Vendor CVEs
Linux
All CVEs
15,976 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-23035 | 0.00 | — | 0.00 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv mlx5e_priv is an unstable structure that can be memset(0) if profile attaching fails. Pass netdev to mlx5e_destroy_netdev() to guarantee it will… | |||
| CVE-2026-23034 | 0.00 | — | 0.00 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix fence reference leak on queue teardown v2 The user mode queue keeps a pointer to the most recent fence in userq->last_fence. This pointer holds an extra dma_fence reference. When the… | |||
| CVE-2026-23033 | 0.00 | — | 0.00 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: omap-dma: fix dma_pool resource leak in error paths The dma_pool created by dma_pool_create() is not destroyed when dma_async_device_register() or of_dma_controller_register() fails, causing a… | |||
| CVE-2026-23032 | 0.00 | — | 0.00 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: null_blk: fix kmemleak by releasing references to fault configfs items When CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, the null-blk driver sets up fault injection support by creating the… | |||
| CVE-2026-23031 | 0.00 | — | 0.00 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak In gs_can_open(), the URBs for USB-in transfers are allocated, added to the parent->rx_submitted anchor and submitted. In the complete callback… | |||
| CVE-2026-23030 | 0.00 | — | 0.00 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() The for_each_available_child_of_node() calls of_node_put() to release child_np in each success loop. After breaking from the loop… | |||
| CVE-2026-23029 | 0.00 | — | 0.00 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvm_device leak in kvm_eiointc_destroy() In kvm_ioctl_create_device(), kvm_device has allocated memory, kvm_device->destroy() seems to be supposed to free its kvm_device struct, but… | |||
| CVE-2026-23028 | 0.00 | — | 0.00 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvm_device leak in kvm_ipi_destroy() In kvm_ioctl_create_device(), kvm_device has allocated memory, kvm_device->destroy() seems to be supposed to free its kvm_device struct, but… | |||
| CVE-2025-71187 | 0.00 | — | 0.00 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: sh: rz-dmac: fix device leak on probe failure Make sure to drop the reference taken when looking up the ICU device during probe also on probe failures (e.g. probe deferral). | |||
| CVE-2026-23024 | 0.00 | — | 0.00 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leak of flow steer list on rmmod The flow steering list maintains entries that are added and removed as ethtool creates and deletes flow steering rules. Module removal with active entries… | |||
| CVE-2026-23023 | 0.00 | — | 0.00 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leak in idpf_vport_rel() Free vport->rx_ptype_lkup in idpf_vport_rel() to avoid leaking memory during a reset. Reported by kmemleak: unreferenced object 0xff450acac838a000 (size 4096): comm… | |||
| CVE-2026-23022 | 0.00 | — | 0.00 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leak in idpf_vc_core_deinit() Make sure to free hw->lan_regs. Reported by kmemleak during reset: unreferenced object 0xff1b913d02a936c0 (size 96): comm "kworker/u258:14", pid 2174, jiffies… | |||
| CVE-2026-23021 | 0.00 | — | 0.00 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: fix memory leak in update_eth_regs_async() When asynchronously writing to the device registers and if usb_submit_urb() fail, the code fail to release allocated to this point resources. | |||
| CVE-2026-23020 | 0.00 | — | 0.00 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: 3com: 3c59x: fix possible null dereference in vortex_probe1() pdev can be null and free_ring: can be called in 1297 with a null pdev. | |||
| CVE-2026-23019 | 0.00 | — | 0.00 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix NULL dereference on devlink_alloc() failure devlink_alloc() may return NULL on allocation failure, but prestera_devlink_alloc() unconditionally calls devlink_priv() on the returned… | |||
| CVE-2026-23018 | 0.00 | — | 0.00 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: btrfs: release path before initializing extent tree in btrfs_read_locked_inode() In btrfs_read_locked_inode() we are calling btrfs_init_file_extent_tree() while holding a path with a read locked leaf from a… | |||
