Linux Kernel
Monthly
In the Linux kernel, the following vulnerability has been resolved: smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe() When ksmbd_iov_pin_rsp() fails, we should call ksmbd_session_rpc_close().
CVE-2025-71204 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures.
In the Linux kernel, the following vulnerability has been resolved: riscv: Sanitize syscall table indexing under speculation The syscall number is a user-controlled value used to index into the syscall table.
A null pointer dereference in the Linux kernel's mlx5e TC steering driver allows local attackers with user privileges to cause a denial of service by triggering improper flow deletion logic that attempts to access non-existent device peers. The vulnerability occurs when deleting TC flows without validating peer existence, leading to kernel crashes. No patch is currently available for this medium-severity flaw affecting Linux systems with Mellanox network drivers.
The Linux kernel's imx/tve driver fails to properly release a DDC device reference during probe failure or driver unbind, causing a resource leak that could lead to denial of service through memory exhaustion. Local users with driver interaction capabilities can trigger this leak through probe deferral or module unload operations. No patch is currently available to address this medium-severity vulnerability.
Linux kernel flexible proportions code can cause a denial of service through a deadlock when a hard interrupt fires during a soft interrupt's sequence count operation, allowing a local attacker with limited privileges to hang the system by triggering indefinite loops in proportion calculations. The vulnerability affects the fprop_new_period() function which lacks proper hardirq safety, creating a race condition between timer softirq context and block I/O hardirq handlers. No patch is currently available for this medium-severity issue.
A race condition in the Linux kernel NFC subsystem allows local attackers with low privileges to cause a denial of service by triggering a use-after-free condition between rfkill device unregistration and NCI command queue destruction. An attacker can exploit this by closing a virtual NCI device file while rfkill operations are in progress, causing the kernel to access a destroyed work queue. No patch is currently available for this vulnerability.
A NULL pointer dereference in the Intel ice network driver's ice_vsi_set_napi_queues() function can cause a kernel crash on Linux systems during suspend/resume operations when ring queue vectors are improperly initialized. Local users with standard privileges can trigger this denial of service condition through standard power management operations like systemctl suspend. No patch is currently available for this vulnerability affecting Linux kernel v6.18 and the Intel E810 Ethernet adapter family.
The Linux kernel's Saffirecode (sfc) driver contains a deadlock vulnerability in RSS configuration reading where the driver attempts to acquire a lock that the kernel's ethtool subsystem has already locked, causing the system to hang. A local user with sufficient privileges can trigger this denial of service condition by executing ethtool RSS configuration commands. No patch is currently available for this medium-severity issue.
The Linux kernel's rocker network driver fails to free allocated memory in rocker_world_port_post_fini() when certain callback functions are not implemented, causing a memory leak of approximately 288 bytes per port during device removal. A local attacker with standard user privileges can trigger repeated device removal operations to exhaust kernel memory and cause a denial of service. No patch is currently available for this issue.
The Linux kernel amdgpu graphics driver crashes with a NULL pointer dereference on APU platforms (Raven, Renoir) when SVM page fault recovery attempts to access uninitialized interrupt ring buffers that only exist on discrete GPUs. A local authenticated attacker can trigger this denial of service by enabling retry faults on affected APUs. No patch is currently available.
A double-free vulnerability in the Linux kernel's xe/nvm driver allows local users with low privileges to cause a denial of service or potential code execution through improper memory management during auxiliary device initialization failures. The flaw occurs when auxiliary_device_add() fails and triggers both the release callback and an additional kfree() operation on the same memory region. This affects Linux systems with the xe driver, and no patch is currently available.
The Linux kernel's octeon_ep driver fails to properly clean up allocated memory and mapped resources when the octep_ctrl_net_init() function fails during device setup, resulting in a local denial of service condition. An authenticated local attacker could trigger this memory leak by causing the initialization to fail, exhausting system memory over time. A patch is not currently available for this vulnerability.
A null pointer dereference in the Linux kernel's perf scheduler functionality causes a denial of service when handling user space stacktraces for certain kernel tasks. Local attackers with low privileges can trigger this crash by exploiting inconsistent task classification logic that fails to properly identify user versus kernel tasks. The vulnerability affects the Linux kernel with no patch currently available.
A use-after-free vulnerability in the Linux kernel's gpio-virtuser configfs release path allows local users with standard privileges to trigger memory corruption and potentially achieve code execution by causing mutex operations on freed memory. The flaw exists because the device structure is freed while a mutex guard scope is still active, leading to undefined behavior when the guard attempts to unlock the already-destroyed mutex. This vulnerability affects Linux systems with the affected kernel versions and requires local access to exploit.
Linux kernel dirty page throttling can cause system hangs when cgroup memory limits are restrictive, as processes become stuck waiting on balance_dirty_pages() io_schedule_timeout() calls. A local user with write permissions can trigger a denial of service by exhausting dirty page limits through intensive file operations, potentially freezing the system. No patch is currently available for affected kernels prior to v6.18.
The Linux kernel's efivarfs implementation fails to propagate errors from __efivar_entry_get(), causing the efivar_entry_get() function to mask failures and return success regardless of the underlying operation's result. This error handling flaw enables uninitialized heap memory to be copied to userspace through the efivarfs_file_read() path, potentially exposing sensitive kernel data to local users with read access to efivarfs. No patch is currently available for this high-severity vulnerability affecting the Linux kernel.
GSO segmentation when forwarding GRO packets containing a frag_list. The function skb_segment_list cannot correctly process GRO skbs contains a security vulnerability.
A race condition in the Linux kernel's FireWire core transaction handling allows local attackers with low privileges to cause a denial of service by triggering concurrent processing of AR response and AT request completion events without proper synchronization. The vulnerability stems from transaction list enumeration occurring outside the card lock scope, enabling memory corruption or system crashes when exploited. No patch is currently available for this issue.
The Linux kernel's mac80211 WiFi implementation contains a parsing error when processing TID-To-Link Mapping (TTLM) elements with default link configurations, causing out-of-bounds memory reads. This vulnerability affects systems running vulnerable Linux kernels and could lead to denial of service through kernel crashes or information disclosure. No patch is currently available for this medium-severity issue.
A memory leak in the Linux kernel's NFC LLCP implementation allows local attackers to exhaust memory by exploiting a race condition between the nfc_llcp_send_ui_frame() function and local device cleanup routines. An attacker with local access can trigger the vulnerability by sending NFC frames while the underlying device is being destroyed, causing socket buffers to accumulate in the transmit queue and never be freed.
A local attacker with unprivileged access can trigger kernel warnings in the Linux kernel's DRM subsystem by passing oversized handle values to drm_gem_change_handle_ioctl(), exploiting improper input validation between userspace u32 and kernel int types. This vulnerability affects the Linux kernel and allows denial of service through repeated warning generation, though no patch is currently available.
A memory leak in the Linux kernel's btrfs zlib compression module on S390 hardware-accelerated systems fails to properly release file cache pages, potentially leading to memory exhaustion and denial of service on affected systems. The vulnerability stems from missing cleanup code introduced during a refactoring of the S390x hardware acceleration buffer handling. Local attackers with access to the system could trigger the leak through repeated compression operations.
