Search

Find a vulnerability

Search criteria

    13298 vulnerabilities

    CVE-2026-64186 (GCVE-0-2026-64186)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:41 – Updated: 2026-07-19 15:41
    VLAI
    Title
    iommu/amd: Remove latent out-of-bounds access in IOMMU debugfs
    Summary
    In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Remove latent out-of-bounds access in IOMMU debugfs In iommu_mmio_write() and iommu_capability_write(), the variables dbg_mmio_offset and dbg_cap_offset are declared as int. However, they are populated using kstrtou32_from_user(). If a user provides a sufficiently large value, it can become a negative integer. Prior to this patch, the AMD IOMMU debugfs implementation was already protected by different mechanisms. 1. #define OFS_IN_SZ 8 ensures the user string <= 8 bytes, so e.g. 0xffffffff isn't a valid input. if (cnt > OFS_IN_SZ) return -EINVAL; 2. Implicit type promotion in iommu_mmio_write(), dbg_mmio_offset is int and iommu->mmio_phys_end is u64 if (dbg_mmio_offset > iommu->mmio_phys_end - sizeof(u64)) return -EINVAL; 3. The show handlers would currently catch the negative number and refuse to perform the read. Replace kstrtou32_from_user() with kstrtos32_from_user() to parse the input, and check for negative values to explicitly prevent out-of-bounds memory accesses directly in iommu_mmio_write() and iommu_capability_write().
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 7a4ee419e8c144b747a8915856e91a034d7c8f34 , < 488d2c76bd9f78433a70690d1054bfae3d39a407 (git)
    Affected: 7a4ee419e8c144b747a8915856e91a034d7c8f34 , < 62f9dfbf1aceae88b03c5ca08f7d36e943939dec (git)
    Affected: 7a4ee419e8c144b747a8915856e91a034d7c8f34 , < 8dfd3d8d74435344ee8dc9237596959c8b2a6cbe (git)
    Create a notification for this product.
    Linux Linux Affected: 6.17
    Unaffected: 0 , < 6.17 (semver)
    Unaffected: 6.18.34 , ≤ 6.18.* (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "drivers/iommu/amd/debugfs.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "488d2c76bd9f78433a70690d1054bfae3d39a407",
                  "status": "affected",
                  "version": "7a4ee419e8c144b747a8915856e91a034d7c8f34",
                  "versionType": "git"
                },
                {
                  "lessThan": "62f9dfbf1aceae88b03c5ca08f7d36e943939dec",
                  "status": "affected",
                  "version": "7a4ee419e8c144b747a8915856e91a034d7c8f34",
                  "versionType": "git"
                },
                {
                  "lessThan": "8dfd3d8d74435344ee8dc9237596959c8b2a6cbe",
                  "status": "affected",
                  "version": "7a4ee419e8c144b747a8915856e91a034d7c8f34",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "drivers/iommu/amd/debugfs.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.17"
                },
                {
                  "lessThan": "6.17",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.34",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.34",
                      "versionStartIncluding": "6.17",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "6.17",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "6.17",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/amd: Remove latent out-of-bounds access in IOMMU debugfs\n\nIn iommu_mmio_write() and iommu_capability_write(), the variables\ndbg_mmio_offset and dbg_cap_offset are declared as int. However, they\nare populated using kstrtou32_from_user(). If a user provides a\nsufficiently large value, it can become a negative integer.\n\nPrior to this patch, the AMD IOMMU debugfs implementation was already\nprotected by different mechanisms.\n\n1. #define OFS_IN_SZ 8 ensures the user string \u003c= 8 bytes, so\n   e.g. 0xffffffff isn\u0027t a valid input.\n\n  if (cnt \u003e OFS_IN_SZ)\n     return -EINVAL;\n\n2. Implicit type promotion in iommu_mmio_write(), dbg_mmio_offset is int\n   and iommu-\u003emmio_phys_end is u64\n\n  if (dbg_mmio_offset \u003e iommu-\u003emmio_phys_end - sizeof(u64))\n      return -EINVAL;\n\n3. The show handlers would currently catch the negative number and\n   refuse to perform the read.\n\nReplace kstrtou32_from_user() with kstrtos32_from_user() to parse the\ninput, and check for negative values to explicitly prevent out-of-bounds\nmemory accesses directly in iommu_mmio_write() and\niommu_capability_write()."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:41:08.054Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/488d2c76bd9f78433a70690d1054bfae3d39a407"
            },
            {
              "url": "https://git.kernel.org/stable/c/62f9dfbf1aceae88b03c5ca08f7d36e943939dec"
            },
            {
              "url": "https://git.kernel.org/stable/c/8dfd3d8d74435344ee8dc9237596959c8b2a6cbe"
            }
          ],
          "title": "iommu/amd: Remove latent out-of-bounds access in IOMMU debugfs",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64186",
        "datePublished": "2026-07-19T15:41:08.054Z",
        "dateReserved": "2026-07-19T07:54:57.039Z",
        "dateUpdated": "2026-07-19T15:41:08.054Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64185 (GCVE-0-2026-64185)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:41 – Updated: 2026-07-19 15:41
    VLAI
    Title
    sysfs: don't remove existing directory on update failure
    Summary
    In the Linux kernel, the following vulnerability has been resolved: sysfs: don't remove existing directory on update failure When sysfs_update_group() is called for a named group and create_files() fails (e.g. -ENOMEM), internal_create_group() calls kernfs_remove(kn) on the group directory. In the update path, kn was obtained via kernfs_find_and_get() and refers to a directory that already existed before this call. Removing it silently destroys a sysfs group that the caller did not create. Only remove the directory if we created it ourselves. On update failure the directory remains as it is left empty by remove_files() inside create_files(), but can be repopulated by a retry.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: c855cf2759d27142f771173d9fd8e7fdf9cf5138 , < c5e125c828b701afaf7493b42a14aa89362ff36d (git)
    Affected: c855cf2759d27142f771173d9fd8e7fdf9cf5138 , < ccadd32cc1263802a5969c9efe0e96225450428c (git)
    Affected: c855cf2759d27142f771173d9fd8e7fdf9cf5138 , < 14f2c14ae86c4af17a0a9f8ab46dacf2d5fd1d8a (git)
    Affected: c855cf2759d27142f771173d9fd8e7fdf9cf5138 , < 31527d80234caf83dc96ad478645e57df9de4472 (git)
    Affected: c855cf2759d27142f771173d9fd8e7fdf9cf5138 , < 57b285e0368290aa55f79ba11419b96d0ebdb418 (git)
    Affected: c855cf2759d27142f771173d9fd8e7fdf9cf5138 , < 48fa96538bd2868034d33429e4565fda384d0736 (git)
    Affected: c855cf2759d27142f771173d9fd8e7fdf9cf5138 , < 708f6926f61f71e09b5e9fd668b9882ccd46e69f (git)
    Affected: c855cf2759d27142f771173d9fd8e7fdf9cf5138 , < 237557b8a81ab948e8332f7c0058e758f081c0a3 (git)
    Create a notification for this product.
    Linux Linux Affected: 4.19
    Unaffected: 0 , < 4.19 (semver)
    Unaffected: 5.10.258 , ≤ 5.10.* (semver)
    Unaffected: 5.15.209 , ≤ 5.15.* (semver)
    Unaffected: 6.1.175 , ≤ 6.1.* (semver)
    Unaffected: 6.6.142 , ≤ 6.6.* (semver)
    Unaffected: 6.12.92 , ≤ 6.12.* (semver)
    Unaffected: 6.18.34 , ≤ 6.18.* (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "fs/sysfs/group.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "c5e125c828b701afaf7493b42a14aa89362ff36d",
                  "status": "affected",
                  "version": "c855cf2759d27142f771173d9fd8e7fdf9cf5138",
                  "versionType": "git"
                },
                {
                  "lessThan": "ccadd32cc1263802a5969c9efe0e96225450428c",
                  "status": "affected",
                  "version": "c855cf2759d27142f771173d9fd8e7fdf9cf5138",
                  "versionType": "git"
                },
                {
                  "lessThan": "14f2c14ae86c4af17a0a9f8ab46dacf2d5fd1d8a",
                  "status": "affected",
                  "version": "c855cf2759d27142f771173d9fd8e7fdf9cf5138",
                  "versionType": "git"
                },
                {
                  "lessThan": "31527d80234caf83dc96ad478645e57df9de4472",
                  "status": "affected",
                  "version": "c855cf2759d27142f771173d9fd8e7fdf9cf5138",
                  "versionType": "git"
                },
                {
                  "lessThan": "57b285e0368290aa55f79ba11419b96d0ebdb418",
                  "status": "affected",
                  "version": "c855cf2759d27142f771173d9fd8e7fdf9cf5138",
                  "versionType": "git"
                },
                {
                  "lessThan": "48fa96538bd2868034d33429e4565fda384d0736",
                  "status": "affected",
                  "version": "c855cf2759d27142f771173d9fd8e7fdf9cf5138",
                  "versionType": "git"
                },
                {
                  "lessThan": "708f6926f61f71e09b5e9fd668b9882ccd46e69f",
                  "status": "affected",
                  "version": "c855cf2759d27142f771173d9fd8e7fdf9cf5138",
                  "versionType": "git"
                },
                {
                  "lessThan": "237557b8a81ab948e8332f7c0058e758f081c0a3",
                  "status": "affected",
                  "version": "c855cf2759d27142f771173d9fd8e7fdf9cf5138",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "fs/sysfs/group.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.19"
                },
                {
                  "lessThan": "4.19",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.258",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.209",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.175",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.142",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.92",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.34",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.258",
                      "versionStartIncluding": "4.19",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.209",
                      "versionStartIncluding": "4.19",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.175",
                      "versionStartIncluding": "4.19",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.142",
                      "versionStartIncluding": "4.19",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.92",
                      "versionStartIncluding": "4.19",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.34",
                      "versionStartIncluding": "4.19",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "4.19",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "4.19",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsysfs: don\u0027t remove existing directory on update failure\n\nWhen sysfs_update_group() is called for a named group and create_files()\nfails (e.g. -ENOMEM), internal_create_group() calls kernfs_remove(kn) on\nthe group directory.  In the update path, kn was obtained via\nkernfs_find_and_get() and refers to a directory that already existed\nbefore this call.  Removing it silently destroys a sysfs group that the\ncaller did not create.\n\nOnly remove the directory if we created it ourselves.  On update failure\nthe directory remains as it is left empty by remove_files() inside\ncreate_files(), but can be repopulated by a retry."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:41:07.340Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/c5e125c828b701afaf7493b42a14aa89362ff36d"
            },
            {
              "url": "https://git.kernel.org/stable/c/ccadd32cc1263802a5969c9efe0e96225450428c"
            },
            {
              "url": "https://git.kernel.org/stable/c/14f2c14ae86c4af17a0a9f8ab46dacf2d5fd1d8a"
            },
            {
              "url": "https://git.kernel.org/stable/c/31527d80234caf83dc96ad478645e57df9de4472"
            },
            {
              "url": "https://git.kernel.org/stable/c/57b285e0368290aa55f79ba11419b96d0ebdb418"
            },
            {
              "url": "https://git.kernel.org/stable/c/48fa96538bd2868034d33429e4565fda384d0736"
            },
            {
              "url": "https://git.kernel.org/stable/c/708f6926f61f71e09b5e9fd668b9882ccd46e69f"
            },
            {
              "url": "https://git.kernel.org/stable/c/237557b8a81ab948e8332f7c0058e758f081c0a3"
            }
          ],
          "title": "sysfs: don\u0027t remove existing directory on update failure",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64185",
        "datePublished": "2026-07-19T15:41:07.340Z",
        "dateReserved": "2026-07-19T07:54:57.039Z",
        "dateUpdated": "2026-07-19T15:41:07.340Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64184 (GCVE-0-2026-64184)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:41 – Updated: 2026-07-19 15:41
    VLAI
    Title
    mm/damon/sysfs-schemes: call missing mem_cgroup_iter_break()
    Summary
    In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: call missing mem_cgroup_iter_break() damon_sysfs_memcg_path_to_id() breaks mem_cgroup_iter() loop without calling mem_cgroup_iter_break(). This leaks the cgroup reference. Fix the issue by calling mem_cgroup_iter_break() before the break. The issue was discovered [1] by Sashiko.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 29cbb9a13f05b20f0777c60db9603730b487a4e0 , < 082351f9d40007414ad6af062b3a26fa02fd4b5f (git)
    Affected: 29cbb9a13f05b20f0777c60db9603730b487a4e0 , < 30a361be33f3793b9ecbd10ab7be6d0564819b79 (git)
    Affected: 29cbb9a13f05b20f0777c60db9603730b487a4e0 , < 302e02f9ba49f81418ec2a749ae6f5cac1d424e9 (git)
    Affected: 29cbb9a13f05b20f0777c60db9603730b487a4e0 , < 1bd31386ec3b9ccec10c04429948a306ec5897c0 (git)
    Affected: 29cbb9a13f05b20f0777c60db9603730b487a4e0 , < d4e7b5c4cc353f154d5ab8bb2e1ce7714d77a6e9 (git)
    Create a notification for this product.
    Linux Linux Affected: 6.3
    Unaffected: 0 , < 6.3 (semver)
    Unaffected: 6.6.142 , ≤ 6.6.* (semver)
    Unaffected: 6.12.92 , ≤ 6.12.* (semver)
    Unaffected: 6.18.34 , ≤ 6.18.* (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "mm/damon/sysfs-schemes.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "082351f9d40007414ad6af062b3a26fa02fd4b5f",
                  "status": "affected",
                  "version": "29cbb9a13f05b20f0777c60db9603730b487a4e0",
                  "versionType": "git"
                },
                {
                  "lessThan": "30a361be33f3793b9ecbd10ab7be6d0564819b79",
                  "status": "affected",
                  "version": "29cbb9a13f05b20f0777c60db9603730b487a4e0",
                  "versionType": "git"
                },
                {
                  "lessThan": "302e02f9ba49f81418ec2a749ae6f5cac1d424e9",
                  "status": "affected",
                  "version": "29cbb9a13f05b20f0777c60db9603730b487a4e0",
                  "versionType": "git"
                },
                {
                  "lessThan": "1bd31386ec3b9ccec10c04429948a306ec5897c0",
                  "status": "affected",
                  "version": "29cbb9a13f05b20f0777c60db9603730b487a4e0",
                  "versionType": "git"
                },
                {
                  "lessThan": "d4e7b5c4cc353f154d5ab8bb2e1ce7714d77a6e9",
                  "status": "affected",
                  "version": "29cbb9a13f05b20f0777c60db9603730b487a4e0",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "mm/damon/sysfs-schemes.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.3"
                },
                {
                  "lessThan": "6.3",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.142",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.92",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.34",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.142",
                      "versionStartIncluding": "6.3",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.92",
                      "versionStartIncluding": "6.3",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.34",
                      "versionStartIncluding": "6.3",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "6.3",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "6.3",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs-schemes: call missing mem_cgroup_iter_break()\n\ndamon_sysfs_memcg_path_to_id() breaks mem_cgroup_iter() loop without\ncalling mem_cgroup_iter_break().  This leaks the cgroup reference.  Fix\nthe issue by calling mem_cgroup_iter_break() before the break.\n\nThe issue was discovered [1] by Sashiko."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:41:06.615Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/082351f9d40007414ad6af062b3a26fa02fd4b5f"
            },
            {
              "url": "https://git.kernel.org/stable/c/30a361be33f3793b9ecbd10ab7be6d0564819b79"
            },
            {
              "url": "https://git.kernel.org/stable/c/302e02f9ba49f81418ec2a749ae6f5cac1d424e9"
            },
            {
              "url": "https://git.kernel.org/stable/c/1bd31386ec3b9ccec10c04429948a306ec5897c0"
            },
            {
              "url": "https://git.kernel.org/stable/c/d4e7b5c4cc353f154d5ab8bb2e1ce7714d77a6e9"
            }
          ],
          "title": "mm/damon/sysfs-schemes: call missing mem_cgroup_iter_break()",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64184",
        "datePublished": "2026-07-19T15:41:06.615Z",
        "dateReserved": "2026-07-19T07:54:57.039Z",
        "dateUpdated": "2026-07-19T15:41:06.615Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64183 (GCVE-0-2026-64183)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:41 – Updated: 2026-07-19 15:41
    VLAI
    Title
    efi: Allocate runtime workqueue before ACPI init
    Summary
    In the Linux kernel, the following vulnerability has been resolved: efi: Allocate runtime workqueue before ACPI init Since commit 5894cf571e14 ("acpi/prmt: Use EFI runtime sandbox to invoke PRM handlers") ACPI PRM calls are delegated to a workqueue which runs in a kernel thread, making it easier to detect and mitigate faulting memory accesses performed by the firmware. Rafael reports that such PRM accesses may occur before efisubsys_init() executes, which is where the workqueue is allocated, leading to NULL pointer dereferences. Since acpi_init() [which triggers the early PRM accesses] executes as a subsys_initcall() as well, and has its own dependencies that may be sensitive to initcall ordering, deferring acpi_init() is not an option. So instead, split off the workqueue allocation into its own postcore initcall, as this is the only missing piece to allow EFI runtime calls to be made. This ensures that EFI runtime call (including PRM calls) are accessible to all code running at subsys_initcall() level.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 5894cf571e14fb393a4d0a82538de032127b9d8b , < 29cd94e678fcb3c4fd0f359deeac6d61334323fc (git)
    Affected: 5894cf571e14fb393a4d0a82538de032127b9d8b , < 6996e954ae830f5b793ba6cf449885ca519dbdd2 (git)
    Affected: 5894cf571e14fb393a4d0a82538de032127b9d8b , < c32a1fbe0f9a48453a552bb315cc4f1e7a74084e (git)
    Affected: 5894cf571e14fb393a4d0a82538de032127b9d8b , < e871549f7894ad4114b3dd53f241aa25a268ba8b (git)
    Affected: 5894cf571e14fb393a4d0a82538de032127b9d8b , < 13c6da02e767152c9ac4330962247a5e47011035 (git)
    Create a notification for this product.
    Linux Linux Affected: 6.6
    Unaffected: 0 , < 6.6 (semver)
    Unaffected: 6.6.142 , ≤ 6.6.* (semver)
    Unaffected: 6.12.92 , ≤ 6.12.* (semver)
    Unaffected: 6.18.34 , ≤ 6.18.* (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "drivers/firmware/efi/efi.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "29cd94e678fcb3c4fd0f359deeac6d61334323fc",
                  "status": "affected",
                  "version": "5894cf571e14fb393a4d0a82538de032127b9d8b",
                  "versionType": "git"
                },
                {
                  "lessThan": "6996e954ae830f5b793ba6cf449885ca519dbdd2",
                  "status": "affected",
                  "version": "5894cf571e14fb393a4d0a82538de032127b9d8b",
                  "versionType": "git"
                },
                {
                  "lessThan": "c32a1fbe0f9a48453a552bb315cc4f1e7a74084e",
                  "status": "affected",
                  "version": "5894cf571e14fb393a4d0a82538de032127b9d8b",
                  "versionType": "git"
                },
                {
                  "lessThan": "e871549f7894ad4114b3dd53f241aa25a268ba8b",
                  "status": "affected",
                  "version": "5894cf571e14fb393a4d0a82538de032127b9d8b",
                  "versionType": "git"
                },
                {
                  "lessThan": "13c6da02e767152c9ac4330962247a5e47011035",
                  "status": "affected",
                  "version": "5894cf571e14fb393a4d0a82538de032127b9d8b",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "drivers/firmware/efi/efi.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6"
                },
                {
                  "lessThan": "6.6",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.142",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.92",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.34",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.142",
                      "versionStartIncluding": "6.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.92",
                      "versionStartIncluding": "6.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.34",
                      "versionStartIncluding": "6.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "6.6",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "6.6",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: Allocate runtime workqueue before ACPI init\n\nSince commit\n\n  5894cf571e14 (\"acpi/prmt: Use EFI runtime sandbox to invoke PRM handlers\")\n\nACPI PRM calls are delegated to a workqueue which runs in a kernel\nthread, making it easier to detect and mitigate faulting memory accesses\nperformed by the firmware.\n\nRafael reports that such PRM accesses may occur before efisubsys_init()\nexecutes, which is where the workqueue is allocated, leading to NULL\npointer dereferences. Since acpi_init() [which triggers the early PRM\naccesses] executes as a subsys_initcall() as well, and has its own\ndependencies that may be sensitive to initcall ordering, deferring\nacpi_init() is not an option.\n\nSo instead, split off the workqueue allocation into its own postcore\ninitcall, as this is the only missing piece to allow EFI runtime calls\nto be made. This ensures that EFI runtime call (including PRM calls) are\naccessible to all code running at subsys_initcall() level."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:41:05.896Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/29cd94e678fcb3c4fd0f359deeac6d61334323fc"
            },
            {
              "url": "https://git.kernel.org/stable/c/6996e954ae830f5b793ba6cf449885ca519dbdd2"
            },
            {
              "url": "https://git.kernel.org/stable/c/c32a1fbe0f9a48453a552bb315cc4f1e7a74084e"
            },
            {
              "url": "https://git.kernel.org/stable/c/e871549f7894ad4114b3dd53f241aa25a268ba8b"
            },
            {
              "url": "https://git.kernel.org/stable/c/13c6da02e767152c9ac4330962247a5e47011035"
            }
          ],
          "title": "efi: Allocate runtime workqueue before ACPI init",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64183",
        "datePublished": "2026-07-19T15:41:05.896Z",
        "dateReserved": "2026-07-19T07:54:57.039Z",
        "dateUpdated": "2026-07-19T15:41:05.896Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64182 (GCVE-0-2026-64182)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:41 – Updated: 2026-07-19 15:41
    VLAI
    Title
    drivers/base/memory: fix memory block reference leak in poison accounting
    Summary
    In the Linux kernel, the following vulnerability has been resolved: drivers/base/memory: fix memory block reference leak in poison accounting memblk_nr_poison_inc() and memblk_nr_poison_sub() look up a memory block via find_memory_block_by_id(), which acquires a reference to the memory block device. Both helpers use the returned memory block without dropping that reference, leaking the device reference on each successful lookup. Drop the reference after updating nr_hwpoison.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 5033091de814ab4b5623faed2755f3064e19e2d2 , < 686b4283f82cd630fafd7ca9b03dfc080b3ec8fa (git)
    Affected: 5033091de814ab4b5623faed2755f3064e19e2d2 , < ce60d9452a0f2effa72fd20ea270c59ca691d455 (git)
    Affected: 5033091de814ab4b5623faed2755f3064e19e2d2 , < 24840b3139d7415144b81e4f9f4c44670d15bed9 (git)
    Affected: 5033091de814ab4b5623faed2755f3064e19e2d2 , < 8502e2c2d0633f99d94d22ae8dabc10caae1fc2a (git)
    Affected: 5033091de814ab4b5623faed2755f3064e19e2d2 , < 03a2cc1756a0570f887d624cd6c535ea0cbd4951 (git)
    Create a notification for this product.