| CVE-2026-23017 | 0.00 | — | 0.00 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: idpf: fix error handling in the init_task on load If the init_task fails during a driver load, we end up without vports and netdevs, effectively failing the entire process. In that state a subsequent reset… | |||
| CVE-2026-23016 | 0.00 | — | 0.00 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: inet: frags: drop fraglist conntrack references Jakub added a warning in nf_conntrack_cleanup_net_list() to make debugging leaked skbs/conntrack references more obvious. syzbot reports this as triggering, and… | |||
| CVE-2026-23015 | 0.00 | — | 0.00 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: fix reference leak in gpio_mpsse_probe() error paths The reference obtained by calling usb_get_dev() is not released in the gpio_mpsse_probe() error paths. Fix that by using device managed helper… | |||
| CVE-2025-71184 | 0.00 | — | 0.00 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL dereference on root when tracing inode eviction When evicting an inode the first thing we do is to setup tracing for it, which implies fetching the root's id. But in btrfs_evict_inode() the… | |||
| CVE-2025-71183 | 0.00 | — | 0.00 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: btrfs: always detect conflicting inodes when logging inode refs After rename exchanging (either with the rename exchange operation or regular renames in multiple non-atomic steps) two inodes and at least one… | |||
| CVE-2025-71182 | 0.00 | — | 0.00 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: can: j1939: make j1939_session_activate() fail if device is no longer registered syzbot is still reporting unregister_netdevice: waiting for vcan0 to become free. Usage count = 2 even after commit… | |||
| CVE-2025-71181 | 0.00 | — | 0.00 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: rust_binder: remove spin_lock() in rust_shrink_free_page() When forward-porting Rust Binder to 6.18, I neglected to take commit fb56fdf8b9a2 ("mm/list_lru: split the lock to per-cgroup scope") into account,… | |||
| CVE-2025-71180 | 0.00 | — | 0.00 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: counter: interrupt-cnt: Drop IRQF_NO_THREAD flag An IRQ handler can either be IRQF_NO_THREAD or acquire spinlock_t, as CONFIG_PROVE_RAW_LOCK_NESTING warns: ============================= [ BUG: Invalid wait… | |||
| CVE-2026-23012 | 0.00 | — | 0.00 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove call_control in inactive contexts If damon_call() is executed against a DAMON context that is not running, the function returns error while keeping the damon_call_control object linked to… | |||
| CVE-2026-23011 | 0.00 | — | 0.00 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_gre: make ipgre_header() robust Analog to commit db5b4e39c4e6 ("ip6_gre: make ip6gre_header() robust") Over the years, syzbot found many ways to crash the kernel in ipgre_header() [1]. This involves… | |||
| CVE-2026-23009 | 0.00 | — | 0.00 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: xhci: sideband: don't dereference freed ring when removing sideband endpoint xhci_sideband_remove_endpoint() incorrecly assumes that the endpoint is running and has a valid transfer ring. Lianqin reported a… | |||
| CVE-2026-23008 | 0.00 | — | 0.00 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix KMS with 3D on HW version 10 HW version 10 does not have GB Surfaces so there is no backing buffer for surface backed FBs. This would result in a nullptr dereference and crash the driver… | |||
| CVE-2026-23007 | 0.00 | — | 0.00 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: block: zero non-PI portion of auto integrity buffer The auto-generated integrity buffer for writes needs to be fully initialized before being passed to the underlying block device, otherwise the uninitialized… | |||
| CVE-2026-23006 | 0.00 | — | 0.00 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: ASoC: tlv320adcx140: fix null pointer The "snd_soc_component" in "adcx140_priv" was only used once but never set. It was only used for reaching "dev" which is already present in "adcx140_priv". | |||
| CVE-2026-23005 | 0.00 | — | 0.00 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1 When loading guest XSAVE state via KVM_SET_XSAVE, and when updating XFD in response to a guest WRMSR, clear XFD-disabled features in the saved… | |||
| CVE-2026-23002 | 0.00 | — | 0.00 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: lib/buildid: use __kernel_read() for sleepable context Prevent a "BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio". For the sleepable context, convert freader to use… | |||
