VYPR

linux package

kernel

pkg:linux/kernel

Vulnerabilities (1,755)

  • CVE-2026-23281HigMar 25, 2026
    affected >= 2.6.24, < 6.1.167fixed 6.1.167

    In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix use-after-free in lbs_free_adapter() The lbs_free_adapter() function uses timer_delete() (non-synchronous) for both command_timer and tx_lockup_timer before the structure is freed. This is i

  • CVE-2026-23280HigMar 25, 2026
    affected >= 6.18.0, < 6.18.17fixed 6.18.17

    In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Prevent ubuf size overflow The ubuf size calculation may overflow, resulting in an undersized allocation and possible memory corruption. Use check_add_overflow() helpers to validate the size cal

  • CVE-2026-23279MedMar 25, 2026
    affected >= 3.13.0, < 6.1.167fixed 6.1.167

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() In mesh_rx_csa_frame(), elems->mesh_chansw_params_ie is dereferenced at lines 1638 and 1642 without a prior NULL check: ifmsh->chsw_ttl =

  • CVE-2026-23278HigMar 20, 2026
    affected >= 6.4.0, < 6.12.78fixed 6.12.78

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: always walk all pending catchall elements During transaction processing we might have more than one catchall element: 1 live catchall element and 1 pending element that is coming as part o

  • CVE-2026-23277MedMar 20, 2026
    affected >= 4.5.0, < 6.1.167fixed 6.1.167

    In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit teql_master_xmit() calls netdev_start_xmit(skb, slave) to transmit through slave devices, but does not update skb->dev to the sl

  • CVE-2026-23276MedMar 20, 2026
    affected >= 2.6.37, < 6.12.78fixed 6.12.78

    In the Linux kernel, the following vulnerability has been resolved: net: add xmit recursion limit to tunnel xmit functions Tunnel xmit functions (iptunnel_xmit, ip6tunnel_xmit) lack their own recursion limit. When a bond device in broadcast mode has GRE tap interfaces as slaves

  • CVE-2026-23275HigMar 20, 2026
    affected >= 6.13.0, < 6.18.19fixed 6.18.19

    In the Linux kernel, the following vulnerability has been resolved: io_uring: ensure ctx->rings is stable for task work flags manipulation If DEFER_TASKRUN | SETUP_TASKRUN is used and task work is added while the ring is being resized, it's possible for the OR'ing of IORING_SQ_

  • CVE-2026-23274HigMar 20, 2026
    affected >= 5.7.0, < 6.1.167fixed 6.1.167

    In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and always call mod_timer() on timer->timer. If the label was created first by revisio

  • CVE-2026-23273HigMar 20, 2026
    affected < 5.10.252fixed 5.10.252

    In the Linux kernel, the following vulnerability has been resolved: macvlan: observe an RCU grace period in macvlan_common_newlink() error path valis reported that a race condition still happens after my prior patch. macvlan_common_newlink() might have made @dev visible before

  • CVE-2026-23272HigMar 20, 2026
    affected >= 4.10.0, < 6.18.17fixed 6.18.17

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unconditionally bump set->nelems before insertion In case that the set is full, a new element gets published then removed without waiting for the RCU grace period, while RCU reader can be

  • CVE-2026-23271HigMar 20, 2026
    affected >= 2.6.31, < 6.1.167fixed 6.1.167

    In the Linux kernel, the following vulnerability has been resolved: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race Make sure that __perf_event_overflow() runs with IRQs disabled for all possible callchains. Specifically the software events can end up runni

  • CVE-2026-23270HigMar 18, 2026
    affected < 6.1.167fixed 6.1.167

    In the Linux kernel, the following vulnerability has been resolved: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks As Paolo said earlier [1]: "Since the blamed commit below, classify can return TC_ACT_CONSUMED while the current skb being held b

  • CVE-2026-23269HigMar 18, 2026
    affected >= 3.4.0, < 6.6.130fixed 6.6.130

    In the Linux kernel, the following vulnerability has been resolved: apparmor: validate DFA start states are in bounds in unpack_pdb Start states are read from untrusted data and used as indexes into the DFA state tables. The aa_dfa_next() function call in unpack_pdb() will acce

  • CVE-2026-23268HigMar 18, 2026
    affected >= 4.11.0, < 6.6.130fixed 6.6.130

    In the Linux kernel, the following vulnerability has been resolved: apparmor: fix unprivileged local user can do privileged policy management An unprivileged local user can load, replace, and remove profiles by opening the apparmorfs interfaces, via a confused deputy attack, by

  • CVE-2026-23267MedMar 18, 2026
    affected >= 4.7.0, < 6.1.164fixed 6.1.164

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes During SPO tests, when mounting F2FS, an -EINVAL error was returned from f2fs_recover_inode_page. The

  • CVE-2026-23266MedMar 18, 2026
    affected >= 2.6.12, < 5.10.251fixed 5.10.251

    In the Linux kernel, the following vulnerability has been resolved: fbdev: rivafb: fix divide error in nv3_arb() A userspace program can trigger the RIVA NV3 arbitration code by calling the FBIOPUT_VSCREENINFO ioctl on /dev/fb*. When doing so, the driver recomputes FIFO arbitra

  • CVE-2026-23265MedMar 18, 2026
    affected >= 3.8.0, < 6.18.13fixed 6.18.13

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node footer in {read,write}_end_io -----------[ cut here ]------------ kernel BUG at fs/f2fs/data.c:358! Call Trace: blk_update_request+0x5eb/0xe70 block/blk-mq.c:987 bl

  • CVE-2026-23264MedMar 18, 2026
    affected >= 5.18.0, < 6.1.163fixed 6.1.163

    In the Linux kernel, the following vulnerability has been resolved: Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" This reverts commit 7294863a6f01248d72b61d38478978d638641bee. This commit was erroneously applied again after commit 0ab5d711ec74 ("drm/amd: Refac

  • CVE-2026-23263MedMar 18, 2026
    affected >= 6.17.0, < 6.18.10fixed 6.18.10

    In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix page array leak d9f595b9a65e ("io_uring/zcrx: fix leaking pages on sg init fail") fixed a page leakage but didn't free the page array, release it as well.

  • CVE-2026-23262HigMar 18, 2026
    affected >= 5.10.0, < 5.10.250fixed 5.10.250

    In the Linux kernel, the following vulnerability has been resolved: gve: Fix stats report corruption on queue count change The driver and the NIC share a region in memory for stats reporting. The NIC calculates its offset into this region based on the total size of the stats re

Page 7 of 88