Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0192
Vulnerability from certfr_avis - Published: 2026-02-20 - Updated: 2026-02-20
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian trixie versions ant\u00e9rieures \u00e0 6.12.73-1",
"product": {
"name": "Debian",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-23198",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23198"
},
{
"name": "CVE-2026-23202",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23202"
},
{
"name": "CVE-2026-23219",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23219"
},
{
"name": "CVE-2026-23199",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23199"
},
{
"name": "CVE-2026-23220",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23220"
},
{
"name": "CVE-2025-71223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71223"
},
{
"name": "CVE-2026-23187",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23187"
},
{
"name": "CVE-2026-23179",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23179"
},
{
"name": "CVE-2026-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23222"
},
{
"name": "CVE-2026-23229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23229"
},
{
"name": "CVE-2026-23209",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23209"
},
{
"name": "CVE-2025-40082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40082"
},
{
"name": "CVE-2025-71235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71235"
},
{
"name": "CVE-2026-23204",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23204"
},
{
"name": "CVE-2026-23230",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23230"
},
{
"name": "CVE-2026-23214",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23214"
},
{
"name": "CVE-2026-23178",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23178"
},
{
"name": "CVE-2026-23228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23228"
},
{
"name": "CVE-2026-23223",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23223"
},
{
"name": "CVE-2026-23191",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23191"
},
{
"name": "CVE-2026-23169",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23169"
},
{
"name": "CVE-2026-23177",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23177"
},
{
"name": "CVE-2025-71220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71220"
},
{
"name": "CVE-2026-23201",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23201"
},
{
"name": "CVE-2026-23180",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23180"
},
{
"name": "CVE-2026-23200",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23200"
},
{
"name": "CVE-2026-23216",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23216"
},
{
"name": "CVE-2025-71225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71225"
},
{
"name": "CVE-2026-23176",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23176"
},
{
"name": "CVE-2025-71203",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71203"
},
{
"name": "CVE-2026-23188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23188"
},
{
"name": "CVE-2025-71228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71228"
},
{
"name": "CVE-2025-71224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71224"
},
{
"name": "CVE-2026-23193",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23193"
},
{
"name": "CVE-2025-71237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71237"
},
{
"name": "CVE-2026-23215",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23215"
},
{
"name": "CVE-2026-23205",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23205"
},
{
"name": "CVE-2025-71222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71222"
},
{
"name": "CVE-2025-71229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71229"
},
{
"name": "CVE-2026-23213",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23213"
},
{
"name": "CVE-2025-71236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71236"
},
{
"name": "CVE-2025-71234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71234"
},
{
"name": "CVE-2025-71232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71232"
},
{
"name": "CVE-2025-71204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71204"
},
{
"name": "CVE-2026-23182",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23182"
},
{
"name": "CVE-2026-23206",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23206"
},
{
"name": "CVE-2025-68823",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68823"
},
{
"name": "CVE-2026-23112",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23112"
},
{
"name": "CVE-2026-23190",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23190"
},
{
"name": "CVE-2025-71233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71233"
},
{
"name": "CVE-2026-23224",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23224"
},
{
"name": "CVE-2026-23189",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23189"
},
{
"name": "CVE-2026-23111",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23111"
},
{
"name": "CVE-2025-71231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71231"
}
],
"initial_release_date": "2026-02-20T00:00:00",
"last_revision_date": "2026-02-20T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0192",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
"vendor_advisories": [
{
"published_at": "2026-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-6141-1",
"url": "https://lists.debian.org/debian-security-announce/2026/msg00050.html"
}
]
}
CVE-2025-40082 (GCVE-0-2025-40082)
Vulnerability from cvelistv5 – Published: 2025-10-28 11:48 – Updated: 2026-05-23 16:01
VLAI
EPSS
Title
hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
Summary
In the Linux kernel, the following vulnerability has been resolved:
hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186
Read of size 2 at addr ffff8880289ef218 by task syz.6.248/14290
CPU: 0 UID: 0 PID: 14290 Comm: syz.6.248 Not tainted 6.16.4 #1 PREEMPT(full)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:378 [inline]
print_report+0xca/0x5f0 mm/kasan/report.c:482
kasan_report+0xca/0x100 mm/kasan/report.c:595
hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186
hfsplus_listxattr+0x5b6/0xbd0 fs/hfsplus/xattr.c:738
vfs_listxattr+0xbe/0x140 fs/xattr.c:493
listxattr+0xee/0x190 fs/xattr.c:924
filename_listxattr fs/xattr.c:958 [inline]
path_listxattrat+0x143/0x360 fs/xattr.c:988
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe0e9fae16d
Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fe0eae67f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
RAX: ffffffffffffffda RBX: 00007fe0ea205fa0 RCX: 00007fe0e9fae16d
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
RBP: 00007fe0ea0480f0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fe0ea206038 R14: 00007fe0ea205fa0 R15: 00007fe0eae48000
</TASK>
Allocated by task 14290:
kasan_save_stack+0x24/0x50 mm/kasan/common.c:47
kasan_save_track+0x14/0x30 mm/kasan/common.c:68
poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
__kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394
kasan_kmalloc include/linux/kasan.h:260 [inline]
__do_kmalloc_node mm/slub.c:4333 [inline]
__kmalloc_noprof+0x219/0x540 mm/slub.c:4345
kmalloc_noprof include/linux/slab.h:909 [inline]
hfsplus_find_init+0x95/0x1f0 fs/hfsplus/bfind.c:21
hfsplus_listxattr+0x331/0xbd0 fs/hfsplus/xattr.c:697
vfs_listxattr+0xbe/0x140 fs/xattr.c:493
listxattr+0xee/0x190 fs/xattr.c:924
filename_listxattr fs/xattr.c:958 [inline]
path_listxattrat+0x143/0x360 fs/xattr.c:988
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
When hfsplus_uni2asc is called from hfsplus_listxattr,
it actually passes in a struct hfsplus_attr_unistr*.
The size of the corresponding structure is different from that of hfsplus_unistr,
so the previous fix (94458781aee6) is insufficient.
The pointer on the unicode buffer is still going beyond the allocated memory.
This patch introduces two warpper functions hfsplus_uni2asc_xattr_str and
hfsplus_uni2asc_str to process two unicode buffers,
struct hfsplus_attr_unistr* and struct hfsplus_unistr* respectively.
When ustrlen value is bigger than the allocated memory size,
the ustrlen value is limited to an safe size.