    Linux Linux Affected: 6.2
    Unaffected: 0 , < 6.2 (semver)
    Unaffected: 6.6.142 , ≤ 6.6.* (semver)
    Unaffected: 6.12.92 , ≤ 6.12.* (semver)
    Unaffected: 6.18.34 , ≤ 6.18.* (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "drivers/base/memory.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "686b4283f82cd630fafd7ca9b03dfc080b3ec8fa",
                  "status": "affected",
                  "version": "5033091de814ab4b5623faed2755f3064e19e2d2",
                  "versionType": "git"
                },
                {
                  "lessThan": "ce60d9452a0f2effa72fd20ea270c59ca691d455",
                  "status": "affected",
                  "version": "5033091de814ab4b5623faed2755f3064e19e2d2",
                  "versionType": "git"
                },
                {
                  "lessThan": "24840b3139d7415144b81e4f9f4c44670d15bed9",
                  "status": "affected",
                  "version": "5033091de814ab4b5623faed2755f3064e19e2d2",
                  "versionType": "git"
                },
                {
                  "lessThan": "8502e2c2d0633f99d94d22ae8dabc10caae1fc2a",
                  "status": "affected",
                  "version": "5033091de814ab4b5623faed2755f3064e19e2d2",
                  "versionType": "git"
                },
                {
                  "lessThan": "03a2cc1756a0570f887d624cd6c535ea0cbd4951",
                  "status": "affected",
                  "version": "5033091de814ab4b5623faed2755f3064e19e2d2",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "drivers/base/memory.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2"
                },
                {
                  "lessThan": "6.2",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.142",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.92",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.34",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.142",
                      "versionStartIncluding": "6.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.92",
                      "versionStartIncluding": "6.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.34",
                      "versionStartIncluding": "6.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "6.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "6.2",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/base/memory: fix memory block reference leak in poison accounting\n\nmemblk_nr_poison_inc() and memblk_nr_poison_sub() look up a memory block\nvia find_memory_block_by_id(), which acquires a reference to the memory\nblock device.\n\nBoth helpers use the returned memory block without dropping that\nreference, leaking the device reference on each successful lookup.  Drop\nthe reference after updating nr_hwpoison."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:41:05.186Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/686b4283f82cd630fafd7ca9b03dfc080b3ec8fa"
            },
            {
              "url": "https://git.kernel.org/stable/c/ce60d9452a0f2effa72fd20ea270c59ca691d455"
            },
            {
              "url": "https://git.kernel.org/stable/c/24840b3139d7415144b81e4f9f4c44670d15bed9"
            },
            {
              "url": "https://git.kernel.org/stable/c/8502e2c2d0633f99d94d22ae8dabc10caae1fc2a"
            },
            {
              "url": "https://git.kernel.org/stable/c/03a2cc1756a0570f887d624cd6c535ea0cbd4951"
            }
          ],
          "title": "drivers/base/memory: fix memory block reference leak in poison accounting",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64182",
        "datePublished": "2026-07-19T15:41:05.186Z",
        "dateReserved": "2026-07-19T07:54:57.039Z",
        "dateUpdated": "2026-07-19T15:41:05.186Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64181 (GCVE-0-2026-64181)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:41 – Updated: 2026-07-19 15:41
    VLAI
    Title
    mm: fix __vm_normal_page() to handle missing support for pmd_special()/pud_special()
    Summary
    In the Linux kernel, the following vulnerability has been resolved: mm: fix __vm_normal_page() to handle missing support for pmd_special()/pud_special() On x86 32-bit with THP enabled, zap_huge_pmd() is seen to generate a "WARNING: mm/memory.c:735 at __vm_normal_page+0x6a/0x7d", from the VM_WARN_ON_ONCE(is_zero_pfn(pfn) || is_huge_zero_pfn(pfn)); followed by "BUG: Bad rss-counter state"s, then later "BUG: Bad page state"s when reclaim gets to call shrink_huge_zero_folio_scan(). It's as if the _PAGE_SPECIAL bit never got set in the huge_zero pmd: and indeed, whereas pte_special() and pte_mkspecial() are subject to a dedicated CONFIG_ARCH_HAS_PTE_SPECIAL, pmd_special() and pmd_mkspecial() are subject to CONFIG_ARCH_SUPPORTS_PMD_PFNMAP, which is never enabled on any 32-bit architecture. While the problem was exposed through commit d80a9cb1a64a ("mm/huge_memory: add and use normal_or_softleaf_folio_pmd()"), it was an oversight in commit af38538801c6 ("mm/memory: factor out common code from vm_normal_page_*()") and would result in other problems: * huge zero folio accounted in smaps, pagemap (PAGE_IS_FILE) and numamaps as file-backed THP * folio_walk_start() returning the folio even without FW_ZEROPAGE set. Callers seem to tolerate that, though. ... and triggering the VM_WARN_ON_ONE(), although never reported so far. To fix it, teach vm_normal_page_pmd()/vm_normal_page_pud() to consider whether pmd_special/pud_special is actually implemented.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: af38538801c6a97565b44700ee6695d7d60ad779 , < 62153767e8fc3889bc6508e9ffe927aaf64c4334 (git)
    Affected: af38538801c6a97565b44700ee6695d7d60ad779 , < 9052ea2ee2233be5d4786b8909151ca2bfbedf99 (git)
    Affected: af38538801c6a97565b44700ee6695d7d60ad779 , < c0c6ccd9828c3a1950623b546fa57292a77b5c73 (git)
    Create a notification for this product.
    Linux Linux Affected: 6.18
    Unaffected: 0 , < 6.18 (semver)
    Unaffected: 6.18.34 , ≤ 6.18.* (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "mm/memory.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "62153767e8fc3889bc6508e9ffe927aaf64c4334",
                  "status": "affected",
                  "version": "af38538801c6a97565b44700ee6695d7d60ad779",
                  "versionType": "git"
                },
                {
                  "lessThan": "9052ea2ee2233be5d4786b8909151ca2bfbedf99",
                  "status": "affected",
                  "version": "af38538801c6a97565b44700ee6695d7d60ad779",
                  "versionType": "git"
                },
                {
                  "lessThan": "c0c6ccd9828c3a1950623b546fa57292a77b5c73",
                  "status": "affected",
                  "version": "af38538801c6a97565b44700ee6695d7d60ad779",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "mm/memory.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.18"
                },
                {
                  "lessThan": "6.18",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.34",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.34",
                      "versionStartIncluding": "6.18",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "6.18",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "6.18",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: fix __vm_normal_page() to handle missing support for pmd_special()/pud_special()\n\nOn x86 32-bit with THP enabled, zap_huge_pmd() is seen to generate a\n\"WARNING: mm/memory.c:735 at __vm_normal_page+0x6a/0x7d\", from the\nVM_WARN_ON_ONCE(is_zero_pfn(pfn) || is_huge_zero_pfn(pfn)); followed by\n\"BUG: Bad rss-counter state\"s, then later \"BUG: Bad page state\"s when\nreclaim gets to call shrink_huge_zero_folio_scan().\n\nIt\u0027s as if the _PAGE_SPECIAL bit never got set in the huge_zero pmd: and\nindeed, whereas pte_special() and pte_mkspecial() are subject to a\ndedicated CONFIG_ARCH_HAS_PTE_SPECIAL, pmd_special() and pmd_mkspecial()\nare subject to CONFIG_ARCH_SUPPORTS_PMD_PFNMAP, which is never enabled on\nany 32-bit architecture.\n\nWhile the problem was exposed through commit d80a9cb1a64a\n(\"mm/huge_memory: add and use normal_or_softleaf_folio_pmd()\"), it was an\noversight in commit af38538801c6 (\"mm/memory: factor out common code from\nvm_normal_page_*()\") and would result in other problems:\n* huge zero folio accounted in smaps, pagemap (PAGE_IS_FILE) and\n  numamaps as file-backed THP\n* folio_walk_start() returning the folio even without FW_ZEROPAGE set.\n  Callers seem to tolerate that, though.\n\n... and triggering the VM_WARN_ON_ONE(), although never reported so far.\n\nTo fix it, teach vm_normal_page_pmd()/vm_normal_page_pud() to consider\nwhether pmd_special/pud_special is actually implemented."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:41:04.455Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/62153767e8fc3889bc6508e9ffe927aaf64c4334"
            },
            {
              "url": "https://git.kernel.org/stable/c/9052ea2ee2233be5d4786b8909151ca2bfbedf99"
            },
            {
              "url": "https://git.kernel.org/stable/c/c0c6ccd9828c3a1950623b546fa57292a77b5c73"
            }
          ],
          "title": "mm: fix __vm_normal_page() to handle missing support for pmd_special()/pud_special()",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64181",
        "datePublished": "2026-07-19T15:41:04.455Z",
        "dateReserved": "2026-07-19T07:54:57.039Z",
        "dateUpdated": "2026-07-19T15:41:04.455Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64180 (GCVE-0-2026-64180)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:41 – Updated: 2026-07-19 15:41
    VLAI
    Title
    mm/memory_hotplug: fix memory block reference leak on remove
    Summary
    In the Linux kernel, the following vulnerability has been resolved: mm/memory_hotplug: fix memory block reference leak on remove Patch series "mm: Fix memory block leaks and locking", v2. This series fixes two memory block device reference leaks and one locking issue around the per-memory_block hwpoison counter. This patch (of 2): remove_memory_blocks_and_altmaps() looks up each memory block with find_memory_block(), which acquires a reference to the memory block device. That reference is never dropped on this path, resulting in a leaked device reference when removing memory blocks and their altmaps. Drop the reference after retrieving mem->altmap and clearing mem->altmap, before removing the memory block device.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 6b8f0798b85aa529011570369db985a788f3003f , < b8ab30c79fc00147125b9c39f928561d9dd13d06 (git)
    Affected: 6b8f0798b85aa529011570369db985a788f3003f , < 09ce923071e7852ece60d7368e05249bf32c7967 (git)
    Affected: 6b8f0798b85aa529011570369db985a788f3003f , < df64c0d21c3f85f844b2f656333e43d97e6ffa74 (git)
    Affected: 6b8f0798b85aa529011570369db985a788f3003f , < 93866f55f7e292fe3d47d36c9efe5ee10213a06b (git)
    Create a notification for this product.
    Linux Linux Affected: 6.8
    Unaffected: 0 , < 6.8 (semver)
    Unaffected: 6.12.92 , ≤ 6.12.* (semver)
    Unaffected: 6.18.34 , ≤ 6.18.* (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "mm/memory_hotplug.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "b8ab30c79fc00147125b9c39f928561d9dd13d06",
                  "status": "affected",
                  "version": "6b8f0798b85aa529011570369db985a788f3003f",
                  "versionType": "git"
                },
                {
                  "lessThan": "09ce923071e7852ece60d7368e05249bf32c7967",
                  "status": "affected",
                  "version": "6b8f0798b85aa529011570369db985a788f3003f",
                  "versionType": "git"
                },
                {
                  "lessThan": "df64c0d21c3f85f844b2f656333e43d97e6ffa74",
                  "status": "affected",
                  "version": "6b8f0798b85aa529011570369db985a788f3003f",
                  "versionType": "git"
                },
                {
                  "lessThan": "93866f55f7e292fe3d47d36c9efe5ee10213a06b",
                  "status": "affected",
                  "version": "6b8f0798b85aa529011570369db985a788f3003f",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "mm/memory_hotplug.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.8"
                },
                {
                  "lessThan": "6.8",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.92",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.34",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.92",
                      "versionStartIncluding": "6.8",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.34",
                      "versionStartIncluding": "6.8",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "6.8",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "6.8",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/memory_hotplug: fix memory block reference leak on remove\n\nPatch series \"mm: Fix memory block leaks and locking\", v2.\n\nThis series fixes two memory block device reference leaks and one locking\nissue around the per-memory_block hwpoison counter.\n\n\nThis patch (of 2):\n\nremove_memory_blocks_and_altmaps() looks up each memory block with\nfind_memory_block(), which acquires a reference to the memory block\ndevice.\n\nThat reference is never dropped on this path, resulting in a leaked device\nreference when removing memory blocks and their altmaps.  Drop the\nreference after retrieving mem-\u003ealtmap and clearing mem-\u003ealtmap, before\nremoving the memory block device."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:41:03.751Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/b8ab30c79fc00147125b9c39f928561d9dd13d06"
            },
            {
              "url": "https://git.kernel.org/stable/c/09ce923071e7852ece60d7368e05249bf32c7967"
            },
            {
              "url": "https://git.kernel.org/stable/c/df64c0d21c3f85f844b2f656333e43d97e6ffa74"
            },
            {
              "url": "https://git.kernel.org/stable/c/93866f55f7e292fe3d47d36c9efe5ee10213a06b"
            }
          ],
          "title": "mm/memory_hotplug: fix memory block reference leak on remove",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64180",
        "datePublished": "2026-07-19T15:41:03.751Z",
        "dateReserved": "2026-07-19T07:54:57.039Z",
        "dateUpdated": "2026-07-19T15:41:03.751Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64179 (GCVE-0-2026-64179)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:41 – Updated: 2026-07-19 15:41
    VLAI
    Title
    net: wwan: iosm: fix potential memory leaks in ipc_imem_init()
    Summary
    In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix potential memory leaks in ipc_imem_init() The memory allocated in ipc_protocol_init() is not freed on the error paths that follow in ipc_imem_init(). Fix that by calling the corresponding release function ipc_protocol_deinit() in the error path.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 3670970dd8c661c10c10c300d726f59428eaad32 , < f1a4d57847813fae42fbb7eb35f2dd48b9cff8a9 (git)
    Affected: 3670970dd8c661c10c10c300d726f59428eaad32 , < ba6d8643019c33428f7c0658863e80e0b04a70f4 (git)
    Affected: 3670970dd8c661c10c10c300d726f59428eaad32 , < 6f63a60580ebdd9a1f22f89a84814d1fefe16b1c (git)
    Affected: 3670970dd8c661c10c10c300d726f59428eaad32 , < 583fd5a8fc797c8ecf2e1a7b923740c5e5734e85 (git)
    Affected: 3670970dd8c661c10c10c300d726f59428eaad32 , < ffb6dbb49c96be82f07c7b112e3ebc3e6fdd8dd5 (git)
    Affected: 3670970dd8c661c10c10c300d726f59428eaad32 , < 8f764a7810a9f114313c439d25b11f4417c6e0dd (git)
    Affected: 3670970dd8c661c10c10c300d726f59428eaad32 , < c5d93b2c40355e999715262a824965aac025a427 (git)
    Create a notification for this product.
    Linux Linux Affected: 5.14
    Unaffected: 0 , < 5.14 (semver)
    Unaffected: 5.15.209 , ≤ 5.15.* (semver)
    Unaffected: 6.1.175 , ≤ 6.1.* (semver)
    Unaffected: 6.6.142 , ≤ 6.6.* (semver)
    Unaffected: 6.12.92 , ≤ 6.12.* (semver)
    Unaffected: 6.18.34 , ≤ 6.18.* (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "drivers/net/wwan/iosm/iosm_ipc_imem.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "f1a4d57847813fae42fbb7eb35f2dd48b9cff8a9",
                  "status": "affected",
                  "version": "3670970dd8c661c10c10c300d726f59428eaad32",
                  "versionType": "git"
                },
                {
                  "lessThan": "ba6d8643019c33428f7c0658863e80e0b04a70f4",
                  "status": "affected",
                  "version": "3670970dd8c661c10c10c300d726f59428eaad32",
                  "versionType": "git"
                },
                {
                  "lessThan": "6f63a60580ebdd9a1f22f89a84814d1fefe16b1c",
                  "status": "affected",
                  "version": "3670970dd8c661c10c10c300d726f59428eaad32",
                  "versionType": "git"
                },
                {
                  "lessThan": "583fd5a8fc797c8ecf2e1a7b923740c5e5734e85",
                  "status": "affected",
                  "version": "3670970dd8c661c10c10c300d726f59428eaad32",
                  "versionType": "git"
                },
                {
                  "lessThan": "ffb6dbb49c96be82f07c7b112e3ebc3e6fdd8dd5",
                  "status": "affected",
                  "version": "3670970dd8c661c10c10c300d726f59428eaad32",
                  "versionType": "git"
                },
                {
                  "lessThan": "8f764a7810a9f114313c439d25b11f4417c6e0dd",
                  "status": "affected",
                  "version": "3670970dd8c661c10c10c300d726f59428eaad32",
                  "versionType": "git"
                },
                {
                  "lessThan": "c5d93b2c40355e999715262a824965aac025a427",
                  "status": "affected",
                  "version": "3670970dd8c661c10c10c300d726f59428eaad32",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "drivers/net/wwan/iosm/iosm_ipc_imem.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.14"
                },
                {
                  "lessThan": "5.14",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.209",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.175",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.142",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.92",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.34",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.209",
                      "versionStartIncluding": "5.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.175",
                      "versionStartIncluding": "5.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.142",
                      "versionStartIncluding": "5.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.92",
                      "versionStartIncluding": "5.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.34",
                      "versionStartIncluding": "5.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "5.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "5.14",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: iosm: fix potential memory leaks in ipc_imem_init()\n\nThe memory allocated in ipc_protocol_init() is not freed on the error\npaths that follow in ipc_imem_init(). Fix that by calling the\ncorresponding release function ipc_protocol_deinit() in the error path."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:41:03.019Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/f1a4d57847813fae42fbb7eb35f2dd48b9cff8a9"
            },
            {
              "url": "https://git.kernel.org/stable/c/ba6d8643019c33428f7c0658863e80e0b04a70f4"
            },
            {
              "url": "https://git.kernel.org/stable/c/6f63a60580ebdd9a1f22f89a84814d1fefe16b1c"
            },
            {
              "url": "https://git.kernel.org/stable/c/583fd5a8fc797c8ecf2e1a7b923740c5e5734e85"
            },
            {
              "url": "https://git.kernel.org/stable/c/ffb6dbb49c96be82f07c7b112e3ebc3e6fdd8dd5"
            },
            {
              "url": "https://git.kernel.org/stable/c/8f764a7810a9f114313c439d25b11f4417c6e0dd"
            },
            {
              "url": "https://git.kernel.org/stable/c/c5d93b2c40355e999715262a824965aac025a427"
            }
          ],
          "title": "net: wwan: iosm: fix potential memory leaks in ipc_imem_init()",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64179",
        "datePublished": "2026-07-19T15:41:03.019Z",
        "dateReserved": "2026-07-19T07:54:57.039Z",
        "dateUpdated": "2026-07-19T15:41:03.019Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64178 (GCVE-0-2026-64178)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:41 – Updated: 2026-07-19 15:41
    VLAI
    Title
    Bluetooth: bnep: Fix UAF read of dev->name
    Summary
    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: Fix UAF read of dev->name bnep_add_connection() needs to keep holding the bnep_session_sem while reading dev->name (just like bnep_get_connlist() does); otherwise the bnep_session() thread can concurrently free the net_device, which can for example be triggered by a concurrent bnep_del_connection(). (This UAF is fairly uninteresting from a security perspective; calling bnep_add_connection() requires passing a capable(CAP_NET_ADMIN) check. It also requires completely tearing down a netdev during a fairly tight race window.)
