linux package
kernel
pkg:linux/kernel
Vulnerabilities (1,755)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-23341 | Med | 5.5 | < 6.19.7 | 6.19.7 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix crash when destroying a suspended hardware context If userspace issues an ioctl to destroy a hardware context that has already been automatically suspended, the driver may crash because the m | |
| CVE-2026-23340 | Hig | 7.8 | >= 4.16.0, < 6.1.167 | 6.1.167 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs When shrinking the number of real tx queues, netif_set_real_num_tx_queues() calls qdisc_reset_all_tx_gt() to flush qdiscs for queues | |
| CVE-2026-23339 | Med | 5.5 | >= 3.2.0, < 6.1.167 | 6.1.167 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free skb on nci_transceive early error paths nci_transceive() takes ownership of the skb passed by the caller, but the -EPROTO, -EINVAL, and -EBUSY error paths return without freeing it. Due to issue | |
| CVE-2026-23338 | Med | 5.5 | >= 6.16.0, < 6.18.17 | 6.18.17 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Do not allow userspace to trivially triger kernel warnings Userspace can either deliberately pass in the too small num_fences, or the required number can legitimately grow between the two call | |
| CVE-2026-23337 | Med | 5.5 | >= 6.19.0, < 6.19.7 | 6.19.7 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fix memory leak in pinconf_generic_parse_dt_config() In pinconf_generic_parse_dt_config(), if parse_dt_cfg() fails, it returns directly. This bypasses the cleanup logic and results in | |
| CVE-2026-23336 | Hig | 7.8 | >= 2.6.31, < 6.1.167 | 6.1.167 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() There is a use-after-free error in cfg80211_shutdown_all_interfaces found by syzkaller: BUG: KASAN: use-after-free in cfg80211_shutdown_all_interf | |
| CVE-2026-23335 | Med | 5.5 | >= 5.14.0, < 6.1.167 | 6.1.167 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() struct irdma_create_ah_resp { // 8 bytes, no padding __u32 ah_id; // offset 0 - SET (uresp.ah_id = ah->sc_ah.ah_info.ah_idx) __ | |
| CVE-2026-23334 | Med | 5.5 | >= 6.5.0, < 6.6.130 | 6.6.130 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: handle short interrupt urb messages properly If an interrupt urb is received that is not the correct length, properly detect it and don't attempt to treat the data as valid. | |
| CVE-2026-23333 | — | >= 5.6.0, < 6.19.4 | 6.19.4 | Mar 25, 2026 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||
| CVE-2026-23332 | Med | 5.5 | >= 6.16.0, < 6.18.17 | 6.18.17 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix crash during turbo disable When the system is booted with kernel command line argument "nosmt" or "maxcpus" to limit the number of CPUs, disabling turbo via: echo 1 > /sys/devices/s | |
| CVE-2026-23331 | Med | 5.5 | >= 6.13.0, < 6.18.17 | 6.18.17 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected. Let's say we bind() an UDP socket to the wildcard address with a non-zero port, connect() it to an address, and disconnect it from | |
| CVE-2026-23330 | Med | 5.5 | >= 3.2.0, < 6.18.17 | 6.18.17 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: nfc: nci: complete pending data exchange on device close In nci_close_device(), complete any pending data exchange before closing. The data exchange callback (e.g. rawsock_data_exchange_complete) holds a socket | |
| CVE-2026-23329 | Med | 5.5 | >= 6.18.0, < 6.18.17 | 6.18.17 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: libie: don't unroll if fwlog isn't supported The libie_fwlog_deinit() function can be called during driver unload even when firmware logging was never properly initialized. This led to call trace: [ 148.57615 | |
| CVE-2026-23328 | Med | 5.5 | >= 6.14.0, < 6.19.7 | 6.19.7 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix NULL pointer dereference of mgmt_chann mgmt_chann may be set to NULL if the firmware returns an unexpected error in aie2_send_mgmt_msg_wait(). This can later lead to a NULL pointer dereferenc | |
| CVE-2026-23327 | Hig | 7.1 | >= 5.19.0, < 6.19.7 | 6.19.7 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed() cxl_payload_from_user_allowed() casts and dereferences the input payload without first verifying its size. When a raw | |
| CVE-2026-23326 | Hig | 7.8 | >= 6.13.0, < 6.18.17 | 6.18.17 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: xsk: Fix fragment node deletion to prevent buffer leak After commit b692bf9a7543 ("xsk: Get rid of xdp_buff_xsk::xskb_list_node"), the list_node field is reused for both the xskb pool list and the buffer free l | |
| CVE-2026-23325 | Hig | 7.1 | >= 6.2.0, < 6.6.130 | 6.6.130 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() Check frame length before accessing the mgmt fields in mt7996_mac_write_txwi_80211 in order to avoid a possible oob access. | |
| CVE-2026-23324 | Med | 5.5 | >= 5.13.0, < 6.1.167 | 6.1.167 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: can: usb: etas_es58x: correctly anchor the urb in the read bulk callback When submitting an urb, that is using the anchor pattern, it needs to be anchored before submitting it otherwise it could be leaked if us | |
| CVE-2026-23323 | Hig | 7.8 | >= 6.19.0, < 6.19.7 | 6.19.7 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: hwmon: (macsmc) Fix regressions in Apple Silicon SMC hwmon driver The recently added macsmc-hwmon driver contained several critical bugs in its sensor population logic and float conversion routines. Specifical | |
| CVE-2026-23322 | Hig | 7.8 | >= 6.18.0, < 6.18.17 | 6.18.17 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix use-after-free and list corruption on sender error The analysis from Breno: When the SMI sender returns an error, smi_work() delivers an error response but then jumps back to restart without cleaning |