A race condition in the Linux kernel's Bluetooth HCI UART driver allows local attackers with user privileges to trigger a null pointer dereference and cause a denial of service by initiating a TTY write wakeup during driver initialization. The vulnerability occurs when hci_uart_tx_wakeup() schedules write work before the protocol handler's private data structure is initialized, leading to a crash in hci_uart_write_work(). No patch is currently available for this issue.
A resource leak in the Linux kernel's ext4 filesystem implementation fails to properly release buffer head references in the xattr inode update function, potentially causing memory exhaustion on systems with local access. This medium-severity vulnerability affects Linux kernel versions and could allow local attackers to degrade system availability through repeated resource consumption. No patch is currently available.
Linux kernel DAMON sysfs interface fails to properly clean up subdirectories when context setup encounters errors, leaving orphaned directory structures and leaked memory that degrades functionality until system reboot. A local user with appropriate privileges can trigger this condition to cause denial of service by making the DAMON sysfs interface unreliable or unusable. This vulnerability requires local access and user interaction to exploit, with no available patch currently issued.
A memory alignment flaw in the Linux kernel's virtio_net driver allows local attackers with user-level privileges to cause denial of service through misalignment of flexible array members in the virtnet_info structure. The vulnerability results in potential memory corruption when accessing the rss_hash_key_data field, impacting systems running affected Linux kernel versions. No patch is currently available for this medium-severity issue.
Linux kernel DAMON sysfs interface fails to properly clean up access_pattern subdirectories when scheme directory setup fails, causing memory leaks and rendering the sysfs interface non-functional until system reboot. A local privileged user can trigger this condition to degrade system functionality and exhaust memory resources. No patch is currently available for this medium-severity vulnerability.
The Linux kernel's btrfs send functionality fails to validate whether file extent items are inline extents before accessing the disk_bytenr field, potentially causing invalid memory access or metadata corruption on affected systems. A local attacker with file system access could exploit this to trigger a denial of service condition through carefully crafted inline extent items. No patch is currently available for this medium-severity vulnerability.
The Linux kernel's BPF test_run component fails to properly validate XDP frame metadata size, allowing local users with appropriate privileges to specify oversized metadata that exhausts frame headroom and leaves the frame structure uninitialized. This can lead to denial of service or memory corruption during packet transmission. No patch is currently available for this issue.
The Linux kernel's ftrace stack trace recording mechanism lacks proper recursion protection, allowing local users with sufficient privileges to trigger an infinite recursion loop when kernel stack trace triggers are enabled on RCU events, resulting in denial of service through system hang or crash. The vulnerability affects systems where tracing is configured to capture stack traces during RCU event monitoring. No patch is currently available to address this medium-severity defect.
Memory leak in the Linux kernel's device tree unittest module allows local users with standard privileges to cause a denial of service by exhausting system memory when the of_resolve_phandles() function fails during unit test execution. The vulnerability stems from improper resource cleanup in the unittest_data_add() function, where allocated memory is not freed on error paths. A patch is not currently available.
The Linux kernel ath12k WiFi driver incorrectly frees DMA memory buffers using aligned addresses instead of the original unaligned pointers returned by dma_alloc_coherent(), potentially causing memory management errors and denial of service on systems using affected WiFi hardware. A local attacker with user privileges can trigger this vulnerability through normal WiFi driver operations, leading to system instability or crashes. No patch is currently available for this medium-severity vulnerability.
The Linux kernel's kmalloc_nolock() function on PREEMPT_RT systems fails to properly validate execution context before acquiring a sleeping lock, causing a kernel panic when BPF programs execute from tracepoints with preemption disabled. A local attacker with ability to run BPF programs can trigger a denial of service by causing the kernel to attempt sleeping operations in invalid contexts. No patch is currently available for this medium-severity vulnerability.
The ath10k WiFi driver in the Linux kernel incorrectly frees DMA-allocated memory by using aligned addresses instead of the original unaligned pointers, potentially causing memory corruption and system denial of service on affected systems. A local attacker with appropriate privileges can trigger this vulnerability to crash the kernel or cause system instability. No patch is currently available for this issue.
The Linux kernel's Synopsys DesignWare DisplayPort bridge driver contains improper error handling in the dw_dp_bind() function that fails to unregister auxiliary devices and return error codes correctly, potentially causing resource leaks or kernel instability for systems using affected display hardware. A local attacker with sufficient privileges could trigger these error paths to cause a denial of service through resource exhaustion or kernel panic.
In the Linux kernel, the following vulnerability has been resolved: iommu/sva: invalidate stale IOTLB entries for kernel address space Introduce a new IOMMU interface to flush IOTLB paging cache entries for the CPU kernel address space.
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix early read unlock of page with EOF in middle The read result collection for buffered reads seems to run ahead of the completion of subrequests under some circumstances, as can be seen in the following log snippet: 9p_client_res: client 18446612686390831168 response P9_TREAD tag 0 err 0 ...
The HP BIOS configuration driver in the Linux kernel fails to validate attribute names before kobject registration, causing kernel warnings and potential denial of service when HP BIOS returns empty name strings. A local user with standard privileges can trigger this vulnerability to crash or destabilize the system by supplying malformed BIOS attribute data. No patch is currently available for this medium-severity flaw affecting Linux systems with HP BIOS configuration support.
A deadlock condition in the Linux kernel's ath12k WiFi driver occurs when management frame transmission is blocked by the wiphy lock during flush operations, causing the wireless interface to hang and preventing authentication. Local users with sufficient privileges can trigger this condition by initiating WiFi authentication while pending management frames are being flushed, resulting in a denial of service. No patch is currently available for this medium-severity vulnerability.
The Linux kernel's DPLL subsystem fails to prevent duplicate pin registrations, allowing callers to register the same pin multiple times and causing memory management issues during unregistration. A local attacker with unprivileged access could trigger this condition to cause a denial of service through kernel warnings or crashes. No patch is currently available for this vulnerability.
The Linux kernel's ARM64 hibernation resume function fails to disable Control Flow Integrity (CFI) checking, causing a data abort exception when resuming from hibernation on affected systems. A local attacker with hibernation access could trigger a denial of service by invoking the resume function without proper CFI validation. This affects Linux kernel deployments on ARM64 architecture, though no patch is currently available.
Linux kernel perf subsystem allows local authenticated users to trigger a use-after-free condition via refcount manipulation when creating perf event group members with PERF_FLAG_FD_OUTPUT flag, resulting in denial of service through kernel warnings and potential system instability. This vulnerability requires local access and existing privileges to exploit, with no patch currently available.
The Linux kernel netdevsim driver contains a race condition in the bpf_bound_progs list operations where concurrent calls to nsim_bpf_create_prog() and nsim_bpf_destroy_prog() can corrupt the list and trigger kernel crashes. A local attacker with limited privileges can exploit this vulnerability to cause a denial of service by manipulating eBPF program creation and destruction. No patch is currently available for this issue.
A null pointer dereference in the Linux kernel's SCTP authentication initialization can be triggered by local attackers with user privileges to cause a denial of service through a crash in the packet transmission path. The vulnerability occurs when SCTP-AUTH key setup fails during association peer initialization, leaving a dangling pointer that is subsequently dereferenced. No patch is currently available for this medium-severity issue affecting the Linux kernel.