Severity
No CVSS data available.
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
ccf0ad56a779e6704c0b27f555dec847f50c7557 , < 343fe375a8dd6ee51a193a1c233b999f5ea4d479
(git)
Affected: 13604b1d7e7b125fb428cddbec6b8d92baad25d5 , < 782acde47e127c98a113726e2ff8024bd65c0454 (git) Affected: 291bb5d931c6f3cd7227b913302a17be21cf53b0 , < c3db89ea1ed3d540eebe8f3c36e806fb75ee4a1e (git) Affected: f7534cbfac0a9ffa4fa17cacc6e8b6446dae24ee , < 5b5228964619b180f366940505b77255b1a03929 (git) Affected: 94458781aee6045bd3d0ad4b80b02886b9e2219b , < 857aefc70d4ae3b9bf1ae67434d27d0f79f80c9e (git) Affected: 94458781aee6045bd3d0ad4b80b02886b9e2219b , < bea3e1d4467bcf292c8e54f080353d556d355e26 (git) Affected: 73f7da507d787b489761a0fa280716f84fa32b2f (git) Affected: 76a4c6636a69d69409aa253b049b1be717a539c5 (git) Affected: 6f93694bcbc2c2ab3e01cd8fba2f296faf34e6b9 (git) Affected: 1ca69007e52a73bd8b84b988b61b319816ca8b01 (git) Affected: 5.15.190 , < 5.15.200 (semver) Affected: 6.1.149 , < 6.1.163 (semver) Affected: 6.6.103 , < 6.6.124 (semver) Affected: 6.12.43 , < 6.12.70 (semver) Affected: 5.4.297 , < 5.5 (semver) Affected: 5.10.241 , < 5.11 (semver) Affected: 6.15.11 , < 6.16 (semver) Affected: 6.16.2 , < 6.17 (semver) |
|
| Linux | Linux |
Affected:
6.17
Unaffected: 0 , < 6.17 (semver) Unaffected: 5.15.200 , ≤ 5.15.* (semver) Unaffected: 6.1.163 , ≤ 6.1.* (semver) Unaffected: 6.6.124 , ≤ 6.6.* (semver) Unaffected: 6.12.70 , ≤ 6.12.* (semver) Unaffected: 6.17.3 , ≤ 6.17.* (semver) Unaffected: 6.18 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/hfsplus/dir.c",
"fs/hfsplus/hfsplus_fs.h",
"fs/hfsplus/unicode.c",
"fs/hfsplus/xattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "343fe375a8dd6ee51a193a1c233b999f5ea4d479",
"status": "affected",
"version": "ccf0ad56a779e6704c0b27f555dec847f50c7557",
"versionType": "git"
},
{
"lessThan": "782acde47e127c98a113726e2ff8024bd65c0454",
"status": "affected",
"version": "13604b1d7e7b125fb428cddbec6b8d92baad25d5",
"versionType": "git"
},
{
"lessThan": "c3db89ea1ed3d540eebe8f3c36e806fb75ee4a1e",
"status": "affected",
"version": "291bb5d931c6f3cd7227b913302a17be21cf53b0",
"versionType": "git"
},
{
"lessThan": "5b5228964619b180f366940505b77255b1a03929",
"status": "affected",
"version": "f7534cbfac0a9ffa4fa17cacc6e8b6446dae24ee",
"versionType": "git"
},
{
"lessThan": "857aefc70d4ae3b9bf1ae67434d27d0f79f80c9e",
"status": "affected",
"version": "94458781aee6045bd3d0ad4b80b02886b9e2219b",
"versionType": "git"
},
{
"lessThan": "bea3e1d4467bcf292c8e54f080353d556d355e26",
"status": "affected",
"version": "94458781aee6045bd3d0ad4b80b02886b9e2219b",
"versionType": "git"
},
{
"status": "affected",
"version": "73f7da507d787b489761a0fa280716f84fa32b2f",
"versionType": "git"
},
{
"status": "affected",
"version": "76a4c6636a69d69409aa253b049b1be717a539c5",
"versionType": "git"
},
{
"status": "affected",
"version": "6f93694bcbc2c2ab3e01cd8fba2f296faf34e6b9",
"versionType": "git"
},
{
"status": "affected",
"version": "1ca69007e52a73bd8b84b988b61b319816ca8b01",
"versionType": "git"
},
{
"lessThan": "5.15.200",
"status": "affected",
"version": "5.15.190",
"versionType": "semver"
},
{
"lessThan": "6.1.163",
"status": "affected",
"version": "6.1.149",
"versionType": "semver"
},
{
"lessThan": "6.6.124",
"status": "affected",
"version": "6.6.103",
"versionType": "semver"
},
{
"lessThan": "6.12.70",
"status": "affected",
"version": "6.12.43",
"versionType": "semver"
},
{
"lessThan": "5.5",
"status": "affected",
"version": "5.4.297",
"versionType": "semver"
},
{
"lessThan": "5.11",
"status": "affected",
"version": "5.10.241",
"versionType": "semver"
},
{
"lessThan": "6.16",
"status": "affected",
"version": "6.15.11",
"versionType": "semver"
},
{
"lessThan": "6.17",
"status": "affected",
"version": "6.16.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/hfsplus/dir.c",
"fs/hfsplus/hfsplus_fs.h",
"fs/hfsplus/unicode.c",
"fs/hfsplus/xattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.17"
},
{
"lessThan": "6.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.200",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.70",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.17.*",
"status": "unaffected",
"version": "6.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.200",
"versionStartIncluding": "5.15.190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.163",
"versionStartIncluding": "6.1.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.124",
"versionStartIncluding": "6.6.103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.70",
"versionStartIncluding": "6.12.43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17.3",
"versionStartIncluding": "6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18",
"versionStartIncluding": "6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.15.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()\n\nBUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186\nRead of size 2 at addr ffff8880289ef218 by task syz.6.248/14290\n\nCPU: 0 UID: 0 PID: 14290 Comm: syz.6.248 Not tainted 6.16.4 #1 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x5f0 mm/kasan/report.c:482\n kasan_report+0xca/0x100 mm/kasan/report.c:595\n hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186\n hfsplus_listxattr+0x5b6/0xbd0 fs/hfsplus/xattr.c:738\n vfs_listxattr+0xbe/0x140 fs/xattr.c:493\n listxattr+0xee/0x190 fs/xattr.c:924\n filename_listxattr fs/xattr.c:958 [inline]\n path_listxattrat+0x143/0x360 fs/xattr.c:988\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe0e9fae16d\nCode: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fe0eae67f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3\nRAX: ffffffffffffffda RBX: 00007fe0ea205fa0 RCX: 00007fe0e9fae16d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000\nRBP: 00007fe0ea0480f0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fe0ea206038 R14: 00007fe0ea205fa0 R15: 00007fe0eae48000\n \u003c/TASK\u003e\n\nAllocated by task 14290:\n kasan_save_stack+0x24/0x50 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4333 [inline]\n __kmalloc_noprof+0x219/0x540 mm/slub.c:4345\n kmalloc_noprof include/linux/slab.h:909 [inline]\n hfsplus_find_init+0x95/0x1f0 fs/hfsplus/bfind.c:21\n hfsplus_listxattr+0x331/0xbd0 fs/hfsplus/xattr.c:697\n vfs_listxattr+0xbe/0x140 fs/xattr.c:493\n listxattr+0xee/0x190 fs/xattr.c:924\n filename_listxattr fs/xattr.c:958 [inline]\n path_listxattrat+0x143/0x360 fs/xattr.c:988\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nWhen hfsplus_uni2asc is called from hfsplus_listxattr,\nit actually passes in a struct hfsplus_attr_unistr*.