| CVE-2026-23000 | 0.00 | — | 0.00 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash on profile change rollback failure mlx5e_netdev_change_profile can fail to attach a new profile and can fail to rollback to old profile, in such case, we could end up with a dangling… | |||
| CVE-2026-22996 | 0.00 | — | 0.00 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv mlx5e_priv is an unstable structure that can be memset(0) if profile attaching fails, mlx5e_priv in mlx5e_dev devlink private is used to reference… | |||
| CVE-2025-71163 | 0.00 | — | 0.00 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix device leaks on compat bind and unbind Make sure to drop the reference taken when looking up the idxd device as part of the compat bind and unbind sysfs interface. | |||
| CVE-2025-71162 | 0.00 | — | 0.00 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: tegra-adma: Fix use-after-free A use-after-free bug exists in the Tegra ADMA driver when audio streams are terminated, particularly during XRUN conditions. The issue occurs when the DMA buffer is… | |||
| CVE-2026-22995 | 0.00 | — | 0.00 | Jan 23, 2026 | In the Linux kernel, the following vulnerability has been resolved: ublk: fix use-after-free in ublk_partition_scan_work A race condition exists between the async partition scan work and device teardown that can lead to a use-after-free of ub->ub_disk: 1.… | |||
| CVE-2026-22994 | 0.00 | — | 0.00 | Jan 23, 2026 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix reference count leak in bpf_prog_test_run_xdp() syzbot is reporting unregister_netdevice: waiting for sit0 to become free. Usage count = 2 problem. A debug printk() patch found that a refcount is… | |||
| CVE-2026-22989 | 0.00 | — | 0.00 | Jan 23, 2026 | In the Linux kernel, the following vulnerability has been resolved: nfsd: check that server is running in unlock_filesystem If we are trying to unlock the filesystem via an administrative interface and nfsd isn't running, it crashes the server. This happens currently because… | |||
| CVE-2026-22987 | 0.00 | — | 0.00 | Jan 23, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/sched: act_api: avoid dereferencing ERR_PTR in tcf_idrinfo_destroy syzbot reported a crash in tc_act_in_hw() during netns teardown where tcf_idrinfo_destroy() passed an ERR_PTR(-EBUSY) value as a tc_action… | |||
| CVE-2026-22983 | 0.00 | — | 0.00 | Jan 23, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: do not write to msg_get_inq in callee NULL pointer dereference fix. msg_get_inq is an input field from caller to callee. Don't set it in the callee, as the caller may not clear it on struct reuse. This… | |||
| CVE-2026-22982 | 0.00 | — | 0.00 | Jan 23, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix crash when adding interface under a lag Commit 15faa1f67ab4 ("lan966x: Fix crash when adding interface under a lag") fixed a similar issue in the lan966x driver caused by a NULL pointer… | |||
| CVE-2026-22979 | 0.00 | — | 0.00 | Jan 23, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: fix memory leak in skb_segment_list for GRO packets When skb_segment_list() is called during packet forwarding, it handles packets that were aggregated by the GRO engine. Historically, the segmentation… | |||
| CVE-2026-22978 | 0.00 | — | 0.00 | Jan 23, 2026 | In the Linux kernel, the following vulnerability has been resolved: wifi: avoid kernel-infoleak from struct iw_point struct iw_point has a 32bit hole on 64bit arches. struct iw_point { void __user *pointer; /* Pointer to the data (in user space) */ __u16 … | |||
| CVE-2025-71160 | 0.00 | — | 0.00 | Jan 23, 2026 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: avoid chain re-validation if possible Hamza Mahfooz reports cpu soft lock-ups in nft_chain_validate(): watchdog: BUG: soft lockup - CPU#1 stuck for 27s! [iptables-nft-re:37547] [..] … | |||
| CVE-2025-71159 | 0.00 | — | 0.00 | Jan 23, 2026 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free warning in btrfs_get_or_create_delayed_node() Previously, btrfs_get_or_create_delayed_node() set the delayed_node's refcount before acquiring the root->delayed_nodes lock. Commit… | |||
| CVE-2025-71158 | 0.00 | — | 0.00 | Jan 23, 2026 | In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: ensure worker is torn down When an IRQ worker is running, unplugging the device would cause a crash. The sealevel hardware this driver was written for was not hotpluggable, so I never realized it.… | |||