A data race condition in the Linux kernel's IPv6 NDISC router discovery function allows concurrent unsynchronized read/write access to the ra_mtu field, potentially causing denial of service through system instability or crashes on local systems. The vulnerability affects all Linux systems running vulnerable kernel versions and requires local access to trigger. No patch is currently available, though the race condition is considered low-impact as the affected field represents best-effort MTU configuration.
Uninitialized pointer dereferences in the Linux kernel's interconnect debugfs implementation can cause denial of service when users interact with src_node and dst_node debugfs entries. A local attacker with standard user privileges can trigger memory access violations through reads or writes to these debugfs interfaces, crashing the system or causing kernel instability. No patch is currently available for this medium-severity vulnerability.
The Intel i225/i226 Ethernet controller driver in the Linux kernel is susceptible to TX unit hangs during heavy timestamping operations due to insufficient packet buffer allocation. A local user with low privileges can trigger denial of service by generating sustained timestamped network traffic that exhausts the 7KB per-queue TX buffer, requiring a kernel patch that reduces the buffer to 5KB per hardware specification to mitigate the hang condition.
A data-race condition in the Linux kernel's mISDN subsystem allows local attackers with unprivileged access to cause a denial of service by triggering concurrent access to the dev->work field through ioctl and read operations without proper synchronization. The vulnerability affects the mISDN timer device driver where unsynchronized reads and writes to shared data can result in system availability issues. No patch is currently available for this medium-severity vulnerability.
A data-race condition in the Linux kernel's L2TP tunnel deletion function can cause a denial of service on systems using L2TP networking. Local attackers with unprivileged access can trigger concurrent socket operations to crash the kernel or cause system instability. No patch is currently available for this vulnerability.
The Linux kernel bonding driver fails to properly provide a network namespace pointer to the flow dissector function, allowing a local attacker with unprivileged access to trigger a kernel warning and cause a denial of service. The vulnerability exists in the bond_flow_dissect() code path used for XDP packet transmission, where crafted network packets lacking proper device or socket context can be processed unsafely.
A race condition in the Linux kernel's rxrpc subsystem allows local attackers with limited privileges to cause a denial of service by exploiting unsynchronized access to the last_tx_at timestamp variable, potentially triggering load/store tearing on 32-bit architectures. The vulnerability requires local access and specific timing conditions to trigger, but can result in system instability or crash when successfully exploited. No patch is currently available.
A NULL pointer dereference in the Linux kernel's ice driver occurs when devlink reload fails and the driver is subsequently removed, affecting systems using Intel ice network adapters. A local privileged user can trigger this denial of service condition by initiating a devlink reinit operation that fails, leaving the hardware in an uninitialized state. The vulnerability stems from a missing ice_deinit_hw() call in the devlink reinit path that leaves control queues uninitialized.
Improper handling of reset and clock masking in the Linux kernel's i.MX8MQ VPU power domain controller can cause system hangs when attempting to independently reset GPU cores. Local attackers with sufficient privileges can trigger this vulnerability by manipulating VPU reset operations, leading to denial of service. A patch is not currently available.
A race condition in the Linux kernel's serial driver allows local attackers with low privileges to bypass TTY device linkage during console configuration, potentially enabling unauthorized access to serial console interfaces on Qualcomm SoCs and other affected systems. The vulnerability stems from improper initialization ordering that fails to configure tty->port before uart_configure_port() is called, creating a window where user-space applications can open the console without proper driver linkage. No patch is currently available.
Linux kernel ptrace operations on ARM64 systems without SME support can corrupt SVE register state, causing the kernel to enter an invalid FPSIMD configuration that triggers warnings and potential instability. A local attacker with ptrace privileges can exploit this to cause a denial of service by manipulating SVE register writes on affected systems. The vulnerability requires local access and is present on Linux systems running vulnerable kernel versions without an available patch.
In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode When operating in HS200 or HS400 timing modes, reducing the clock frequency below 52MHz will lead to link broken as the Rockchip DWC MSHC controller requires maintaining a minimum clock of 52MHz in these modes.
A denial of service vulnerability in the Linux kernel's writeback mechanism allows local users with standard privileges to cause indefinite hangs in wait_sb_inodes() when interacting with faulty FUSE servers that fail to respond to write requests. The vulnerability stems from improper handling of mappings without data integrity semantics, which should be skipped during synchronization operations but are instead waited upon indefinitely. An attacker controlling a malfunctioning FUSE server can exploit this to freeze system operations that depend on filesystem synchronization.
The Linux kernel USB CAN driver (usb_8dev) fails to properly manage URB memory when USB transfers complete, allowing a local attacker with user privileges to trigger a memory leak and cause a denial of service through resource exhaustion. The vulnerability occurs because completed URBs are unanchored by the USB framework before the callback function executes, preventing proper cleanup during driver shutdown. No patch is currently available for this issue.
In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA The code to restore a ZA context doesn't attempt to allocate the task's sve_state before setting TIF_SME.
In the Linux kernel, the following vulnerability has been resolved: timekeeping: Adjust the leap state for the correct auxiliary timekeeper When __do_ajdtimex() was introduced to handle adjtimex for any timekeeper, this reference to tk_core was not updated.
A use-after-free vulnerability in the Linux kernel's ice driver causes a denial of service when devlink reload is followed by driver removal, as freed HWMON sensor memory is accessed by sysfs attribute handlers. Local users with sufficient privileges can trigger recurring kernel page faults approximately every 10 minutes when system monitoring tools attempt to read the orphaned hwmon attributes. This affects Linux systems with ice network drivers and causes system instability through repeated call traces.
In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Fix restoration of SVE context When SME is supported, Restoring SVE signal context can go wrong in a few ways, including placing the task into an invalid state where the kernel may read from out-of-bounds memory (and may potentially take a fatal fault) and/or may kill the task with a SIGKILL.
In the Linux kernel, the following vulnerability has been resolved: leds: led-class: Only Add LED to leds_list when it is fully ready Before this change the LED was added to leds_list before led_init_core() gets called adding it the list before led_classdev.set_brightness_work gets initialized.
The Linux kernel bonding driver fails to validate device types before enabling 802.3AD mode, allowing local privileged attackers to trigger out-of-bounds memory reads via malformed hardware address operations. This vulnerability affects systems running vulnerable Linux kernel versions and could lead to denial of service or information disclosure. No patch is currently available for this high-severity vulnerability.
A deadlock vulnerability in the Linux kernel's hugetlb file folio migration code allows a local privileged user to cause a denial of service by triggering conflicting lock acquisitions between folio locks and memory mapping semaphores. The vulnerability occurs when migrate_pages() and hugetlbfs_fallocate() operations compete for locks in opposite orders, freezing affected processes. No patch is currently available for this medium-severity issue.
The Linux kernel's uacce subsystem can hang during device cleanup when cdev_device_add fails, as subsequent calls to cdev_device_del attempt to release already-freed memory. Local users with sufficient privileges can trigger a denial of service by causing the device initialization to fail, resulting in a system hang. A patch is not currently available.