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a75bbcb10cb21acc169b785e9804f57d97873a9c (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 4907596f25b1720fa948371ac5f6c1f8da10a5bc (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 915a92182e2cda9cd7d2479020a44c6eda986f7c (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < fe69f634b076ae3ca81c5a5b845d9bba527036f7 (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b21805258d7e926adfd455fc820a447b90da3b82 (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 5506aec795135cdd4cbf4e845929155663b25055 (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < e7578529b97e5d4e439cf8f3e637c2303015338f (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 59e932ded949fa6f0340bf7c6d7818f962fa4fd2 (git)
    Create a notification for this product.
    Linux Linux Affected: 2.6.12
    Unaffected: 0 , < 2.6.12 (semver)
    Unaffected: 5.10.258 , ≤ 5.10.* (semver)
    Unaffected: 5.15.209 , ≤ 5.15.* (semver)
    Unaffected: 6.1.175 , ≤ 6.1.* (semver)
    Unaffected: 6.6.142 , ≤ 6.6.* (semver)
    Unaffected: 6.12.92 , ≤ 6.12.* (semver)
    Unaffected: 6.18.34 , ≤ 6.18.* (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "net/bluetooth/bnep/core.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "a75bbcb10cb21acc169b785e9804f57d97873a9c",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "4907596f25b1720fa948371ac5f6c1f8da10a5bc",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "915a92182e2cda9cd7d2479020a44c6eda986f7c",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "fe69f634b076ae3ca81c5a5b845d9bba527036f7",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "b21805258d7e926adfd455fc820a447b90da3b82",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "5506aec795135cdd4cbf4e845929155663b25055",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "e7578529b97e5d4e439cf8f3e637c2303015338f",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "59e932ded949fa6f0340bf7c6d7818f962fa4fd2",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "net/bluetooth/bnep/core.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.6.12"
                },
                {
                  "lessThan": "2.6.12",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.258",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.209",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.175",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.142",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.92",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.34",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.258",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.209",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.175",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.142",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.92",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.34",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "2.6.12",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: bnep: Fix UAF read of dev-\u003ename\n\nbnep_add_connection() needs to keep holding the bnep_session_sem while\nreading dev-\u003ename (just like bnep_get_connlist() does); otherwise the\nbnep_session() thread can concurrently free the net_device, which can for\nexample be triggered by a concurrent bnep_del_connection().\n\n(This UAF is fairly uninteresting from a security perspective;\ncalling bnep_add_connection() requires passing a capable(CAP_NET_ADMIN)\ncheck. It also requires completely tearing down a netdev during a fairly\ntight race window.)"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:41:02.293Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/a75bbcb10cb21acc169b785e9804f57d97873a9c"
            },
            {
              "url": "https://git.kernel.org/stable/c/4907596f25b1720fa948371ac5f6c1f8da10a5bc"
            },
            {
              "url": "https://git.kernel.org/stable/c/915a92182e2cda9cd7d2479020a44c6eda986f7c"
            },
            {
              "url": "https://git.kernel.org/stable/c/fe69f634b076ae3ca81c5a5b845d9bba527036f7"
            },
            {
              "url": "https://git.kernel.org/stable/c/b21805258d7e926adfd455fc820a447b90da3b82"
            },
            {
              "url": "https://git.kernel.org/stable/c/5506aec795135cdd4cbf4e845929155663b25055"
            },
            {
              "url": "https://git.kernel.org/stable/c/e7578529b97e5d4e439cf8f3e637c2303015338f"
            },
            {
              "url": "https://git.kernel.org/stable/c/59e932ded949fa6f0340bf7c6d7818f962fa4fd2"
            }
          ],
          "title": "Bluetooth: bnep: Fix UAF read of dev-\u003ename",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64178",
        "datePublished": "2026-07-19T15:41:02.293Z",
        "dateReserved": "2026-07-19T07:54:57.039Z",
        "dateUpdated": "2026-07-19T15:41:02.293Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64177 (GCVE-0-2026-64177)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:41 – Updated: 2026-07-19 15:41
    VLAI
    Title
    phonet/pep: disable BH around forwarded sk_receive_skb()
    Summary
    In the Linux kernel, the following vulnerability has been resolved: phonet/pep: disable BH around forwarded sk_receive_skb() The networking receive path is usually run from softirq context, but protocols that take the socket lock may have packets stored in the backlog and processed later from process context. In that case release_sock() -> __release_sock() drops the slock with spin_unlock_bh() and then calls sk->sk_backlog_rcv() with bottom halves enabled. Typical sk_backlog_rcv handlers process the socket whose backlog is being drained, so the BH state at entry is irrelevant for the slocks they touch. pep_do_rcv() is different: when the inbound skb targets an existing PEP pipe, it forwards the skb to a different *child* socket via sk_receive_skb(). That helper takes the child slock with bh_lock_sock_nested(), which is just spin_lock_nested() and assumes BH is already off. The same child slock therefore ends up acquired with BH on (process path) and with BH off (softirq path): process context softirq context --------------- --------------- release_sock(listener) __netif_receive_skb() __release_sock() phonet_rcv() spin_unlock_bh() __sk_receive_skb(listener) [BH now ENABLED] [BH already disabled] sk_backlog_rcv: sk_backlog_rcv: pep_do_rcv() pep_do_rcv() sk_receive_skb(child) sk_receive_skb(child) bh_lock_sock_nested(child) bh_lock_sock_nested(child) => SOFTIRQ-ON-W => IN-SOFTIRQ-W Lockdep flags this as inconsistent lock state, and it can become a real self-deadlock if a softirq on the same CPU tries to receive to the same child socket while its slock is held in the BH-enabled path: WARNING: inconsistent lock state inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. (slock-AF_PHONET/1){+.?.}-{3:3}, at: __sk_receive_skb+0x1cf/0x900 __sk_receive_skb net/core/sock.c:563 sk_receive_skb include/net/sock.h:2022 [inline] pep_do_rcv net/phonet/pep.c:675 sk_backlog_rcv include/net/sock.h:1190 __release_sock net/core/sock.c:3216 release_sock net/core/sock.c:3815 pep_sock_accept net/phonet/pep.c:879 Wrap the forwarded sk_receive_skb() in local_bh_disable() / local_bh_enable() so the child slock is always acquired with BH off. local_bh_disable() nests safely on the softirq path. Discovered via in-house syzkaller fuzzing; the same root cause also on the linux-6.1.y syzbot dashboard as extid 44f0626dd6284f02663c. Reproduced under KASAN + LOCKDEP + PROVE_LOCKING, reproducer: https://pastebin.com/A3t8xzCR
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 9641458d3ec42def729fde64669abf07f3220cd5 , < f08c45076e4fd8b0adbc5eb186d6e6a3e7350d7b (git)
    Affected: 9641458d3ec42def729fde64669abf07f3220cd5 , < b2606c302d7f2b4ee48da05e32ed60aed1b0cd53 (git)
    Affected: 9641458d3ec42def729fde64669abf07f3220cd5 , < 02c04df84de709060f63e1d52ec67488c4f6f212 (git)
    Affected: 9641458d3ec42def729fde64669abf07f3220cd5 , < 8420aa4900417797323dd567ba9d1512280c2dc3 (git)
    Affected: 9641458d3ec42def729fde64669abf07f3220cd5 , < bd795f106b3889fb0706c6e4831c4b27e2b5666b (git)
    Affected: 9641458d3ec42def729fde64669abf07f3220cd5 , < 84bc87beb4cd77670939b446326788e4c9b3db37 (git)
    Affected: 9641458d3ec42def729fde64669abf07f3220cd5 , < a3fc8f2dacd1c37325977fc1fbbf3d52141df99e (git)
    Affected: 9641458d3ec42def729fde64669abf07f3220cd5 , < dbc81608e3a653dea6cf403f20cae35468b8ab9c (git)
    Create a notification for this product.
    Linux Linux Affected: 2.6.28
    Unaffected: 0 , < 2.6.28 (semver)
    Unaffected: 5.10.258 , ≤ 5.10.* (semver)
    Unaffected: 5.15.209 , ≤ 5.15.* (semver)
    Unaffected: 6.1.175 , ≤ 6.1.* (semver)
    Unaffected: 6.6.142 , ≤ 6.6.* (semver)
    Unaffected: 6.12.92 , ≤ 6.12.* (semver)
    Unaffected: 6.18.34 , ≤ 6.18.* (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "net/phonet/pep.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "f08c45076e4fd8b0adbc5eb186d6e6a3e7350d7b",
                  "status": "affected",
                  "version": "9641458d3ec42def729fde64669abf07f3220cd5",
                  "versionType": "git"
                },
                {
                  "lessThan": "b2606c302d7f2b4ee48da05e32ed60aed1b0cd53",
                  "status": "affected",
                  "version": "9641458d3ec42def729fde64669abf07f3220cd5",
                  "versionType": "git"
                },
                {
                  "lessThan": "02c04df84de709060f63e1d52ec67488c4f6f212",
                  "status": "affected",
                  "version": "9641458d3ec42def729fde64669abf07f3220cd5",
                  "versionType": "git"
                },
                {
                  "lessThan": "8420aa4900417797323dd567ba9d1512280c2dc3",
                  "status": "affected",
                  "version": "9641458d3ec42def729fde64669abf07f3220cd5",
                  "versionType": "git"
                },
                {
                  "lessThan": "bd795f106b3889fb0706c6e4831c4b27e2b5666b",
                  "status": "affected",
                  "version": "9641458d3ec42def729fde64669abf07f3220cd5",
                  "versionType": "git"
                },
                {
                  "lessThan": "84bc87beb4cd77670939b446326788e4c9b3db37",
                  "status": "affected",
                  "version": "9641458d3ec42def729fde64669abf07f3220cd5",
                  "versionType": "git"
                },
                {
                  "lessThan": "a3fc8f2dacd1c37325977fc1fbbf3d52141df99e",
                  "status": "affected",
                  "version": "9641458d3ec42def729fde64669abf07f3220cd5",
                  "versionType": "git"
                },
                {
                  "lessThan": "dbc81608e3a653dea6cf403f20cae35468b8ab9c",
                  "status": "affected",
                  "version": "9641458d3ec42def729fde64669abf07f3220cd5",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "net/phonet/pep.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.6.28"
                },
                {
                  "lessThan": "2.6.28",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.258",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.209",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.175",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.142",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.92",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.34",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.258",
                      "versionStartIncluding": "2.6.28",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.209",
                      "versionStartIncluding": "2.6.28",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.175",
                      "versionStartIncluding": "2.6.28",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.142",
                      "versionStartIncluding": "2.6.28",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.92",
                      "versionStartIncluding": "2.6.28",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.34",
                      "versionStartIncluding": "2.6.28",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "2.6.28",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "2.6.28",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphonet/pep: disable BH around forwarded sk_receive_skb()\n\nThe networking receive path is usually run from softirq context, but\nprotocols that take the socket lock may have packets stored in the\nbacklog and processed later from process context. In that case\nrelease_sock() -\u003e __release_sock() drops the slock with spin_unlock_bh()\nand then calls sk-\u003esk_backlog_rcv() with bottom halves enabled.\n\nTypical sk_backlog_rcv handlers process the socket whose backlog is\nbeing drained, so the BH state at entry is irrelevant for the slocks\nthey touch. pep_do_rcv() is different: when the inbound skb targets an\nexisting PEP pipe, it forwards the skb to a different *child* socket\nvia sk_receive_skb(). That helper takes the child slock with\nbh_lock_sock_nested(), which is just spin_lock_nested() and assumes BH\nis already off. The same child slock therefore ends up acquired with\nBH on (process path) and with BH off (softirq path):\n\n  process context                   softirq context\n  ---------------                   ---------------\n  release_sock(listener)            __netif_receive_skb()\n   __release_sock()                  phonet_rcv()\n    spin_unlock_bh()                  __sk_receive_skb(listener)\n    [BH now ENABLED]                  [BH already disabled]\n    sk_backlog_rcv:                   sk_backlog_rcv:\n     pep_do_rcv()                      pep_do_rcv()\n      sk_receive_skb(child)             sk_receive_skb(child)\n       bh_lock_sock_nested(child)        bh_lock_sock_nested(child)\n       =\u003e SOFTIRQ-ON-W                   =\u003e IN-SOFTIRQ-W\n\nLockdep flags this as inconsistent lock state, and it can become a real\nself-deadlock if a softirq on the same CPU tries to receive to the same\nchild socket while its slock is held in the BH-enabled path:\n\n  WARNING: inconsistent lock state\n  inconsistent {SOFTIRQ-ON-W} -\u003e {IN-SOFTIRQ-W} usage.\n   (slock-AF_PHONET/1){+.?.}-{3:3}, at: __sk_receive_skb+0x1cf/0x900\n    __sk_receive_skb              net/core/sock.c:563\n    sk_receive_skb                include/net/sock.h:2022 [inline]\n    pep_do_rcv                    net/phonet/pep.c:675\n    sk_backlog_rcv                include/net/sock.h:1190\n    __release_sock                net/core/sock.c:3216\n    release_sock                  net/core/sock.c:3815\n    pep_sock_accept               net/phonet/pep.c:879\n\nWrap the forwarded sk_receive_skb() in local_bh_disable() /\nlocal_bh_enable() so the child slock is always acquired with BH off.\nlocal_bh_disable() nests safely on the softirq path.\n\nDiscovered via in-house syzkaller fuzzing; the same root cause also\non the linux-6.1.y syzbot dashboard as extid 44f0626dd6284f02663c.\nReproduced under KASAN + LOCKDEP + PROVE_LOCKING, reproducer:\nhttps://pastebin.com/A3t8xzCR"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:41:01.534Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/f08c45076e4fd8b0adbc5eb186d6e6a3e7350d7b"
            },
            {
              "url": "https://git.kernel.org/stable/c/b2606c302d7f2b4ee48da05e32ed60aed1b0cd53"
            },
            {
              "url": "https://git.kernel.org/stable/c/02c04df84de709060f63e1d52ec67488c4f6f212"
            },
            {
              "url": "https://git.kernel.org/stable/c/8420aa4900417797323dd567ba9d1512280c2dc3"
            },
            {
              "url": "https://git.kernel.org/stable/c/bd795f106b3889fb0706c6e4831c4b27e2b5666b"
            },
            {
              "url": "https://git.kernel.org/stable/c/84bc87beb4cd77670939b446326788e4c9b3db37"
            },
            {
              "url": "https://git.kernel.org/stable/c/a3fc8f2dacd1c37325977fc1fbbf3d52141df99e"
            },
            {
              "url": "https://git.kernel.org/stable/c/dbc81608e3a653dea6cf403f20cae35468b8ab9c"
            }
          ],
          "title": "phonet/pep: disable BH around forwarded sk_receive_skb()",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64177",
        "datePublished": "2026-07-19T15:41:01.534Z",
        "dateReserved": "2026-07-19T07:54:57.039Z",
        "dateUpdated": "2026-07-19T15:41:01.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64176 (GCVE-0-2026-64176)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:41 – Updated: 2026-07-19 15:41
    VLAI
    Title
    wifi: iwlwifi: mvm: fix driver-set TX rates on old devices
    Summary
    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix driver-set TX rates on old devices On old devices such as 7265D, rates are still encoded in version 1 format, which doesn't use the CCK/OFDM rate index (0-3/0-7) but rather their PLCP value (e.g. 10 for 1 Mbps CCK rate.) While introducing v3 rates, I changed the driver from internally handling v1 rates and converting to v2, to internally handling v3 and converting to v1 or v2 according to the firmware. I accordingly changed the code in iwl_mvm_mac80211_idx_to_hwrate() to no longer have different values for different APIs. This was correct. However, I later reverted this part of the change, because it was reported that I had broken beacon rates, causing a FW assert/crash. This caused TX_CMD rates to be set incorrectly, potentially causing a warning when reported back from the device as having been used. Fix this (hopefully correctly now) by handling beacon rates in the TX_CMD that's embedded in the beacon template command separately. Restore iwl_mvm_mac80211_idx_to_hwrate() to return only the rate index, not PLCP value, fixing the real TX_CMD.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6fe92651b44fd3cfc8dcfdaad0e82885c384dada (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6b58a79f2cd98156856eb49e8b55db5facdd7e6d (git)
    Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < fb84b5cbcaab3ca0f4e961d92a40ed7f3aac483b (git)
    Affected: 0 , < 6.18.34 (semver)
    Affected: 0 , < 7.0.11 (semver)
    Create a notification for this product.
    Linux Linux Unaffected: 6.18.34 , ≤ 6.18.* (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c",
                "drivers/net/wireless/intel/iwlwifi/mvm/utils.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "6fe92651b44fd3cfc8dcfdaad0e82885c384dada",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "6b58a79f2cd98156856eb49e8b55db5facdd7e6d",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "fb84b5cbcaab3ca0f4e961d92a40ed7f3aac483b",
                  "status": "affected",
                  "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
                  "versionType": "git"
                },
                {
                  "lessThan": "6.18.34",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "7.0.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c",
                "drivers/net/wireless/intel/iwlwifi/mvm/utils.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.34",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.34",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix driver-set TX rates on old devices\n\nOn old devices such as 7265D, rates are still encoded in version 1\nformat, which doesn\u0027t use the CCK/OFDM rate index (0-3/0-7) but\nrather their PLCP value (e.g. 10 for 1 Mbps CCK rate.)\n\nWhile introducing v3 rates, I changed the driver from internally\nhandling v1 rates and converting to v2, to internally handling v3\nand converting to v1 or v2 according to the firmware. I accordingly\nchanged the code in iwl_mvm_mac80211_idx_to_hwrate() to no longer\nhave different values for different APIs. This was correct.\n\nHowever, I later reverted this part of the change, because it was\nreported that I had broken beacon rates, causing a FW assert/crash.\nThis caused TX_CMD rates to be set incorrectly, potentially causing\na warning when reported back from the device as having been used.\n\nFix this (hopefully correctly now) by handling beacon rates in the\nTX_CMD that\u0027s embedded in the beacon template command separately.\nRestore iwl_mvm_mac80211_idx_to_hwrate() to return only the rate\nindex, not PLCP value, fixing the real TX_CMD."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:41:00.830Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/6fe92651b44fd3cfc8dcfdaad0e82885c384dada"
            },
            {
              "url": "https://git.kernel.org/stable/c/6b58a79f2cd98156856eb49e8b55db5facdd7e6d"
            },
            {
              "url": "https://git.kernel.org/stable/c/fb84b5cbcaab3ca0f4e961d92a40ed7f3aac483b"
            }
          ],
          "title": "wifi: iwlwifi: mvm: fix driver-set TX rates on old devices",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64176",
        "datePublished": "2026-07-19T15:41:00.830Z",
        "dateReserved": "2026-07-19T07:54:57.039Z",
        "dateUpdated": "2026-07-19T15:41:00.830Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64175 (GCVE-0-2026-64175)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:41 – Updated: 2026-07-19 15:41
    VLAI
    Title
    wifi: iwlwifi: mld: stop TX during firmware restart
    Summary
    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: stop TX during firmware restart When iwlwifi firmware crashes (e.g., NMI_INTERRUPT_UNKNOWN on Intel BE201/Wi-Fi 7), iwl_mld_nic_error() sets mld->fw_status.in_hw_restart to true. However, iwl_mld_tx_from_txq() does not check this flag before dequeuing frames from mac80211 and pushing them to the transport layer. Since the firmware is dead, iwl_trans_tx() returns -EIO for each frame, which then gets freed immediately. Under high-throughput conditions (e.g., Tailscale UDP traffic or active SSH sessions), this creates a tight dequeue-send-fail-free loop that wastes CPU cycles and generates rapid skb allocation churn, leading to memory pressure from slab fragmentation. The RX path already has this guard (iwl_mld_rx_mpdu checks in_hw_restart at rx.c:1906), and so does the TXQ allocation worker (iwl_mld_add_txqs_wk at tx.c:156). Add the same guard to iwl_mld_tx_from_txq() to stop all TX during firmware restart. Frames left in mac80211's TXQs are naturally drained after restart completes, when queue reallocation triggers iwl_mld_tx_from_txq() via iwl_mld_add_txq_list(), or when new upper-layer traffic invokes wake_tx_queue. Tested on ASUS Zenbook 14 UX3405CA with Intel BE201 (Wi-Fi 7) on kernel 6.19.5 where the firmware crashes approximately every 10-15 minutes under Tailscale traffic.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: d1e879ec600f9b3bdd253167533959facfefb17b , < dc31c69476520bb4c2a208211a8d3c310a62c4d0 (git)
    Affected: d1e879ec600f9b3bdd253167533959facfefb17b , < 13f1786395dbbf3df73337063c798f1266be6151 (git)
    Affected: d1e879ec600f9b3bdd253167533959facfefb17b , < 2becb38a3e217ef2b2f42fddd7db7a25905ec291 (git)
    Create a notification for this product.