- affected < 6.19.7fixed 6.19.7
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix crash when destroying a suspended hardware context If userspace issues an ioctl to destroy a hardware context that has already been automatically suspended, the driver may crash because the m
- affected >= 4.16.0, < 6.1.167fixed 6.1.167
In the Linux kernel, the following vulnerability has been resolved: net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs When shrinking the number of real tx queues, netif_set_real_num_tx_queues() calls qdisc_reset_all_tx_gt() to flush qdiscs for queues
- affected >= 3.2.0, < 6.1.167fixed 6.1.167
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free skb on nci_transceive early error paths nci_transceive() takes ownership of the skb passed by the caller, but the -EPROTO, -EINVAL, and -EBUSY error paths return without freeing it. Due to issue
- affected >= 6.16.0, < 6.18.17fixed 6.18.17
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Do not allow userspace to trivially triger kernel warnings Userspace can either deliberately pass in the too small num_fences, or the required number can legitimately grow between the two call
- affected >= 6.19.0, < 6.19.7fixed 6.19.7
In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fix memory leak in pinconf_generic_parse_dt_config() In pinconf_generic_parse_dt_config(), if parse_dt_cfg() fails, it returns directly. This bypasses the cleanup logic and results in
- affected >= 2.6.31, < 6.1.167fixed 6.1.167
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() There is a use-after-free error in cfg80211_shutdown_all_interfaces found by syzkaller: BUG: KASAN: use-after-free in cfg80211_shutdown_all_interf
- affected >= 5.14.0, < 6.1.167fixed 6.1.167
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() struct irdma_create_ah_resp { // 8 bytes, no padding __u32 ah_id; // offset 0 - SET (uresp.ah_id = ah->sc_ah.ah_info.ah_idx) __
- affected >= 6.5.0, < 6.6.130fixed 6.6.130
In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: handle short interrupt urb messages properly If an interrupt urb is received that is not the correct length, properly detect it and don't attempt to treat the data as valid.
- CVE-2026-23333Mar 25, 2026affected >= 5.6.0, < 6.19.4fixed 6.19.4
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
- affected >= 6.16.0, < 6.18.17fixed 6.18.17
In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix crash during turbo disable When the system is booted with kernel command line argument "nosmt" or "maxcpus" to limit the number of CPUs, disabling turbo via: echo 1 > /sys/devices/s
- affected >= 6.13.0, < 6.18.17fixed 6.18.17
In the Linux kernel, the following vulnerability has been resolved: udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected. Let's say we bind() an UDP socket to the wildcard address with a non-zero port, connect() it to an address, and disconnect it from
- affected >= 3.2.0, < 6.18.17fixed 6.18.17
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: complete pending data exchange on device close In nci_close_device(), complete any pending data exchange before closing. The data exchange callback (e.g. rawsock_data_exchange_complete) holds a socket
- affected >= 6.18.0, < 6.18.17fixed 6.18.17
In the Linux kernel, the following vulnerability has been resolved: libie: don't unroll if fwlog isn't supported The libie_fwlog_deinit() function can be called during driver unload even when firmware logging was never properly initialized. This led to call trace: [ 148.57615
- affected >= 6.14.0, < 6.19.7fixed 6.19.7
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix NULL pointer dereference of mgmt_chann mgmt_chann may be set to NULL if the firmware returns an unexpected error in aie2_send_mgmt_msg_wait(). This can later lead to a NULL pointer dereferenc
- affected >= 5.19.0, < 6.19.7fixed 6.19.7
In the Linux kernel, the following vulnerability has been resolved: cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed() cxl_payload_from_user_allowed() casts and dereferences the input payload without first verifying its size. When a raw
- affected >= 6.13.0, < 6.18.17fixed 6.18.17
In the Linux kernel, the following vulnerability has been resolved: xsk: Fix fragment node deletion to prevent buffer leak After commit b692bf9a7543 ("xsk: Get rid of xdp_buff_xsk::xskb_list_node"), the list_node field is reused for both the xskb pool list and the buffer free l
- affected >= 6.2.0, < 6.6.130fixed 6.6.130
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() Check frame length before accessing the mgmt fields in mt7996_mac_write_txwi_80211 in order to avoid a possible oob access.
- affected >= 5.13.0, < 6.1.167fixed 6.1.167
In the Linux kernel, the following vulnerability has been resolved: can: usb: etas_es58x: correctly anchor the urb in the read bulk callback When submitting an urb, that is using the anchor pattern, it needs to be anchored before submitting it otherwise it could be leaked if us
- affected >= 6.19.0, < 6.19.7fixed 6.19.7
In the Linux kernel, the following vulnerability has been resolved: hwmon: (macsmc) Fix regressions in Apple Silicon SMC hwmon driver The recently added macsmc-hwmon driver contained several critical bugs in its sensor population logic and float conversion routines. Specifical
- affected >= 6.18.0, < 6.18.17fixed 6.18.17
In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix use-after-free and list corruption on sender error The analysis from Breno: When the SMI sender returns an error, smi_work() delivers an error response but then jumps back to restart without cleaning
Page 4 of 88