The Linux kernel uacce driver improperly validates callback function implementations before creating isolation policy sysfs files, allowing local users with sufficient privileges to trigger a system crash by accessing unimplemented callback functions. This denial of service vulnerability affects systems where device isolation is configured but callback functions are incompletely implemented. No patch is currently available.
CVE-2026-23093 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures.
Local stack buffer overflow in the Linux kernel's AD3552R DAC driver allows a local authenticated attacker to write beyond allocated buffer boundaries through improper bounds checking in the ad3552r_hs_write_data_source function. An attacker with local access can trigger out-of-bounds writes on the stack, potentially leading to privilege escalation or denial of service. No patch is currently available for this vulnerability.
The Linux kernel's Intel Trace Hub driver fails to properly release device references during output device operations, leading to resource exhaustion on systems with local access. A local authenticated user can trigger this memory leak through repeated open/close cycles or error conditions, potentially causing denial of service. No patch is currently available for this vulnerability.
The Linux kernel's Slimbus core driver fails to properly release device references when processing report-present messages, leading to a memory leak that can exhaust system resources. A local attacker with user privileges can trigger this leak by causing repeated Slimbus device registration events, potentially causing a denial of service through memory exhaustion. No patch is currently available for this vulnerability.
A use-after-free vulnerability in the Linux kernel's ALSA USB audio mixer can be triggered by local attackers with low privileges when mixer initialization fails, causing the kernel to access freed memory during sound card registration and potentially leading to information disclosure or denial of service. The flaw affects Linux systems with USB audio devices and remains unpatched, exploitable without user interaction after initial access to the system.
Linux kernel null pointer dereference in the tracing subsystem causes a denial of service when synthetic events reference stacktrace fields from other synthetic events. Local users with tracing permissions can trigger a kernel crash by creating chained synthetic events that pass stacktrace data between them. No patch is currently available for this vulnerability.
The Linux kernel's Xen SCSI backend driver fails to properly deallocate memory for vscsiblk_info structures during device removal and error handling, allowing local users with appropriate privileges to trigger denial of service through memory exhaustion. The vulnerability exists because scsiback_remove() does not free memory allocated in scsiback_probe(), resulting in persistent memory leaks when removing the device or during probe failures. No patch is currently available for this issue.
Local denial of service in Linux kernel vsock virtio transport allows a local attacker with unprivileged user privileges to exhaust host memory by advertising a large peer buffer size and reading data slowly, forcing the kernel to queue excessive sk_buff allocations. The vulnerability affects both guest-to-host and host-to-guest communication paths due to shared code between virtio transports. No patch is currently available.
The GICv3 interrupt controller driver in the Linux kernel on 32-bit systems with CONFIG_ARM_LPAE can truncate physical memory addresses above the 4GB limit when storing them in 32-bit variables, potentially causing system crashes or memory corruption. A local attacker with kernel-level privileges could trigger this condition through memory allocation patterns that force addresses into higher physical memory ranges. This vulnerability affects Linux systems using ARM Large Physical Address Extension with 32-bit address space configurations.
A null pointer dereference vulnerability in the Linux kernel's be2net driver allows local users with low privileges to cause a denial of service by triggering a crash through improper parameter handling in the be_cmd_get_mac_from_list() function. The vulnerability occurs when the driver passes both a false pmac_id_valid flag and a NULL pointer to this function, causing the kernel to dereference the invalid pointer. No patch is currently available for this issue.
Local privilege escalation in the Linux kernel's FOU (Foo-over-UDP) tunnel implementation allows authenticated local users to trigger a memory leak and denial of service by setting the FOU_ATTR_IPPROTO attribute to zero, causing network packets to remain unfreed in memory. This vulnerability affects all Linux systems with the vulnerable kernel code and requires local access to exploit. No patch is currently available for this high-severity issue.
The Intel XWay PHY driver in the Linux kernel fails to properly release device tree node references, causing memory leaks that can degrade system stability over time. Local users with sufficient privileges can trigger this refcount leakage through repeated device tree operations, potentially leading to denial of service conditions as memory resources become exhausted.
Memory leak in Linux kernel CAN USB driver (mcba_usb) allows local attackers with user privileges to exhaust system memory by triggering improper URB cleanup in the USB bulk read callback function. The vulnerability occurs because USB framework unanchors URBs before the completion callback executes, preventing proper deallocation when the device is closed. No patch is currently available.
Memory resource leaks in the Linux kernel's GPIO character device interface allow local users with basic privileges to exhaust system memory through repeated errors in the lineinfo_changed_notify() function. An attacker can trigger this condition without user interaction, potentially causing denial of service through memory exhaustion. No patch is currently available.
A buffer overflow in the Linux kernel's ALSA scarlett2 USB driver allows local attackers with user privileges to corrupt memory and potentially execute code by triggering improper endianness conversion during audio device configuration retrieval. The vulnerability stems from incorrect size validation that causes the function to access more bytes than allocated when processing multiple configuration elements. No patch is currently available for this vulnerability affecting Linux systems with Scarlett audio interfaces.
Out-of-bounds array access in the Linux kernel's ctxfi audio mixer driver allows local attackers with user privileges to read sensitive memory or cause denial of service through improper loop index initialization in the amixer_index() and sum_index() functions. The vulnerability stems from uninitialized conf field handling that enables array bounds bypass with no user interaction required. No patch is currently available for this high-severity issue affecting all Linux distributions.
The Linux kernel esd_usb driver leaks memory in its USB bulk transfer callback function because unanchored URBs are not properly freed during device closure, allowing a local attacker with device access to exhaust kernel memory and cause a denial of service. The vulnerability affects systems using esd_usb CAN interface devices and can be triggered repeatedly through device open/close cycles.
The RSI911x WiFi driver in the Linux kernel fails to allocate sufficient memory for virtual interface driver data, causing out-of-bounds writes to the ieee80211_vif structure and memory corruption. A local attacker with low privileges can exploit this to corrupt kernel memory and potentially execute arbitrary code. No patch is currently available.
A memory leak in the Linux kernel's l2tp_udp_encap_recv() function fails to properly release l2tp_session and l2tp_tunnel structures when protocol version validation fails, allowing a local attacker to exhaust kernel memory and trigger a denial of service. The vulnerability affects all Linux systems running the vulnerable kernel versions, and exploitation requires local access with unprivileged user privileges. No patch is currently available.
The Linux kernel's regmap hwspinlock implementation contains a race condition where concurrent threads accessing a shared spinlock flags variable can corrupt IRQ state, potentially leading to denial of service through system hangs or crashes. A local attacker with sufficient privileges can exploit this condition to cause the kernel to become unresponsive. The vulnerability affects Linux systems and currently has no available patch.
The Linux kernel's OcteonTX2 firmware driver fails to validate firmware data structures before access, causing kernel panics on systems without a MAC block. A local privileged attacker can trigger a denial of service by accessing the uninitialized firmware data region. No patch is currently available for this medium-severity vulnerability.
An integer underflow in the Linux kernel's vsock/virtio credit calculation allows a local attacker with unprivileged access to cause a denial of service by exhausting system resources when the peer shrinks its advertised buffer while data is in flight. The vulnerability enables more data to be queued than the peer can handle, potentially leading to system instability. No patch is currently available for this medium-severity issue.