\nThe size of the corresponding structure is different from that of hfsplus_unistr,\nso the previous fix (94458781aee6) is insufficient.\nThe pointer on the unicode buffer is still going beyond the allocated memory.\n\nThis patch introduces two warpper functions hfsplus_uni2asc_xattr_str and\nhfsplus_uni2asc_str to process two unicode buffers,\nstruct hfsplus_attr_unistr* and struct hfsplus_unistr* respectively.\nWhen ustrlen value is bigger than the allocated memory size,\nthe ustrlen value is limited to an safe size."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T16:01:23.267Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/343fe375a8dd6ee51a193a1c233b999f5ea4d479"
},
{
"url": "https://git.kernel.org/stable/c/782acde47e127c98a113726e2ff8024bd65c0454"
},
{
"url": "https://git.kernel.org/stable/c/c3db89ea1ed3d540eebe8f3c36e806fb75ee4a1e"
},
{
"url": "https://git.kernel.org/stable/c/5b5228964619b180f366940505b77255b1a03929"
},
{
"url": "https://git.kernel.org/stable/c/857aefc70d4ae3b9bf1ae67434d27d0f79f80c9e"
},
{
"url": "https://git.kernel.org/stable/c/bea3e1d4467bcf292c8e54f080353d556d355e26"
}
],
"title": "hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-40082",
"datePublished": "2025-10-28T11:48:45.975Z",
"dateReserved": "2025-04-16T07:20:57.161Z",
"dateUpdated": "2026-05-23T16:01:23.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68823 (GCVE-0-2025-68823)
Vulnerability from cvelistv5 – Published: 2026-01-13 15:29 – Updated: 2026-05-11 21:54
VLAI
EPSS
Title
ublk: fix deadlock when reading partition table
Summary
In the Linux kernel, the following vulnerability has been resolved:
ublk: fix deadlock when reading partition table
When one process(such as udev) opens ublk block device (e.g., to read
the partition table via bdev_open()), a deadlock[1] can occur:
1. bdev_open() grabs disk->open_mutex
2. The process issues read I/O to ublk backend to read partition table
3. In __ublk_complete_rq(), blk_update_request() or blk_mq_end_request()
runs bio->bi_end_io() callbacks
4. If this triggers fput() on file descriptor of ublk block device, the
work may be deferred to current task's task work (see fput() implementation)
5. This eventually calls blkdev_release() from the same context
6. blkdev_release() tries to grab disk->open_mutex again
7. Deadlock: same task waiting for a mutex it already holds
The fix is to run blk_update_request() and blk_mq_end_request() with bottom
halves disabled. This forces blkdev_release() to run in kernel work-queue
context instead of current task work context, and allows ublk server to make
forward progress, and avoids the deadlock.
[axboe: rewrite comment in ublk]
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
71f28f3136aff5890cd56de78abc673f8393cad9 , < 64c0b7e2293757e8320f13434cd809f1c9257a62
(git)
Affected: 71f28f3136aff5890cd56de78abc673f8393cad9 , < 9bcc47343ee0ef346aa7b2b460c8ff56bd882fe7 (git) Affected: 71f28f3136aff5890cd56de78abc673f8393cad9 , < 0460e09a614291f06c008443f47393c37b7358e7 (git) Affected: 71f28f3136aff5890cd56de78abc673f8393cad9 , < c258f5c4502c9667bccf5d76fa731ab9c96687c1 (git) |
|
| Linux | Linux |
Affected:
6.0
Unaffected: 0 , < 6.0 (semver) Unaffected: 6.6.124 , ≤ 6.6.* (semver) Unaffected: 6.12.70 , ≤ 6.12.* (semver) Unaffected: 6.18.3 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/block/ublk_drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "64c0b7e2293757e8320f13434cd809f1c9257a62",
"status": "affected",
"version": "71f28f3136aff5890cd56de78abc673f8393cad9",
"versionType": "git"
},
{
"lessThan": "9bcc47343ee0ef346aa7b2b460c8ff56bd882fe7",
"status": "affected",
"version": "71f28f3136aff5890cd56de78abc673f8393cad9",
"versionType": "git"
},
{
"lessThan": "0460e09a614291f06c008443f47393c37b7358e7",
"status": "affected",
"version": "71f28f3136aff5890cd56de78abc673f8393cad9",
"versionType": "git"
},
{
"lessThan": "c258f5c4502c9667bccf5d76fa731ab9c96687c1",
"status": "affected",
"version": "71f28f3136aff5890cd56de78abc673f8393cad9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/block/ublk_drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.70",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.124",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.70",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.3",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk: fix deadlock when reading partition table\n\nWhen one process(such as udev) opens ublk block device (e.g., to read\nthe partition table via bdev_open()), a deadlock[1] can occur:\n\n1. bdev_open() grabs disk-\u003eopen_mutex\n2. The process issues read I/O to ublk backend to read partition table\n3. In __ublk_complete_rq(), blk_update_request() or blk_mq_end_request()\n runs bio-\u003ebi_end_io() callbacks\n4. If this triggers fput() on file descriptor of ublk block device, the\n work may be deferred to current task\u0027s task work (see fput() implementation)\n5. This eventually calls blkdev_release() from the same context\n6. blkdev_release() tries to grab disk-\u003eopen_mutex again\n7. Deadlock: same task waiting for a mutex it already holds\n\nThe fix is to run blk_update_request() and blk_mq_end_request() with bottom\nhalves disabled. This forces blkdev_release() to run in kernel work-queue\ncontext instead of current task work context, and allows ublk server to make\nforward progress, and avoids the deadlock.\n\n[axboe: rewrite comment in ublk]"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:54:00.793Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/64c0b7e2293757e8320f13434cd809f1c9257a62"
