linux package

kernel

pkg:linux/kernel

Vulnerabilities (1,755)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-23381	Med	5.5	>= 4.15.0, < 6.1.167	6.1.167	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is never initialized because inet6_init() exits before ndisc_init() is called which in
CVE-2026-23380	Med	5.5	>= 6.10.0, < 6.12.77	6.12.77	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARN_ON in tracing_buffers_mmap_close When a process forks, the child process copies the parent's VMAs but the user_mapped reference count is not incremented. As a result, when both the parent and
CVE-2026-23379	Med	5.5	>= 5.6.0, < 6.1.167	6.1.167	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: fix divide by zero in the offload path Offloading ETS requires computing each class' WRR weight: this is done by averaging over the sums of quanta as 'q_sum' and 'q_psum'. Using unsigned int, th
CVE-2026-23378	Hig	7.8	>= 4.15.0, < 6.1.167	6.1.167	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ife: Fix metalist update behavior Whenever an ife action replace changes the metalist, instead of replacing the old data on the metalist, the current ife code is appending the new metadata. Aside
CVE-2026-23377	Med	5.5	>= 6.3.0, < 6.19.7	6.19.7	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz The only user of frag_size field in XDP RxQ info is bpf_xdp_frags_increase_tail(). It clearly expects whole buff size instead of DMA write siz
CVE-2026-23376	Med	5.5	>= 6.18.0, < 6.18.17	6.18.17	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: nvmet-fcloop: Check remoteport port_state before calling done callback In nvme_fc_handle_ls_rqst_work, the lsrsp->done callback is only set when remoteport->port_state is FC_OBJSTATE_ONLINE. Otherwise, the nvm
CVE-2026-23375	Med	5.5	>= 6.8.0, < 6.12.78	6.12.78	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: mm: thp: deny THP for files on anonymous inodes file_thp_enabled() incorrectly allows THP for files on anonymous inodes (e.g. guest_memfd and secretmem). These files are created via alloc_file_pseudo(), which d
CVE-2026-23374	Med	5.5	>= 3.8.0, < 6.19.7	6.19.7	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: blktrace: fix __this_cpu_read/write in preemptible context tracing_record_cmdline() internally uses __this_cpu_read() and __this_cpu_write() on the per-CPU variable trace_cmdline_save, and trace_save_cmdline()
CVE-2026-23373	Med	5.5	>= 6.9.0, < 6.12.77	6.12.77	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config This triggers a WARN_ON in ieee80211_hw_conf_init and isn't the expected behavior from the driver - other drivers default to 0 too.
CVE-2026-23372	Hig	7.8	>= 3.1.0, < 6.1.167	6.1.167	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: nfc: rawsock: cancel tx_work before socket teardown In rawsock_release(), cancel any pending tx_work and purge the write queue before orphaning the socket. rawsock_tx_work runs on the system workqueue and call
CVE-2026-23371	Med	5.5	>= 5.10.0, < 6.19.7	6.19.7	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting Running stress-ng --schedpolicy 0 on an RT kernel on a big machine might lead to the following WARNINGs (edited). sched: DL de-boosted task
CVE-2026-23370	Med	5.5	>= 5.11.0, < 6.1.167	6.1.167	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data set_new_password() hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex
CVE-2026-23369	Med	5.5	>= 6.7.0, < 6.12.77	6.12.77	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Revert "i2c: i801: replace acpi_lock with I2C bus lock" This reverts commit f707d6b9e7c18f669adfdb443906d46cfbaaa0c1. Under rare circumstances, multiple udev threads can collect i801 device info on
CVE-2026-23368	Med	5.5	>= 4.16.0, < 6.1.167	6.1.167	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: net: phy: register phy led_triggers during probe to avoid AB-BA deadlock There is an AB-BA deadlock when both LEDS_TRIGGER_NETDEV and LED_TRIGGER_PHY are enabled: [ 1362.049207] [<8054e4b8>] led_trigger_regist
CVE-2026-23367	Med	5.5	>= 2.6.34, < 6.1.167	6.1.167	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: wifi: radiotap: reject radiotap with unknown bits The radiotap parser is currently only used with the radiotap namespace (not with vendor namespaces), but if the undefined field 18 is used, the alignment/size i
CVE-2026-23366	Med	5.5	>= 6.16.0, < 6.18.17	6.18.17	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: drm/client: Do not destroy NULL modes 'modes' in drm_client_modeset_probe may fail to kcalloc. If this occurs, we jump to 'out', calling modes_destroy on it, which dereferences it. This may result in a NULL p
CVE-2026-23365	Med	5.5	>= 3.0.0, < 6.1.167	6.1.167	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: net: usb: kalmia: validate USB endpoints The kalmia driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious d
CVE-2026-23364	Hig	7.4	>= 5.15.0, < 6.1.167	6.1.167	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp() with the correct function, crypto_memneq().
CVE-2026-23363	Hig	7.1	>= 6.7.0, < 6.12.77	6.12.77	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() Check frame length before accessing the mgmt fields in mt7925_mac_write_txwi_80211 in order to avoid a possible oob access.
CVE-2026-23362	Med	5.5	< 6.1.167	6.1.167	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: can: bcm: fix locking for bcm_op runtime updates Commit c2aba69d0c36 ("can: bcm: add locking for bcm_op runtime updates") added a locking for some variables that can be modified at runtime when updating the sen