In the Linux kernel, the following vulnerability has been resolved: smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe() When ksmbd_iov_pin_rsp() fails, we should call ksmbd_session_rpc_close().
CVE-2025-71204 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures.
In the Linux kernel, the following vulnerability has been resolved: riscv: Sanitize syscall table indexing under speculation The syscall number is a user-controlled value used to index into the syscall table.
A null pointer dereference in the Linux kernel's mlx5e TC steering driver allows local attackers with user privileges to cause a denial of service by triggering improper flow deletion logic that attempts to access non-existent device peers. The vulnerability occurs when deleting TC flows without validating peer existence, leading to kernel crashes. No patch is currently available for this medium-severity flaw affecting Linux systems with Mellanox network drivers.
The Linux kernel's imx/tve driver fails to properly release a DDC device reference during probe failure or driver unbind, causing a resource leak that could lead to denial of service through memory exhaustion. Local users with driver interaction capabilities can trigger this leak through probe deferral or module unload operations. No patch is currently available to address this medium-severity vulnerability.
Linux kernel flexible proportions code can cause a denial of service through a deadlock when a hard interrupt fires during a soft interrupt's sequence count operation, allowing a local attacker with limited privileges to hang the system by triggering indefinite loops in proportion calculations. The vulnerability affects the fprop_new_period() function which lacks proper hardirq safety, creating a race condition between timer softirq context and block I/O hardirq handlers. No patch is currently available for this medium-severity issue.
A race condition in the Linux kernel NFC subsystem allows local attackers with low privileges to cause a denial of service by triggering a use-after-free condition between rfkill device unregistration and NCI command queue destruction. An attacker can exploit this by closing a virtual NCI device file while rfkill operations are in progress, causing the kernel to access a destroyed work queue. No patch is currently available for this vulnerability.
A NULL pointer dereference in the Intel ice network driver's ice_vsi_set_napi_queues() function can cause a kernel crash on Linux systems during suspend/resume operations when ring queue vectors are improperly initialized. Local users with standard privileges can trigger this denial of service condition through standard power management operations like systemctl suspend. No patch is currently available for this vulnerability affecting Linux kernel v6.18 and the Intel E810 Ethernet adapter family.
The Linux kernel's Saffirecode (sfc) driver contains a deadlock vulnerability in RSS configuration reading where the driver attempts to acquire a lock that the kernel's ethtool subsystem has already locked, causing the system to hang. A local user with sufficient privileges can trigger this denial of service condition by executing ethtool RSS configuration commands. No patch is currently available for this medium-severity issue.
The Linux kernel's rocker network driver fails to free allocated memory in rocker_world_port_post_fini() when certain callback functions are not implemented, causing a memory leak of approximately 288 bytes per port during device removal. A local attacker with standard user privileges can trigger repeated device removal operations to exhaust kernel memory and cause a denial of service. No patch is currently available for this issue.
The Linux kernel amdgpu graphics driver crashes with a NULL pointer dereference on APU platforms (Raven, Renoir) when SVM page fault recovery attempts to access uninitialized interrupt ring buffers that only exist on discrete GPUs. A local authenticated attacker can trigger this denial of service by enabling retry faults on affected APUs. No patch is currently available.
A double-free vulnerability in the Linux kernel's xe/nvm driver allows local users with low privileges to cause a denial of service or potential code execution through improper memory management during auxiliary device initialization failures. The flaw occurs when auxiliary_device_add() fails and triggers both the release callback and an additional kfree() operation on the same memory region. This affects Linux systems with the xe driver, and no patch is currently available.
The Linux kernel's octeon_ep driver fails to properly clean up allocated memory and mapped resources when the octep_ctrl_net_init() function fails during device setup, resulting in a local denial of service condition. An authenticated local attacker could trigger this memory leak by causing the initialization to fail, exhausting system memory over time. A patch is not currently available for this vulnerability.
A null pointer dereference in the Linux kernel's perf scheduler functionality causes a denial of service when handling user space stacktraces for certain kernel tasks. Local attackers with low privileges can trigger this crash by exploiting inconsistent task classification logic that fails to properly identify user versus kernel tasks. The vulnerability affects the Linux kernel with no patch currently available.
A use-after-free vulnerability in the Linux kernel's gpio-virtuser configfs release path allows local users with standard privileges to trigger memory corruption and potentially achieve code execution by causing mutex operations on freed memory. The flaw exists because the device structure is freed while a mutex guard scope is still active, leading to undefined behavior when the guard attempts to unlock the already-destroyed mutex. This vulnerability affects Linux systems with the affected kernel versions and requires local access to exploit.
Linux kernel dirty page throttling can cause system hangs when cgroup memory limits are restrictive, as processes become stuck waiting on balance_dirty_pages() io_schedule_timeout() calls. A local user with write permissions can trigger a denial of service by exhausting dirty page limits through intensive file operations, potentially freezing the system. No patch is currently available for affected kernels prior to v6.18.
The Linux kernel's efivarfs implementation fails to propagate errors from __efivar_entry_get(), causing the efivar_entry_get() function to mask failures and return success regardless of the underlying operation's result. This error handling flaw enables uninitialized heap memory to be copied to userspace through the efivarfs_file_read() path, potentially exposing sensitive kernel data to local users with read access to efivarfs. No patch is currently available for this high-severity vulnerability affecting the Linux kernel.
GSO segmentation when forwarding GRO packets containing a frag_list. The function skb_segment_list cannot correctly process GRO skbs contains a security vulnerability.
A race condition in the Linux kernel's FireWire core transaction handling allows local attackers with low privileges to cause a denial of service by triggering concurrent processing of AR response and AT request completion events without proper synchronization. The vulnerability stems from transaction list enumeration occurring outside the card lock scope, enabling memory corruption or system crashes when exploited. No patch is currently available for this issue.
The Linux kernel's mac80211 WiFi implementation contains a parsing error when processing TID-To-Link Mapping (TTLM) elements with default link configurations, causing out-of-bounds memory reads. This vulnerability affects systems running vulnerable Linux kernels and could lead to denial of service through kernel crashes or information disclosure. No patch is currently available for this medium-severity issue.
A memory leak in the Linux kernel's NFC LLCP implementation allows local attackers to exhaust memory by exploiting a race condition between the nfc_llcp_send_ui_frame() function and local device cleanup routines. An attacker with local access can trigger the vulnerability by sending NFC frames while the underlying device is being destroyed, causing socket buffers to accumulate in the transmit queue and never be freed.
A local attacker with unprivileged access can trigger kernel warnings in the Linux kernel's DRM subsystem by passing oversized handle values to drm_gem_change_handle_ioctl(), exploiting improper input validation between userspace u32 and kernel int types. This vulnerability affects the Linux kernel and allows denial of service through repeated warning generation, though no patch is currently available.
A memory leak in the Linux kernel's btrfs zlib compression module on S390 hardware-accelerated systems fails to properly release file cache pages, potentially leading to memory exhaustion and denial of service on affected systems. The vulnerability stems from missing cleanup code introduced during a refactoring of the S390x hardware acceleration buffer handling. Local attackers with access to the system could trigger the leak through repeated compression operations.