},
{
"url": "https://git.kernel.org/stable/c/9bcc47343ee0ef346aa7b2b460c8ff56bd882fe7"
},
{
"url": "https://git.kernel.org/stable/c/0460e09a614291f06c008443f47393c37b7358e7"
},
{
"url": "https://git.kernel.org/stable/c/c258f5c4502c9667bccf5d76fa731ab9c96687c1"
}
],
"title": "ublk: fix deadlock when reading partition table",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-68823",
"datePublished": "2026-01-13T15:29:25.392Z",
"dateReserved": "2025-12-24T10:30:51.048Z",
"dateUpdated": "2026-05-11T21:54:00.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71203 (GCVE-0-2025-71203)
Vulnerability from cvelistv5 – Published: 2026-02-14 16:27 – Updated: 2026-05-11 21:56
VLAI
EPSS
Title
riscv: Sanitize syscall table indexing under speculation
Summary
In the Linux kernel, the following vulnerability has been resolved:
riscv: Sanitize syscall table indexing under speculation
The syscall number is a user-controlled value used to index into the
syscall table. Use array_index_nospec() to clamp this value after the
bounds check to prevent speculative out-of-bounds access and subsequent
data leakage via cache side channels.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
f0bddf50586da81360627a772be0e355b62f071e , < 33743ec6679aa364ee19d1afbaa50593e9e6e443
(git)
Affected: f0bddf50586da81360627a772be0e355b62f071e , < c45848936ebdb4fcab92f8c39510db83c16d0239 (git) Affected: f0bddf50586da81360627a772be0e355b62f071e , < 8b44e753795107a22ba31495686e83f4aca48f36 (git) Affected: f0bddf50586da81360627a772be0e355b62f071e , < 25fd7ee7bf58ac3ec7be3c9f82ceff153451946c (git) |
|
| Linux | Linux |
Affected:
6.4
Unaffected: 0 , < 6.4 (semver) Unaffected: 6.6.130 , ≤ 6.6.* (semver) Unaffected: 6.12.70 , ≤ 6.12.* (semver) Unaffected: 6.18.10 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/riscv/kernel/traps.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "33743ec6679aa364ee19d1afbaa50593e9e6e443",
"status": "affected",
"version": "f0bddf50586da81360627a772be0e355b62f071e",
"versionType": "git"
},
{
"lessThan": "c45848936ebdb4fcab92f8c39510db83c16d0239",
"status": "affected",
"version": "f0bddf50586da81360627a772be0e355b62f071e",
"versionType": "git"
},
{
"lessThan": "8b44e753795107a22ba31495686e83f4aca48f36",
"status": "affected",
"version": "f0bddf50586da81360627a772be0e355b62f071e",
"versionType": "git"
},
{
"lessThan": "25fd7ee7bf58ac3ec7be3c9f82ceff153451946c",
"status": "affected",
"version": "f0bddf50586da81360627a772be0e355b62f071e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/riscv/kernel/traps.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.130",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.70",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.130",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.70",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.10",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Sanitize syscall table indexing under speculation\n\nThe syscall number is a user-controlled value used to index into the\nsyscall table. Use array_index_nospec() to clamp this value after the\nbounds check to prevent speculative out-of-bounds access and subsequent\ndata leakage via cache side channels."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:56:39.295Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/33743ec6679aa364ee19d1afbaa50593e9e6e443"
},
{
"url": "https://git.kernel.org/stable/c/c45848936ebdb4fcab92f8c39510db83c16d0239"
},
{
"url": "https://git.kernel.org/stable/c/8b44e753795107a22ba31495686e83f4aca48f36"
},
{
"url": "https://git.kernel.org/stable/c/25fd7ee7bf58ac3ec7be3c9f82ceff153451946c"
}
],
"title": "riscv: Sanitize syscall table indexing under speculation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71203",
"datePublished": "2026-02-14T16:27:02.513Z",
"dateReserved": "2026-01-31T11:36:51.194Z",
"dateUpdated": "2026-05-11T21:56:39.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71204 (GCVE-0-2025-71204)
Vulnerability from cvelistv5 – Published: 2026-02-14 16:27 – Updated: 2026-05-23 16:03
VLAI
EPSS
Title
smb/server: fix refcount leak in parse_durable_handle_context()
Summary
In the Linux kernel, the following vulnerability has been resolved:
smb/server: fix refcount leak in parse_durable_handle_context()
When the command is a replay operation and -ENOEXEC is returned,
the refcount of ksmbd_file must be released.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
8df4bcdb0a4232192b2445256c39b787d58ef14d , < 07df5ff4f6490a5c96715b7c562e0b2908422e04
(git)
Affected: c8efcc786146a951091588e5fa7e3c754850cb3c , < 8a15107c4c031fb19737bf2eb4000f847f1d5e4c (git) Affected: c8efcc786146a951091588e5fa7e3c754850cb3c , < 70dd3513ed6ac8c6cab23f72c5b19f44ca89de9d (git) Affected: c8efcc786146a951091588e5fa7e3c754850cb3c , < 3296c3012a9d9a27e81e34910384e55a6ff3cff0 (git) Affected: 6.6.32 , < 6.6.124 (semver) |
|
| Linux | Linux |
Affected:
6.9
Unaffected: 0 , < 6.9 (semver) Unaffected: 6.6.124 , ≤ 6.6.* (semver) Unaffected: 6.12.70 , ≤ 6.12.* (semver) Unaffected: 6.18.10 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/smb/server/smb2pdu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "07df5ff4f6490a5c96715b7c562e0b2908422e04",
"status": "affected",
"version": "8df4bcdb0a4232192b2445256c39b787d58ef14d",
"versionType": "git"
},
{
"lessThan": "8a15107c4c031fb19737bf2eb4000f847f1d5e4c",
"status": "affected",
"version": "c8efcc786146a951091588e5fa7e3c754850cb3c",
"versionType": "git"
},
{
"lessThan": "70dd3513ed6ac8c6cab23f72c5b19f44ca89de9d",
"status": "affected",
"version": "c8efcc786146a951091588e5fa7e3c754850cb3c",
"versionType": "git"
},
{
"lessThan": "3296c3012a9d9a27e81e34910384e55a6ff3cff0",
"status": "affected",
"version": "c8efcc786146a951091588e5fa7e3c754850cb3c",
"versionType": "git"
},
{
"lessThan": "6.6.124",
"status": "affected",
"version": "6.6.32",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/smb/server/smb2pdu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.9"
