VYPR

linux package

kernel

pkg:linux/kernel

Vulnerabilities (1,755)

  • CVE-2026-23341MedMar 25, 2026
    affected < 6.19.7fixed 6.19.7

    In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix crash when destroying a suspended hardware context If userspace issues an ioctl to destroy a hardware context that has already been automatically suspended, the driver may crash because the m

  • CVE-2026-23340HigMar 25, 2026
    affected >= 4.16.0, < 6.1.167fixed 6.1.167

    In the Linux kernel, the following vulnerability has been resolved: net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs When shrinking the number of real tx queues, netif_set_real_num_tx_queues() calls qdisc_reset_all_tx_gt() to flush qdiscs for queues

  • CVE-2026-23339MedMar 25, 2026
    affected >= 3.2.0, < 6.1.167fixed 6.1.167

    In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free skb on nci_transceive early error paths nci_transceive() takes ownership of the skb passed by the caller, but the -EPROTO, -EINVAL, and -EBUSY error paths return without freeing it. Due to issue

  • CVE-2026-23338MedMar 25, 2026
    affected >= 6.16.0, < 6.18.17fixed 6.18.17

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Do not allow userspace to trivially triger kernel warnings Userspace can either deliberately pass in the too small num_fences, or the required number can legitimately grow between the two call

  • CVE-2026-23337MedMar 25, 2026
    affected >= 6.19.0, < 6.19.7fixed 6.19.7

    In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fix memory leak in pinconf_generic_parse_dt_config() In pinconf_generic_parse_dt_config(), if parse_dt_cfg() fails, it returns directly. This bypasses the cleanup logic and results in

  • CVE-2026-23336HigMar 25, 2026
    affected >= 2.6.31, < 6.1.167fixed 6.1.167

    In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() There is a use-after-free error in cfg80211_shutdown_all_interfaces found by syzkaller: BUG: KASAN: use-after-free in cfg80211_shutdown_all_interf

  • CVE-2026-23335MedMar 25, 2026
    affected >= 5.14.0, < 6.1.167fixed 6.1.167

    In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() struct irdma_create_ah_resp { // 8 bytes, no padding __u32 ah_id; // offset 0 - SET (uresp.ah_id = ah->sc_ah.ah_info.ah_idx) __

  • CVE-2026-23334MedMar 25, 2026
    affected >= 6.5.0, < 6.6.130fixed 6.6.130

    In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: handle short interrupt urb messages properly If an interrupt urb is received that is not the correct length, properly detect it and don't attempt to treat the data as valid.

  • CVE-2026-23333Mar 25, 2026
    affected >= 5.6.0, < 6.19.4fixed 6.19.4

    Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

  • CVE-2026-23332MedMar 25, 2026
    affected >= 6.16.0, < 6.18.17fixed 6.18.17

    In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix crash during turbo disable When the system is booted with kernel command line argument "nosmt" or "maxcpus" to limit the number of CPUs, disabling turbo via: echo 1 > /sys/devices/s

  • CVE-2026-23331MedMar 25, 2026
    affected >= 6.13.0, < 6.18.17fixed 6.18.17

    In the Linux kernel, the following vulnerability has been resolved: udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected. Let's say we bind() an UDP socket to the wildcard address with a non-zero port, connect() it to an address, and disconnect it from

  • CVE-2026-23330MedMar 25, 2026
    affected >= 3.2.0, < 6.18.17fixed 6.18.17

    In the Linux kernel, the following vulnerability has been resolved: nfc: nci: complete pending data exchange on device close In nci_close_device(), complete any pending data exchange before closing. The data exchange callback (e.g. rawsock_data_exchange_complete) holds a socket

  • CVE-2026-23329MedMar 25, 2026
    affected >= 6.18.0, < 6.18.17fixed 6.18.17

    In the Linux kernel, the following vulnerability has been resolved: libie: don't unroll if fwlog isn't supported The libie_fwlog_deinit() function can be called during driver unload even when firmware logging was never properly initialized. This led to call trace: [ 148.57615

  • CVE-2026-23328MedMar 25, 2026
    affected >= 6.14.0, < 6.19.7fixed 6.19.7

    In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix NULL pointer dereference of mgmt_chann mgmt_chann may be set to NULL if the firmware returns an unexpected error in aie2_send_mgmt_msg_wait(). This can later lead to a NULL pointer dereferenc

  • CVE-2026-23327HigMar 25, 2026
    affected >= 5.19.0, < 6.19.7fixed 6.19.7

    In the Linux kernel, the following vulnerability has been resolved: cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed() cxl_payload_from_user_allowed() casts and dereferences the input payload without first verifying its size. When a raw

  • CVE-2026-23326HigMar 25, 2026
    affected >= 6.13.0, < 6.18.17fixed 6.18.17

    In the Linux kernel, the following vulnerability has been resolved: xsk: Fix fragment node deletion to prevent buffer leak After commit b692bf9a7543 ("xsk: Get rid of xdp_buff_xsk::xskb_list_node"), the list_node field is reused for both the xskb pool list and the buffer free l

  • CVE-2026-23325HigMar 25, 2026
    affected >= 6.2.0, < 6.6.130fixed 6.6.130

    In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() Check frame length before accessing the mgmt fields in mt7996_mac_write_txwi_80211 in order to avoid a possible oob access.

  • CVE-2026-23324MedMar 25, 2026
    affected >= 5.13.0, < 6.1.167fixed 6.1.167

    In the Linux kernel, the following vulnerability has been resolved: can: usb: etas_es58x: correctly anchor the urb in the read bulk callback When submitting an urb, that is using the anchor pattern, it needs to be anchored before submitting it otherwise it could be leaked if us

  • CVE-2026-23323HigMar 25, 2026
    affected >= 6.19.0, < 6.19.7fixed 6.19.7

    In the Linux kernel, the following vulnerability has been resolved: hwmon: (macsmc) Fix regressions in Apple Silicon SMC hwmon driver The recently added macsmc-hwmon driver contained several critical bugs in its sensor population logic and float conversion routines. Specifical

  • CVE-2026-23322HigMar 25, 2026
    affected >= 6.18.0, < 6.18.17fixed 6.18.17

    In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix use-after-free and list corruption on sender error The analysis from Breno: When the SMI sender returns an error, smi_work() delivers an error response but then jumps back to restart without cleaning

Page 4 of 88