A race condition in the Linux kernel's Bluetooth HCI UART driver allows local attackers with user privileges to trigger a null pointer dereference and cause a denial of service by initiating a TTY write wakeup during driver initialization. The vulnerability occurs when hci_uart_tx_wakeup() schedules write work before the protocol handler's private data structure is initialized, leading to a crash in hci_uart_write_work(). No patch is currently available for this issue.
A resource leak in the Linux kernel's ext4 filesystem implementation fails to properly release buffer head references in the xattr inode update function, potentially causing memory exhaustion on systems with local access. This medium-severity vulnerability affects Linux kernel versions and could allow local attackers to degrade system availability through repeated resource consumption. No patch is currently available.
Linux kernel DAMON sysfs interface fails to properly clean up subdirectories when context setup encounters errors, leaving orphaned directory structures and leaked memory that degrades functionality until system reboot. A local user with appropriate privileges can trigger this condition to cause denial of service by making the DAMON sysfs interface unreliable or unusable. This vulnerability requires local access and user interaction to exploit, with no available patch currently issued.
A memory alignment flaw in the Linux kernel's virtio_net driver allows local attackers with user-level privileges to cause denial of service through misalignment of flexible array members in the virtnet_info structure. The vulnerability results in potential memory corruption when accessing the rss_hash_key_data field, impacting systems running affected Linux kernel versions. No patch is currently available for this medium-severity issue.
Linux kernel DAMON sysfs interface fails to properly clean up access_pattern subdirectories when scheme directory setup fails, causing memory leaks and rendering the sysfs interface non-functional until system reboot. A local privileged user can trigger this condition to degrade system functionality and exhaust memory resources. No patch is currently available for this medium-severity vulnerability.
The Linux kernel's btrfs send functionality fails to validate whether file extent items are inline extents before accessing the disk_bytenr field, potentially causing invalid memory access or metadata corruption on affected systems. A local attacker with file system access could exploit this to trigger a denial of service condition through carefully crafted inline extent items. No patch is currently available for this medium-severity vulnerability.
The Linux kernel's BPF test_run component fails to properly validate XDP frame metadata size, allowing local users with appropriate privileges to specify oversized metadata that exhausts frame headroom and leaves the frame structure uninitialized. This can lead to denial of service or memory corruption during packet transmission. No patch is currently available for this issue.
The Linux kernel's ftrace stack trace recording mechanism lacks proper recursion protection, allowing local users with sufficient privileges to trigger an infinite recursion loop when kernel stack trace triggers are enabled on RCU events, resulting in denial of service through system hang or crash. The vulnerability affects systems where tracing is configured to capture stack traces during RCU event monitoring. No patch is currently available to address this medium-severity defect.
Memory leak in the Linux kernel's device tree unittest module allows local users with standard privileges to cause a denial of service by exhausting system memory when the of_resolve_phandles() function fails during unit test execution. The vulnerability stems from improper resource cleanup in the unittest_data_add() function, where allocated memory is not freed on error paths. A patch is not currently available.
The Linux kernel ath12k WiFi driver incorrectly frees DMA memory buffers using aligned addresses instead of the original unaligned pointers returned by dma_alloc_coherent(), potentially causing memory management errors and denial of service on systems using affected WiFi hardware. A local attacker with user privileges can trigger this vulnerability through normal WiFi driver operations, leading to system instability or crashes. No patch is currently available for this medium-severity vulnerability.
The Linux kernel's kmalloc_nolock() function on PREEMPT_RT systems fails to properly validate execution context before acquiring a sleeping lock, causing a kernel panic when BPF programs execute from tracepoints with preemption disabled. A local attacker with ability to run BPF programs can trigger a denial of service by causing the kernel to attempt sleeping operations in invalid contexts. No patch is currently available for this medium-severity vulnerability.
The ath10k WiFi driver in the Linux kernel incorrectly frees DMA-allocated memory by using aligned addresses instead of the original unaligned pointers, potentially causing memory corruption and system denial of service on affected systems. A local attacker with appropriate privileges can trigger this vulnerability to crash the kernel or cause system instability. No patch is currently available for this issue.
The Linux kernel's Synopsys DesignWare DisplayPort bridge driver contains improper error handling in the dw_dp_bind() function that fails to unregister auxiliary devices and return error codes correctly, potentially causing resource leaks or kernel instability for systems using affected display hardware. A local attacker with sufficient privileges could trigger these error paths to cause a denial of service through resource exhaustion or kernel panic.
In the Linux kernel, the following vulnerability has been resolved: iommu/sva: invalidate stale IOTLB entries for kernel address space Introduce a new IOMMU interface to flush IOTLB paging cache entries for the CPU kernel address space.
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix early read unlock of page with EOF in middle The read result collection for buffered reads seems to run ahead of the completion of subrequests under some circumstances, as can be seen in the following log snippet: 9p_client_res: client 18446612686390831168 response P9_TREAD tag 0 err 0 ...
The HP BIOS configuration driver in the Linux kernel fails to validate attribute names before kobject registration, causing kernel warnings and potential denial of service when HP BIOS returns empty name strings. A local user with standard privileges can trigger this vulnerability to crash or destabilize the system by supplying malformed BIOS attribute data. No patch is currently available for this medium-severity flaw affecting Linux systems with HP BIOS configuration support.
A deadlock condition in the Linux kernel's ath12k WiFi driver occurs when management frame transmission is blocked by the wiphy lock during flush operations, causing the wireless interface to hang and preventing authentication. Local users with sufficient privileges can trigger this condition by initiating WiFi authentication while pending management frames are being flushed, resulting in a denial of service. No patch is currently available for this medium-severity vulnerability.
The Linux kernel's DPLL subsystem fails to prevent duplicate pin registrations, allowing callers to register the same pin multiple times and causing memory management issues during unregistration. A local attacker with unprivileged access could trigger this condition to cause a denial of service through kernel warnings or crashes. No patch is currently available for this vulnerability.
The Linux kernel's ARM64 hibernation resume function fails to disable Control Flow Integrity (CFI) checking, causing a data abort exception when resuming from hibernation on affected systems. A local attacker with hibernation access could trigger a denial of service by invoking the resume function without proper CFI validation. This affects Linux kernel deployments on ARM64 architecture, though no patch is currently available.
Linux kernel perf subsystem allows local authenticated users to trigger a use-after-free condition via refcount manipulation when creating perf event group members with PERF_FLAG_FD_OUTPUT flag, resulting in denial of service through kernel warnings and potential system instability. This vulnerability requires local access and existing privileges to exploit, with no patch currently available.
The Linux kernel netdevsim driver contains a race condition in the bpf_bound_progs list operations where concurrent calls to nsim_bpf_create_prog() and nsim_bpf_destroy_prog() can corrupt the list and trigger kernel crashes. A local attacker with limited privileges can exploit this vulnerability to cause a denial of service by manipulating eBPF program creation and destruction. No patch is currently available for this issue.
A null pointer dereference in the Linux kernel's SCTP authentication initialization can be triggered by local attackers with user privileges to cause a denial of service through a crash in the packet transmission path. The vulnerability occurs when SCTP-AUTH key setup fails during association peer initialization, leaving a dangling pointer that is subsequently dereferenced. No patch is currently available for this medium-severity issue affecting the Linux kernel.