| CVE-2025-71157 | 0.00 | — | 0.00 | Jan 23, 2026 | In the Linux kernel, the following vulnerability has been resolved: RDMA/core: always drop device refcount in ib_del_sub_device_and_put() Since nldev_deldev() (introduced by commit 060c642b2ab8 ("RDMA/nldev: Add support to add/delete a sub IB device through netlink") grabs a… | |||
| CVE-2025-71156 | 0.00 | — | 0.00 | Jan 23, 2026 | In the Linux kernel, the following vulnerability has been resolved: gve: defer interrupt enabling until NAPI registration Currently, interrupts are automatically enabled immediately upon request. This allows interrupt to fire before the associated NAPI context is fully… | |||
| CVE-2025-71155 | 0.00 | — | 0.00 | Jan 23, 2026 | In the Linux kernel, the following vulnerability has been resolved: KVM: s390: Fix gmap_helper_zap_one_page() again A few checks were missing in gmap_helper_zap_one_page(), which can lead to memory corruption in the guest under specific circumstances. Add the missing checks. |
- CVE-2026-23035Jan 31, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv mlx5e_priv is an unstable structure that can be memset(0) if profile attaching fails. Pass netdev to mlx5e_destroy_netdev() to guarantee it will…
- CVE-2026-23034Jan 31, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix fence reference leak on queue teardown v2 The user mode queue keeps a pointer to the most recent fence in userq->last_fence. This pointer holds an extra dma_fence reference. When the…
- CVE-2026-23033Jan 31, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: dmaengine: omap-dma: fix dma_pool resource leak in error paths The dma_pool created by dma_pool_create() is not destroyed when dma_async_device_register() or of_dma_controller_register() fails, causing a…
- CVE-2026-23032Jan 31, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: null_blk: fix kmemleak by releasing references to fault configfs items When CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, the null-blk driver sets up fault injection support by creating the…
- CVE-2026-23031Jan 31, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak In gs_can_open(), the URBs for USB-in transfers are allocated, added to the parent->rx_submitted anchor and submitted. In the complete callback…
- CVE-2026-23030Jan 31, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() The for_each_available_child_of_node() calls of_node_put() to release child_np in each success loop. After breaking from the loop…
- CVE-2026-23029Jan 31, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvm_device leak in kvm_eiointc_destroy() In kvm_ioctl_create_device(), kvm_device has allocated memory, kvm_device->destroy() seems to be supposed to free its kvm_device struct, but…
- CVE-2026-23028Jan 31, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvm_device leak in kvm_ipi_destroy() In kvm_ioctl_create_device(), kvm_device has allocated memory, kvm_device->destroy() seems to be supposed to free its kvm_device struct, but…
- CVE-2025-71187Jan 31, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: dmaengine: sh: rz-dmac: fix device leak on probe failure Make sure to drop the reference taken when looking up the ICU device during probe also on probe failures (e.g. probe deferral).
- CVE-2026-23024Jan 31, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leak of flow steer list on rmmod The flow steering list maintains entries that are added and removed as ethtool creates and deletes flow steering rules. Module removal with active entries…
- CVE-2026-23023Jan 31, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leak in idpf_vport_rel() Free vport->rx_ptype_lkup in idpf_vport_rel() to avoid leaking memory during a reset. Reported by kmemleak: unreferenced object 0xff450acac838a000 (size 4096): comm…
- CVE-2026-23022Jan 31, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leak in idpf_vc_core_deinit() Make sure to free hw->lan_regs. Reported by kmemleak during reset: unreferenced object 0xff1b913d02a936c0 (size 96): comm "kworker/u258:14", pid 2174, jiffies…
- CVE-2026-23021Jan 31, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: fix memory leak in update_eth_regs_async() When asynchronously writing to the device registers and if usb_submit_urb() fail, the code fail to release allocated to this point resources.
- CVE-2026-23020Jan 31, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net: 3com: 3c59x: fix possible null dereference in vortex_probe1() pdev can be null and free_ring: can be called in 1297 with a null pdev.