CVE-2026-23381MedMar 25, 2026
affected >= 4.15.0, < 6.1.167fixed 6.1.167
In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is never initialized because inet6_init() exits before ndisc_init() is called which in
CVE-2026-23380MedMar 25, 2026
affected >= 6.10.0, < 6.12.77fixed 6.12.77
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARN_ON in tracing_buffers_mmap_close When a process forks, the child process copies the parent's VMAs but the user_mapped reference count is not incremented. As a result, when both the parent and
CVE-2026-23379MedMar 25, 2026
affected >= 5.6.0, < 6.1.167fixed 6.1.167
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: fix divide by zero in the offload path Offloading ETS requires computing each class' WRR weight: this is done by averaging over the sums of quanta as 'q_sum' and 'q_psum'. Using unsigned int, th
CVE-2026-23378HigMar 25, 2026
affected >= 4.15.0, < 6.1.167fixed 6.1.167
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ife: Fix metalist update behavior Whenever an ife action replace changes the metalist, instead of replacing the old data on the metalist, the current ife code is appending the new metadata. Aside
CVE-2026-23377MedMar 25, 2026
affected >= 6.3.0, < 6.19.7fixed 6.19.7
In the Linux kernel, the following vulnerability has been resolved: ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz The only user of frag_size field in XDP RxQ info is bpf_xdp_frags_increase_tail(). It clearly expects whole buff size instead of DMA write siz
CVE-2026-23376MedMar 25, 2026
affected >= 6.18.0, < 6.18.17fixed 6.18.17
In the Linux kernel, the following vulnerability has been resolved: nvmet-fcloop: Check remoteport port_state before calling done callback In nvme_fc_handle_ls_rqst_work, the lsrsp->done callback is only set when remoteport->port_state is FC_OBJSTATE_ONLINE. Otherwise, the nvm
CVE-2026-23375MedMar 25, 2026
affected >= 6.8.0, < 6.12.78fixed 6.12.78
In the Linux kernel, the following vulnerability has been resolved: mm: thp: deny THP for files on anonymous inodes file_thp_enabled() incorrectly allows THP for files on anonymous inodes (e.g. guest_memfd and secretmem). These files are created via alloc_file_pseudo(), which d
CVE-2026-23374MedMar 25, 2026
affected >= 3.8.0, < 6.19.7fixed 6.19.7
In the Linux kernel, the following vulnerability has been resolved: blktrace: fix __this_cpu_read/write in preemptible context tracing_record_cmdline() internally uses __this_cpu_read() and __this_cpu_write() on the per-CPU variable trace_cmdline_save, and trace_save_cmdline()
CVE-2026-23373MedMar 25, 2026
affected >= 6.9.0, < 6.12.77fixed 6.12.77
In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config This triggers a WARN_ON in ieee80211_hw_conf_init and isn't the expected behavior from the driver - other drivers default to 0 too.
CVE-2026-23372HigMar 25, 2026
affected >= 3.1.0, < 6.1.167fixed 6.1.167
