linux package
kernel
pkg:linux/kernel
Vulnerabilities (1,755)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-23005 | — | >= 5.17.0, < 6.1.162 | 6.1.162 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1 When loading guest XSAVE state via KVM_SET_XSAVE, and when updating XFD in response to a guest WRMSR, clear XFD-disabled features in the saved | ||
| CVE-2026-23002 | — | >= 6.12.0, < 6.12.67 | 6.12.67 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: lib/buildid: use __kernel_read() for sleepable context Prevent a "BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio". For the sleepable context, convert freader to use __kernel_read() | ||
| CVE-2025-71140 | — | < 6.6.120 | 6.6.120 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Use spinlock for context list protection lock Previously a mutex was added to protect the encoder and decoder context lists from unexpected changes originating from the SCP IP block, ca | ||
| CVE-2025-71143 | — | >= 6.6.0, < 6.6.120 | 6.6.120 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: clk: samsung: exynos-clkout: Assign .num before accessing .hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __ | ||
| CVE-2025-71142 | — | >= 6.15.0, < 6.18.4 | 6.18.4 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: cpuset: fix warning when disabling remote partition A warning was triggered as follows: WARNING: kernel/cgroup/cpuset.c:1651 at remote_partition_disable+0xf7/0x110 RIP: 0010:remote_partition_disable+0xf7/0x110 | ||
| CVE-2025-71141 | — | < 6.6.120 | 6.6.120 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/tilcdc: Fix removal actions in case of failed probe The drm_kms_helper_poll_fini() and drm_atomic_helper_shutdown() helpers should only be called when the device has been successfully registered. Currently, | ||
| CVE-2025-71139 | — | >= 6.17.0, < 6.18.4 | 6.18.4 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: kernel/kexec: fix IMA when allocation happens in CMA area *** Bug description *** When I tested kexec with the latest kernel, I ran into the following warning: [ 40.712410] ------------[ cut here ]--------- | ||
| CVE-2025-71138 | — | >= 5.19.0, < 6.6.120 | 6.6.120 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add missing NULL pointer check for pingpong interface It is checked almost always in dpu_encoder_phys_wb_setup_ctl(), but in a single place the check is missing. Also use convenient locals instead | ||
| CVE-2025-71137 | — | >= 5.6.0, < 5.10.248 | 5.10.248 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" This patch ensures that the RX ring size (rx_pending) is not set below the permitted length. This avoids UBSAN shift-out-of-bounds errors when users passes s | ||
| CVE-2025-71136 | — | >= 3.12.0, < 5.10.248 | 5.10.248 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() It's possible for cp_read() and hdmi_read() to return -EIO. Those values are further used as indexes for accessing arrays. | ||
| CVE-2025-71135 | — | < 6.12.64 | 6.12.64 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() The variable mddev->private is first assigned to conf and then checked: conf = mddev->private; if (!conf) ... If conf is | ||
| CVE-2025-71134 | — | >= 6.10.0, < 6.12.65 | 6.12.65 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: change all pageblocks migrate type on coalescing When a page is freed it coalesces with a buddy into a higher order page while possible. When the buddy page migrate type differs, it is expected | ||
| CVE-2025-71133 | — | >= 5.14.0, < 5.15.198 | 5.15.198 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: avoid invalid read in irdma_net_event irdma_net_event() should not dereference anything from "neigh" (alias "ptr") until it has checked that the event is NETEVENT_NEIGH_UPDATE. Other events come wit | ||
| CVE-2025-71132 | — | >= 5.15.0, < 5.15.198 | 5.15.198 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: smc91x: fix broken irq-context in PREEMPT_RT When smc91x.c is built with PREEMPT_RT, the following splat occurs in FVP_RevC: [ 13.055000] smc91x LNRO0003:00 eth0: link up, 10Mbps, half-duplex, lpa 0x0000 [ | ||
| CVE-2025-71131 | — | >= 2.6.25, < 5.10.248 | 5.10.248 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req->iv after crypto_aead_encrypt As soon as crypto_aead_encrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req->iv after it ret | ||
| CVE-2025-71130 | — | >= 5.16.0, < 6.1.160 | 6.1.160 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer Initialize the eb.vma array with values of 0 when the eb structure is first set up. In particular, this sets the eb->vma[i].vma pointers | ||
| CVE-2025-71129 | — | >= 6.1.0, < 6.6.120 | 6.6.120 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Sign extend kfunc call arguments The kfunc calls are native calls so they should follow LoongArch calling conventions. Sign extend its arguments properly to avoid kernel panic. This is done by a | ||
| CVE-2025-71128 | — | >= 6.15.0, < 6.18.4 | 6.18.4 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: erspan: Initialize options_len before referencing options. The struct ip_tunnel_info has a flexible array member named options that is protected by a counted_by(options_len) attribute. The compiler will use th | ||
| CVE-2025-71127 | — | >= 5.7.0, < 5.10.248 | 5.10.248 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Discard Beacon frames to non-broadcast address Beacon frames are required to be sent to the broadcast address, see IEEE Std 802.11-2020, 11.1.3.1 ("The Address 1 field of the Beacon .. frame sha | ||
| CVE-2025-71126 | — | < 6.1.160 | 6.1.160 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: mptcp: avoid deadlock on fallback while reinjecting Jakub reported an MPTCP deadlock at fallback time: WARNING: possible recursive locking detected 6.18.0-rc7-virtme #1 Not tainted ------------------------- |
- CVE-2026-23005Jan 25, 2026affected >= 5.17.0, < 6.1.162fixed 6.1.162