- CVE-2026-23019Jan 31, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix NULL dereference on devlink_alloc() failure devlink_alloc() may return NULL on allocation failure, but prestera_devlink_alloc() unconditionally calls devlink_priv() on the returned…
- CVE-2026-23018Jan 31, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: btrfs: release path before initializing extent tree in btrfs_read_locked_inode() In btrfs_read_locked_inode() we are calling btrfs_init_file_extent_tree() while holding a path with a read locked leaf from a…
- CVE-2026-23017Jan 31, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: idpf: fix error handling in the init_task on load If the init_task fails during a driver load, we end up without vports and netdevs, effectively failing the entire process. In that state a subsequent reset…
- CVE-2026-23016Jan 31, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: inet: frags: drop fraglist conntrack references Jakub added a warning in nf_conntrack_cleanup_net_list() to make debugging leaked skbs/conntrack references more obvious. syzbot reports this as triggering, and…
- CVE-2026-23015Jan 31, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: fix reference leak in gpio_mpsse_probe() error paths The reference obtained by calling usb_get_dev() is not released in the gpio_mpsse_probe() error paths. Fix that by using device managed helper…
- CVE-2025-71184Jan 31, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL dereference on root when tracing inode eviction When evicting an inode the first thing we do is to setup tracing for it, which implies fetching the root's id. But in btrfs_evict_inode() the…
- CVE-2025-71183Jan 31, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: btrfs: always detect conflicting inodes when logging inode refs After rename exchanging (either with the rename exchange operation or regular renames in multiple non-atomic steps) two inodes and at least one…
- CVE-2025-71182Jan 31, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: can: j1939: make j1939_session_activate() fail if device is no longer registered syzbot is still reporting unregister_netdevice: waiting for vcan0 to become free. Usage count = 2 even after commit…
- CVE-2025-71181Jan 31, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: rust_binder: remove spin_lock() in rust_shrink_free_page() When forward-porting Rust Binder to 6.18, I neglected to take commit fb56fdf8b9a2 ("mm/list_lru: split the lock to per-cgroup scope") into account,…
- CVE-2025-71180Jan 31, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: counter: interrupt-cnt: Drop IRQF_NO_THREAD flag An IRQ handler can either be IRQF_NO_THREAD or acquire spinlock_t, as CONFIG_PROVE_RAW_LOCK_NESTING warns: ============================= [ BUG: Invalid wait…
- CVE-2026-23012Jan 25, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove call_control in inactive contexts If damon_call() is executed against a DAMON context that is not running, the function returns error while keeping the damon_call_control object linked to…
- CVE-2026-23011Jan 25, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_gre: make ipgre_header() robust Analog to commit db5b4e39c4e6 ("ip6_gre: make ip6gre_header() robust") Over the years, syzbot found many ways to crash the kernel in ipgre_header() [1]. This involves…
- CVE-2026-23009Jan 25, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: xhci: sideband: don't dereference freed ring when removing sideband endpoint xhci_sideband_remove_endpoint() incorrecly assumes that the endpoint is running and has a valid transfer ring. Lianqin reported a…
- CVE-2026-23008Jan 25, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix KMS with 3D on HW version 10 HW version 10 does not have GB Surfaces so there is no backing buffer for surface backed FBs. This would result in a nullptr dereference and crash the driver…
- CVE-2026-23007Jan 25, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: block: zero non-PI portion of auto integrity buffer The auto-generated integrity buffer for writes needs to be fully initialized before being passed to the underlying block device, otherwise the uninitialized…
- CVE-2026-23006Jan 25, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ASoC: tlv320adcx140: fix null pointer The "snd_soc_component" in "adcx140_priv" was only used once but never set. It was only used for reaching "dev" which is already present in "adcx140_priv".