In the Linux kernel, the following vulnerability has been resolved: nfc: rawsock: cancel tx_work before socket teardown In rawsock_release(), cancel any pending tx_work and purge the write queue before orphaning the socket. rawsock_tx_work runs on the system workqueue and call
CVE-2026-23371MedMar 25, 2026
affected >= 5.10.0, < 6.19.7fixed 6.19.7
In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting Running stress-ng --schedpolicy 0 on an RT kernel on a big machine might lead to the following WARNINGs (edited). sched: DL de-boosted task
CVE-2026-23370MedMar 25, 2026
affected >= 5.11.0, < 6.1.167fixed 6.1.167
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data set_new_password() hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex
CVE-2026-23369MedMar 25, 2026
affected >= 6.7.0, < 6.12.77fixed 6.12.77
In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Revert "i2c: i801: replace acpi_lock with I2C bus lock" This reverts commit f707d6b9e7c18f669adfdb443906d46cfbaaa0c1. Under rare circumstances, multiple udev threads can collect i801 device info on
CVE-2026-23368MedMar 25, 2026
affected >= 4.16.0, < 6.1.167fixed 6.1.167
In the Linux kernel, the following vulnerability has been resolved: net: phy: register phy led_triggers during probe to avoid AB-BA deadlock There is an AB-BA deadlock when both LEDS_TRIGGER_NETDEV and LED_TRIGGER_PHY are enabled: [ 1362.049207] [<8054e4b8>] led_trigger_regist
CVE-2026-23367MedMar 25, 2026
affected >= 2.6.34, < 6.1.167fixed 6.1.167
In the Linux kernel, the following vulnerability has been resolved: wifi: radiotap: reject radiotap with unknown bits The radiotap parser is currently only used with the radiotap namespace (not with vendor namespaces), but if the undefined field 18 is used, the alignment/size i
CVE-2026-23366MedMar 25, 2026
affected >= 6.16.0, < 6.18.17fixed 6.18.17
In the Linux kernel, the following vulnerability has been resolved: drm/client: Do not destroy NULL modes 'modes' in drm_client_modeset_probe may fail to kcalloc. If this occurs, we jump to 'out', calling modes_destroy on it, which dereferences it. This may result in a NULL p
CVE-2026-23365MedMar 25, 2026
affected >= 3.0.0, < 6.1.167fixed 6.1.167
In the Linux kernel, the following vulnerability has been resolved: net: usb: kalmia: validate USB endpoints The kalmia driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious d
CVE-2026-23364HigMar 25, 2026
affected >= 5.15.0, < 6.1.167fixed 6.1.167
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp() with the correct function, crypto_memneq().
CVE-2026-23363HigMar 25, 2026
affected >= 6.7.0, < 6.12.77fixed 6.12.77
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() Check frame length before accessing the mgmt fields in mt7925_mac_write_txwi_80211 in order to avoid a possible oob access.
CVE-2026-23362MedMar 25, 2026
affected < 6.1.167fixed 6.1.167
In the Linux kernel, the following vulnerability has been resolved: can: bcm: fix locking for bcm_op runtime updates Commit c2aba69d0c36 ("can: bcm: add locking for bcm_op runtime updates") added a locking for some variables that can be modified at runtime when updating the sen

Page 2 of 88