolved: rust_binder: remove spin_lock() in rust_shrink_free_page() When forward-porting Rust Binder to 6.18, I neglected to take commit fb56fdf8b9a2 ("mm/list_lru: split the lock to per-cgroup scope") into account, and

  • CVE-2025-71180Jan 31, 2026
    affected >= 5.13.0, < 5.15.198fixed 5.15.198

    In the Linux kernel, the following vulnerability has been resolved: counter: interrupt-cnt: Drop IRQF_NO_THREAD flag An IRQ handler can either be IRQF_NO_THREAD or acquire spinlock_t, as CONFIG_PROVE_RAW_LOCK_NESTING warns: ============================= [ BUG: Invalid wait cont

  • CVE-2026-23014HigJan 28, 2026
    affected >= 6.18.0, < 6.18.6fixed 6.18.6

    In the Linux kernel, the following vulnerability has been resolved: perf: Ensure swevent hrtimer is properly destroyed With the change to hrtimer_try_to_cancel() in perf_swevent_cancel_hrtimer() it appears possible for the hrtimer to still be active by the time the event gets f

  • CVE-2026-23013HigJan 25, 2026
    affected >= 6.9.0, < 6.12.67fixed 6.12.67

    In the Linux kernel, the following vulnerability has been resolved: net: octeon_ep_vf: fix free_irq dev_id mismatch in IRQ rollback octep_vf_request_irqs() requests MSI-X queue IRQs with dev_id set to ioq_vector. If request_irq() fails part-way, the rollback loop calls free_irq

  • CVE-2026-23010HigJan 25, 2026
    affected < 6.1.162fixed 6.1.162

    In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix use-after-free in inet6_addr_del(). syzbot reported use-after-free of inet6_ifaddr in inet6_addr_del(). [0] The cited commit accidentally moved ipv6_del_addr() for mngtmpaddr before reading its ifp->

  • CVE-2026-23004HigJan 25, 2026
    affected >= 3.6.0, < 6.6.130fixed 6.6.130

    In the Linux kernel, the following vulnerability has been resolved: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() syzbot was able to crash the kernel in rt6_uncached_list_flush_dev() in an interesting way [1] Crash happens in list_del_init()/INIT_LIST_HE

  • CVE-2026-23003HigJan 25, 2026
    affected < 5.10.249fixed 5.10.249

    In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() Blamed commit did not take care of VLAN encapsulations as spotted by syzbot [1]. Use skb_vlan_inet_prepare() instead of pskb_inet_may_pull(). [1] BU

  • CVE-2026-23001HigJan 25, 2026
    affected >= 3.18.0, < 5.10.249fixed 5.10.249

    In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace

  • CVE-2026-23012Jan 25, 2026
    affected >= 6.17.0, < 6.18.7fixed 6.18.7

    In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove call_control in inactive contexts If damon_call() is executed against a DAMON context that is not running, the function returns error while keeping the damon_call_control object linked to

  • CVE-2026-23011Jan 25, 2026
    affected >= 3.10.0, < 5.10.249fixed 5.10.249

    In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_gre: make ipgre_header() robust Analog to commit db5b4e39c4e6 ("ip6_gre: make ip6gre_header() robust") Over the years, syzbot found many ways to crash the kernel in ipgre_header() [1]. This involves

  • CVE-2026-23009Jan 25, 2026
    affected >= 6.16.0, < 6.18.7fixed 6.18.7

    In the Linux kernel, the following vulnerability has been resolved: xhci: sideband: don't dereference freed ring when removing sideband endpoint xhci_sideband_remove_endpoint() incorrecly assumes that the endpoint is running and has a valid transfer ring. Lianqin reported a cr

  • CVE-2026-23008Jan 25, 2026
    affected >= 6.16.0, < 6.18.7fixed 6.18.7

    In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix KMS with 3D on HW version 10 HW version 10 does not have GB Surfaces so there is no backing buffer for surface backed FBs. This would result in a nullptr dereference and crash the driver causing

  • CVE-2026-23007Jan 25, 2026
    affected >= 6.11.0, < 6.18.7fixed 6.18.7

    In the Linux kernel, the following vulnerability has been resolved: block: zero non-PI portion of auto integrity buffer The auto-generated integrity buffer for writes needs to be fully initialized before being passed to the underlying block device, otherwise the uninitialized m

  • CVE-2026-23006Jan 25, 2026
    affected >= 6.1.0, < 6.1.162fixed 6.1.162

    In the Linux kernel, the following vulnerability has been resolved: ASoC: tlv320adcx140: fix null pointer The "snd_soc_component" in "adcx140_priv" was only used once but never set. It was only used for reaching "dev" which is already present in "adcx140_priv".

Page 13 of 88