A data race condition in the Linux kernel's IPv6 NDISC router discovery function allows concurrent unsynchronized read/write access to the ra_mtu field, potentially causing denial of service through system instability or crashes on local systems. The vulnerability affects all Linux systems running vulnerable kernel versions and requires local access to trigger. No patch is currently available, though the race condition is considered low-impact as the affected field represents best-effort MTU configuration.
Uninitialized pointer dereferences in the Linux kernel's interconnect debugfs implementation can cause denial of service when users interact with src_node and dst_node debugfs entries. A local attacker with standard user privileges can trigger memory access violations through reads or writes to these debugfs interfaces, crashing the system or causing kernel instability. No patch is currently available for this medium-severity vulnerability.
The Intel i225/i226 Ethernet controller driver in the Linux kernel is susceptible to TX unit hangs during heavy timestamping operations due to insufficient packet buffer allocation. A local user with low privileges can trigger denial of service by generating sustained timestamped network traffic that exhausts the 7KB per-queue TX buffer, requiring a kernel patch that reduces the buffer to 5KB per hardware specification to mitigate the hang condition.
A data-race condition in the Linux kernel's mISDN subsystem allows local attackers with unprivileged access to cause a denial of service by triggering concurrent access to the dev->work field through ioctl and read operations without proper synchronization. The vulnerability affects the mISDN timer device driver where unsynchronized reads and writes to shared data can result in system availability issues. No patch is currently available for this medium-severity vulnerability.
A data-race condition in the Linux kernel's L2TP tunnel deletion function can cause a denial of service on systems using L2TP networking. Local attackers with unprivileged access can trigger concurrent socket operations to crash the kernel or cause system instability. No patch is currently available for this vulnerability.
The Linux kernel bonding driver fails to properly provide a network namespace pointer to the flow dissector function, allowing a local attacker with unprivileged access to trigger a kernel warning and cause a denial of service. The vulnerability exists in the bond_flow_dissect() code path used for XDP packet transmission, where crafted network packets lacking proper device or socket context can be processed unsafely.
A race condition in the Linux kernel's rxrpc subsystem allows local attackers with limited privileges to cause a denial of service by exploiting unsynchronized access to the last_tx_at timestamp variable, potentially triggering load/store tearing on 32-bit architectures. The vulnerability requires local access and specific timing conditions to trigger, but can result in system instability or crash when successfully exploited. No patch is currently available.
A NULL pointer dereference in the Linux kernel's ice driver occurs when devlink reload fails and the driver is subsequently removed, affecting systems using Intel ice network adapters. A local privileged user can trigger this denial of service condition by initiating a devlink reinit operation that fails, leaving the hardware in an uninitialized state. The vulnerability stems from a missing ice_deinit_hw() call in the devlink reinit path that leaves control queues uninitialized.
Improper handling of reset and clock masking in the Linux kernel's i.MX8MQ VPU power domain controller can cause system hangs when attempting to independently reset GPU cores. Local attackers with sufficient privileges can trigger this vulnerability by manipulating VPU reset operations, leading to denial of service. A patch is not currently available.
A race condition in the Linux kernel's serial driver allows local attackers with low privileges to bypass TTY device linkage during console configuration, potentially enabling unauthorized access to serial console interfaces on Qualcomm SoCs and other affected systems. The vulnerability stems from improper initialization ordering that fails to configure tty->port before uart_configure_port() is called, creating a window where user-space applications can open the console without proper driver linkage. No patch is currently available.
Linux kernel ptrace operations on ARM64 systems without SME support can corrupt SVE register state, causing the kernel to enter an invalid FPSIMD configuration that triggers warnings and potential instability. A local attacker with ptrace privileges can exploit this to cause a denial of service by manipulating SVE register writes on affected systems. The vulnerability requires local access and is present on Linux systems running vulnerable kernel versions without an available patch.
In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode When operating in HS200 or HS400 timing modes, reducing the clock frequency below 52MHz will lead to link broken as the Rockchip DWC MSHC controller requires maintaining a minimum clock of 52MHz in these modes.
A denial of service vulnerability in the Linux kernel's writeback mechanism allows local users with standard privileges to cause indefinite hangs in wait_sb_inodes() when interacting with faulty FUSE servers that fail to respond to write requests. The vulnerability stems from improper handling of mappings without data integrity semantics, which should be skipped during synchronization operations but are instead waited upon indefinitely. An attacker controlling a malfunctioning FUSE server can exploit this to freeze system operations that depend on filesystem synchronization.
The Linux kernel USB CAN driver (usb_8dev) fails to properly manage URB memory when USB transfers complete, allowing a local attacker with user privileges to trigger a memory leak and cause a denial of service through resource exhaustion. The vulnerability occurs because completed URBs are unanchored by the USB framework before the callback function executes, preventing proper cleanup during driver shutdown. No patch is currently available for this issue.
In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA The code to restore a ZA context doesn't attempt to allocate the task's sve_state before setting TIF_SME.
In the Linux kernel, the following vulnerability has been resolved: timekeeping: Adjust the leap state for the correct auxiliary timekeeper When __do_ajdtimex() was introduced to handle adjtimex for any timekeeper, this reference to tk_core was not updated.
A use-after-free vulnerability in the Linux kernel's ice driver causes a denial of service when devlink reload is followed by driver removal, as freed HWMON sensor memory is accessed by sysfs attribute handlers. Local users with sufficient privileges can trigger recurring kernel page faults approximately every 10 minutes when system monitoring tools attempt to read the orphaned hwmon attributes. This affects Linux systems with ice network drivers and causes system instability through repeated call traces.
In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Fix restoration of SVE context When SME is supported, Restoring SVE signal context can go wrong in a few ways, including placing the task into an invalid state where the kernel may read from out-of-bounds memory (and may potentially take a fatal fault) and/or may kill the task with a SIGKILL.
In the Linux kernel, the following vulnerability has been resolved: leds: led-class: Only Add LED to leds_list when it is fully ready Before this change the LED was added to leds_list before led_init_core() gets called adding it the list before led_classdev.set_brightness_work gets initialized.
The Linux kernel bonding driver fails to validate device types before enabling 802.3AD mode, allowing local privileged attackers to trigger out-of-bounds memory reads via malformed hardware address operations. This vulnerability affects systems running vulnerable Linux kernel versions and could lead to denial of service or information disclosure. No patch is currently available for this high-severity vulnerability.
A deadlock vulnerability in the Linux kernel's hugetlb file folio migration code allows a local privileged user to cause a denial of service by triggering conflicting lock acquisitions between folio locks and memory mapping semaphores. The vulnerability occurs when migrate_pages() and hugetlbfs_fallocate() operations compete for locks in opposite orders, freezing affected processes. No patch is currently available for this medium-severity issue.
The Linux kernel's uacce subsystem can hang during device cleanup when cdev_device_add fails, as subsequent calls to cdev_device_del attempt to release already-freed memory. Local users with sufficient privileges can trigger a denial of service by causing the device initialization to fail, resulting in a system hang. A patch is not currently available.