    Linux Linux Affected: 6.15
    Unaffected: 0 , < 6.15 (semver)
    Unaffected: 6.18.34 , ≤ 6.18.* (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "drivers/net/wireless/intel/iwlwifi/mld/tx.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "dc31c69476520bb4c2a208211a8d3c310a62c4d0",
                  "status": "affected",
                  "version": "d1e879ec600f9b3bdd253167533959facfefb17b",
                  "versionType": "git"
                },
                {
                  "lessThan": "13f1786395dbbf3df73337063c798f1266be6151",
                  "status": "affected",
                  "version": "d1e879ec600f9b3bdd253167533959facfefb17b",
                  "versionType": "git"
                },
                {
                  "lessThan": "2becb38a3e217ef2b2f42fddd7db7a25905ec291",
                  "status": "affected",
                  "version": "d1e879ec600f9b3bdd253167533959facfefb17b",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "drivers/net/wireless/intel/iwlwifi/mld/tx.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.15"
                },
                {
                  "lessThan": "6.15",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.34",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.34",
                      "versionStartIncluding": "6.15",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "6.15",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "6.15",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mld: stop TX during firmware restart\n\nWhen iwlwifi firmware crashes (e.g., NMI_INTERRUPT_UNKNOWN on Intel\nBE201/Wi-Fi 7), iwl_mld_nic_error() sets mld-\u003efw_status.in_hw_restart\nto true. However, iwl_mld_tx_from_txq() does not check this flag before\ndequeuing frames from mac80211 and pushing them to the transport layer.\n\nSince the firmware is dead, iwl_trans_tx() returns -EIO for each frame,\nwhich then gets freed immediately. Under high-throughput conditions\n(e.g., Tailscale UDP traffic or active SSH sessions), this creates a\ntight dequeue-send-fail-free loop that wastes CPU cycles and generates\nrapid skb allocation churn, leading to memory pressure from slab\nfragmentation.\n\nThe RX path already has this guard (iwl_mld_rx_mpdu checks\nin_hw_restart at rx.c:1906), and so does the TXQ allocation worker\n(iwl_mld_add_txqs_wk at tx.c:156). Add the same guard to\niwl_mld_tx_from_txq() to stop all TX during firmware restart.\n\nFrames left in mac80211\u0027s TXQs are naturally drained after restart\ncompletes, when queue reallocation triggers iwl_mld_tx_from_txq()\nvia iwl_mld_add_txq_list(), or when new upper-layer traffic invokes\nwake_tx_queue.\n\nTested on ASUS Zenbook 14 UX3405CA with Intel BE201 (Wi-Fi 7) on\nkernel 6.19.5 where the firmware crashes approximately every 10-15\nminutes under Tailscale traffic."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:41:00.157Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/dc31c69476520bb4c2a208211a8d3c310a62c4d0"
            },
            {
              "url": "https://git.kernel.org/stable/c/13f1786395dbbf3df73337063c798f1266be6151"
            },
            {
              "url": "https://git.kernel.org/stable/c/2becb38a3e217ef2b2f42fddd7db7a25905ec291"
            }
          ],
          "title": "wifi: iwlwifi: mld: stop TX during firmware restart",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64175",
        "datePublished": "2026-07-19T15:41:00.157Z",
        "dateReserved": "2026-07-19T07:54:57.039Z",
        "dateUpdated": "2026-07-19T15:41:00.157Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64174 (GCVE-0-2026-64174)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:40 – Updated: 2026-07-19 15:40
    VLAI
    Title
    wifi: cfg80211: advance loop vars in cfg80211_merge_profile()
    Summary
    In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: advance loop vars in cfg80211_merge_profile() cfg80211_merge_profile() reassembles a Multi-BSSID non-transmitted BSS profile that has been split across multiple consecutive MBSSID elements. Its while-loop calls cfg80211_get_profile_continuation(ie, ielen, mbssid_elem, sub_elem) but never advances mbssid_elem or sub_elem inside the body. Each iteration therefore searches for a continuation that follows the same fixed pair; the helper returns the same next_mbssid; and the same next_sub bytes are memcpy()'d into merged_ie at a growing offset until the buffer fills. Advance both mbssid_elem and sub_elem to the just-consumed continuation so the next call to cfg80211_get_profile_continuation() searches for a further continuation beyond it (or returns NULL when none exists). A specially-crafted malicious beacon can take advantage of this bug to cause the kernel to spend an excessive amount of time in cfg80211_merge_profile (up to as much as 2ms per beacon received), which could theoretically be abused in some way.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: fe806e4992c9047affd263bcc13b2c047029a726 , < 5817e1e5205498a5df66eba2b34e817f4210fd0f (git)
    Affected: fe806e4992c9047affd263bcc13b2c047029a726 , < cedbb608494ba1e7a5c6c56b7f1d3fd470094f28 (git)
    Affected: fe806e4992c9047affd263bcc13b2c047029a726 , < c0bc4c8bd556cbe036a5b9ed333c0aab9aadfcb8 (git)
    Affected: fe806e4992c9047affd263bcc13b2c047029a726 , < 1ced0f5a851f9cae274545a42a06c459b7fd8881 (git)
    Affected: fe806e4992c9047affd263bcc13b2c047029a726 , < 67915715fd3874057457363c87c63e18829527df (git)
    Affected: fe806e4992c9047affd263bcc13b2c047029a726 , < 6cfae4914439878b8acb35c7e3b40096eeb2ad9c (git)
    Affected: fe806e4992c9047affd263bcc13b2c047029a726 , < 1343a480f84b80c1249133a90ef87f8751d65cbb (git)
    Affected: fe806e4992c9047affd263bcc13b2c047029a726 , < 7666dbb1bacc4ba522b96740cba7283d243d16e1 (git)
    Create a notification for this product.
    Linux Linux Affected: 5.2
    Unaffected: 0 , < 5.2 (semver)
    Unaffected: 5.10.258 , ≤ 5.10.* (semver)
    Unaffected: 5.15.209 , ≤ 5.15.* (semver)
    Unaffected: 6.1.175 , ≤ 6.1.* (semver)
    Unaffected: 6.6.142 , ≤ 6.6.* (semver)
    Unaffected: 6.12.92 , ≤ 6.12.* (semver)
    Unaffected: 6.18.34 , ≤ 6.18.* (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "net/wireless/scan.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "5817e1e5205498a5df66eba2b34e817f4210fd0f",
                  "status": "affected",
                  "version": "fe806e4992c9047affd263bcc13b2c047029a726",
                  "versionType": "git"
                },
                {
                  "lessThan": "cedbb608494ba1e7a5c6c56b7f1d3fd470094f28",
                  "status": "affected",
                  "version": "fe806e4992c9047affd263bcc13b2c047029a726",
                  "versionType": "git"
                },
                {
                  "lessThan": "c0bc4c8bd556cbe036a5b9ed333c0aab9aadfcb8",
                  "status": "affected",
                  "version": "fe806e4992c9047affd263bcc13b2c047029a726",
                  "versionType": "git"
                },
                {
                  "lessThan": "1ced0f5a851f9cae274545a42a06c459b7fd8881",
                  "status": "affected",
                  "version": "fe806e4992c9047affd263bcc13b2c047029a726",
                  "versionType": "git"
                },
                {
                  "lessThan": "67915715fd3874057457363c87c63e18829527df",
                  "status": "affected",
                  "version": "fe806e4992c9047affd263bcc13b2c047029a726",
                  "versionType": "git"
                },
                {
                  "lessThan": "6cfae4914439878b8acb35c7e3b40096eeb2ad9c",
                  "status": "affected",
                  "version": "fe806e4992c9047affd263bcc13b2c047029a726",
                  "versionType": "git"
                },
                {
                  "lessThan": "1343a480f84b80c1249133a90ef87f8751d65cbb",
                  "status": "affected",
                  "version": "fe806e4992c9047affd263bcc13b2c047029a726",
                  "versionType": "git"
                },
                {
                  "lessThan": "7666dbb1bacc4ba522b96740cba7283d243d16e1",
                  "status": "affected",
                  "version": "fe806e4992c9047affd263bcc13b2c047029a726",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "net/wireless/scan.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.2"
                },
                {
                  "lessThan": "5.2",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.258",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.209",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.175",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.142",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.92",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.34",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.258",
                      "versionStartIncluding": "5.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.209",
                      "versionStartIncluding": "5.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.175",
                      "versionStartIncluding": "5.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.142",
                      "versionStartIncluding": "5.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.92",
                      "versionStartIncluding": "5.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.34",
                      "versionStartIncluding": "5.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "5.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "5.2",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: advance loop vars in cfg80211_merge_profile()\n\ncfg80211_merge_profile() reassembles a Multi-BSSID non-transmitted BSS\nprofile that has been split across multiple consecutive MBSSID elements.\nIts while-loop calls\n\n\tcfg80211_get_profile_continuation(ie, ielen, mbssid_elem, sub_elem)\n\nbut never advances mbssid_elem or sub_elem inside the body.  Each\niteration therefore searches for a continuation that follows the same\nfixed pair; the helper returns the same next_mbssid; and the same\nnext_sub bytes are memcpy()\u0027d into merged_ie at a growing offset until\nthe buffer fills.\n\nAdvance both mbssid_elem and sub_elem to the just-consumed continuation\nso the next call to cfg80211_get_profile_continuation() searches for a\nfurther continuation beyond it (or returns NULL when none exists).\n\nA specially-crafted malicious beacon can take advantage of this bug\nto cause the kernel to spend an excessive amount of time in\ncfg80211_merge_profile (up to as much as 2ms per beacon received),\nwhich could theoretically be abused in some way."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:40:59.360Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/5817e1e5205498a5df66eba2b34e817f4210fd0f"
            },
            {
              "url": "https://git.kernel.org/stable/c/cedbb608494ba1e7a5c6c56b7f1d3fd470094f28"
            },
            {
              "url": "https://git.kernel.org/stable/c/c0bc4c8bd556cbe036a5b9ed333c0aab9aadfcb8"
            },
            {
              "url": "https://git.kernel.org/stable/c/1ced0f5a851f9cae274545a42a06c459b7fd8881"
            },
            {
              "url": "https://git.kernel.org/stable/c/67915715fd3874057457363c87c63e18829527df"
            },
            {
              "url": "https://git.kernel.org/stable/c/6cfae4914439878b8acb35c7e3b40096eeb2ad9c"
            },
            {
              "url": "https://git.kernel.org/stable/c/1343a480f84b80c1249133a90ef87f8751d65cbb"
            },
            {
              "url": "https://git.kernel.org/stable/c/7666dbb1bacc4ba522b96740cba7283d243d16e1"
            }
          ],
          "title": "wifi: cfg80211: advance loop vars in cfg80211_merge_profile()",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64174",
        "datePublished": "2026-07-19T15:40:59.360Z",
        "dateReserved": "2026-07-19T07:54:57.039Z",
        "dateUpdated": "2026-07-19T15:40:59.360Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64173 (GCVE-0-2026-64173)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:40 – Updated: 2026-07-19 15:40
    VLAI
    Title
    tracing: Do not call map->ops->elt_free() if elt_alloc() fails
    Summary
    In the Linux kernel, the following vulnerability has been resolved: tracing: Do not call map->ops->elt_free() if elt_alloc() fails In paths where tracing_map_elt_alloc() failed to allocate objects, the map->ops->elt_alloc() call was never successful. In this case, map->ops->elt_free() should not be called.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 2734b629525a9dae5bf217cbf0a9651da93d2108 , < 49332e49ad5b20262cc719b03d4123b9362de701 (git)
    Affected: 2734b629525a9dae5bf217cbf0a9651da93d2108 , < b559a218eece132de0c58d444877b5627cbee524 (git)
    Affected: 2734b629525a9dae5bf217cbf0a9651da93d2108 , < b427e9f6d81c9341cba23ef92f860f99f830d91d (git)
    Affected: 2734b629525a9dae5bf217cbf0a9651da93d2108 , < f383cff9fb382139980bac1bcd3f3f5d59f68435 (git)
    Affected: 2734b629525a9dae5bf217cbf0a9651da93d2108 , < 1a150947f8480262a46c860f1acb9c6597ca7097 (git)
    Affected: 2734b629525a9dae5bf217cbf0a9651da93d2108 , < 798183376d9d3e278a270ea0e75a5769c8f145d9 (git)
    Affected: 2734b629525a9dae5bf217cbf0a9651da93d2108 , < b6723339736320b2e1784258ad4490cec7aac11a (git)
    Affected: 2734b629525a9dae5bf217cbf0a9651da93d2108 , < 8f0f5c4fb9df0e19a341e0c6ed8dc4fda9124f03 (git)
    Create a notification for this product.
    Linux Linux Affected: 4.17
    Unaffected: 0 , < 4.17 (semver)
    Unaffected: 5.10.258 , ≤ 5.10.* (semver)
    Unaffected: 5.15.209 , ≤ 5.15.* (semver)
    Unaffected: 6.1.175 , ≤ 6.1.* (semver)
    Unaffected: 6.6.142 , ≤ 6.6.* (semver)
    Unaffected: 6.12.92 , ≤ 6.12.* (semver)
    Unaffected: 6.18.34 , ≤ 6.18.* (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "kernel/trace/tracing_map.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "49332e49ad5b20262cc719b03d4123b9362de701",
                  "status": "affected",
                  "version": "2734b629525a9dae5bf217cbf0a9651da93d2108",
                  "versionType": "git"
                },
                {
                  "lessThan": "b559a218eece132de0c58d444877b5627cbee524",
                  "status": "affected",
                  "version": "2734b629525a9dae5bf217cbf0a9651da93d2108",
                  "versionType": "git"
                },
                {
                  "lessThan": "b427e9f6d81c9341cba23ef92f860f99f830d91d",
                  "status": "affected",
                  "version": "2734b629525a9dae5bf217cbf0a9651da93d2108",
                  "versionType": "git"
                },
                {
                  "lessThan": "f383cff9fb382139980bac1bcd3f3f5d59f68435",
                  "status": "affected",
                  "version": "2734b629525a9dae5bf217cbf0a9651da93d2108",
                  "versionType": "git"
                },
                {
                  "lessThan": "1a150947f8480262a46c860f1acb9c6597ca7097",
                  "status": "affected",
                  "version": "2734b629525a9dae5bf217cbf0a9651da93d2108",
                  "versionType": "git"
                },
                {
                  "lessThan": "798183376d9d3e278a270ea0e75a5769c8f145d9",
                  "status": "affected",
                  "version": "2734b629525a9dae5bf217cbf0a9651da93d2108",
                  "versionType": "git"
                },
                {
                  "lessThan": "b6723339736320b2e1784258ad4490cec7aac11a",
                  "status": "affected",
                  "version": "2734b629525a9dae5bf217cbf0a9651da93d2108",
                  "versionType": "git"
                },
                {
                  "lessThan": "8f0f5c4fb9df0e19a341e0c6ed8dc4fda9124f03",
                  "status": "affected",
                  "version": "2734b629525a9dae5bf217cbf0a9651da93d2108",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "kernel/trace/tracing_map.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.17"
                },
                {
                  "lessThan": "4.17",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.258",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.209",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.175",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.142",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.92",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.34",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.258",
                      "versionStartIncluding": "4.17",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.209",
                      "versionStartIncluding": "4.17",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.175",
                      "versionStartIncluding": "4.17",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.142",
                      "versionStartIncluding": "4.17",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.92",
                      "versionStartIncluding": "4.17",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.34",
                      "versionStartIncluding": "4.17",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "4.17",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "4.17",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Do not call map-\u003eops-\u003eelt_free() if elt_alloc() fails\n\nIn paths where tracing_map_elt_alloc() failed to allocate objects,\nthe map-\u003eops-\u003eelt_alloc() call was never successful. In this case,\nmap-\u003eops-\u003eelt_free() should not be called."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:40:58.251Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/49332e49ad5b20262cc719b03d4123b9362de701"
            },
            {
              "url": "https://git.kernel.org/stable/c/b559a218eece132de0c58d444877b5627cbee524"
            },
            {
              "url": "https://git.kernel.org/stable/c/b427e9f6d81c9341cba23ef92f860f99f830d91d"
            },
            {
              "url": "https://git.kernel.org/stable/c/f383cff9fb382139980bac1bcd3f3f5d59f68435"
            },
            {
              "url": "https://git.kernel.org/stable/c/1a150947f8480262a46c860f1acb9c6597ca7097"
            },
            {
              "url": "https://git.kernel.org/stable/c/798183376d9d3e278a270ea0e75a5769c8f145d9"
            },
            {
              "url": "https://git.kernel.org/stable/c/b6723339736320b2e1784258ad4490cec7aac11a"
            },
            {
              "url": "https://git.kernel.org/stable/c/8f0f5c4fb9df0e19a341e0c6ed8dc4fda9124f03"
            }
          ],
          "title": "tracing: Do not call map-\u003eops-\u003eelt_free() if elt_alloc() fails",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64173",
        "datePublished": "2026-07-19T15:40:58.251Z",
        "dateReserved": "2026-07-19T07:54:57.039Z",
        "dateUpdated": "2026-07-19T15:40:58.251Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64172 (GCVE-0-2026-64172)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:40 – Updated: 2026-07-19 15:40
    VLAI
    Title
    KVM: SVM: Disable AVIC IPI virtualization on Hygon Family 18h (erratum #1235)
    Summary
    In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Disable AVIC IPI virtualization on Hygon Family 18h (erratum #1235) Hygon Family 18h CPUs are derived from AMD Family 17h (Zen1) silicon and share the same erratum #1235: hardware may read a stale IsRunning=1 bit during ICR write emulation and silently fail to generate an AVIC_IPI_FAILURE_TARGET_NOT_RUNNING VM-Exit on the sending vCPU. The absence of the VM-Exit causes KVM to miss the required wakeup of blocking target vCPUs, leading to hung vCPUs and unbounded delays in guest execution. Extend the existing AMD Family 17h erratum #1235 workaround to also cover Hygon Family 18h. With IPI virtualization disabled, KVM never sets IsRunning=1 in the Physical ID table, so every non-self IPI generates a VM-Exit and is correctly emulated.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 8de4a1c8164e5b2e40d1df764840a31de983f40b , < 94ade38f317ea086a181db0e6b69c574b3b70a5e (git)
    Affected: 8de4a1c8164e5b2e40d1df764840a31de983f40b , < 9560e6fee887a9594a89fa265b5b9c79b1591803 (git)
    Affected: 8de4a1c8164e5b2e40d1df764840a31de983f40b , < 9a12fa5213cfc391e0eed63902d3be98f0913765 (git)
    Create a notification for this product.
    Linux Linux Affected: 6.17
    Unaffected: 0 , < 6.17 (semver)
    Unaffected: 6.18.34 , ≤ 6.18.* (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "arch/x86/kvm/svm/avic.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "94ade38f317ea086a181db0e6b69c574b3b70a5e",
                  "status": "affected",
                  "version": "8de4a1c8164e5b2e40d1df764840a31de983f40b",
                  "versionType": "git"
                },
                {
                  "lessThan": "9560e6fee887a9594a89fa265b5b9c79b1591803",
                  "status": "affected",
                  "version": "8de4a1c8164e5b2e40d1df764840a31de983f40b",
                  "versionType": "git"
                },
                {
                  "lessThan": "9a12fa5213cfc391e0eed63902d3be98f0913765",
                  "status": "affected",
                  "version": "8de4a1c8164e5b2e40d1df764840a31de983f40b",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "arch/x86/kvm/svm/avic.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.17"
                },
                {
                  "lessThan": "6.17",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.34",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.34",
                      "versionStartIncluding": "6.17",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "6.17",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "6.17",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Disable AVIC IPI virtualization on Hygon Family 18h (erratum #1235)\n\nHygon Family 18h CPUs are derived from AMD Family 17h (Zen1) silicon and\nshare the same erratum #1235: hardware may read a stale IsRunning=1 bit\nduring ICR write emulation and silently fail to generate an\nAVIC_IPI_FAILURE_TARGET_NOT_RUNNING VM-Exit on the sending vCPU.\n\nThe absence of the VM-Exit causes KVM to miss the required wakeup of\nblocking target vCPUs, leading to hung vCPUs and unbounded delays in\nguest execution.\n\nExtend the existing AMD Family 17h erratum #1235 workaround to also cover\nHygon Family 18h.  With IPI virtualization disabled, KVM never sets\nIsRunning=1 in the Physical ID table, so every non-self IPI generates a\nVM-Exit and is correctly emulated."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:40:57.153Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/94ade38f317ea086a181db0e6b69c574b3b70a5e"
            },
            {
              "url": "https://git.kernel.org/stable/c/9560e6fee887a9594a89fa265b5b9c79b1591803"
            },
            {
              "url": "https://git.kernel.org/stable/c/9a12fa5213cfc391e0eed63902d3be98f0913765"
            }
          ],
          "title": "KVM: SVM: Disable AVIC IPI virtualization on Hygon Family 18h (erratum #1235)",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64172",
        "datePublished": "2026-07-19T15:40:57.153Z",
        "dateReserved": "2026-07-19T07:54:57.039Z",
        "dateUpdated": "2026-07-19T15:40:57.153Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64171 (GCVE-0-2026-64171)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:40 – Updated: 2026-07-19 15:40
    VLAI
    Title
    i2c: tegra: fix pm_runtime leak on mutex_lock failure
    Summary
    In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: fix pm_runtime leak on mutex_lock failure If tegra_i2c_mutex_lock() fails, the function returns without calling pm_runtime_put(), leaking the runtime PM reference acquired by the preceding pm_runtime_get_sync(). This prevents the device from ever entering runtime suspend. Add the missing pm_runtime_put() before returning on lock failure.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 6077cfd716fbd4d1f2a3702e49ae8bf65c072685 , < 8f7ed203b39004c02479a9156089d87d1ac2c1d8 (git)
    Affected: 6077cfd716fbd4d1f2a3702e49ae8bf65c072685 , < 57cf4e8d6a57dc2ef5810f4852a23ba4c71b74bb (git)
    Create a notification for this product.