},
{
"lessThan": "6.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.70",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.124",
"versionStartIncluding": "6.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.70",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.10",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/server: fix refcount leak in parse_durable_handle_context()\n\nWhen the command is a replay operation and -ENOEXEC is returned,\nthe refcount of ksmbd_file must be released."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T16:03:30.358Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/07df5ff4f6490a5c96715b7c562e0b2908422e04"
},
{
"url": "https://git.kernel.org/stable/c/8a15107c4c031fb19737bf2eb4000f847f1d5e4c"
},
{
"url": "https://git.kernel.org/stable/c/70dd3513ed6ac8c6cab23f72c5b19f44ca89de9d"
},
{
"url": "https://git.kernel.org/stable/c/3296c3012a9d9a27e81e34910384e55a6ff3cff0"
}
],
"title": "smb/server: fix refcount leak in parse_durable_handle_context()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71204",
"datePublished": "2026-02-14T16:27:03.252Z",
"dateReserved": "2026-01-31T11:36:51.194Z",
"dateUpdated": "2026-05-23T16:03:30.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71220 (GCVE-0-2025-71220)
Vulnerability from cvelistv5 – Published: 2026-02-14 16:27 – Updated: 2026-05-23 16:03
VLAI
EPSS
Title
smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe()
Summary
In the Linux kernel, the following vulnerability has been resolved:
smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe()
When ksmbd_iov_pin_rsp() fails, we should call ksmbd_session_rpc_close().
Severity
No CVSS data available.
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
f2283680a80571ca82d710bc6ecd8f8beac67d63 , < a2c68e256fb7a4ac34154c6e865a1389acca839f
(git)
Affected: 9f297df20d93411c0b4ddad7f88ba04a7cd36e77 , < 2b7b4df87fe6f2db6ee45f475de6b37b8b8e5d29 (git) Affected: e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d , < 04dd114b682a4ccaeba2c2bad049c8b50ce740d8 (git) Affected: e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d , < ac18761b530b5dd40f59af8a25902282e5512854 (git) Affected: e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d , < fdda836fcee6fdbcccc24e3679097efb583f581f (git) Affected: e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d , < 7c28f8eef5ac5312794d8a52918076dcd787e53b (git) Affected: 5.15.145 , < 5.15.200 (semver) Affected: 6.1.71 , < 6.1.163 (semver) |
|
| Linux | Linux |
Affected:
6.6
Unaffected: 0 , < 6.6 (semver) Unaffected: 5.15.200 , ≤ 5.15.* (semver) Unaffected: 6.1.163 , ≤ 6.1.* (semver) Unaffected: 6.6.124 , ≤ 6.6.* (semver) Unaffected: 6.12.70 , ≤ 6.12.* (semver) Unaffected: 6.18.10 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/smb/server/smb2pdu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a2c68e256fb7a4ac34154c6e865a1389acca839f",
"status": "affected",
"version": "f2283680a80571ca82d710bc6ecd8f8beac67d63",
"versionType": "git"
},
{
"lessThan": "2b7b4df87fe6f2db6ee45f475de6b37b8b8e5d29",
"status": "affected",
"version": "9f297df20d93411c0b4ddad7f88ba04a7cd36e77",
"versionType": "git"
},
{
"lessThan": "04dd114b682a4ccaeba2c2bad049c8b50ce740d8",
"status": "affected",
"version": "e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d",
"versionType": "git"
},
{
"lessThan": "ac18761b530b5dd40f59af8a25902282e5512854",
"status": "affected",
"version": "e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d",
"versionType": "git"
},
{
"lessThan": "fdda836fcee6fdbcccc24e3679097efb583f581f",
"status": "affected",
"version": "e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d",
"versionType": "git"
},
{
"lessThan": "7c28f8eef5ac5312794d8a52918076dcd787e53b",
"status": "affected",
"version": "e2b76ab8b5c9327ab2dae6da05d0752eb2f4771d",
"versionType": "git"
},
{
"lessThan": "5.15.200",
"status": "affected",
"version": "5.15.145",
"versionType": "semver"
},
{
"lessThan": "6.1.163",
"status": "affected",
"version": "6.1.71",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/smb/server/smb2pdu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.200",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.70",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.200",
"versionStartIncluding": "5.15.145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.163",
"versionStartIncluding": "6.1.71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.124",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.70",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.10",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe()\n\nWhen ksmbd_iov_pin_rsp() fails, we should call ksmbd_session_rpc_close()."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T16:03:31.433Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a2c68e256fb7a4ac34154c6e865a1389acca839f"
},
{
"url": "https://git.kernel.org/stable/c/2b7b4df87fe6f2db6ee45f475de6b37b8b8e5d29"
},
{
"url": "https://git.kernel.org/stable/c/04dd114b682a4ccaeba2c2bad049c8b50ce740d8"
},
{
"url": "https://git.kernel.org/stable/c/ac18761b530b5dd40f59af8a25902282e5512854"
},
{
"url": "https://git.kernel.org/stable/c/fdda836fcee6fdbcccc24e3679097efb583f581f"
},
{
"url": "https://git.kernel.org/stable/c/7c28f8eef5ac5312794d8a52918076dcd787e53b"
}
],
"title": "smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71220",
"datePublished": "2026-02-14T16:27:03.946Z",
"dateReserved": "2026-02-14T16:26:02.969Z",
"dateUpdated": "2026-05-23T16:03:31.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71222 (GCVE-0-2025-71222)
Vulnerability from cvelistv5 – Published: 2026-02-14 16:27 – Updated: 2026-05-11 21:56
VLAI
EPSS
Title
wifi: wlcore: ensure skb headroom before skb_push
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: wlcore: ensure skb headroom before skb_push
This avoids occasional skb_under_panic Oops from wl1271_tx_work. In this case, headroom is
less than needed (typically 110 - 94 = 16 bytes).
Severity
No CVSS data available.