- CVE-2026-23005Jan 25, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1 When loading guest XSAVE state via KVM_SET_XSAVE, and when updating XFD in response to a guest WRMSR, clear XFD-disabled features in the saved…
- CVE-2026-23002Jan 25, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: lib/buildid: use __kernel_read() for sleepable context Prevent a "BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio". For the sleepable context, convert freader to use…
- CVE-2026-23000Jan 25, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash on profile change rollback failure mlx5e_netdev_change_profile can fail to attach a new profile and can fail to rollback to old profile, in such case, we could end up with a dangling…
- CVE-2026-22996Jan 25, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv mlx5e_priv is an unstable structure that can be memset(0) if profile attaching fails, mlx5e_priv in mlx5e_dev devlink private is used to reference…
- CVE-2025-71163Jan 25, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix device leaks on compat bind and unbind Make sure to drop the reference taken when looking up the idxd device as part of the compat bind and unbind sysfs interface.
- CVE-2025-71162Jan 25, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: dmaengine: tegra-adma: Fix use-after-free A use-after-free bug exists in the Tegra ADMA driver when audio streams are terminated, particularly during XRUN conditions. The issue occurs when the DMA buffer is…
- CVE-2026-22995Jan 23, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ublk: fix use-after-free in ublk_partition_scan_work A race condition exists between the async partition scan work and device teardown that can lead to a use-after-free of ub->ub_disk: 1.…
- CVE-2026-22994Jan 23, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix reference count leak in bpf_prog_test_run_xdp() syzbot is reporting unregister_netdevice: waiting for sit0 to become free. Usage count = 2 problem. A debug printk() patch found that a refcount is…
- CVE-2026-22989Jan 23, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: nfsd: check that server is running in unlock_filesystem If we are trying to unlock the filesystem via an administrative interface and nfsd isn't running, it crashes the server. This happens currently because…
- CVE-2026-22987Jan 23, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_api: avoid dereferencing ERR_PTR in tcf_idrinfo_destroy syzbot reported a crash in tc_act_in_hw() during netns teardown where tcf_idrinfo_destroy() passed an ERR_PTR(-EBUSY) value as a tc_action…
- CVE-2026-22983Jan 23, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net: do not write to msg_get_inq in callee NULL pointer dereference fix. msg_get_inq is an input field from caller to callee. Don't set it in the callee, as the caller may not clear it on struct reuse. This…
- CVE-2026-22982Jan 23, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix crash when adding interface under a lag Commit 15faa1f67ab4 ("lan966x: Fix crash when adding interface under a lag") fixed a similar issue in the lan966x driver caused by a NULL pointer…
- CVE-2026-22979Jan 23, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net: fix memory leak in skb_segment_list for GRO packets When skb_segment_list() is called during packet forwarding, it handles packets that were aggregated by the GRO engine. Historically, the segmentation…
- CVE-2026-22978Jan 23, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: wifi: avoid kernel-infoleak from struct iw_point struct iw_point has a 32bit hole on 64bit arches. struct iw_point { void __user *pointer; /* Pointer to the data (in user space) */ __u16 …
- CVE-2025-71160Jan 23, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: avoid chain re-validation if possible Hamza Mahfooz reports cpu soft lock-ups in nft_chain_validate(): watchdog: BUG: soft lockup - CPU#1 stuck for 27s! [iptables-nft-re:37547] [..] …
- CVE-2025-71159Jan 23, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free warning in btrfs_get_or_create_delayed_node() Previously, btrfs_get_or_create_delayed_node() set the delayed_node's refcount before acquiring the root->delayed_nodes lock. Commit…
- CVE-2025-71158Jan 23, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: ensure worker is torn down When an IRQ worker is running, unplugging the device would cause a crash. The sealevel hardware this driver was written for was not hotpluggable, so I never realized it.…
- CVE-2025-71157Jan 23, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: always drop device refcount in ib_del_sub_device_and_put() Since nldev_deldev() (introduced by commit 060c642b2ab8 ("RDMA/nldev: Add support to add/delete a sub IB device through netlink") grabs a…
- CVE-2025-71156Jan 23, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: gve: defer interrupt enabling until NAPI registration Currently, interrupts are automatically enabled immediately upon request. This allows interrupt to fire before the associated NAPI context is fully…
- CVE-2025-71155Jan 23, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: Fix gmap_helper_zap_one_page() again A few checks were missing in gmap_helper_zap_one_page(), which can lead to memory corruption in the guest under specific circumstances. Add the missing checks.
Page 251 of 320