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1 When loading guest XSAVE state via KVM_SET_XSAVE, and when updating XFD in response to a guest WRMSR, clear XFD-disabled features in the saved
- CVE-2026-23002Jan 25, 2026affected >= 6.12.0, < 6.12.67fixed 6.12.67
In the Linux kernel, the following vulnerability has been resolved: lib/buildid: use __kernel_read() for sleepable context Prevent a "BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio". For the sleepable context, convert freader to use __kernel_read()
- CVE-2025-71140Jan 14, 2026affected < 6.6.120fixed 6.6.120
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Use spinlock for context list protection lock Previously a mutex was added to protect the encoder and decoder context lists from unexpected changes originating from the SCP IP block, ca
- CVE-2025-71143Jan 14, 2026affected >= 6.6.0, < 6.6.120fixed 6.6.120
In the Linux kernel, the following vulnerability has been resolved: clk: samsung: exynos-clkout: Assign .num before accessing .hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __
- CVE-2025-71142Jan 14, 2026affected >= 6.15.0, < 6.18.4fixed 6.18.4
In the Linux kernel, the following vulnerability has been resolved: cpuset: fix warning when disabling remote partition A warning was triggered as follows: WARNING: kernel/cgroup/cpuset.c:1651 at remote_partition_disable+0xf7/0x110 RIP: 0010:remote_partition_disable+0xf7/0x110
- CVE-2025-71141Jan 14, 2026affected < 6.6.120fixed 6.6.120
In the Linux kernel, the following vulnerability has been resolved: drm/tilcdc: Fix removal actions in case of failed probe The drm_kms_helper_poll_fini() and drm_atomic_helper_shutdown() helpers should only be called when the device has been successfully registered. Currently,
- CVE-2025-71139Jan 14, 2026affected >= 6.17.0, < 6.18.4fixed 6.18.4
In the Linux kernel, the following vulnerability has been resolved: kernel/kexec: fix IMA when allocation happens in CMA area *** Bug description *** When I tested kexec with the latest kernel, I ran into the following warning: [ 40.712410] ------------[ cut here ]---------
- CVE-2025-71138Jan 14, 2026affected >= 5.19.0, < 6.6.120fixed 6.6.120
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add missing NULL pointer check for pingpong interface It is checked almost always in dpu_encoder_phys_wb_setup_ctl(), but in a single place the check is missing. Also use convenient locals instead
- CVE-2025-71137Jan 14, 2026affected >= 5.6.0, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" This patch ensures that the RX ring size (rx_pending) is not set below the permitted length. This avoids UBSAN shift-out-of-bounds errors when users passes s
- CVE-2025-71136Jan 14, 2026affected >= 3.12.0, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() It's possible for cp_read() and hdmi_read() to return -EIO. Those values are further used as indexes for accessing arrays.
- CVE-2025-71135Jan 14, 2026affected < 6.12.64fixed 6.12.64
In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() The variable mddev->private is first assigned to conf and then checked: conf = mddev->private; if (!conf) ... If conf is
- CVE-2025-71134Jan 14, 2026affected >= 6.10.0, < 6.12.65fixed 6.12.65
In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: change all pageblocks migrate type on coalescing When a page is freed it coalesces with a buddy into a higher order page while possible. When the buddy page migrate type differs, it is expected
- CVE-2025-71133Jan 14, 2026affected >= 5.14.0, < 5.15.198fixed 5.15.198
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: avoid invalid read in irdma_net_event irdma_net_event() should not dereference anything from "neigh" (alias "ptr") until it has checked that the event is NETEVENT_NEIGH_UPDATE. Other events come wit
- CVE-2025-71132Jan 14, 2026affected >= 5.15.0, < 5.15.198fixed 5.15.198
In the Linux kernel, the following vulnerability has been resolved: smc91x: fix broken irq-context in PREEMPT_RT When smc91x.c is built with PREEMPT_RT, the following splat occurs in FVP_RevC: [ 13.055000] smc91x LNRO0003:00 eth0: link up, 10Mbps, half-duplex, lpa 0x0000 [
- CVE-2025-71131Jan 14, 2026affected >= 2.6.25, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req->iv after crypto_aead_encrypt As soon as crypto_aead_encrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req->iv after it ret
- CVE-2025-71130Jan 14, 2026affected >= 5.16.0, < 6.1.160fixed 6.1.160
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer Initialize the eb.vma array with values of 0 when the eb structure is first set up. In particular, this sets the eb->vma[i].vma pointers
- CVE-2025-71129Jan 14, 2026affected >= 6.1.0, < 6.6.120fixed 6.6.120
In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Sign extend kfunc call arguments The kfunc calls are native calls so they should follow LoongArch calling conventions. Sign extend its arguments properly to avoid kernel panic. This is done by a
- CVE-2025-71128Jan 14, 2026affected >= 6.15.0, < 6.18.4fixed 6.18.4
In the Linux kernel, the following vulnerability has been resolved: erspan: Initialize options_len before referencing options. The struct ip_tunnel_info has a flexible array member named options that is protected by a counted_by(options_len) attribute. The compiler will use th
- CVE-2025-71127Jan 14, 2026affected >= 5.7.0, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Discard Beacon frames to non-broadcast address Beacon frames are required to be sent to the broadcast address, see IEEE Std 802.11-2020, 11.1.3.1 ("The Address 1 field of the Beacon .. frame sha
- CVE-2025-71126Jan 14, 2026affected < 6.1.160fixed 6.1.160
In the Linux kernel, the following vulnerability has been resolved: mptcp: avoid deadlock on fallback while reinjecting Jakub reported an MPTCP deadlock at fallback time: WARNING: possible recursive locking detected 6.18.0-rc7-virtme #1 Not tainted -------------------------
Page 14 of 88