    Linux Linux Affected: 7.0
    Unaffected: 0 , < 7.0 (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "drivers/i2c/busses/i2c-tegra.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "8f7ed203b39004c02479a9156089d87d1ac2c1d8",
                  "status": "affected",
                  "version": "6077cfd716fbd4d1f2a3702e49ae8bf65c072685",
                  "versionType": "git"
                },
                {
                  "lessThan": "57cf4e8d6a57dc2ef5810f4852a23ba4c71b74bb",
                  "status": "affected",
                  "version": "6077cfd716fbd4d1f2a3702e49ae8bf65c072685",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "drivers/i2c/busses/i2c-tegra.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                },
                {
                  "lessThan": "7.0",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "7.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: tegra: fix pm_runtime leak on mutex_lock failure\n\nIf tegra_i2c_mutex_lock() fails, the function returns without calling\npm_runtime_put(), leaking the runtime PM reference acquired by the\npreceding pm_runtime_get_sync(). This prevents the device from ever\nentering runtime suspend.\n\nAdd the missing pm_runtime_put() before returning on lock failure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:40:56.071Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/8f7ed203b39004c02479a9156089d87d1ac2c1d8"
            },
            {
              "url": "https://git.kernel.org/stable/c/57cf4e8d6a57dc2ef5810f4852a23ba4c71b74bb"
            }
          ],
          "title": "i2c: tegra: fix pm_runtime leak on mutex_lock failure",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64171",
        "datePublished": "2026-07-19T15:40:56.071Z",
        "dateReserved": "2026-07-19T07:54:57.039Z",
        "dateUpdated": "2026-07-19T15:40:56.071Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64170 (GCVE-0-2026-64170)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:40 – Updated: 2026-07-19 15:40
    VLAI
    Title
    spi: qup: fix error pointer deref after DMA setup failure
    Summary
    In the Linux kernel, the following vulnerability has been resolved: spi: qup: fix error pointer deref after DMA setup failure The driver falls back to PIO mode if DMA setup fails during probe. Make sure to the clear the DMA channel pointers on setup failure to avoid dereferencing an error pointer (or attempting to release a channel a second time) on later probe errors or driver unbind. This issue was flagged by Sashiko when reviewing a devres allocation conversion patch.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 612762e82ae6058d69b4ce734598491bf030afe7 , < 0bb3bd442f0bdad3932739a61dd6c580c9c1955e (git)
    Affected: 612762e82ae6058d69b4ce734598491bf030afe7 , < d577c55d189e7ae150973058d13e299b6855633f (git)
    Affected: 612762e82ae6058d69b4ce734598491bf030afe7 , < 9e673affb92c29d9ba879bf4ea81c5e840166b56 (git)
    Affected: 612762e82ae6058d69b4ce734598491bf030afe7 , < 45760b72e84c1a1498f1a8a9047184c85299da20 (git)
    Affected: 612762e82ae6058d69b4ce734598491bf030afe7 , < 8f9b61d255b1e989b8913b06c8ebe0aba5e1b238 (git)
    Affected: 612762e82ae6058d69b4ce734598491bf030afe7 , < 4bb4764f2c51f03f657a28029eb0595d8223aab5 (git)
    Affected: 612762e82ae6058d69b4ce734598491bf030afe7 , < 4f4051e9d644c371c50de4a042b85bba6727d5c3 (git)
    Affected: 612762e82ae6058d69b4ce734598491bf030afe7 , < a7e8f3efd50a165ba0189f6dc57f7e51a7d149db (git)
    Create a notification for this product.
    Linux Linux Affected: 4.1
    Unaffected: 0 , < 4.1 (semver)
    Unaffected: 5.10.259 , ≤ 5.10.* (semver)
    Unaffected: 5.15.210 , ≤ 5.15.* (semver)
    Unaffected: 6.1.176 , ≤ 6.1.* (semver)
    Unaffected: 6.6.142 , ≤ 6.6.* (semver)
    Unaffected: 6.12.92 , ≤ 6.12.* (semver)
    Unaffected: 6.18.34 , ≤ 6.18.* (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "drivers/spi/spi-qup.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "0bb3bd442f0bdad3932739a61dd6c580c9c1955e",
                  "status": "affected",
                  "version": "612762e82ae6058d69b4ce734598491bf030afe7",
                  "versionType": "git"
                },
                {
                  "lessThan": "d577c55d189e7ae150973058d13e299b6855633f",
                  "status": "affected",
                  "version": "612762e82ae6058d69b4ce734598491bf030afe7",
                  "versionType": "git"
                },
                {
                  "lessThan": "9e673affb92c29d9ba879bf4ea81c5e840166b56",
                  "status": "affected",
                  "version": "612762e82ae6058d69b4ce734598491bf030afe7",
                  "versionType": "git"
                },
                {
                  "lessThan": "45760b72e84c1a1498f1a8a9047184c85299da20",
                  "status": "affected",
                  "version": "612762e82ae6058d69b4ce734598491bf030afe7",
                  "versionType": "git"
                },
                {
                  "lessThan": "8f9b61d255b1e989b8913b06c8ebe0aba5e1b238",
                  "status": "affected",
                  "version": "612762e82ae6058d69b4ce734598491bf030afe7",
                  "versionType": "git"
                },
                {
                  "lessThan": "4bb4764f2c51f03f657a28029eb0595d8223aab5",
                  "status": "affected",
                  "version": "612762e82ae6058d69b4ce734598491bf030afe7",
                  "versionType": "git"
                },
                {
                  "lessThan": "4f4051e9d644c371c50de4a042b85bba6727d5c3",
                  "status": "affected",
                  "version": "612762e82ae6058d69b4ce734598491bf030afe7",
                  "versionType": "git"
                },
                {
                  "lessThan": "a7e8f3efd50a165ba0189f6dc57f7e51a7d149db",
                  "status": "affected",
                  "version": "612762e82ae6058d69b4ce734598491bf030afe7",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "drivers/spi/spi-qup.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1"
                },
                {
                  "lessThan": "4.1",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.259",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.210",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.176",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.142",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.92",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.34",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.259",
                      "versionStartIncluding": "4.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.210",
                      "versionStartIncluding": "4.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.176",
                      "versionStartIncluding": "4.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.142",
                      "versionStartIncluding": "4.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.92",
                      "versionStartIncluding": "4.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.34",
                      "versionStartIncluding": "4.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "4.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "4.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: qup: fix error pointer deref after DMA setup failure\n\nThe driver falls back to PIO mode if DMA setup fails during probe.\n\nMake sure to the clear the DMA channel pointers on setup failure to\navoid dereferencing an error pointer (or attempting to release a channel\na second time) on later probe errors or driver unbind.\n\nThis issue was flagged by Sashiko when reviewing a devres allocation\nconversion patch."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:40:54.999Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/0bb3bd442f0bdad3932739a61dd6c580c9c1955e"
            },
            {
              "url": "https://git.kernel.org/stable/c/d577c55d189e7ae150973058d13e299b6855633f"
            },
            {
              "url": "https://git.kernel.org/stable/c/9e673affb92c29d9ba879bf4ea81c5e840166b56"
            },
            {
              "url": "https://git.kernel.org/stable/c/45760b72e84c1a1498f1a8a9047184c85299da20"
            },
            {
              "url": "https://git.kernel.org/stable/c/8f9b61d255b1e989b8913b06c8ebe0aba5e1b238"
            },
            {
              "url": "https://git.kernel.org/stable/c/4bb4764f2c51f03f657a28029eb0595d8223aab5"
            },
            {
              "url": "https://git.kernel.org/stable/c/4f4051e9d644c371c50de4a042b85bba6727d5c3"
            },
            {
              "url": "https://git.kernel.org/stable/c/a7e8f3efd50a165ba0189f6dc57f7e51a7d149db"
            }
          ],
          "title": "spi: qup: fix error pointer deref after DMA setup failure",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64170",
        "datePublished": "2026-07-19T15:40:54.999Z",
        "dateReserved": "2026-07-19T07:54:57.039Z",
        "dateUpdated": "2026-07-19T15:40:54.999Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64169 (GCVE-0-2026-64169)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:40 – Updated: 2026-07-19 15:40
    VLAI
    Title
    spi: ep93xx: fix error pointer deref after DMA setup failure
    Summary
    In the Linux kernel, the following vulnerability has been resolved: spi: ep93xx: fix error pointer deref after DMA setup failure The driver falls back to PIO mode if DMA setup fails during probe. Make sure to the clear the DMA channel pointers on setup failure to avoid dereferencing an error pointer on later probe errors or driver unbind. This issue was flagged by Sashiko when reviewing a devres allocation conversion patch.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: e79e7c2df6277ee1ad9364a231f6183da4492415 , < b6c0dabea07e25bd7db19a77ebfd0d02b9e2671a (git)
    Affected: e79e7c2df6277ee1ad9364a231f6183da4492415 , < 8e027db9fa310b1d5e7ad928510be800c4f004d9 (git)
    Affected: e79e7c2df6277ee1ad9364a231f6183da4492415 , < 0e2189ab095e3657f37b8295f3f2bbcde0f27529 (git)
    Affected: e79e7c2df6277ee1ad9364a231f6183da4492415 , < 5e121a81667a83e9a01d62b429e340f5a4a84abc (git)
    Create a notification for this product.
    Linux Linux Affected: 6.12
    Unaffected: 0 , < 6.12 (semver)
    Unaffected: 6.12.92 , ≤ 6.12.* (semver)
    Unaffected: 6.18.34 , ≤ 6.18.* (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "drivers/spi/spi-ep93xx.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "b6c0dabea07e25bd7db19a77ebfd0d02b9e2671a",
                  "status": "affected",
                  "version": "e79e7c2df6277ee1ad9364a231f6183da4492415",
                  "versionType": "git"
                },
                {
                  "lessThan": "8e027db9fa310b1d5e7ad928510be800c4f004d9",
                  "status": "affected",
                  "version": "e79e7c2df6277ee1ad9364a231f6183da4492415",
                  "versionType": "git"
                },
                {
                  "lessThan": "0e2189ab095e3657f37b8295f3f2bbcde0f27529",
                  "status": "affected",
                  "version": "e79e7c2df6277ee1ad9364a231f6183da4492415",
                  "versionType": "git"
                },
                {
                  "lessThan": "5e121a81667a83e9a01d62b429e340f5a4a84abc",
                  "status": "affected",
                  "version": "e79e7c2df6277ee1ad9364a231f6183da4492415",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "drivers/spi/spi-ep93xx.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.12"
                },
                {
                  "lessThan": "6.12",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.92",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.34",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.92",
                      "versionStartIncluding": "6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.34",
                      "versionStartIncluding": "6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "6.12",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "6.12",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: ep93xx: fix error pointer deref after DMA setup failure\n\nThe driver falls back to PIO mode if DMA setup fails during probe.\n\nMake sure to the clear the DMA channel pointers on setup failure to\navoid dereferencing an error pointer on later probe errors or driver\nunbind.\n\nThis issue was flagged by Sashiko when reviewing a devres allocation\nconversion patch."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:40:54.092Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/b6c0dabea07e25bd7db19a77ebfd0d02b9e2671a"
            },
            {
              "url": "https://git.kernel.org/stable/c/8e027db9fa310b1d5e7ad928510be800c4f004d9"
            },
            {
              "url": "https://git.kernel.org/stable/c/0e2189ab095e3657f37b8295f3f2bbcde0f27529"
            },
            {
              "url": "https://git.kernel.org/stable/c/5e121a81667a83e9a01d62b429e340f5a4a84abc"
            }
          ],
          "title": "spi: ep93xx: fix error pointer deref after DMA setup failure",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64169",
        "datePublished": "2026-07-19T15:40:54.092Z",
        "dateReserved": "2026-07-19T07:54:57.038Z",
        "dateUpdated": "2026-07-19T15:40:54.092Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64168 (GCVE-0-2026-64168)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:40 – Updated: 2026-07-19 15:40
    VLAI
    Title
    spi: sprd: fix error pointer deref after DMA setup failure
    Summary
    In the Linux kernel, the following vulnerability has been resolved: spi: sprd: fix error pointer deref after DMA setup failure The driver falls back to PIO mode if DMA setup fails during probe. Make sure to check the dma.enabled flag before trying to release the DMA channels also on late probe errors to avoid dereferencing an error pointer (or attempting to release a channel a second time). This issue was flagged by Sashiko when reviewing a devres allocation conversion patch.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 386119bc7be9fa5114ced0274a22a943df890b4b , < be74e276111f3c23b8e040c8c5e308f67a573add (git)
    Affected: 386119bc7be9fa5114ced0274a22a943df890b4b , < a8f233fb0c7be29b97cd249f64120bf35ce72805 (git)
    Affected: 386119bc7be9fa5114ced0274a22a943df890b4b , < 0cdea166c1a07c200caf9d0b722224fca43b23ae (git)
    Affected: 386119bc7be9fa5114ced0274a22a943df890b4b , < 450c319dd04d0eeff4184889768f7ada826a2e35 (git)
    Affected: 386119bc7be9fa5114ced0274a22a943df890b4b , < b6f1acf4e57ccf708cdc0cb70f5bb5b65162963b (git)
    Affected: 386119bc7be9fa5114ced0274a22a943df890b4b , < be409d2bbe9ca7da7b05cc7dde7499bc481f0766 (git)
    Affected: 386119bc7be9fa5114ced0274a22a943df890b4b , < c33b4496e95d04722055446c0a31213639438536 (git)
    Affected: 386119bc7be9fa5114ced0274a22a943df890b4b , < 3d67fffb74267772d461c02c67f1eff893ad547d (git)
    Create a notification for this product.
    Linux Linux Affected: 5.1
    Unaffected: 0 , < 5.1 (semver)
    Unaffected: 5.10.258 , ≤ 5.10.* (semver)
    Unaffected: 5.15.209 , ≤ 5.15.* (semver)
    Unaffected: 6.1.175 , ≤ 6.1.* (semver)
    Unaffected: 6.6.142 , ≤ 6.6.* (semver)
    Unaffected: 6.12.92 , ≤ 6.12.* (semver)
    Unaffected: 6.18.34 , ≤ 6.18.* (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "drivers/spi/spi-sprd.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "be74e276111f3c23b8e040c8c5e308f67a573add",
                  "status": "affected",
                  "version": "386119bc7be9fa5114ced0274a22a943df890b4b",
                  "versionType": "git"
                },
                {
                  "lessThan": "a8f233fb0c7be29b97cd249f64120bf35ce72805",
                  "status": "affected",
                  "version": "386119bc7be9fa5114ced0274a22a943df890b4b",
                  "versionType": "git"
                },
                {
                  "lessThan": "0cdea166c1a07c200caf9d0b722224fca43b23ae",
                  "status": "affected",
                  "version": "386119bc7be9fa5114ced0274a22a943df890b4b",
                  "versionType": "git"
                },
                {
                  "lessThan": "450c319dd04d0eeff4184889768f7ada826a2e35",
                  "status": "affected",
                  "version": "386119bc7be9fa5114ced0274a22a943df890b4b",
                  "versionType": "git"
                },
                {
                  "lessThan": "b6f1acf4e57ccf708cdc0cb70f5bb5b65162963b",
                  "status": "affected",
                  "version": "386119bc7be9fa5114ced0274a22a943df890b4b",
                  "versionType": "git"
                },
                {
                  "lessThan": "be409d2bbe9ca7da7b05cc7dde7499bc481f0766",
                  "status": "affected",
                  "version": "386119bc7be9fa5114ced0274a22a943df890b4b",
                  "versionType": "git"
                },
                {
                  "lessThan": "c33b4496e95d04722055446c0a31213639438536",
                  "status": "affected",
                  "version": "386119bc7be9fa5114ced0274a22a943df890b4b",
                  "versionType": "git"
                },
                {
                  "lessThan": "3d67fffb74267772d461c02c67f1eff893ad547d",
                  "status": "affected",
                  "version": "386119bc7be9fa5114ced0274a22a943df890b4b",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "drivers/spi/spi-sprd.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1"
                },
                {
                  "lessThan": "5.1",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.258",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.209",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.175",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.142",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.92",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.34",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.258",
                      "versionStartIncluding": "5.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.209",
                      "versionStartIncluding": "5.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.175",
                      "versionStartIncluding": "5.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.142",
                      "versionStartIncluding": "5.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.92",
                      "versionStartIncluding": "5.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.34",
                      "versionStartIncluding": "5.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "5.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "5.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: sprd: fix error pointer deref after DMA setup failure\n\nThe driver falls back to PIO mode if DMA setup fails during probe.\n\nMake sure to check the dma.enabled flag before trying to release the DMA\nchannels also on late probe errors to avoid dereferencing an error\npointer (or attempting to release a channel a second time).\n\nThis issue was flagged by Sashiko when reviewing a devres allocation\nconversion patch."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:40:52.741Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/be74e276111f3c23b8e040c8c5e308f67a573add"
            },
            {
              "url": "https://git.kernel.org/stable/c/a8f233fb0c7be29b97cd249f64120bf35ce72805"
            },
            {
              "url": "https://git.kernel.org/stable/c/0cdea166c1a07c200caf9d0b722224fca43b23ae"
            },
            {
              "url": "https://git.kernel.org/stable/c/450c319dd04d0eeff4184889768f7ada826a2e35"
            },
            {
              "url": "https://git.kernel.org/stable/c/b6f1acf4e57ccf708cdc0cb70f5bb5b65162963b"
            },
            {
              "url": "https://git.kernel.org/stable/c/be409d2bbe9ca7da7b05cc7dde7499bc481f0766"
            },
            {
              "url": "https://git.kernel.org/stable/c/c33b4496e95d04722055446c0a31213639438536"
            },
            {
              "url": "https://git.kernel.org/stable/c/3d67fffb74267772d461c02c67f1eff893ad547d"
            }
          ],
          "title": "spi: sprd: fix error pointer deref after DMA setup failure",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64168",
        "datePublished": "2026-07-19T15:40:52.741Z",
        "dateReserved": "2026-07-19T07:54:57.038Z",
        "dateUpdated": "2026-07-19T15:40:52.741Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64167 (GCVE-0-2026-64167)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:40 – Updated: 2026-07-19 15:40
    VLAI
    Title
    kho: skip KHO for crash kernel
    Summary
    In the Linux kernel, the following vulnerability has been resolved: kho: skip KHO for crash kernel kho_fill_kimage() unconditionally populates the kimage with KHO metadata for every kexec image type. When the image is a crash kernel, this can be problematic as the crash kernel can run in a small reserved region and the KHO scratch areas can sit outside it. The crash kernel then faults during kho_memory_init() when it tries phys_to_virt() on the KHO FDT address: Unable to handle kernel paging request at virtual address xxxxxxxx ... fdt_offset_ptr+... fdt_check_node_offset_+... fdt_first_property_offset+... fdt_get_property_namelen_+... fdt_getprop+... kho_memory_init+... mm_core_init+... start_kernel+... kho_locate_mem_hole() already skips KHO logic for KEXEC_TYPE_CRASH images, but kho_fill_kimage() was missing the same guard. As kho_fill_kimage() is the single point that populates image->kho.fdt and image->kho.scratch, fixing it here is sufficient for both arm64 and x86 as the FDT and boot_params path are bailing out when these fields are unset.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: d7255959b69a4e727c61eb04231d11390d4f391e , < a6ac6721326a75ff2d14c68db05f93b576d8762f (git)
    Affected: d7255959b69a4e727c61eb04231d11390d4f391e , < a6715d7ec472a476db17787697a4abda62962284 (git)
    Create a notification for this product.
