VYPR

linux package

kernel

pkg:linux/kernel

Vulnerabilities (1,755)

  • CVE-2026-23244HigMar 18, 2026
    affected >= 6.5.0, < 6.6.130fixed 6.6.130

    In the Linux kernel, the following vulnerability has been resolved: nvme: fix memory allocation in nvme_pr_read_keys() nvme_pr_read_keys() takes num_keys from userspace and uses it to calculate the allocation size for rse via struct_size(). The upper limit is PR_KEYS_MAX (64K).

  • CVE-2026-23243HigMar 18, 2026
    affected >= 2.6.24, < 5.10.252fixed 5.10.252

    In the Linux kernel, the following vulnerability has been resolved: RDMA/umad: Reject negative data_len in ib_umad_write ib_umad_write computes data_len from user-controlled count and the MAD header sizes. With a mismatched user MAD header size and RMPP header length, data_len

  • CVE-2026-23242HigMar 18, 2026
    affected >= 5.3.0, < 5.10.252fixed 5.10.252

    In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix potential NULL pointer dereference in header processing If siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(), qp->rx_fpdu can be NULL. The error path in siw_tcp_rx_data() dereferences qp-

  • CVE-2025-71267MedMar 18, 2026
    affected >= 5.15.0, < 5.15.202fixed 5.15.202

    In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service (DoS) condition. A malformed NTFS image can cause an i

  • CVE-2025-71266MedMar 18, 2026
    affected >= 5.15.0, < 5.15.202fixed 5.15.202

    In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: check return value of indx_find to avoid infinite loop We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service (DoS) condition. A malformed dentry in the ntfs3 fi

  • CVE-2025-71265MedMar 18, 2026
    affected >= 5.15.0, < 5.15.202fixed 5.15.202

    In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service (DoS) condition. A malformed NTFS image

  • CVE-2026-23241MedMar 17, 2026
    affected >= 6.13.0, < 6.18.16fixed 6.18.16

    In the Linux kernel, the following vulnerability has been resolved: audit: add missing syscalls to read class The "at" variant of getxattr() and listxattr() are missing from the audit read class. Calling getxattrat() or listxattrat() on a file to read its extended attributes wi

  • CVE-2025-71239MedMar 17, 2026
    affected >= 6.6.0, < 6.6.128fixed 6.6.128

    In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2() to change attributes class fchmodat2(), introduced in version 6.6 is currently not in the change attribute class of audit. Calling fchmodat2() to change a file attribute in the same fashi

  • CVE-2026-23240CriMar 10, 2026
    affected >= 5.3.0, < 6.12.75fixed 6.12.75

    In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tls_sw_cancel_work_tx() This issue was discovered during a code audit. After cancel_delayed_work_sync() is called from tls_sk_proto_close(), tx_work_handler() can still be scheduled

  • CVE-2026-23239HigMar 10, 2026
    affected >= 5.6.0, < 6.12.75fixed 6.12.75

    In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcp_close() This issue was discovered during a code audit. After cancel_work_sync() is called from espintcp_close(), espintcp_tx_work() can still be scheduled from paths su

  • CVE-2024-14027Mar 9, 2026
    affected >= 6.11.0, < 6.12.77fixed 6.12.77

    In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput() in fremovexattr error path In the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a file reference but returns early without calling fdput() when strncpy_from_user()

  • CVE-2026-23225HigFeb 18, 2026
    affected >= 6.19.0, < 6.19.1fixed 6.19.1

    In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Don't assume CID is CPU owned on mode switch Shinichiro reported a KASAN UAF, which is actually an out of bounds access in the MMCID management code. CPU0 CPU1 T1 runs in userspac

  • CVE-2026-23183Feb 14, 2026
    affected >= 6.14.0, < 6.18.10fixed 6.18.10

    In the Linux kernel, the following vulnerability has been resolved: cgroup/dmem: fix NULL pointer dereference when setting max An issue was triggered: BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(

  • CVE-2026-23182Feb 14, 2026
    affected < 5.15.200fixed 5.15.200

    In the Linux kernel, the following vulnerability has been resolved: spi: tegra: Fix a memory leak in tegra_slink_probe() In tegra_slink_probe(), when platform_get_irq() fails, it directly returns from the function with an error code, which causes a memory leak. Replace it with

  • CVE-2026-23181Feb 14, 2026
    affected >= 6.15.0, < 6.18.10fixed 6.18.10

    In the Linux kernel, the following vulnerability has been resolved: btrfs: sync read disk super and set block size When the user performs a btrfs mount, the block device is not set correctly. The user sets the block size of the block device to 0x4000 by executing the BLKBSZSET

  • CVE-2026-23180HigFeb 14, 2026
    affected >= 5.15.0, < 5.15.200fixed 5.15.200

    In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: add bounds check for if_id in IRQ handler The IRQ handler extracts if_id from the upper 16 bits of the hardware status register and uses it to index into ethsw->ports[] without validation. Since i

  • CVE-2026-23179Feb 14, 2026
    affected >= 6.7.0, < 6.12.70fixed 6.12.70

    In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() When the socket is closed while in TCP_LISTEN a callback is run to flush all outstanding packets, which in turns calls nvmet_tcp_listen_data_ready() with t

  • CVE-2026-23178HigFeb 14, 2026
    affected >= 5.18.0, < 6.1.163fixed 6.1.163

    In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() `i2c_hid_xfer` is used to read `recv_len + sizeof(__le16)` bytes of data into `ihid->rawbuf`. The former can come from the userspace in the h

  • CVE-2026-23177Feb 14, 2026
    affected >= 6.12.0, < 6.12.70fixed 6.12.70

    In the Linux kernel, the following vulnerability has been resolved: mm, shmem: prevent infinite loop on truncate race When truncating a large swap entry, shmem_free_swap() returns 0 when the entry's index doesn't match the given index due to lookup alignment. The failure fallb

  • CVE-2026-23176Feb 14, 2026
    affected >= 3.17.0, < 5.10.250fixed 5.10.250

    In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshiba_haps: Fix memory leaks in add/remove routines toshiba_haps_add() leaks the haps object allocated by it if it returns an error after allocating that object successfully. toshiba_haps_remov

Page 9 of 88