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
f5fc0f86b02afef1119b523623b4cde41475bc8c , < 88295a55fefe5414e64293638b6f7549646e58ed
(git)
Affected: f5fc0f86b02afef1119b523623b4cde41475bc8c , < cd89a4656c03f8db0c57350aaec69cd3cfaa3522 (git) Affected: f5fc0f86b02afef1119b523623b4cde41475bc8c , < 745a0810dbc96a0471e5f5e627ba1e978c3116d4 (git) Affected: f5fc0f86b02afef1119b523623b4cde41475bc8c , < b167312390fdd461c81ead516f2b0b44e83a9edb (git) Affected: f5fc0f86b02afef1119b523623b4cde41475bc8c , < 71de0b6e04bbee5575caf9a1e4d424e7dcc50018 (git) Affected: f5fc0f86b02afef1119b523623b4cde41475bc8c , < 689a7980e4788e13e766763d53569fb78dea2513 (git) Affected: f5fc0f86b02afef1119b523623b4cde41475bc8c , < e75665dd096819b1184087ba5718bd93beafff51 (git) |
|
| Linux | Linux |
Affected:
2.6.32
Unaffected: 0 , < 2.6.32 (semver) Unaffected: 5.10.250 , ≤ 5.10.* (semver) Unaffected: 5.15.200 , ≤ 5.15.* (semver) Unaffected: 6.1.163 , ≤ 6.1.* (semver) Unaffected: 6.6.124 , ≤ 6.6.* (semver) Unaffected: 6.12.70 , ≤ 6.12.* (semver) Unaffected: 6.18.10 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ti/wlcore/tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "88295a55fefe5414e64293638b6f7549646e58ed",
"status": "affected",
"version": "f5fc0f86b02afef1119b523623b4cde41475bc8c",
"versionType": "git"
},
{
"lessThan": "cd89a4656c03f8db0c57350aaec69cd3cfaa3522",
"status": "affected",
"version": "f5fc0f86b02afef1119b523623b4cde41475bc8c",
"versionType": "git"
},
{
"lessThan": "745a0810dbc96a0471e5f5e627ba1e978c3116d4",
"status": "affected",
"version": "f5fc0f86b02afef1119b523623b4cde41475bc8c",
"versionType": "git"
},
{
"lessThan": "b167312390fdd461c81ead516f2b0b44e83a9edb",
"status": "affected",
"version": "f5fc0f86b02afef1119b523623b4cde41475bc8c",
"versionType": "git"
},
{
"lessThan": "71de0b6e04bbee5575caf9a1e4d424e7dcc50018",
"status": "affected",
"version": "f5fc0f86b02afef1119b523623b4cde41475bc8c",
"versionType": "git"
},
{
"lessThan": "689a7980e4788e13e766763d53569fb78dea2513",
"status": "affected",
"version": "f5fc0f86b02afef1119b523623b4cde41475bc8c",
"versionType": "git"
},
{
"lessThan": "e75665dd096819b1184087ba5718bd93beafff51",
"status": "affected",
"version": "f5fc0f86b02afef1119b523623b4cde41475bc8c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ti/wlcore/tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.32"
},
{
"lessThan": "2.6.32",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.250",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.200",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.70",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.250",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.200",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.163",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.124",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.70",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.10",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "2.6.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wlcore: ensure skb headroom before skb_push\n\nThis avoids occasional skb_under_panic Oops from wl1271_tx_work. In this case, headroom is\nless than needed (typically 110 - 94 = 16 bytes)."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:56:44.056Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/88295a55fefe5414e64293638b6f7549646e58ed"
},
{
"url": "https://git.kernel.org/stable/c/cd89a4656c03f8db0c57350aaec69cd3cfaa3522"
},
{
"url": "https://git.kernel.org/stable/c/745a0810dbc96a0471e5f5e627ba1e978c3116d4"
},
{
"url": "https://git.kernel.org/stable/c/b167312390fdd461c81ead516f2b0b44e83a9edb"
},
{
"url": "https://git.kernel.org/stable/c/71de0b6e04bbee5575caf9a1e4d424e7dcc50018"
},
{
"url": "https://git.kernel.org/stable/c/689a7980e4788e13e766763d53569fb78dea2513"
},
{
"url": "https://git.kernel.org/stable/c/e75665dd096819b1184087ba5718bd93beafff51"
}
],
"title": "wifi: wlcore: ensure skb headroom before skb_push",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71222",
"datePublished": "2026-02-14T16:27:05.363Z",
"dateReserved": "2026-02-14T16:26:02.969Z",
"dateUpdated": "2026-05-11T21:56:44.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71223 (GCVE-0-2025-71223)
Vulnerability from cvelistv5 – Published: 2026-02-14 16:27 – Updated: 2026-05-23 16:03
VLAI
EPSS
Title
smb/server: fix refcount leak in smb2_open()
Summary
In the Linux kernel, the following vulnerability has been resolved:
smb/server: fix refcount leak in smb2_open()
When ksmbd_vfs_getattr() fails, the reference count of ksmbd_file
must be released.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
8df4bcdb0a4232192b2445256c39b787d58ef14d , < 2456fde2b137703328f1695f60c68fe488d17e36
(git)
Affected: c8efcc786146a951091588e5fa7e3c754850cb3c , < 39ca11ff158c98fb092176f06047628c54bcf7a1 (git) Affected: c8efcc786146a951091588e5fa7e3c754850cb3c , < 4665e52bde3b1f8f442895ce7d88fa62a43e48c4 (git) Affected: c8efcc786146a951091588e5fa7e3c754850cb3c , < f416c556997aa56ec4384c6b6efd6a0e6ac70aa7 (git) Affected: 6.6.32 , < 6.6.124 (semver) |
|
| Linux | Linux |
Affected:
6.9
Unaffected: 0 , < 6.9 (semver) Unaffected: 6.6.124 , ≤ 6.6.* (semver) Unaffected: 6.12.70 , ≤ 6.12.* (semver) Unaffected: 6.18.10 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/smb/server/smb2pdu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2456fde2b137703328f1695f60c68fe488d17e36",
"status": "affected",
"version": "8df4bcdb0a4232192b2445256c39b787d58ef14d",
"versionType": "git"
},
{
"lessThan": "39ca11ff158c98fb092176f06047628c54bcf7a1",
"status": "affected",
"version": "c8efcc786146a951091588e5fa7e3c754850cb3c",
"versionType": "git"
},
{
"lessThan": "4665e52bde3b1f8f442895ce7d88fa62a43e48c4",
"status": "affected",
"version": "c8efcc786146a951091588e5fa7e3c754850cb3c",
"versionType": "git"
},
{
"lessThan": "f416c556997aa56ec4384c6b6efd6a0e6ac70aa7",
"status": "affected",
"version": "c8efcc786146a951091588e5fa7e3c754850cb3c",
"versionType": "git"
},
{
"lessThan": "6.6.124",
"status": "affected",
"version": "6.6.32",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/smb/server/smb2pdu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.9"
},
{
"lessThan": "6.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.70",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.124",