    Linux Linux Affected: 6.19
    Unaffected: 0 , < 6.19 (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "kernel/liveupdate/kexec_handover.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "a6ac6721326a75ff2d14c68db05f93b576d8762f",
                  "status": "affected",
                  "version": "d7255959b69a4e727c61eb04231d11390d4f391e",
                  "versionType": "git"
                },
                {
                  "lessThan": "a6715d7ec472a476db17787697a4abda62962284",
                  "status": "affected",
                  "version": "d7255959b69a4e727c61eb04231d11390d4f391e",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "kernel/liveupdate/kexec_handover.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.19"
                },
                {
                  "lessThan": "6.19",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "6.19",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "6.19",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkho: skip KHO for crash kernel\n\nkho_fill_kimage() unconditionally populates the kimage with KHO\nmetadata for every kexec image type. When the image is a crash kernel,\nthis can be problematic as the crash kernel can run in a small reserved\nregion and the KHO scratch areas can sit outside it.\nThe crash kernel then faults during kho_memory_init() when it\ntries phys_to_virt() on the KHO FDT address:\n\n  Unable to handle kernel paging request at virtual address xxxxxxxx\n  ...\n    fdt_offset_ptr+...\n    fdt_check_node_offset_+...\n    fdt_first_property_offset+...\n    fdt_get_property_namelen_+...\n    fdt_getprop+...\n    kho_memory_init+...\n    mm_core_init+...\n    start_kernel+...\n\nkho_locate_mem_hole() already skips KHO logic for KEXEC_TYPE_CRASH\nimages, but kho_fill_kimage() was missing the same guard. As\nkho_fill_kimage() is the single point that populates image-\u003ekho.fdt\nand image-\u003ekho.scratch, fixing it here is sufficient for both arm64\nand x86 as the FDT and boot_params path are bailing out when these\nfields are unset."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:40:52.023Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/a6ac6721326a75ff2d14c68db05f93b576d8762f"
            },
            {
              "url": "https://git.kernel.org/stable/c/a6715d7ec472a476db17787697a4abda62962284"
            }
          ],
          "title": "kho: skip KHO for crash kernel",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64167",
        "datePublished": "2026-07-19T15:40:52.023Z",
        "dateReserved": "2026-07-19T07:54:57.038Z",
        "dateUpdated": "2026-07-19T15:40:52.023Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64166 (GCVE-0-2026-64166)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:40 – Updated: 2026-07-19 15:40
    VLAI
    Title
    firmware: arm_ffa: Check for NULL FF-A ID table while driver registration
    Summary
    In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Check for NULL FF-A ID table while driver registration The bus match callback assumes that every FF-A driver provides an id_table and dereferences it unconditionally. Enforce that contract at registration time so a buggy client driver cannot crash the bus during match.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 92743071464fca5acbbe812d9a0d88de3eaaad36 , < f98f131256beaddd51ad468e95d90d857fef12bf (git)
    Affected: 92743071464fca5acbbe812d9a0d88de3eaaad36 , < bc499d1acddbb75b5b4bce05f5296dd8ef9611fd (git)
    Affected: 92743071464fca5acbbe812d9a0d88de3eaaad36 , < adfff93d08a2e12ecf2a1eba272d18bc749f13c0 (git)
    Affected: 92743071464fca5acbbe812d9a0d88de3eaaad36 , < 34f59211984f66788390e7469f3e99d3796db4a8 (git)
    Affected: 92743071464fca5acbbe812d9a0d88de3eaaad36 , < 820245d86ce58898fb48b4fefc77d0cafc02801d (git)
    Affected: 92743071464fca5acbbe812d9a0d88de3eaaad36 , < 198f6c86d508ed562f07dc00276cac6dbb5dd3bf (git)
    Affected: 92743071464fca5acbbe812d9a0d88de3eaaad36 , < 0a5e695095c557d2380131b613dea4e8d90371be (git)
    Create a notification for this product.
    Linux Linux Affected: 5.14
    Unaffected: 0 , < 5.14 (semver)
    Unaffected: 5.15.209 , ≤ 5.15.* (semver)
    Unaffected: 6.1.175 , ≤ 6.1.* (semver)
    Unaffected: 6.6.142 , ≤ 6.6.* (semver)
    Unaffected: 6.12.92 , ≤ 6.12.* (semver)
    Unaffected: 6.18.34 , ≤ 6.18.* (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "drivers/firmware/arm_ffa/bus.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "f98f131256beaddd51ad468e95d90d857fef12bf",
                  "status": "affected",
                  "version": "92743071464fca5acbbe812d9a0d88de3eaaad36",
                  "versionType": "git"
                },
                {
                  "lessThan": "bc499d1acddbb75b5b4bce05f5296dd8ef9611fd",
                  "status": "affected",
                  "version": "92743071464fca5acbbe812d9a0d88de3eaaad36",
                  "versionType": "git"
                },
                {
                  "lessThan": "adfff93d08a2e12ecf2a1eba272d18bc749f13c0",
                  "status": "affected",
                  "version": "92743071464fca5acbbe812d9a0d88de3eaaad36",
                  "versionType": "git"
                },
                {
                  "lessThan": "34f59211984f66788390e7469f3e99d3796db4a8",
                  "status": "affected",
                  "version": "92743071464fca5acbbe812d9a0d88de3eaaad36",
                  "versionType": "git"
                },
                {
                  "lessThan": "820245d86ce58898fb48b4fefc77d0cafc02801d",
                  "status": "affected",
                  "version": "92743071464fca5acbbe812d9a0d88de3eaaad36",
                  "versionType": "git"
                },
                {
                  "lessThan": "198f6c86d508ed562f07dc00276cac6dbb5dd3bf",
                  "status": "affected",
                  "version": "92743071464fca5acbbe812d9a0d88de3eaaad36",
                  "versionType": "git"
                },
                {
                  "lessThan": "0a5e695095c557d2380131b613dea4e8d90371be",
                  "status": "affected",
                  "version": "92743071464fca5acbbe812d9a0d88de3eaaad36",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "drivers/firmware/arm_ffa/bus.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.14"
                },
                {
                  "lessThan": "5.14",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.209",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.175",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.142",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.92",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.34",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.209",
                      "versionStartIncluding": "5.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.175",
                      "versionStartIncluding": "5.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.142",
                      "versionStartIncluding": "5.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.92",
                      "versionStartIncluding": "5.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.34",
                      "versionStartIncluding": "5.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "5.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "5.14",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_ffa: Check for NULL FF-A ID table while driver registration\n\nThe bus match callback assumes that every FF-A driver provides an\nid_table and dereferences it unconditionally. Enforce that contract at\nregistration time so a buggy client driver cannot crash the bus during\nmatch."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:40:51.305Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/f98f131256beaddd51ad468e95d90d857fef12bf"
            },
            {
              "url": "https://git.kernel.org/stable/c/bc499d1acddbb75b5b4bce05f5296dd8ef9611fd"
            },
            {
              "url": "https://git.kernel.org/stable/c/adfff93d08a2e12ecf2a1eba272d18bc749f13c0"
            },
            {
              "url": "https://git.kernel.org/stable/c/34f59211984f66788390e7469f3e99d3796db4a8"
            },
            {
              "url": "https://git.kernel.org/stable/c/820245d86ce58898fb48b4fefc77d0cafc02801d"
            },
            {
              "url": "https://git.kernel.org/stable/c/198f6c86d508ed562f07dc00276cac6dbb5dd3bf"
            },
            {
              "url": "https://git.kernel.org/stable/c/0a5e695095c557d2380131b613dea4e8d90371be"
            }
          ],
          "title": "firmware: arm_ffa: Check for NULL FF-A ID table while driver registration",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64166",
        "datePublished": "2026-07-19T15:40:51.305Z",
        "dateReserved": "2026-07-19T07:54:57.038Z",
        "dateUpdated": "2026-07-19T15:40:51.305Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64165 (GCVE-0-2026-64165)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:40 – Updated: 2026-07-19 15:40
    VLAI
    Title
    ARM: integrator: Fix early initialization
    Summary
    In the Linux kernel, the following vulnerability has been resolved: ARM: integrator: Fix early initialization Starting with commit bdb249fce9ad4 ("ARM: integrator: read counter using syscon/regmap"), intcp_init_early calls syscon_regmap_lookup_by_compatible which in turn calls of_syscon_register. This function allocates memory. Since the memory management code has not been initialized at that time, the call always fails. It either returns -ENOMEM or crashes as follows. Unable to handle kernel NULL pointer dereference at virtual address 0000000c when read [0000000c] *pgd=00000000 Internal error: Oops: 5 [#1] ARM Modules linked in: CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.15.0-rc5-00026-g5fcc9bf84ee5 #1 PREEMPT Hardware name: ARM Integrator/CP (Device Tree) PC is at __kmalloc_cache_noprof+0xec/0x39c LR is at __kmalloc_cache_noprof+0x34/0x39c ... Call trace: __kmalloc_cache_noprof from of_syscon_register+0x7c/0x310 of_syscon_register from device_node_get_regmap+0xa4/0xb0 device_node_get_regmap from intcp_init_early+0xc/0x40 intcp_init_early from start_kernel+0x60/0x688 start_kernel from 0x0 The crash is seen due to a dereferenced pointer which is not supposed to be NULL but is NULL if the memory management subsystem has not been initialized. The crash is not seen with all versions of gcc. Some versions such as gcc 9.x apparently do not dereference the pointer, presumably if tracing is disabled. The problem has been reproduced with gcc 10.x, 11.x, and 13.x. Either case, if the crash is not seen, the call to syscon_regmap_lookup_by_compatible returns -ENOMEM, and sched_clock_register is never called. Fix the problem by moving the early initialization code into the standard machine initialization code.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: bdb249fce9ad44aab340be3b7a77060114f7193b , < 22c738fb51f2d8b23ddff5cc0ccb2dd685bb39d3 (git)
    Affected: bdb249fce9ad44aab340be3b7a77060114f7193b , < 812103fb6da904bd03d62cf6a9826e537318ceed (git)
    Affected: bdb249fce9ad44aab340be3b7a77060114f7193b , < 6624854554c4c2bdfed3559e5c11bb03b16e7bd1 (git)
    Affected: bdb249fce9ad44aab340be3b7a77060114f7193b , < 508b1193d63b5e073a3fe103eeb785fcba2d368c (git)
    Affected: bdb249fce9ad44aab340be3b7a77060114f7193b , < 58a112b0973f6cd6bcb8c503d1ff88be411ed0f0 (git)
    Affected: bdb249fce9ad44aab340be3b7a77060114f7193b , < e984dc22e2c24dc34d6728e338c82b1ce7862753 (git)
    Affected: bdb249fce9ad44aab340be3b7a77060114f7193b , < 33ad014abec90f37dade0e00560f28864187e21a (git)
    Affected: bdb249fce9ad44aab340be3b7a77060114f7193b , < 90d77b30a666049ad24df463f52e5d529c44e8cd (git)
    Create a notification for this product.
    Linux Linux Affected: 4.9
    Unaffected: 0 , < 4.9 (semver)
    Unaffected: 5.10.258 , ≤ 5.10.* (semver)
    Unaffected: 5.15.209 , ≤ 5.15.* (semver)
    Unaffected: 6.1.175 , ≤ 6.1.* (semver)
    Unaffected: 6.6.142 , ≤ 6.6.* (semver)
    Unaffected: 6.12.92 , ≤ 6.12.* (semver)
    Unaffected: 6.18.34 , ≤ 6.18.* (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "arch/arm/mach-versatile/integrator_cp.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "22c738fb51f2d8b23ddff5cc0ccb2dd685bb39d3",
                  "status": "affected",
                  "version": "bdb249fce9ad44aab340be3b7a77060114f7193b",
                  "versionType": "git"
                },
                {
                  "lessThan": "812103fb6da904bd03d62cf6a9826e537318ceed",
                  "status": "affected",
                  "version": "bdb249fce9ad44aab340be3b7a77060114f7193b",
                  "versionType": "git"
                },
                {
                  "lessThan": "6624854554c4c2bdfed3559e5c11bb03b16e7bd1",
                  "status": "affected",
                  "version": "bdb249fce9ad44aab340be3b7a77060114f7193b",
                  "versionType": "git"
                },
                {
                  "lessThan": "508b1193d63b5e073a3fe103eeb785fcba2d368c",
                  "status": "affected",
                  "version": "bdb249fce9ad44aab340be3b7a77060114f7193b",
                  "versionType": "git"
                },
                {
                  "lessThan": "58a112b0973f6cd6bcb8c503d1ff88be411ed0f0",
                  "status": "affected",
                  "version": "bdb249fce9ad44aab340be3b7a77060114f7193b",
                  "versionType": "git"
                },
                {
                  "lessThan": "e984dc22e2c24dc34d6728e338c82b1ce7862753",
                  "status": "affected",
                  "version": "bdb249fce9ad44aab340be3b7a77060114f7193b",
                  "versionType": "git"
                },
                {
                  "lessThan": "33ad014abec90f37dade0e00560f28864187e21a",
                  "status": "affected",
                  "version": "bdb249fce9ad44aab340be3b7a77060114f7193b",
                  "versionType": "git"
                },
                {
                  "lessThan": "90d77b30a666049ad24df463f52e5d529c44e8cd",
                  "status": "affected",
                  "version": "bdb249fce9ad44aab340be3b7a77060114f7193b",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "arch/arm/mach-versatile/integrator_cp.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.9"
                },
                {
                  "lessThan": "4.9",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.258",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.209",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.175",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.142",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.92",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.34",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.258",
                      "versionStartIncluding": "4.9",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.209",
                      "versionStartIncluding": "4.9",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.175",
                      "versionStartIncluding": "4.9",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.142",
                      "versionStartIncluding": "4.9",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.92",
                      "versionStartIncluding": "4.9",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.34",
                      "versionStartIncluding": "4.9",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "4.9",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "4.9",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: integrator: Fix early initialization\n\nStarting with commit bdb249fce9ad4 (\"ARM: integrator: read counter using\nsyscon/regmap\"), intcp_init_early calls syscon_regmap_lookup_by_compatible\nwhich in turn calls of_syscon_register. This function allocates memory.\nSince the memory management code has not been initialized at that time,\nthe call always fails. It either returns -ENOMEM or crashes as follows.\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000c when read\n[0000000c] *pgd=00000000\nInternal error: Oops: 5 [#1] ARM\nModules linked in:\nCPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.15.0-rc5-00026-g5fcc9bf84ee5 #1 PREEMPT\nHardware name: ARM Integrator/CP (Device Tree)\nPC is at __kmalloc_cache_noprof+0xec/0x39c\nLR is at __kmalloc_cache_noprof+0x34/0x39c\n...\nCall trace:\n __kmalloc_cache_noprof from of_syscon_register+0x7c/0x310\n of_syscon_register from device_node_get_regmap+0xa4/0xb0\n device_node_get_regmap from intcp_init_early+0xc/0x40\n intcp_init_early from start_kernel+0x60/0x688\n start_kernel from 0x0\n\nThe crash is seen due to a dereferenced pointer which is not supposed to be\nNULL but is NULL if the memory management subsystem has not been\ninitialized. The crash is not seen with all versions of gcc. Some versions\nsuch as gcc 9.x apparently do not dereference the pointer, presumably if\ntracing is disabled. The problem has been reproduced with gcc 10.x, 11.x,\nand 13.x. Either case, if the crash is not seen, the call to\nsyscon_regmap_lookup_by_compatible returns -ENOMEM, and\nsched_clock_register is never called.\n\nFix the problem by moving the early initialization code into the standard\nmachine initialization code."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:40:50.585Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/22c738fb51f2d8b23ddff5cc0ccb2dd685bb39d3"
            },
            {
              "url": "https://git.kernel.org/stable/c/812103fb6da904bd03d62cf6a9826e537318ceed"
            },
            {
              "url": "https://git.kernel.org/stable/c/6624854554c4c2bdfed3559e5c11bb03b16e7bd1"
            },
            {
              "url": "https://git.kernel.org/stable/c/508b1193d63b5e073a3fe103eeb785fcba2d368c"
            },
            {
              "url": "https://git.kernel.org/stable/c/58a112b0973f6cd6bcb8c503d1ff88be411ed0f0"
            },
            {
              "url": "https://git.kernel.org/stable/c/e984dc22e2c24dc34d6728e338c82b1ce7862753"
            },
            {
              "url": "https://git.kernel.org/stable/c/33ad014abec90f37dade0e00560f28864187e21a"
            },
            {
              "url": "https://git.kernel.org/stable/c/90d77b30a666049ad24df463f52e5d529c44e8cd"
            }
          ],
          "title": "ARM: integrator: Fix early initialization",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64165",
        "datePublished": "2026-07-19T15:40:50.585Z",
        "dateReserved": "2026-07-19T07:54:57.038Z",
        "dateUpdated": "2026-07-19T15:40:50.585Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64164 (GCVE-0-2026-64164)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:40 – Updated: 2026-07-19 15:40
    VLAI
    Title
    btrfs: tracepoints: fix sleep while in atomic context in btrfs_sync_file()
    Summary
    In the Linux kernel, the following vulnerability has been resolved: btrfs: tracepoints: fix sleep while in atomic context in btrfs_sync_file() The trace event btrfs_sync_file() is called in an atomic context (all trace events are) and its call to dput(), which is needed due to the call to dget_parent(), can sleep, triggering a kernel splat. This can be reproduced by enabling the trace event and running btrfs/056 from fstests for example. The splat shown in dmesg is the following: [53.919] BUG: sleeping function called from invalid context at fs/dcache.c:970 [53.947] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 32773, name: xfs_io [53.988] preempt_count: 2, expected: 0 [53.967] RCU nest depth: 0, expected: 0 [53.943] Preemption disabled at: [53.944] [<0000000000000000>] 0x0 [54.078] CPU: 0 UID: 0 PID: 32773 Comm: xfs_io Tainted: G W 7.1.0-rc1-btrfs-next-232+ #1 PREEMPT(full) [54.070] Tainted: [W]=WARN [54.071] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014 [54.072] Call Trace: [54.074] <TASK> [54.076] dump_stack_lvl+0x56/0x80 [54.079] __might_resched.cold+0xd6/0x10f [54.072] dput.part.0+0x24/0x110 [54.078] trace_event_raw_event_btrfs_sync_file+0x75/0x140 [btrfs] [54.089] btrfs_sync_file+0x1ed/0x530 [btrfs] [54.087] ? __handle_mm_fault+0x8ae/0xed0 [54.089] btrfs_do_write_iter+0x172/0x210 [btrfs] [54.091] vfs_write+0x21f/0x450 [54.094] __x64_sys_pwrite64+0x8d/0xc0 [54.096] ? do_user_addr_fault+0x20c/0x670 [54.099] do_syscall_64+0x60/0xf20 [54.092] ? clear_bhb_loop+0x60/0xb0 [54.094] entry_SYSCALL_64_after_hwframe+0x76/0x7e So stop using dget_parent() and dput() and access the parent dentry directly as dentry->d_parent. This is also what ext4 is doing in its equivalent trace event ext4_sync_file_enter().
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 4a7bab35fad5251c8cb738161152578cd83b6b9c , < d78b0a80eac36879ef5478707135c446920e134b (git)
    Affected: 520e8b4bcf872a534a7bf61ccf880047642df296 , < 4361954f0e158af0530caa1e57f12b531be4658f (git)
    Affected: e252db8ca2a01f82d472091f35d549b313278636 , < 6279992c9ba2774901c9d4dd4a481162e2534714 (git)
    Affected: c09a7446aab5773f38d6abb25fce99b8e1dfbc97 , < 26b2290baaf6da6add0f782a100766e686a33f4f (git)
    Affected: 32372781d664a9b03c40343e96c29d0a6139f97d , < 12a0487945c09760a5968d9333383014ea294117 (git)
    Affected: 2e4adfaec97ee053ad1bdfb5036845e66f7e0d8a , < c32a7e0e3c73c1c0768556a56bd78de9f7b83780 (git)
    Affected: a85b46db143fda5869e7d8df8f258ccef5fa1719 , < 0a96d9a85cd2240481297156b9bb72e10b7a8036 (git)
    Affected: a85b46db143fda5869e7d8df8f258ccef5fa1719 , < c73370c677646e86fc4b1780fb07027bdf847375 (git)
    Affected: d110d7cdb045715c0b45b0dfd974525bb38f653d (git)
    Affected: 6.6.136 , < 6.6.142 (semver)
    Affected: 6.12.83 , < 6.12.92 (semver)
    Affected: 6.18.24 , < 6.18.34 (semver)
    Affected: 6.19.14 , < 6.20 (semver)
    Create a notification for this product.