The Linux kernel uacce driver improperly validates callback function implementations before creating isolation policy sysfs files, allowing local users with sufficient privileges to trigger a system crash by accessing unimplemented callback functions. This denial of service vulnerability affects systems where device isolation is configured but callback functions are incompletely implemented. No patch is currently available.
CVE-2026-23093 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures.
Local stack buffer overflow in the Linux kernel's AD3552R DAC driver allows a local authenticated attacker to write beyond allocated buffer boundaries through improper bounds checking in the ad3552r_hs_write_data_source function. An attacker with local access can trigger out-of-bounds writes on the stack, potentially leading to privilege escalation or denial of service. No patch is currently available for this vulnerability.
The Linux kernel's Intel Trace Hub driver fails to properly release device references during output device operations, leading to resource exhaustion on systems with local access. A local authenticated user can trigger this memory leak through repeated open/close cycles or error conditions, potentially causing denial of service. No patch is currently available for this vulnerability.
The Linux kernel's Slimbus core driver fails to properly release device references when processing report-present messages, leading to a memory leak that can exhaust system resources. A local attacker with user privileges can trigger this leak by causing repeated Slimbus device registration events, potentially causing a denial of service through memory exhaustion. No patch is currently available for this vulnerability.
A use-after-free vulnerability in the Linux kernel's ALSA USB audio mixer can be triggered by local attackers with low privileges when mixer initialization fails, causing the kernel to access freed memory during sound card registration and potentially leading to information disclosure or denial of service. The flaw affects Linux systems with USB audio devices and remains unpatched, exploitable without user interaction after initial access to the system.
Linux kernel null pointer dereference in the tracing subsystem causes a denial of service when synthetic events reference stacktrace fields from other synthetic events. Local users with tracing permissions can trigger a kernel crash by creating chained synthetic events that pass stacktrace data between them. No patch is currently available for this vulnerability.
The Linux kernel's Xen SCSI backend driver fails to properly deallocate memory for vscsiblk_info structures during device removal and error handling, allowing local users with appropriate privileges to trigger denial of service through memory exhaustion. The vulnerability exists because scsiback_remove() does not free memory allocated in scsiback_probe(), resulting in persistent memory leaks when removing the device or during probe failures. No patch is currently available for this issue.
Local denial of service in Linux kernel vsock virtio transport allows a local attacker with unprivileged user privileges to exhaust host memory by advertising a large peer buffer size and reading data slowly, forcing the kernel to queue excessive sk_buff allocations. The vulnerability affects both guest-to-host and host-to-guest communication paths due to shared code between virtio transports. No patch is currently available.
The GICv3 interrupt controller driver in the Linux kernel on 32-bit systems with CONFIG_ARM_LPAE can truncate physical memory addresses above the 4GB limit when storing them in 32-bit variables, potentially causing system crashes or memory corruption. A local attacker with kernel-level privileges could trigger this condition through memory allocation patterns that force addresses into higher physical memory ranges. This vulnerability affects Linux systems using ARM Large Physical Address Extension with 32-bit address space configurations.
A null pointer dereference vulnerability in the Linux kernel's be2net driver allows local users with low privileges to cause a denial of service by triggering a crash through improper parameter handling in the be_cmd_get_mac_from_list() function. The vulnerability occurs when the driver passes both a false pmac_id_valid flag and a NULL pointer to this function, causing the kernel to dereference the invalid pointer. No patch is currently available for this issue.
Local privilege escalation in the Linux kernel's FOU (Foo-over-UDP) tunnel implementation allows authenticated local users to trigger a memory leak and denial of service by setting the FOU_ATTR_IPPROTO attribute to zero, causing network packets to remain unfreed in memory. This vulnerability affects all Linux systems with the vulnerable kernel code and requires local access to exploit. No patch is currently available for this high-severity issue.
The Intel XWay PHY driver in the Linux kernel fails to properly release device tree node references, causing memory leaks that can degrade system stability over time. Local users with sufficient privileges can trigger this refcount leakage through repeated device tree operations, potentially leading to denial of service conditions as memory resources become exhausted.
Memory leak in Linux kernel CAN USB driver (mcba_usb) allows local attackers with user privileges to exhaust system memory by triggering improper URB cleanup in the USB bulk read callback function. The vulnerability occurs because USB framework unanchors URBs before the completion callback executes, preventing proper deallocation when the device is closed. No patch is currently available.
Memory resource leaks in the Linux kernel's GPIO character device interface allow local users with basic privileges to exhaust system memory through repeated errors in the lineinfo_changed_notify() function. An attacker can trigger this condition without user interaction, potentially causing denial of service through memory exhaustion. No patch is currently available.
A buffer overflow in the Linux kernel's ALSA scarlett2 USB driver allows local attackers with user privileges to corrupt memory and potentially execute code by triggering improper endianness conversion during audio device configuration retrieval. The vulnerability stems from incorrect size validation that causes the function to access more bytes than allocated when processing multiple configuration elements. No patch is currently available for this vulnerability affecting Linux systems with Scarlett audio interfaces.
Out-of-bounds array access in the Linux kernel's ctxfi audio mixer driver allows local attackers with user privileges to read sensitive memory or cause denial of service through improper loop index initialization in the amixer_index() and sum_index() functions. The vulnerability stems from uninitialized conf field handling that enables array bounds bypass with no user interaction required. No patch is currently available for this high-severity issue affecting all Linux distributions.
The Linux kernel esd_usb driver leaks memory in its USB bulk transfer callback function because unanchored URBs are not properly freed during device closure, allowing a local attacker with device access to exhaust kernel memory and cause a denial of service. The vulnerability affects systems using esd_usb CAN interface devices and can be triggered repeatedly through device open/close cycles.
The RSI911x WiFi driver in the Linux kernel fails to allocate sufficient memory for virtual interface driver data, causing out-of-bounds writes to the ieee80211_vif structure and memory corruption. A local attacker with low privileges can exploit this to corrupt kernel memory and potentially execute arbitrary code. No patch is currently available.
A memory leak in the Linux kernel's l2tp_udp_encap_recv() function fails to properly release l2tp_session and l2tp_tunnel structures when protocol version validation fails, allowing a local attacker to exhaust kernel memory and trigger a denial of service. The vulnerability affects all Linux systems running the vulnerable kernel versions, and exploitation requires local access with unprivileged user privileges. No patch is currently available.
The Linux kernel's regmap hwspinlock implementation contains a race condition where concurrent threads accessing a shared spinlock flags variable can corrupt IRQ state, potentially leading to denial of service through system hangs or crashes. A local attacker with sufficient privileges can exploit this condition to cause the kernel to become unresponsive. The vulnerability affects Linux systems and currently has no available patch.
The Linux kernel's OcteonTX2 firmware driver fails to validate firmware data structures before access, causing kernel panics on systems without a MAC block. A local privileged attacker can trigger a denial of service by accessing the uninitialized firmware data region. No patch is currently available for this medium-severity vulnerability.
An integer underflow in the Linux kernel's vsock/virtio credit calculation allows a local attacker with unprivileged access to cause a denial of service by exhausting system resources when the peer shrinks its advertised buffer while data is in flight. The vulnerability enables more data to be queued than the peer can handle, potentially leading to system instability. No patch is currently available for this medium-severity issue.