"versionStartIncluding": "6.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.70",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.10",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/server: fix refcount leak in smb2_open()\n\nWhen ksmbd_vfs_getattr() fails, the reference count of ksmbd_file\nmust be released."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T16:03:32.409Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2456fde2b137703328f1695f60c68fe488d17e36"
},
{
"url": "https://git.kernel.org/stable/c/39ca11ff158c98fb092176f06047628c54bcf7a1"
},
{
"url": "https://git.kernel.org/stable/c/4665e52bde3b1f8f442895ce7d88fa62a43e48c4"
},
{
"url": "https://git.kernel.org/stable/c/f416c556997aa56ec4384c6b6efd6a0e6ac70aa7"
}
],
"title": "smb/server: fix refcount leak in smb2_open()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71223",
"datePublished": "2026-02-14T16:27:06.060Z",
"dateReserved": "2026-02-14T16:26:02.969Z",
"dateUpdated": "2026-05-23T16:03:32.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71224 (GCVE-0-2025-71224)
Vulnerability from cvelistv5 – Published: 2026-02-14 16:27 – Updated: 2026-05-11 21:56
VLAI
EPSS
Title
wifi: mac80211: ocb: skip rx_no_sta when interface is not joined
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: ocb: skip rx_no_sta when interface is not joined
ieee80211_ocb_rx_no_sta() assumes a valid channel context, which is only
present after JOIN_OCB.
RX may run before JOIN_OCB is executed, in which case the OCB interface
is not operational. Skip RX peer handling when the interface is not
joined to avoid warnings in the RX path.
Severity
No CVSS data available.
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
239281f803e2efdb77d906ef296086b6917e5d71 , < fcc768760df08337525cde28e8460e36f9855af8
(git)
Affected: 239281f803e2efdb77d906ef296086b6917e5d71 , < b04c75366a5471ae2dd7f4c33b7f1e2c08b9b32d (git) Affected: 239281f803e2efdb77d906ef296086b6917e5d71 , < 8fd1c63e016893b7f6c1cf799410da4eaa98c090 (git) Affected: 239281f803e2efdb77d906ef296086b6917e5d71 , < ffe1e19c3b0e5b9eb9e04fad4bce7d1dc407fd77 (git) Affected: 239281f803e2efdb77d906ef296086b6917e5d71 , < 536447521b3b9be1975c7f1db9054bdf2ab779cb (git) Affected: 239281f803e2efdb77d906ef296086b6917e5d71 , < e0bd226804f8e0098711042c93d64f3b720b36c0 (git) Affected: 239281f803e2efdb77d906ef296086b6917e5d71 , < ff4071c60018a668249dc6a2df7d16330543540e (git) |
|
| Linux | Linux |
Affected:
3.19
Unaffected: 0 , < 3.19 (semver) Unaffected: 5.10.250 , ≤ 5.10.* (semver) Unaffected: 5.15.200 , ≤ 5.15.* (semver) Unaffected: 6.1.163 , ≤ 6.1.* (semver) Unaffected: 6.6.124 , ≤ 6.6.* (semver) Unaffected: 6.12.70 , ≤ 6.12.* (semver) Unaffected: 6.18.10 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mac80211/ocb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fcc768760df08337525cde28e8460e36f9855af8",
"status": "affected",
"version": "239281f803e2efdb77d906ef296086b6917e5d71",
"versionType": "git"
},
{
"lessThan": "b04c75366a5471ae2dd7f4c33b7f1e2c08b9b32d",
"status": "affected",
"version": "239281f803e2efdb77d906ef296086b6917e5d71",
"versionType": "git"
},
{
"lessThan": "8fd1c63e016893b7f6c1cf799410da4eaa98c090",
"status": "affected",
"version": "239281f803e2efdb77d906ef296086b6917e5d71",
"versionType": "git"
},
{
"lessThan": "ffe1e19c3b0e5b9eb9e04fad4bce7d1dc407fd77",
"status": "affected",
"version": "239281f803e2efdb77d906ef296086b6917e5d71",
"versionType": "git"
},
{
"lessThan": "536447521b3b9be1975c7f1db9054bdf2ab779cb",
"status": "affected",
"version": "239281f803e2efdb77d906ef296086b6917e5d71",
"versionType": "git"
},
{
"lessThan": "e0bd226804f8e0098711042c93d64f3b720b36c0",
"status": "affected",
"version": "239281f803e2efdb77d906ef296086b6917e5d71",
"versionType": "git"
},
{
"lessThan": "ff4071c60018a668249dc6a2df7d16330543540e",
"status": "affected",
"version": "239281f803e2efdb77d906ef296086b6917e5d71",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mac80211/ocb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.19"
},
{
"lessThan": "3.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.250",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.200",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.70",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.250",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.200",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.163",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.124",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.70",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.10",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "3.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: ocb: skip rx_no_sta when interface is not joined\n\nieee80211_ocb_rx_no_sta() assumes a valid channel context, which is only\npresent after JOIN_OCB.\n\nRX may run before JOIN_OCB is executed, in which case the OCB interface\nis not operational. Skip RX peer handling when the interface is not\njoined to avoid warnings in the RX path."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:56:46.366Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fcc768760df08337525cde28e8460e36f9855af8"
},
{
"url": "https://git.kernel.org/stable/c/b04c75366a5471ae2dd7f4c33b7f1e2c08b9b32d"
},
{
"url": "https://git.kernel.org/stable/c/8fd1c63e016893b7f6c1cf799410da4eaa98c090"
},
{
"url": "https://git.kernel.org/stable/c/ffe1e19c3b0e5b9eb9e04fad4bce7d1dc407fd77"
},
{
"url": "https://git.kernel.org/stable/c/536447521b3b9be1975c7f1db9054bdf2ab779cb"
},
{
"url": "https://git.kernel.org/stable/c/e0bd226804f8e0098711042c93d64f3b720b36c0"
},
{
"url": "https://git.kernel.org/stable/c/ff4071c60018a668249dc6a2df7d16330543540e"
}
],
"title": "wifi: mac80211: ocb: skip rx_no_sta when interface is not joined",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71224",
"datePublished": "2026-02-14T16:27:06.752Z",
"dateReserved": "2026-02-14T16:26:02.969Z",
"dateUpdated": "2026-05-11T21:56:46.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71225 (GCVE-0-2025-71225)
Vulnerability from cvelistv5 – Published: 2026-02-18 14:21 – Updated: 2026-05-23 16:03
VLAI
EPSS
Title
md: suspend array while updating raid_disks via sysfs
Summary
In the Linux kernel, the following vulnerability has been resolved:
md: suspend array while updating raid_disks via sysfs
In raid1_reshape(), freeze_array() is called before modifying the r1bio
memory pool (conf->r1bio_pool) and conf->raid_disks, and
unfreeze_array() is called after the update is completed.
However, freeze_array() only waits until nr_sync_pending and
(nr_pending - nr_queued) of all buckets reaches zero. When an I/O error
occurs, nr_queued is increased and the corresponding r1bio is queued to
either retry_list or bio_end_io_list. As a result, freeze_array() may
unblock before these r1bios are released.
This can lead to a situation where conf->raid_disks and the mempool have
already been updated while queued r1bios, allocated with the old
raid_disks value, are later released. Consequently, free_r1bio() may
access memory out of bounds in put_all_bios() and release r1bios of the
wrong size to the new mempool, potentially causing issues with the
mempool as well.
Since only normal I/O might increase nr_queued while an I/O error occurs,
suspending the array avoids this issue.
Note: Updating raid_disks via ioctl SET_ARRAY_INFO already suspends
the array. Therefore, we suspend the array when updating raid_disks
via sysfs to avoid this issue too.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
e2d59925221cd562e07fee38ec8839f7209ae603 , < 165d1359f945b72c5f90088f60d48ff46115269e
(git)
Affected: e2d59925221cd562e07fee38ec8839f7209ae603 , < 0107b18cd8ac17eb3e54786adc05a85cdbb6ef22 (git) Affected: e2d59925221cd562e07fee38ec8839f7209ae603 , < 2cc583653bbe050bacd1cadcc9776d39bf449740 (git) Affected: 1b9203bb4c658c0242afa6fdb025c71d2fc3ad76 (git) Affected: 8ccf6cfb157419847f3cb2bfdfbcdbd39860e8e9 (git) Affected: 3.4.59 , < 3.5 (semver) Affected: 3.9.7 , < 3.10 (semver) |
|
| Linux | Linux |
Affected:
3.10
Unaffected: 0 , < 3.10 (semver) Unaffected: 6.12.70 , ≤ 6.12.* (semver) Unaffected: 6.18.10 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/md.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "165d1359f945b72c5f90088f60d48ff46115269e",
"status": "affected",
"version": "e2d59925221cd562e07fee38ec8839f7209ae603",
"versionType": "git"
},
{
"lessThan": "0107b18cd8ac17eb3e54786adc05a85cdbb6ef22",
"status": "affected",
"version": "e2d59925221cd562e07fee38ec8839f7209ae603",
"versionType": "git"
},
{
"lessThan": "2cc583653bbe050bacd1cadcc9776d39bf449740",
"status": "affected",
"version": "e2d59925221cd562e07fee38ec8839f7209ae603",
"versionType": "git"
},
{
"status": "affected",
"version": "1b9203bb4c658c0242afa6fdb025c71d2fc3ad76",
"versionType": "git"
},
{
"status": "affected",
"version": "8ccf6cfb157419847f3cb2bfdfbcdbd39860e8e9",
"versionType": "git"
},
{
"lessThan": "3.5",
"status": "affected",
"version": "3.4.59",
"versionType": "semver"
},
{
"lessThan": "3.10",
"status": "affected",
"version": "3.9.7",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/md.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.10"
},
{
"lessThan": "3.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.70",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.70",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.10",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.4.59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.9.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: suspend array while updating raid_disks via sysfs\n\nIn raid1_reshape(), freeze_array() is called before modifying the r1bio\nmemory pool (conf-\u003er1bio_pool) and conf-\u003eraid_disks, and\nunfreeze_array() is called after the update is completed.\n\nHowever, freeze_array() only waits until nr_sync_pending and\n(nr_pending - nr_queued) of all buckets reaches zero. When an I/O error\noccurs, nr_queued is increased and the corresponding r1bio is queued to\neither retry_list or bio_end_io_list. As a result, freeze_array() may\nunblock before these r1bios are released.\n\nThis can lead to a situation where conf-\u003eraid_disks and the mempool have\nalready been updated while queued r1bios, allocated with the old\nraid_disks value, are later released. Consequently, free_r1bio() may\naccess memory out of bounds in put_all_bios() and release r1bios of the\nwrong size to the new mempool, potentially causing issues with the\nmempool as well.\n\nSince only normal I/O might increase nr_queued while an I/O error occurs,\nsuspending the array avoids this issue.\n\nNote: Updating raid_disks via ioctl SET_ARRAY_INFO already suspends\nthe array. Therefore, we suspend the array when updating raid_disks\nvia sysfs to avoid this issue too."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T16:03:33.621Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/165d1359f945b72c5f90088f60d48ff46115269e"
},
{
"url": "https://git.kernel.org/stable/c/0107b18cd8ac17eb3e54786adc05a85cdbb6ef22"
},
{
"url": "https://git.kernel.org/stable/c/2cc583653bbe050bacd1cadcc9776d39bf449740"
}
],
"title": "md: suspend array while updating raid_disks via sysfs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71225",
"datePublished": "2026-02-18T14:21:46.249Z",
"dateReserved": "2026-02-14T16:26:02.969Z",
"dateUpdated": "2026-05-23T16:03:33.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71228 (GCVE-0-2025-71228)
Vulnerability from cvelistv5 – Published: 2026-02-18 14:21 – Updated: 2026-02-26 23:07
VLAI
EPSS
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2026-02-26T23:07:42.270Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71228",
"datePublished": "2026-02-18T14:21:49.570Z",
"dateRejected": "2026-02-26T23:07:42.270Z",
"dateReserved": "2026-02-14T16:26:02.970Z",
"dateUpdated": "2026-02-26T23:07:42.270Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…