    Linux Linux Affected: 7.0
    Unaffected: 0 , < 7.0 (semver)
    Unaffected: 6.6.142 , ≤ 6.6.* (semver)
    Unaffected: 6.12.92 , ≤ 6.12.* (semver)
    Unaffected: 6.18.34 , ≤ 6.18.* (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "include/trace/events/btrfs.h"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "d78b0a80eac36879ef5478707135c446920e134b",
                  "status": "affected",
                  "version": "4a7bab35fad5251c8cb738161152578cd83b6b9c",
                  "versionType": "git"
                },
                {
                  "lessThan": "4361954f0e158af0530caa1e57f12b531be4658f",
                  "status": "affected",
                  "version": "520e8b4bcf872a534a7bf61ccf880047642df296",
                  "versionType": "git"
                },
                {
                  "lessThan": "6279992c9ba2774901c9d4dd4a481162e2534714",
                  "status": "affected",
                  "version": "e252db8ca2a01f82d472091f35d549b313278636",
                  "versionType": "git"
                },
                {
                  "lessThan": "26b2290baaf6da6add0f782a100766e686a33f4f",
                  "status": "affected",
                  "version": "c09a7446aab5773f38d6abb25fce99b8e1dfbc97",
                  "versionType": "git"
                },
                {
                  "lessThan": "12a0487945c09760a5968d9333383014ea294117",
                  "status": "affected",
                  "version": "32372781d664a9b03c40343e96c29d0a6139f97d",
                  "versionType": "git"
                },
                {
                  "lessThan": "c32a7e0e3c73c1c0768556a56bd78de9f7b83780",
                  "status": "affected",
                  "version": "2e4adfaec97ee053ad1bdfb5036845e66f7e0d8a",
                  "versionType": "git"
                },
                {
                  "lessThan": "0a96d9a85cd2240481297156b9bb72e10b7a8036",
                  "status": "affected",
                  "version": "a85b46db143fda5869e7d8df8f258ccef5fa1719",
                  "versionType": "git"
                },
                {
                  "lessThan": "c73370c677646e86fc4b1780fb07027bdf847375",
                  "status": "affected",
                  "version": "a85b46db143fda5869e7d8df8f258ccef5fa1719",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "d110d7cdb045715c0b45b0dfd974525bb38f653d",
                  "versionType": "git"
                },
                {
                  "lessThan": "6.6.142",
                  "status": "affected",
                  "version": "6.6.136",
                  "versionType": "semver"
                },
                {
                  "lessThan": "6.12.92",
                  "status": "affected",
                  "version": "6.12.83",
                  "versionType": "semver"
                },
                {
                  "lessThan": "6.18.34",
                  "status": "affected",
                  "version": "6.18.24",
                  "versionType": "semver"
                },
                {
                  "lessThan": "6.20",
                  "status": "affected",
                  "version": "6.19.14",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "include/trace/events/btrfs.h"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                },
                {
                  "lessThan": "7.0",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.142",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.92",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.34",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.142",
                      "versionStartIncluding": "6.6.136",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.92",
                      "versionStartIncluding": "6.12.83",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.34",
                      "versionStartIncluding": "6.18.24",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "6.19.14",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: tracepoints: fix sleep while in atomic context in btrfs_sync_file()\n\nThe trace event btrfs_sync_file() is called in an atomic context (all trace\nevents are) and its call to dput(), which is needed due to the call to\ndget_parent(), can sleep, triggering a kernel splat.\n\nThis can be reproduced by enabling the trace event and running btrfs/056\nfrom fstests for example. The splat shown in dmesg is the following:\n\n  [53.919] BUG: sleeping function called from invalid context at fs/dcache.c:970\n  [53.947] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 32773, name: xfs_io\n  [53.988] preempt_count: 2, expected: 0\n  [53.967] RCU nest depth: 0, expected: 0\n  [53.943] Preemption disabled at:\n  [53.944] [\u003c0000000000000000\u003e] 0x0\n  [54.078] CPU: 0 UID: 0 PID: 32773 Comm: xfs_io Tainted: G        W           7.1.0-rc1-btrfs-next-232+ #1 PREEMPT(full)\n  [54.070] Tainted: [W]=WARN\n  [54.071] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014\n  [54.072] Call Trace:\n  [54.074]  \u003cTASK\u003e\n  [54.076]  dump_stack_lvl+0x56/0x80\n  [54.079]  __might_resched.cold+0xd6/0x10f\n  [54.072]  dput.part.0+0x24/0x110\n  [54.078]  trace_event_raw_event_btrfs_sync_file+0x75/0x140 [btrfs]\n  [54.089]  btrfs_sync_file+0x1ed/0x530 [btrfs]\n  [54.087]  ? __handle_mm_fault+0x8ae/0xed0\n  [54.089]  btrfs_do_write_iter+0x172/0x210 [btrfs]\n  [54.091]  vfs_write+0x21f/0x450\n  [54.094]  __x64_sys_pwrite64+0x8d/0xc0\n  [54.096]  ? do_user_addr_fault+0x20c/0x670\n  [54.099]  do_syscall_64+0x60/0xf20\n  [54.092]  ? clear_bhb_loop+0x60/0xb0\n  [54.094]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nSo stop using dget_parent() and dput() and access the parent dentry\ndirectly as dentry-\u003ed_parent. This is also what ext4 is doing in\nits equivalent trace event ext4_sync_file_enter()."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:40:49.894Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/d78b0a80eac36879ef5478707135c446920e134b"
            },
            {
              "url": "https://git.kernel.org/stable/c/4361954f0e158af0530caa1e57f12b531be4658f"
            },
            {
              "url": "https://git.kernel.org/stable/c/6279992c9ba2774901c9d4dd4a481162e2534714"
            },
            {
              "url": "https://git.kernel.org/stable/c/26b2290baaf6da6add0f782a100766e686a33f4f"
            },
            {
              "url": "https://git.kernel.org/stable/c/12a0487945c09760a5968d9333383014ea294117"
            },
            {
              "url": "https://git.kernel.org/stable/c/c32a7e0e3c73c1c0768556a56bd78de9f7b83780"
            },
            {
              "url": "https://git.kernel.org/stable/c/0a96d9a85cd2240481297156b9bb72e10b7a8036"
            },
            {
              "url": "https://git.kernel.org/stable/c/c73370c677646e86fc4b1780fb07027bdf847375"
            }
          ],
          "title": "btrfs: tracepoints: fix sleep while in atomic context in btrfs_sync_file()",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64164",
        "datePublished": "2026-07-19T15:40:49.894Z",
        "dateReserved": "2026-07-19T07:54:57.038Z",
        "dateUpdated": "2026-07-19T15:40:49.894Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64163 (GCVE-0-2026-64163)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:40 – Updated: 2026-07-19 15:40
    VLAI
    Title
    test_kprobes: clear kprobes between test runs
    Summary
    In the Linux kernel, the following vulnerability has been resolved: test_kprobes: clear kprobes between test runs Running the kprobes sanity tests twice makes all tests fail and eventually crashes the kernel. [root@martin-riscv-1 ~]# echo 1 > /sys/kernel/debug/kunit/kprobes_test/run ... # Totals: pass:5 fail:0 skip:0 total:5 ok 1 kprobes_test [root@martin-riscv-1 ~]# echo 1 > /sys/kernel/debug/kunit/kprobes_test/run ... # test_kprobe: EXPECTATION FAILED at lib/tests/test_kprobes.c:64 Expected 0 == register_kprobe(&kp), but register_kprobe(&kp) == -22 (0xffffffffffffffea) ... Unable to handle kernel paging request ... The testsuite defines several kprobes and kretprobes as static variables that are preserved across test runs. After register_kprobe and unregister_kprobe, a kprobe contains some leftover data that must be cleared before the kprobe can be registered again. The tests are setting symbol_name to define the probe location. Address and flags must be cleared. The existing code clears some of the probes between subsequent tests, but not between two test runs. The leftover data from a previous test run makes the registrations fail in the next run. Move the cleanups for all kprobes into kprobes_test_init, this function is called before each single test (including the first test of a test run).
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: e44e81c5b90f698025eadceb7eef8661eda117d5 , < 08d355936fcf70c81c94f9fe7310450b65c53399 (git)
    Affected: e44e81c5b90f698025eadceb7eef8661eda117d5 , < accc0004c501a9918313142282b094d408af06fb (git)
    Affected: e44e81c5b90f698025eadceb7eef8661eda117d5 , < 1c24cf1fd67f6702c719ab73499392cb7af956ae (git)
    Affected: e44e81c5b90f698025eadceb7eef8661eda117d5 , < 96515819d79f356f40da5540968d838ea570fab9 (git)
    Affected: e44e81c5b90f698025eadceb7eef8661eda117d5 , < ef5581bb30efb939cc2bf093475c6cc85258e5cd (git)
    Create a notification for this product.
    Linux Linux Affected: 5.16
    Unaffected: 0 , < 5.16 (semver)
    Unaffected: 6.6.142 , ≤ 6.6.* (semver)
    Unaffected: 6.12.92 , ≤ 6.12.* (semver)
    Unaffected: 6.18.34 , ≤ 6.18.* (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "lib/tests/test_kprobes.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "08d355936fcf70c81c94f9fe7310450b65c53399",
                  "status": "affected",
                  "version": "e44e81c5b90f698025eadceb7eef8661eda117d5",
                  "versionType": "git"
                },
                {
                  "lessThan": "accc0004c501a9918313142282b094d408af06fb",
                  "status": "affected",
                  "version": "e44e81c5b90f698025eadceb7eef8661eda117d5",
                  "versionType": "git"
                },
                {
                  "lessThan": "1c24cf1fd67f6702c719ab73499392cb7af956ae",
                  "status": "affected",
                  "version": "e44e81c5b90f698025eadceb7eef8661eda117d5",
                  "versionType": "git"
                },
                {
                  "lessThan": "96515819d79f356f40da5540968d838ea570fab9",
                  "status": "affected",
                  "version": "e44e81c5b90f698025eadceb7eef8661eda117d5",
                  "versionType": "git"
                },
                {
                  "lessThan": "ef5581bb30efb939cc2bf093475c6cc85258e5cd",
                  "status": "affected",
                  "version": "e44e81c5b90f698025eadceb7eef8661eda117d5",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "lib/tests/test_kprobes.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.16"
                },
                {
                  "lessThan": "5.16",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.142",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.92",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.34",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.142",
                      "versionStartIncluding": "5.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.92",
                      "versionStartIncluding": "5.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.34",
                      "versionStartIncluding": "5.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "5.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "5.16",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntest_kprobes: clear kprobes between test runs\n\nRunning the kprobes sanity tests twice makes all tests fail and\neventually crashes the kernel.\n\n[root@martin-riscv-1 ~]# echo 1 \u003e /sys/kernel/debug/kunit/kprobes_test/run\n...\n   # Totals: pass:5 fail:0 skip:0 total:5\n   ok 1 kprobes_test\n[root@martin-riscv-1 ~]# echo 1 \u003e /sys/kernel/debug/kunit/kprobes_test/run\n...\n  # test_kprobe: EXPECTATION FAILED at lib/tests/test_kprobes.c:64\n  Expected 0 == register_kprobe(\u0026kp), but\n      register_kprobe(\u0026kp) == -22 (0xffffffffffffffea)\n...\n  Unable to handle kernel paging request ...\n\nThe testsuite defines several kprobes and kretprobes as static variables\nthat are preserved across test runs.\n\nAfter register_kprobe and unregister_kprobe, a kprobe contains some\nleftover data that must be cleared before the kprobe can be registered\nagain. The tests are setting symbol_name to define the probe location.\nAddress and flags must be cleared.\n\nThe existing code clears some of the probes between subsequent tests, but\nnot between two test runs. The leftover data from a previous test run\nmakes the registrations fail in the next run.\n\nMove the cleanups for all kprobes into kprobes_test_init, this function\nis called before each single test (including the first test of a test\nrun)."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:40:49.172Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/08d355936fcf70c81c94f9fe7310450b65c53399"
            },
            {
              "url": "https://git.kernel.org/stable/c/accc0004c501a9918313142282b094d408af06fb"
            },
            {
              "url": "https://git.kernel.org/stable/c/1c24cf1fd67f6702c719ab73499392cb7af956ae"
            },
            {
              "url": "https://git.kernel.org/stable/c/96515819d79f356f40da5540968d838ea570fab9"
            },
            {
              "url": "https://git.kernel.org/stable/c/ef5581bb30efb939cc2bf093475c6cc85258e5cd"
            }
          ],
          "title": "test_kprobes: clear kprobes between test runs",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64163",
        "datePublished": "2026-07-19T15:40:49.172Z",
        "dateReserved": "2026-07-19T07:54:57.038Z",
        "dateUpdated": "2026-07-19T15:40:49.172Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64162 (GCVE-0-2026-64162)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:40 – Updated: 2026-07-19 15:40
    VLAI
    Title
    idpf: fix read_dev_clk_lock spinlock init in idpf_ptp_init()
    Summary
    In the Linux kernel, the following vulnerability has been resolved: idpf: fix read_dev_clk_lock spinlock init in idpf_ptp_init() In idpf_ptp_init(), read_dev_clk_lock is initialized after ptp_schedule_worker() had already been called (and after idpf_ptp_settime64() could reach the lock). The PTP aux worker fires immediately upon scheduling and can call into idpf_ptp_read_src_clk_reg_direct(), which takes spin_lock(&ptp->read_dev_clk_lock) on an uninitialized lock, triggering the lockdep "non-static key" warning: [12973.796587] idpf 0000:83:00.0: Device HW Reset initiated [12974.094507] INFO: trying to register non-static key. ... [12974.097208] Call Trace: [12974.097213] <TASK> [12974.097218] dump_stack_lvl+0x93/0xe0 [12974.097234] register_lock_class+0x4c4/0x4e0 [12974.097249] ? __lock_acquire+0x427/0x2290 [12974.097259] __lock_acquire+0x98/0x2290 [12974.097272] lock_acquire+0xc6/0x310 [12974.097281] ? idpf_ptp_read_src_clk_reg+0xb7/0x150 [idpf] [12974.097311] ? lockdep_hardirqs_on_prepare+0xde/0x190 [12974.097318] ? finish_task_switch.isra.0+0xd2/0x350 [12974.097330] ? __pfx_ptp_aux_kworker+0x10/0x10 [ptp] [12974.097343] _raw_spin_lock+0x30/0x40 [12974.097353] ? idpf_ptp_read_src_clk_reg+0xb7/0x150 [idpf] [12974.097373] idpf_ptp_read_src_clk_reg+0xb7/0x150 [idpf] [12974.097391] ? kthread_worker_fn+0x88/0x3d0 [12974.097404] ? kthread_worker_fn+0x4e/0x3d0 [12974.097411] idpf_ptp_update_cached_phctime+0x26/0x120 [idpf] [12974.097428] ? _raw_spin_unlock_irq+0x28/0x50 [12974.097436] idpf_ptp_do_aux_work+0x15/0x20 [idpf] [12974.097454] ptp_aux_kworker+0x20/0x40 [ptp] [12974.097464] kthread_worker_fn+0xd5/0x3d0 [12974.097474] ? __pfx_kthread_worker_fn+0x10/0x10 [12974.097482] kthread+0xf4/0x130 [12974.097489] ? __pfx_kthread+0x10/0x10 [12974.097498] ret_from_fork+0x32c/0x410 [12974.097512] ? __pfx_kthread+0x10/0x10 [12974.097519] ret_from_fork_asm+0x1a/0x30 [12974.097540] </TASK> Move the call to spin_lock_init() up a bit to make sure read_dev_clk_lock is not touched before it's been initialized.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 5cb8805d2366b20ee4d7afff586d8acf17649330 , < eb5991d4c8ba2e8153dfcda3e66a9608377b7dce (git)
    Affected: 5cb8805d2366b20ee4d7afff586d8acf17649330 , < 3122d70b7c0101d897fb795658a7b93f854935f2 (git)
    Affected: 5cb8805d2366b20ee4d7afff586d8acf17649330 , < da4f76b6a84ede14a71282ef841768299ead0221 (git)
    Create a notification for this product.
    Linux Linux Affected: 6.16
    Unaffected: 0 , < 6.16 (semver)
    Unaffected: 6.18.34 , ≤ 6.18.* (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "drivers/net/ethernet/intel/idpf/idpf_ptp.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "eb5991d4c8ba2e8153dfcda3e66a9608377b7dce",
                  "status": "affected",
                  "version": "5cb8805d2366b20ee4d7afff586d8acf17649330",
                  "versionType": "git"
                },
                {
                  "lessThan": "3122d70b7c0101d897fb795658a7b93f854935f2",
                  "status": "affected",
                  "version": "5cb8805d2366b20ee4d7afff586d8acf17649330",
                  "versionType": "git"
                },
                {
                  "lessThan": "da4f76b6a84ede14a71282ef841768299ead0221",
                  "status": "affected",
                  "version": "5cb8805d2366b20ee4d7afff586d8acf17649330",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "drivers/net/ethernet/intel/idpf/idpf_ptp.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.16"
                },
                {
                  "lessThan": "6.16",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.34",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.34",
                      "versionStartIncluding": "6.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "6.16",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "6.16",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix read_dev_clk_lock spinlock init in idpf_ptp_init()\n\nIn idpf_ptp_init(), read_dev_clk_lock is initialized after\nptp_schedule_worker() had already been called (and after\nidpf_ptp_settime64() could reach the lock). The PTP aux worker\nfires immediately upon scheduling and can call into\nidpf_ptp_read_src_clk_reg_direct(), which takes\nspin_lock(\u0026ptp-\u003eread_dev_clk_lock) on an uninitialized lock, triggering\nthe lockdep \"non-static key\" warning:\n\n[12973.796587] idpf 0000:83:00.0: Device HW Reset initiated\n[12974.094507] INFO: trying to register non-static key.\n...\n[12974.097208] Call Trace:\n[12974.097213]  \u003cTASK\u003e\n[12974.097218]  dump_stack_lvl+0x93/0xe0\n[12974.097234]  register_lock_class+0x4c4/0x4e0\n[12974.097249]  ? __lock_acquire+0x427/0x2290\n[12974.097259]  __lock_acquire+0x98/0x2290\n[12974.097272]  lock_acquire+0xc6/0x310\n[12974.097281]  ? idpf_ptp_read_src_clk_reg+0xb7/0x150 [idpf]\n[12974.097311]  ? lockdep_hardirqs_on_prepare+0xde/0x190\n[12974.097318]  ? finish_task_switch.isra.0+0xd2/0x350\n[12974.097330]  ? __pfx_ptp_aux_kworker+0x10/0x10 [ptp]\n[12974.097343]  _raw_spin_lock+0x30/0x40\n[12974.097353]  ? idpf_ptp_read_src_clk_reg+0xb7/0x150 [idpf]\n[12974.097373]  idpf_ptp_read_src_clk_reg+0xb7/0x150 [idpf]\n[12974.097391]  ? kthread_worker_fn+0x88/0x3d0\n[12974.097404]  ? kthread_worker_fn+0x4e/0x3d0\n[12974.097411]  idpf_ptp_update_cached_phctime+0x26/0x120 [idpf]\n[12974.097428]  ? _raw_spin_unlock_irq+0x28/0x50\n[12974.097436]  idpf_ptp_do_aux_work+0x15/0x20 [idpf]\n[12974.097454]  ptp_aux_kworker+0x20/0x40 [ptp]\n[12974.097464]  kthread_worker_fn+0xd5/0x3d0\n[12974.097474]  ? __pfx_kthread_worker_fn+0x10/0x10\n[12974.097482]  kthread+0xf4/0x130\n[12974.097489]  ? __pfx_kthread+0x10/0x10\n[12974.097498]  ret_from_fork+0x32c/0x410\n[12974.097512]  ? __pfx_kthread+0x10/0x10\n[12974.097519]  ret_from_fork_asm+0x1a/0x30\n[12974.097540]  \u003c/TASK\u003e\n\nMove the call to spin_lock_init() up a bit to make sure read_dev_clk_lock\nis not touched before it\u0027s been initialized."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:40:48.461Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/eb5991d4c8ba2e8153dfcda3e66a9608377b7dce"
            },
            {
              "url": "https://git.kernel.org/stable/c/3122d70b7c0101d897fb795658a7b93f854935f2"
            },
            {
              "url": "https://git.kernel.org/stable/c/da4f76b6a84ede14a71282ef841768299ead0221"
            }
          ],
          "title": "idpf: fix read_dev_clk_lock spinlock init in idpf_ptp_init()",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64162",
        "datePublished": "2026-07-19T15:40:48.461Z",
        "dateReserved": "2026-07-19T07:54:57.038Z",
        "dateUpdated": "2026-07-19T15:40:48.461Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64161 (GCVE-0-2026-64161)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:40 – Updated: 2026-07-19 15:40
    VLAI
    Title
    net: ti: icssm-prueth: fix eth_ports_node leak in probe
    Summary
    In the Linux kernel, the following vulnerability has been resolved: net: ti: icssm-prueth: fix eth_ports_node leak in probe The error path on of_property_read_u32() failure inside icssm_prueth_probe() returns without putting eth_ports_node, which was acquired before the for_each_child_of_node() loop. Drop it before returning.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 511f6c1ae093c7045742299d29eba71925709a71 , < 994358adc0982d17731ffea7dfacd25afcc89773 (git)
    Affected: 511f6c1ae093c7045742299d29eba71925709a71 , < ca029dde6ad732a5aba28d6b107d7a84ba5e302b (git)
    Affected: 511f6c1ae093c7045742299d29eba71925709a71 , < 6635fa84403c3a59455b66007c019a7cc632db30 (git)
    Create a notification for this product.
    Linux Linux Affected: 6.18
    Unaffected: 0 , < 6.18 (semver)
    Unaffected: 6.18.34 , ≤ 6.18.* (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "drivers/net/ethernet/ti/icssm/icssm_prueth.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "994358adc0982d17731ffea7dfacd25afcc89773",
                  "status": "affected",
                  "version": "511f6c1ae093c7045742299d29eba71925709a71",
                  "versionType": "git"
                },
                {
                  "lessThan": "ca029dde6ad732a5aba28d6b107d7a84ba5e302b",
                  "status": "affected",
                  "version": "511f6c1ae093c7045742299d29eba71925709a71",
                  "versionType": "git"
                },
                {
                  "lessThan": "6635fa84403c3a59455b66007c019a7cc632db30",
                  "status": "affected",
                  "version": "511f6c1ae093c7045742299d29eba71925709a71",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "drivers/net/ethernet/ti/icssm/icssm_prueth.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.18"
                },
                {
                  "lessThan": "6.18",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.34",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.34",
                      "versionStartIncluding": "6.18",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "6.18",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "6.18",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ti: icssm-prueth: fix eth_ports_node leak in probe\n\nThe error path on of_property_read_u32() failure inside\nicssm_prueth_probe() returns without putting eth_ports_node,\nwhich was acquired before the for_each_child_of_node() loop.\n\nDrop it before returning."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:40:47.761Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/994358adc0982d17731ffea7dfacd25afcc89773"
            },
            {
              "url": "https://git.kernel.org/stable/c/ca029dde6ad732a5aba28d6b107d7a84ba5e302b"
            },
            {
              "url": "https://git.kernel.org/stable/c/6635fa84403c3a59455b66007c019a7cc632db30"
            }
          ],
          "title": "net: ti: icssm-prueth: fix eth_ports_node leak in probe",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64161",
        "datePublished": "2026-07-19T15:40:47.761Z",
        "dateReserved": "2026-07-19T07:54:57.038Z",
        "dateUpdated": "2026-07-19T15:40:47.761Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64160 (GCVE-0-2026-64160)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:40 – Updated: 2026-07-19 15:40
    VLAI
    Title
    netfs: Fix potential for tearing in ->remote_i_size and ->zero_point
    Summary
    In the Linux kernel, the following vulnerability has been resolved: netfs: Fix potential for tearing in ->remote_i_size and ->zero_point Fix potential tearing in using ->remote_i_size and ->zero_point by copying i_size_read() and i_size_write() and using the same seqcount as for i_size. We need to make sure that netfslib and the filesystems that use it always hold i_lock whilst updating any of the sizes to prevent i_size_seqcount from getting corrupted.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 4058f742105ecfcbdf99e1139e6c1f74fb8e6db9 , < 55970f238d495517edc961d55c44c772594d0969 (git)
    Affected: 4058f742105ecfcbdf99e1139e6c1f74fb8e6db9 , < 2c8f4742bb76117d735f92a3932d85239b16c494 (git)
    Create a notification for this product.
    Linux Linux Affected: 5.18
    Unaffected: 0 , < 5.18 (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "fs/9p/v9fs_vfs.h",
                "fs/9p/vfs_inode.c",
                "fs/9p/vfs_inode_dotl.c",
                "fs/afs/file.c",
                "fs/afs/inode.c",
                "fs/afs/internal.h",
                "fs/afs/write.c",
                "fs/netfs/buffered_read.c",
                "fs/netfs/buffered_write.c",
                "fs/netfs/direct_write.c",
                "fs/netfs/misc.c",
                "fs/netfs/write_collect.c",
                "fs/smb/client/cifsfs.c",
                "fs/smb/client/cifssmb.c",
                "fs/smb/client/file.c",
                "fs/smb/client/inode.c",
                "fs/smb/client/readdir.c",
                "fs/smb/client/smb2ops.c",
                "fs/smb/client/smb2pdu.c",
                "include/linux/netfs.h"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "55970f238d495517edc961d55c44c772594d0969",
                  "status": "affected",
                  "version": "4058f742105ecfcbdf99e1139e6c1f74fb8e6db9",
                  "versionType": "git"
                },
                {
                  "lessThan": "2c8f4742bb76117d735f92a3932d85239b16c494",
                  "status": "affected",
                  "version": "4058f742105ecfcbdf99e1139e6c1f74fb8e6db9",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "fs/9p/v9fs_vfs.h",
                "fs/9p/vfs_inode.c",
                "fs/9p/vfs_inode_dotl.c",
                "fs/afs/file.c",
                "fs/afs/inode.c",
                "fs/afs/internal.h",
                "fs/afs/write.c",
                "fs/netfs/buffered_read.c",
                "fs/netfs/buffered_write.c",
                "fs/netfs/direct_write.c",
                "fs/netfs/misc.c",
                "fs/netfs/write_collect.c",
                "fs/smb/client/cifsfs.c",
                "fs/smb/client/cifssmb.c",
                "fs/smb/client/file.c",
                "fs/smb/client/inode.c",
                "fs/smb/client/readdir.c",
                "fs/smb/client/smb2ops.c",
                "fs/smb/client/smb2pdu.c",
                "include/linux/netfs.h"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.18"
                },
                {
                  "lessThan": "5.18",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "5.18",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "5.18",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix potential for tearing in -\u003eremote_i_size and -\u003ezero_point\n\nFix potential tearing in using -\u003eremote_i_size and -\u003ezero_point by copying\ni_size_read() and i_size_write() and using the same seqcount as for i_size.\n\nWe need to make sure that netfslib and the filesystems that use it always\nhold i_lock whilst updating any of the sizes to prevent i_size_seqcount\nfrom getting corrupted."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:40:47.063Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/55970f238d495517edc961d55c44c772594d0969"
            },
            {
              "url": "https://git.kernel.org/stable/c/2c8f4742bb76117d735f92a3932d85239b16c494"
            }
          ],
          "title": "netfs: Fix potential for tearing in -\u003eremote_i_size and -\u003ezero_point",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64160",
        "datePublished": "2026-07-19T15:40:47.063Z",
        "dateReserved": "2026-07-19T07:54:57.038Z",
        "dateUpdated": "2026-07-19T15:40:47.063Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64159 (GCVE-0-2026-64159)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:40 – Updated: 2026-07-19 15:40
    VLAI
    Title
    netfs: Fix zeropoint update where i_size > remote_i_size
    Summary
    In the Linux kernel, the following vulnerability has been resolved: netfs: Fix zeropoint update where i_size > remote_i_size Fix the update of the zero point[*] by netfs_release_folio() when there is uncommitted data in the pagecache beyond the folio being released but the on-server EOF is in this folio (ie. i_size > remote_i_size). The update needs to limit zero_point to remote_i_size, not i_size as i_size is a local phenomenon reflecting updates made locally to the pagecache, not stuff written to the server. remote_i_size tracks the server's i_size. [*] The zero point is the file position from which we can assume that the server will just return zeros, so we can avoid generating reads. Note that netfs_invalidate_folio() probably doesn't need fixing as zero_point should be updated by setattr after truncation or fallocate. Found with: fsx -q -N 1000000 -p 10000 -o 128000 -l 600000 \ /xfstest.test/junk --replay-ops=junk.fsxops using the following as junk.fsxops: truncate 0x0 0x1bbae 0x82864 write 0x3ef2e 0xf9c8 0x1bbae write 0x67e05 0xcb5a 0x4e8f6 mapread 0x57781 0x85b6 0x7495f copy_range 0x5d3d 0x10329 0x54fac 0x7495f write 0x64710 0x1c2b 0x7495f mapread 0x64000 0x1000 0x7495f on cifs with the default cache option. It shows read-gaps on folio 0x64 failing with a short read (ie. it hits EOF) if the FMODE_READ check is commented out in netfs_perform_write(): if (//(file->f_mode & FMODE_READ) || netfs_is_cache_enabled(ctx)) { and no fscache. This was initially found with the generic/522 xfstest.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: cce6bfa6ca0e30af9927b0074c97fe6a92f28092 , < 5cd5207de519ef0c085f4f559adf5eefcb4c5202 (git)
    Affected: cce6bfa6ca0e30af9927b0074c97fe6a92f28092 , < 4543a4d737944134a1394afe797622546fbcc98a (git)
    Affected: e2814004138a541110d4b2dc254a8f619c2c4ce0 (git)
    Affected: 6.10.8 , < 6.11 (semver)
    Create a notification for this product.
    Linux Linux Affected: 6.11
    Unaffected: 0 , < 6.11 (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "fs/netfs/misc.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "5cd5207de519ef0c085f4f559adf5eefcb4c5202",
                  "status": "affected",
                  "version": "cce6bfa6ca0e30af9927b0074c97fe6a92f28092",
                  "versionType": "git"
                },
                {
                  "lessThan": "4543a4d737944134a1394afe797622546fbcc98a",
                  "status": "affected",
                  "version": "cce6bfa6ca0e30af9927b0074c97fe6a92f28092",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "e2814004138a541110d4b2dc254a8f619c2c4ce0",
                  "versionType": "git"
                },
                {
                  "lessThan": "6.11",
                  "status": "affected",
                  "version": "6.10.8",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "fs/netfs/misc.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.11"
                },
                {
                  "lessThan": "6.11",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "6.11",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "6.11",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "6.10.8",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix zeropoint update where i_size \u003e remote_i_size\n\nFix the update of the zero point[*] by netfs_release_folio() when there is\nuncommitted data in the pagecache beyond the folio being released but the\non-server EOF is in this folio (ie. i_size \u003e remote_i_size).  The update\nneeds to limit zero_point to remote_i_size, not i_size as i_size is a local\nphenomenon reflecting updates made locally to the pagecache, not stuff\nwritten to the server.  remote_i_size tracks the server\u0027s i_size.\n\n[*] The zero point is the file position from which we can assume that the\n    server will just return zeros, so we can avoid generating reads.\n\nNote that netfs_invalidate_folio() probably doesn\u0027t need fixing as\nzero_point should be updated by setattr after truncation or fallocate.\n\nFound with:\n\n    fsx -q -N 1000000 -p 10000 -o 128000 -l 600000 \\\n        /xfstest.test/junk --replay-ops=junk.fsxops\n\nusing the following as junk.fsxops:\n\n    truncate 0x0 0x1bbae 0x82864\n    write 0x3ef2e 0xf9c8 0x1bbae\n    write 0x67e05 0xcb5a 0x4e8f6\n    mapread 0x57781 0x85b6 0x7495f\n    copy_range 0x5d3d 0x10329 0x54fac 0x7495f\n    write 0x64710 0x1c2b 0x7495f\n    mapread 0x64000 0x1000 0x7495f\n\non cifs with the default cache option.\n\nIt shows read-gaps on folio 0x64 failing with a short read (ie. it hits\nEOF) if the FMODE_READ check is commented out in netfs_perform_write():\n\n                if (//(file-\u003ef_mode \u0026 FMODE_READ) ||\n                    netfs_is_cache_enabled(ctx)) {\n\nand no fscache.  This was initially found with the generic/522 xfstest."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:40:46.400Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/5cd5207de519ef0c085f4f559adf5eefcb4c5202"
            },
            {
              "url": "https://git.kernel.org/stable/c/4543a4d737944134a1394afe797622546fbcc98a"
            }
          ],
          "title": "netfs: Fix zeropoint update where i_size \u003e remote_i_size",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64159",
        "datePublished": "2026-07-19T15:40:46.400Z",
        "dateReserved": "2026-07-19T07:54:57.038Z",
        "dateUpdated": "2026-07-19T15:40:46.400Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64158 (GCVE-0-2026-64158)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:40 – Updated: 2026-07-19 15:40
    VLAI
    Title
    netfs: Fix write streaming disablement if fd open O_RDWR
    Summary
    In the Linux kernel, the following vulnerability has been resolved: netfs: Fix write streaming disablement if fd open O_RDWR In netfs_perform_write(), "write streaming" (the caching of dirty data in dirty but !uptodate folios) is performed to avoid the need to read data that is just going to get immediately overwritten. However, this is/will be disabled in three circumstances: if the fd is open O_RDWR, if fscache is in use (as we need to round out the blocks for DIO) or if content encryption is enabled (again for rounding out purposes). The idea behind disabling it if the fd is open O_RDWR is that we'd need to flush the write-streaming page before we could read the data, particularly through mmap. But netfs now fills in the gaps if ->read_folio() is called on the page, so that is unnecessary. Further, this doesn't actually work if a separate fd is open for reading. Fix this by removing the check for O_RDWR, thereby allowing streaming writes even when we might read. This caused a number of problems with the generic/522 xfstest, but those are now fixed.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: c38f4e96e605f17990e871214e6ea1496bc4e65f , < 9adf8e47d73d5e3c2fe77dea649dcde350ccd65c (git)
    Affected: c38f4e96e605f17990e871214e6ea1496bc4e65f , < 616578e40dcba3f94810d841c5a52b7e3bc8ede7 (git)
    Affected: c38f4e96e605f17990e871214e6ea1496bc4e65f , < 7a9fa5b020a3a40f8291a71cd44c08d931da430d (git)
    Affected: c38f4e96e605f17990e871214e6ea1496bc4e65f , < 70a7b9193bbbfceaab5974de66834c64ccc875dd (git)
    Create a notification for this product.
    Linux Linux Affected: 6.8
    Unaffected: 0 , < 6.8 (semver)
    Unaffected: 6.12.92 , ≤ 6.12.* (semver)
    Unaffected: 6.18.34 , ≤ 6.18.* (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "fs/netfs/buffered_write.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "9adf8e47d73d5e3c2fe77dea649dcde350ccd65c",
                  "status": "affected",
                  "version": "c38f4e96e605f17990e871214e6ea1496bc4e65f",
                  "versionType": "git"
                },
                {
                  "lessThan": "616578e40dcba3f94810d841c5a52b7e3bc8ede7",
                  "status": "affected",
                  "version": "c38f4e96e605f17990e871214e6ea1496bc4e65f",
                  "versionType": "git"
                },
                {
                  "lessThan": "7a9fa5b020a3a40f8291a71cd44c08d931da430d",
                  "status": "affected",
                  "version": "c38f4e96e605f17990e871214e6ea1496bc4e65f",
                  "versionType": "git"
                },
                {
                  "lessThan": "70a7b9193bbbfceaab5974de66834c64ccc875dd",
                  "status": "affected",
                  "version": "c38f4e96e605f17990e871214e6ea1496bc4e65f",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "fs/netfs/buffered_write.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.8"
                },
                {
                  "lessThan": "6.8",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.92",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.34",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.92",
                      "versionStartIncluding": "6.8",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.34",
                      "versionStartIncluding": "6.8",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "6.8",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "6.8",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix write streaming disablement if fd open O_RDWR\n\nIn netfs_perform_write(), \"write streaming\" (the caching of dirty data in\ndirty but !uptodate folios) is performed to avoid the need to read data\nthat is just going to get immediately overwritten.  However, this is/will\nbe disabled in three circumstances: if the fd is open O_RDWR, if fscache is\nin use (as we need to round out the blocks for DIO) or if content\nencryption is enabled (again for rounding out purposes).\n\nThe idea behind disabling it if the fd is open O_RDWR is that we\u0027d need to\nflush the write-streaming page before we could read the data, particularly\nthrough mmap.  But netfs now fills in the gaps if -\u003eread_folio() is called\non the page, so that is unnecessary.  Further, this doesn\u0027t actually work\nif a separate fd is open for reading.\n\nFix this by removing the check for O_RDWR, thereby allowing streaming\nwrites even when we might read.\n\nThis caused a number of problems with the generic/522 xfstest, but those\nare now fixed."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:40:45.692Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/9adf8e47d73d5e3c2fe77dea649dcde350ccd65c"
            },
            {
              "url": "https://git.kernel.org/stable/c/616578e40dcba3f94810d841c5a52b7e3bc8ede7"
            },
            {
              "url": "https://git.kernel.org/stable/c/7a9fa5b020a3a40f8291a71cd44c08d931da430d"
            },
            {
              "url": "https://git.kernel.org/stable/c/70a7b9193bbbfceaab5974de66834c64ccc875dd"
            }
          ],
          "title": "netfs: Fix write streaming disablement if fd open O_RDWR",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64158",
        "datePublished": "2026-07-19T15:40:45.692Z",
        "dateReserved": "2026-07-19T07:54:57.038Z",
        "dateUpdated": "2026-07-19T15:40:45.692Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-64157 (GCVE-0-2026-64157)

    Vulnerability from cvelistv5 – Published: 2026-07-19 15:40 – Updated: 2026-07-19 15:40
    VLAI
    Title
    netfs: Fix partial invalidation of streaming-write folio
    Summary
    In the Linux kernel, the following vulnerability has been resolved: netfs: Fix partial invalidation of streaming-write folio In netfs_invalidate_folio(), if the region of a partial invalidation overlaps the front (but not all) of a dirty write cached in a streaming write page (dirty, but not uptodate, with the dirty region tracked by a netfs_folio struct), the function modifies the dirty region - but incorrectly as it moves the region forward by setting the start to the start, not the end, of the invalidation region. Fix this by setting finfo->dirty_offset to the end of the invalidation region (iend).
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Linux Linux Affected: cce6bfa6ca0e30af9927b0074c97fe6a92f28092 , < f6b2569ae29b666fd15ff2848684c445ba442a39 (git)
    Affected: cce6bfa6ca0e30af9927b0074c97fe6a92f28092 , < 3d9601c029b934b5b6a10f99791467b10eb6b211 (git)
    Affected: cce6bfa6ca0e30af9927b0074c97fe6a92f28092 , < 6a3d27116be2c5fb9a03d5cf37c486ac517f3689 (git)
    Affected: cce6bfa6ca0e30af9927b0074c97fe6a92f28092 , < 6d91acc7fb85d33ea58fca9b964a32a453937f4b (git)
    Affected: e2814004138a541110d4b2dc254a8f619c2c4ce0 (git)
    Affected: 6.10.8 , < 6.11 (semver)
    Create a notification for this product.
    Linux Linux Affected: 6.11
    Unaffected: 0 , < 6.11 (semver)
    Unaffected: 6.12.92 , ≤ 6.12.* (semver)
    Unaffected: 6.18.34 , ≤ 6.18.* (semver)
    Unaffected: 7.0.11 , ≤ 7.0.* (semver)
    Unaffected: 7.1 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "fs/netfs/misc.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "f6b2569ae29b666fd15ff2848684c445ba442a39",
                  "status": "affected",
                  "version": "cce6bfa6ca0e30af9927b0074c97fe6a92f28092",
                  "versionType": "git"
                },
                {
                  "lessThan": "3d9601c029b934b5b6a10f99791467b10eb6b211",
                  "status": "affected",
                  "version": "cce6bfa6ca0e30af9927b0074c97fe6a92f28092",
                  "versionType": "git"
                },
                {
                  "lessThan": "6a3d27116be2c5fb9a03d5cf37c486ac517f3689",
                  "status": "affected",
                  "version": "cce6bfa6ca0e30af9927b0074c97fe6a92f28092",
                  "versionType": "git"
                },
                {
                  "lessThan": "6d91acc7fb85d33ea58fca9b964a32a453937f4b",
                  "status": "affected",
                  "version": "cce6bfa6ca0e30af9927b0074c97fe6a92f28092",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "e2814004138a541110d4b2dc254a8f619c2c4ce0",
                  "versionType": "git"
                },
                {
                  "lessThan": "6.11",
                  "status": "affected",
                  "version": "6.10.8",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "fs/netfs/misc.c"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.11"
                },
                {
                  "lessThan": "6.11",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.92",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.34",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.*",
                  "status": "unaffected",
                  "version": "7.0.11",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.1",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.92",
                      "versionStartIncluding": "6.11",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.34",
                      "versionStartIncluding": "6.11",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.11",
                      "versionStartIncluding": "6.11",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1",
                      "versionStartIncluding": "6.11",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "6.10.8",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix partial invalidation of streaming-write folio\n\nIn netfs_invalidate_folio(), if the region of a partial invalidation\noverlaps the front (but not all) of a dirty write cached in a streaming\nwrite page (dirty, but not uptodate, with the dirty region tracked by a\nnetfs_folio struct), the function modifies the dirty region - but\nincorrectly as it moves the region forward by setting the start to the\nstart, not the end, of the invalidation region.\n\nFix this by setting finfo-\u003edirty_offset to the end of the invalidation\nregion (iend)."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-19T15:40:44.964Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/f6b2569ae29b666fd15ff2848684c445ba442a39"
            },
            {
              "url": "https://git.kernel.org/stable/c/3d9601c029b934b5b6a10f99791467b10eb6b211"
            },
            {
              "url": "https://git.kernel.org/stable/c/6a3d27116be2c5fb9a03d5cf37c486ac517f3689"
            },
            {
              "url": "https://git.kernel.org/stable/c/6d91acc7fb85d33ea58fca9b964a32a453937f4b"
            }
          ],
          "title": "netfs: Fix partial invalidation of streaming-write folio",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-64157",
        "datePublished": "2026-07-19T15:40:44.964Z",
        "dateReserved": "2026-07-19T07:54:57.038Z",
        "dateUpdated": "2026-07-19T15:40:44.964Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }