Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0192
Vulnerability from certfr_avis - Published: 2026-02-20 - Updated: 2026-02-20
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian trixie versions ant\u00e9rieures \u00e0 6.12.73-1",
"product": {
"name": "Debian",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-23198",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23198"
},
{
"name": "CVE-2026-23202",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23202"
},
{
"name": "CVE-2026-23219",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23219"
},
{
"name": "CVE-2026-23199",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23199"
},
{
"name": "CVE-2026-23220",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23220"
},
{
"name": "CVE-2025-71223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71223"
},
{
"name": "CVE-2026-23187",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23187"
},
{
"name": "CVE-2026-23179",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23179"
},
{
"name": "CVE-2026-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23222"
},
{
"name": "CVE-2026-23229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23229"
},
{
"name": "CVE-2026-23209",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23209"
},
{
"name": "CVE-2025-40082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40082"
},
{
"name": "CVE-2025-71235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71235"
},
{
"name": "CVE-2026-23204",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23204"
},
{
"name": "CVE-2026-23230",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23230"
},
{
"name": "CVE-2026-23214",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23214"
},
{
"name": "CVE-2026-23178",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23178"
},
{
"name": "CVE-2026-23228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23228"
},
{
"name": "CVE-2026-23223",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23223"
},
{
"name": "CVE-2026-23191",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23191"
},
{
"name": "CVE-2026-23169",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23169"
},
{
"name": "CVE-2026-23177",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23177"
},
{
"name": "CVE-2025-71220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71220"
},
{
"name": "CVE-2026-23201",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23201"
},
{
"name": "CVE-2026-23180",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23180"
},
{
"name": "CVE-2026-23200",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23200"
},
{
"name": "CVE-2026-23216",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23216"
},
{
"name": "CVE-2025-71225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71225"
},
{
"name": "CVE-2026-23176",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23176"
},
{
"name": "CVE-2025-71203",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71203"
},
{
"name": "CVE-2026-23188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23188"
},
{
"name": "CVE-2025-71228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71228"
},
{
"name": "CVE-2025-71224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71224"
},
{
"name": "CVE-2026-23193",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23193"
},
{
"name": "CVE-2025-71237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71237"
},
{
"name": "CVE-2026-23215",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23215"
},
{
"name": "CVE-2026-23205",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23205"
},
{
"name": "CVE-2025-71222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71222"
},
{
"name": "CVE-2025-71229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71229"
},
{
"name": "CVE-2026-23213",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23213"
},
{
"name": "CVE-2025-71236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71236"
},
{
"name": "CVE-2025-71234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71234"
},
{
"name": "CVE-2025-71232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71232"
},
{
"name": "CVE-2025-71204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71204"
},
{
"name": "CVE-2026-23182",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23182"
},
{
"name": "CVE-2026-23206",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23206"
},
{
"name": "CVE-2025-68823",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68823"
},
{
"name": "CVE-2026-23112",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23112"
},
{
"name": "CVE-2026-23190",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23190"
},
{
"name": "CVE-2025-71233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71233"
},
{
"name": "CVE-2026-23224",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23224"
},
{
"name": "CVE-2026-23189",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23189"
},
{
"name": "CVE-2026-23111",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23111"
},
{
"name": "CVE-2025-71231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71231"
}
],
"initial_release_date": "2026-02-20T00:00:00",
"last_revision_date": "2026-02-20T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0192",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
"vendor_advisories": [
{
"published_at": "2026-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-6141-1",
"url": "https://lists.debian.org/debian-security-announce/2026/msg00050.html"
}
]
}
CVE-2026-23169 (GCVE-0-2026-23169)
Vulnerability from cvelistv5 – Published: 2026-02-14 16:01 – Updated: 2026-05-11 22:01
VLAI
EPSS
Title
mptcp: fix race in mptcp_pm_nl_flush_addrs_doit()
Summary
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix race in mptcp_pm_nl_flush_addrs_doit()
syzbot and Eulgyu Kim reported crashes in mptcp_pm_nl_get_local_id()
and/or mptcp_pm_nl_is_backup()
Root cause is list_splice_init() in mptcp_pm_nl_flush_addrs_doit()
which is not RCU ready.
list_splice_init_rcu() can not be called here while holding pernet->lock
spinlock.
Many thanks to Eulgyu Kim for providing a repro and testing our patches.
Severity
7.8 (High)
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
141694df6573b49aa4143c92556544b4b0bbda72 , < 338d40bab283da2639780ee3e458fb61f1567d8c
(git)
Affected: 141694df6573b49aa4143c92556544b4b0bbda72 , < 7896dbe990d56d5bb8097863b2645355633665eb (git) Affected: 141694df6573b49aa4143c92556544b4b0bbda72 , < 455e882192c9833f176f3fbbbb2f036b6c5bf555 (git) Affected: 141694df6573b49aa4143c92556544b4b0bbda72 , < 51223bdd0f60b06cfc7f25885c4d4be917adba94 (git) Affected: 141694df6573b49aa4143c92556544b4b0bbda72 , < 1f1b9523527df02685dde603f20ff6e603d8e4a1 (git) Affected: 141694df6573b49aa4143c92556544b4b0bbda72 , < e2a9eeb69f7d4ca4cf4c70463af77664fdb6ab1d (git) |
|
| Linux | Linux |
Affected:
5.11
Unaffected: 0 , < 5.11 (semver) Unaffected: 5.15.201 , ≤ 5.15.* (semver) Unaffected: 6.1.164 , ≤ 6.1.* (semver) Unaffected: 6.6.125 , ≤ 6.6.* (semver) Unaffected: 6.12.72 , ≤ 6.12.* (semver) Unaffected: 6.18.9 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mptcp/pm_kernel.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "338d40bab283da2639780ee3e458fb61f1567d8c",
"status": "affected",
"version": "141694df6573b49aa4143c92556544b4b0bbda72",
"versionType": "git"
},
{
"lessThan": "7896dbe990d56d5bb8097863b2645355633665eb",
"status": "affected",
"version": "141694df6573b49aa4143c92556544b4b0bbda72",
"versionType": "git"
},
{
"lessThan": "455e882192c9833f176f3fbbbb2f036b6c5bf555",
"status": "affected",
"version": "141694df6573b49aa4143c92556544b4b0bbda72",
"versionType": "git"
},
{
"lessThan": "51223bdd0f60b06cfc7f25885c4d4be917adba94",
"status": "affected",
"version": "141694df6573b49aa4143c92556544b4b0bbda72",
"versionType": "git"
},
{
"lessThan": "1f1b9523527df02685dde603f20ff6e603d8e4a1",
"status": "affected",
"version": "141694df6573b49aa4143c92556544b4b0bbda72",
"versionType": "git"
},
{
"lessThan": "e2a9eeb69f7d4ca4cf4c70463af77664fdb6ab1d",
"status": "affected",
"version": "141694df6573b49aa4143c92556544b4b0bbda72",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mptcp/pm_kernel.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.125",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.72",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.201",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.164",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.125",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.72",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.9",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix race in mptcp_pm_nl_flush_addrs_doit()\n\nsyzbot and Eulgyu Kim reported crashes in mptcp_pm_nl_get_local_id()\nand/or mptcp_pm_nl_is_backup()\n\nRoot cause is list_splice_init() in mptcp_pm_nl_flush_addrs_doit()\nwhich is not RCU ready.\n\nlist_splice_init_rcu() can not be called here while holding pernet-\u003elock\nspinlock.\n\nMany thanks to Eulgyu Kim for providing a repro and testing our patches."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T22:01:39.557Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/338d40bab283da2639780ee3e458fb61f1567d8c"
},
{
"url": "https://git.kernel.org/stable/c/7896dbe990d56d5bb8097863b2645355633665eb"
},
{
"url": "https://git.kernel.org/stable/c/455e882192c9833f176f3fbbbb2f036b6c5bf555"
},
{
"url": "https://git.kernel.org/stable/c/51223bdd0f60b06cfc7f25885c4d4be917adba94"
},
{
"url": "https://git.kernel.org/stable/c/1f1b9523527df02685dde603f20ff6e603d8e4a1"
},
{
"url": "https://git.kernel.org/stable/c/e2a9eeb69f7d4ca4cf4c70463af77664fdb6ab1d"
}
],
"title": "mptcp: fix race in mptcp_pm_nl_flush_addrs_doit()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23169",
"datePublished": "2026-02-14T16:01:32.139Z",
"dateReserved": "2026-01-13T15:37:45.982Z",
"dateUpdated": "2026-05-11T22:01:39.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23176 (GCVE-0-2026-23176)
Vulnerability from cvelistv5 – Published: 2026-02-14 16:27 – Updated: 2026-05-11 22:01
VLAI
EPSS
Title
platform/x86: toshiba_haps: Fix memory leaks in add/remove routines
Summary
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: toshiba_haps: Fix memory leaks in add/remove routines
toshiba_haps_add() leaks the haps object allocated by it if it returns
an error after allocating that object successfully.
toshiba_haps_remove() does not free the object pointed to by
toshiba_haps before clearing that pointer, so it becomes unreachable
allocated memory.
Address these memory leaks by using devm_kzalloc() for allocating
the memory in question.
Severity
No CVSS data available.
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
23d0ba0c908ac10139f0351023c64198d7fc1409 , < 17f37c4cdf42a9e4915216b9e130fc8baef4cc64
(git)
Affected: 23d0ba0c908ac10139f0351023c64198d7fc1409 , < 5bce10f0f9435afaae3fc4df9a52b01d9b3853dc (git) Affected: 23d0ba0c908ac10139f0351023c64198d7fc1409 , < f2093e87ddec13e7a920f326c078a5f765ba89c3 (git) Affected: 23d0ba0c908ac10139f0351023c64198d7fc1409 , < ca9ff71c15bc8e48529c2033294a519a7749b272 (git) Affected: 23d0ba0c908ac10139f0351023c64198d7fc1409 , < bf0474356875d005d420f8c6b9ac168566e72e87 (git) Affected: 23d0ba0c908ac10139f0351023c64198d7fc1409 , < f93ae43780b759a70734be9bc82c1adcf7f33208 (git) Affected: 23d0ba0c908ac10139f0351023c64198d7fc1409 , < 128497456756e1b952bd5a912cd073836465109d (git) |
|
| Linux | Linux |
Affected:
3.17
Unaffected: 0 , < 3.17 (semver) Unaffected: 5.10.250 , ≤ 5.10.* (semver) Unaffected: 5.15.200 , ≤ 5.15.* (semver) Unaffected: 6.1.163 , ≤ 6.1.* (semver) Unaffected: 6.6.124 , ≤ 6.6.* (semver) Unaffected: 6.12.70 , ≤ 6.12.* (semver) Unaffected: 6.18.10 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/platform/x86/toshiba_haps.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "17f37c4cdf42a9e4915216b9e130fc8baef4cc64",
"status": "affected",
"version": "23d0ba0c908ac10139f0351023c64198d7fc1409",
"versionType": "git"
},
{
"lessThan": "5bce10f0f9435afaae3fc4df9a52b01d9b3853dc",
"status": "affected",
"version": "23d0ba0c908ac10139f0351023c64198d7fc1409",
"versionType": "git"
},
{
"lessThan": "f2093e87ddec13e7a920f326c078a5f765ba89c3",
"status": "affected",
"version": "23d0ba0c908ac10139f0351023c64198d7fc1409",
"versionType": "git"
},
{
"lessThan": "ca9ff71c15bc8e48529c2033294a519a7749b272",
"status": "affected",
"version": "23d0ba0c908ac10139f0351023c64198d7fc1409",
"versionType": "git"
},
{
"lessThan": "bf0474356875d005d420f8c6b9ac168566e72e87",
"status": "affected",
"version": "23d0ba0c908ac10139f0351023c64198d7fc1409",
"versionType": "git"
},
{
"lessThan": "f93ae43780b759a70734be9bc82c1adcf7f33208",
"status": "affected",
"version": "23d0ba0c908ac10139f0351023c64198d7fc1409",
"versionType": "git"
},
{
"lessThan": "128497456756e1b952bd5a912cd073836465109d",
"status": "affected",
"version": "23d0ba0c908ac10139f0351023c64198d7fc1409",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/platform/x86/toshiba_haps.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.17"
},
{
"lessThan": "3.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.250",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.200",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.70",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.250",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.200",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.163",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.124",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.70",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.10",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: toshiba_haps: Fix memory leaks in add/remove routines\n\ntoshiba_haps_add() leaks the haps object allocated by it if it returns\nan error after allocating that object successfully.\n\ntoshiba_haps_remove() does not free the object pointed to by\ntoshiba_haps before clearing that pointer, so it becomes unreachable\nallocated memory.\n\nAddress these memory leaks by using devm_kzalloc() for allocating\nthe memory in question."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T22:01:47.639Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/17f37c4cdf42a9e4915216b9e130fc8baef4cc64"
},
{
"url": "https://git.kernel.org/stable/c/5bce10f0f9435afaae3fc4df9a52b01d9b3853dc"
},
{
"url": "https://git.kernel.org/stable/c/f2093e87ddec13e7a920f326c078a5f765ba89c3"
},
{
"url": "https://git.kernel.org/stable/c/ca9ff71c15bc8e48529c2033294a519a7749b272"
},
{
"url": "https://git.kernel.org/stable/c/bf0474356875d005d420f8c6b9ac168566e72e87"
},
{
"url": "https://git.kernel.org/stable/c/f93ae43780b759a70734be9bc82c1adcf7f33208"
},
{
"url": "https://git.kernel.org/stable/c/128497456756e1b952bd5a912cd073836465109d"
}
],
"title": "platform/x86: toshiba_haps: Fix memory leaks in add/remove routines",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23176",
"datePublished": "2026-02-14T16:27:08.764Z",
"dateReserved": "2026-01-13T15:37:45.983Z",
"dateUpdated": "2026-05-11T22:01:47.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23177 (GCVE-0-2026-23177)
Vulnerability from cvelistv5 – Published: 2026-02-14 16:27 – Updated: 2026-05-11 22:01
VLAI
EPSS
Title
mm, shmem: prevent infinite loop on truncate race
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm, shmem: prevent infinite loop on truncate race
When truncating a large swap entry, shmem_free_swap() returns 0 when the
entry's index doesn't match the given index due to lookup alignment. The
failure fallback path checks if the entry crosses the end border and
aborts when it happens, so truncate won't erase an unexpected entry or
range. But one scenario was ignored.
When `index` points to the middle of a large swap entry, and the large
swap entry doesn't go across the end border, find_get_entries() will
return that large swap entry as the first item in the batch with
`indices[0]` equal to `index`. The entry's base index will be smaller
than `indices[0]`, so shmem_free_swap() will fail and return 0 due to the
"base < index" check. The code will then call shmem_confirm_swap(), get
the order, check if it crosses the END boundary (which it doesn't), and
retry with the same index.
The next iteration will find the same entry again at the same index with
same indices, leading to an infinite loop.
Fix this by retrying with a round-down index, and abort if the index is
smaller than the truncate range.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
809bc86517cc408b5b8cb8e08e69096639432bc8 , < dfc3ab6bd64860f8022d69903be299d09be86e11
(git)
Affected: 809bc86517cc408b5b8cb8e08e69096639432bc8 , < 7b6a0f121d50234aab3e7ab9a62ebe826d40a32a (git) Affected: 809bc86517cc408b5b8cb8e08e69096639432bc8 , < 2030dddf95451b4e7a389f052091e7c4b7b274c6 (git) |
|
| Linux | Linux |
Affected:
6.12
Unaffected: 0 , < 6.12 (semver) Unaffected: 6.12.70 , ≤ 6.12.* (semver) Unaffected: 6.18.10 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"mm/shmem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "dfc3ab6bd64860f8022d69903be299d09be86e11",
"status": "affected",
"version": "809bc86517cc408b5b8cb8e08e69096639432bc8",
"versionType": "git"
},
{
"lessThan": "7b6a0f121d50234aab3e7ab9a62ebe826d40a32a",
"status": "affected",
"version": "809bc86517cc408b5b8cb8e08e69096639432bc8",
"versionType": "git"
},
{
"lessThan": "2030dddf95451b4e7a389f052091e7c4b7b274c6",
"status": "affected",
"version": "809bc86517cc408b5b8cb8e08e69096639432bc8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"mm/shmem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.12"
},
{
"lessThan": "6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.70",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.70",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.10",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm, shmem: prevent infinite loop on truncate race\n\nWhen truncating a large swap entry, shmem_free_swap() returns 0 when the\nentry\u0027s index doesn\u0027t match the given index due to lookup alignment. The\nfailure fallback path checks if the entry crosses the end border and\naborts when it happens, so truncate won\u0027t erase an unexpected entry or\nrange. But one scenario was ignored.\n\nWhen `index` points to the middle of a large swap entry, and the large\nswap entry doesn\u0027t go across the end border, find_get_entries() will\nreturn that large swap entry as the first item in the batch with\n`indices[0]` equal to `index`. The entry\u0027s base index will be smaller\nthan `indices[0]`, so shmem_free_swap() will fail and return 0 due to the\n\"base \u003c index\" check. The code will then call shmem_confirm_swap(), get\nthe order, check if it crosses the END boundary (which it doesn\u0027t), and\nretry with the same index.\n\nThe next iteration will find the same entry again at the same index with\nsame indices, leading to an infinite loop.\n\nFix this by retrying with a round-down index, and abort if the index is\nsmaller than the truncate range."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T22:01:48.769Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/dfc3ab6bd64860f8022d69903be299d09be86e11"
},
{
"url": "https://git.kernel.org/stable/c/7b6a0f121d50234aab3e7ab9a62ebe826d40a32a"
},
{
"url": "https://git.kernel.org/stable/c/2030dddf95451b4e7a389f052091e7c4b7b274c6"
}
],
"title": "mm, shmem: prevent infinite loop on truncate race",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23177",
"datePublished": "2026-02-14T16:27:09.429Z",
"dateReserved": "2026-01-13T15:37:45.983Z",
"dateUpdated": "2026-05-11T22:01:48.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23178 (GCVE-0-2026-23178)
Vulnerability from cvelistv5 – Published: 2026-02-14 16:27 – Updated: 2026-05-11 22:01
VLAI
EPSS
Title
HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report()
Summary
In the Linux kernel, the following vulnerability has been resolved:
HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report()
`i2c_hid_xfer` is used to read `recv_len + sizeof(__le16)` bytes of data
into `ihid->rawbuf`.
The former can come from the userspace in the hidraw driver and is only
bounded by HID_MAX_BUFFER_SIZE(16384) by default (unless we also set
`max_buffer_size` field of `struct hid_ll_driver` which we do not).
The latter has size determined at runtime by the maximum size of
different report types you could receive on any particular device and
can be a much smaller value.
Fix this by truncating `recv_len` to `ihid->bufsize - sizeof(__le16)`.
The impact is low since access to hidraw devices requires root.
Severity
7.8 (High)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
85df713377ddc0482071c3e6b64c37bd1e48f1f1 , < f9c9ad89d845f88a1509e9d672f65d234425fde9
(git)
Affected: 85df713377ddc0482071c3e6b64c37bd1e48f1f1 , < cff3f619fd1cb40cdd89971df9001f075613d219 (git) Affected: 85df713377ddc0482071c3e6b64c37bd1e48f1f1 , < 786ec171788bdf9dda38789163f1b1fbb47f2d1e (git) Affected: 85df713377ddc0482071c3e6b64c37bd1e48f1f1 , < 2124279f1f8c32c1646ce98e75a1a39b23b7db76 (git) Affected: 85df713377ddc0482071c3e6b64c37bd1e48f1f1 , < 2497ff38c530b1af0df5130ca9f5ab22c5e92f29 (git) |
|
| Linux | Linux |
Affected:
5.18
Unaffected: 0 , < 5.18 (semver) Unaffected: 6.1.163 , ≤ 6.1.* (semver) Unaffected: 6.6.124 , ≤ 6.6.* (semver) Unaffected: 6.12.70 , ≤ 6.12.* (semver) Unaffected: 6.18.10 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hid/i2c-hid/i2c-hid-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f9c9ad89d845f88a1509e9d672f65d234425fde9",
"status": "affected",
"version": "85df713377ddc0482071c3e6b64c37bd1e48f1f1",
"versionType": "git"
},
{
"lessThan": "cff3f619fd1cb40cdd89971df9001f075613d219",
"status": "affected",
"version": "85df713377ddc0482071c3e6b64c37bd1e48f1f1",
"versionType": "git"
},
{
"lessThan": "786ec171788bdf9dda38789163f1b1fbb47f2d1e",
"status": "affected",
"version": "85df713377ddc0482071c3e6b64c37bd1e48f1f1",
"versionType": "git"
},
{
"lessThan": "2124279f1f8c32c1646ce98e75a1a39b23b7db76",
"status": "affected",
"version": "85df713377ddc0482071c3e6b64c37bd1e48f1f1",
"versionType": "git"
},
{
"lessThan": "2497ff38c530b1af0df5130ca9f5ab22c5e92f29",
"status": "affected",
"version": "85df713377ddc0482071c3e6b64c37bd1e48f1f1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hid/i2c-hid/i2c-hid-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.18"
},
{
"lessThan": "5.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.70",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.163",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.124",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.70",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.10",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report()\n\n`i2c_hid_xfer` is used to read `recv_len + sizeof(__le16)` bytes of data\ninto `ihid-\u003erawbuf`.\n\nThe former can come from the userspace in the hidraw driver and is only\nbounded by HID_MAX_BUFFER_SIZE(16384) by default (unless we also set\n`max_buffer_size` field of `struct hid_ll_driver` which we do not).\n\nThe latter has size determined at runtime by the maximum size of\ndifferent report types you could receive on any particular device and\ncan be a much smaller value.\n\nFix this by truncating `recv_len` to `ihid-\u003ebufsize - sizeof(__le16)`.\n\nThe impact is low since access to hidraw devices requires root."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T22:01:49.899Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f9c9ad89d845f88a1509e9d672f65d234425fde9"
},
{
"url": "https://git.kernel.org/stable/c/cff3f619fd1cb40cdd89971df9001f075613d219"
},
{
"url": "https://git.kernel.org/stable/c/786ec171788bdf9dda38789163f1b1fbb47f2d1e"
},
{
"url": "https://git.kernel.org/stable/c/2124279f1f8c32c1646ce98e75a1a39b23b7db76"
},
{
"url": "https://git.kernel.org/stable/c/2497ff38c530b1af0df5130ca9f5ab22c5e92f29"
}
],
"title": "HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23178",
"datePublished": "2026-02-14T16:27:10.108Z",
"dateReserved": "2026-01-13T15:37:45.984Z",
"dateUpdated": "2026-05-11T22:01:49.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23179 (GCVE-0-2026-23179)
Vulnerability from cvelistv5 – Published: 2026-02-14 16:27 – Updated: 2026-05-11 22:01
VLAI
EPSS
Title
nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()
When the socket is closed while in TCP_LISTEN a callback is run to
flush all outstanding packets, which in turns calls
nvmet_tcp_listen_data_ready() with the sk_callback_lock held.
So we need to check if we are in TCP_LISTEN before attempting
to get the sk_callback_lock() to avoid a deadlock.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
675b453e024154dd547921c6e6d5b58747ba7e0e , < 6e0c7503a5803d568d56a9f9bca662cd94a14908
(git)
Affected: 675b453e024154dd547921c6e6d5b58747ba7e0e , < 1c90f930e7b410dd2d75a2a19a85e19c64e98ad5 (git) Affected: 675b453e024154dd547921c6e6d5b58747ba7e0e , < 2fa8961d3a6a1c2395d8d560ffed2c782681bade (git) |
|
| Linux | Linux |
Affected:
6.7
Unaffected: 0 , < 6.7 (semver) Unaffected: 6.12.70 , ≤ 6.12.* (semver) Unaffected: 6.18.10 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nvme/target/tcp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6e0c7503a5803d568d56a9f9bca662cd94a14908",
"status": "affected",
"version": "675b453e024154dd547921c6e6d5b58747ba7e0e",
"versionType": "git"
},
{
"lessThan": "1c90f930e7b410dd2d75a2a19a85e19c64e98ad5",
"status": "affected",
"version": "675b453e024154dd547921c6e6d5b58747ba7e0e",
"versionType": "git"
},
{
"lessThan": "2fa8961d3a6a1c2395d8d560ffed2c782681bade",
"status": "affected",
"version": "675b453e024154dd547921c6e6d5b58747ba7e0e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nvme/target/tcp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.70",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.70",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.10",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()\n\nWhen the socket is closed while in TCP_LISTEN a callback is run to\nflush all outstanding packets, which in turns calls\nnvmet_tcp_listen_data_ready() with the sk_callback_lock held.\nSo we need to check if we are in TCP_LISTEN before attempting\nto get the sk_callback_lock() to avoid a deadlock."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T22:01:51.043Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6e0c7503a5803d568d56a9f9bca662cd94a14908"
},
{
"url": "https://git.kernel.org/stable/c/1c90f930e7b410dd2d75a2a19a85e19c64e98ad5"
},
{
"url": "https://git.kernel.org/stable/c/2fa8961d3a6a1c2395d8d560ffed2c782681bade"
}
],
"title": "nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23179",
"datePublished": "2026-02-14T16:27:10.778Z",
"dateReserved": "2026-01-13T15:37:45.984Z",
"dateUpdated": "2026-05-11T22:01:51.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23180 (GCVE-0-2026-23180)
Vulnerability from cvelistv5 – Published: 2026-02-14 16:27 – Updated: 2026-05-11 22:01
VLAI
EPSS
Title
dpaa2-switch: add bounds check for if_id in IRQ handler
Summary
In the Linux kernel, the following vulnerability has been resolved:
dpaa2-switch: add bounds check for if_id in IRQ handler
The IRQ handler extracts if_id from the upper 16 bits of the hardware
status register and uses it to index into ethsw->ports[] without
validation. Since if_id can be any 16-bit value (0-65535) but the ports
array is only allocated with sw_attr.num_ifs elements, this can lead to
an out-of-bounds read potentially.
Add a bounds check before accessing the array, consistent with the
existing validation in dpaa2_switch_rx().
Severity
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
24ab724f8a4661b2dc8e696b41df93bdc108f7a1 , < 77611cab5bdfff7a070ae574bbfba20a1de99d1b
(git)
Affected: 24ab724f8a4661b2dc8e696b41df93bdc108f7a1 , < 34b56c16efd61325d80bf1d780d0e176be662f59 (git) Affected: 24ab724f8a4661b2dc8e696b41df93bdc108f7a1 , < f89e33c9c37f0001b730e23b3b05ab7b1ecface2 (git) Affected: 24ab724f8a4661b2dc8e696b41df93bdc108f7a1 , < 2447edc367800ba914acf7ddd5d250416b45fb31 (git) Affected: 24ab724f8a4661b2dc8e696b41df93bdc108f7a1 , < 1b381a638e1851d8cfdfe08ed9cdbec5295b18c9 (git) Affected: 24ab724f8a4661b2dc8e696b41df93bdc108f7a1 , < 31a7a0bbeb006bac2d9c81a2874825025214b6d8 (git) |
|
| Linux | Linux |
Affected:
5.15
Unaffected: 0 , < 5.15 (semver) Unaffected: 5.15.200 , ≤ 5.15.* (semver) Unaffected: 6.1.163 , ≤ 6.1.* (semver) Unaffected: 6.6.124 , ≤ 6.6.* (semver) Unaffected: 6.12.70 , ≤ 6.12.* (semver) Unaffected: 6.18.10 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/freescale/dpaa2/dpaa2-switch.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "77611cab5bdfff7a070ae574bbfba20a1de99d1b",
"status": "affected",
"version": "24ab724f8a4661b2dc8e696b41df93bdc108f7a1",
"versionType": "git"
},
{
"lessThan": "34b56c16efd61325d80bf1d780d0e176be662f59",
"status": "affected",
"version": "24ab724f8a4661b2dc8e696b41df93bdc108f7a1",
"versionType": "git"
},
{
"lessThan": "f89e33c9c37f0001b730e23b3b05ab7b1ecface2",
"status": "affected",
"version": "24ab724f8a4661b2dc8e696b41df93bdc108f7a1",
"versionType": "git"
},
{
"lessThan": "2447edc367800ba914acf7ddd5d250416b45fb31",
"status": "affected",
"version": "24ab724f8a4661b2dc8e696b41df93bdc108f7a1",
"versionType": "git"
},
{
"lessThan": "1b381a638e1851d8cfdfe08ed9cdbec5295b18c9",
"status": "affected",
"version": "24ab724f8a4661b2dc8e696b41df93bdc108f7a1",
"versionType": "git"
},
{
"lessThan": "31a7a0bbeb006bac2d9c81a2874825025214b6d8",
"status": "affected",
"version": "24ab724f8a4661b2dc8e696b41df93bdc108f7a1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/freescale/dpaa2/dpaa2-switch.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.200",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.70",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.200",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.163",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.124",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.70",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.10",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpaa2-switch: add bounds check for if_id in IRQ handler\n\nThe IRQ handler extracts if_id from the upper 16 bits of the hardware\nstatus register and uses it to index into ethsw-\u003eports[] without\nvalidation. Since if_id can be any 16-bit value (0-65535) but the ports\narray is only allocated with sw_attr.num_ifs elements, this can lead to\nan out-of-bounds read potentially.\n\nAdd a bounds check before accessing the array, consistent with the\nexisting validation in dpaa2_switch_rx()."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T22:01:52.245Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/77611cab5bdfff7a070ae574bbfba20a1de99d1b"
},
{
"url": "https://git.kernel.org/stable/c/34b56c16efd61325d80bf1d780d0e176be662f59"
},
{
"url": "https://git.kernel.org/stable/c/f89e33c9c37f0001b730e23b3b05ab7b1ecface2"
},
{
"url": "https://git.kernel.org/stable/c/2447edc367800ba914acf7ddd5d250416b45fb31"
},
{
"url": "https://git.kernel.org/stable/c/1b381a638e1851d8cfdfe08ed9cdbec5295b18c9"
},
{
"url": "https://git.kernel.org/stable/c/31a7a0bbeb006bac2d9c81a2874825025214b6d8"
}
],
"title": "dpaa2-switch: add bounds check for if_id in IRQ handler",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23180",
"datePublished": "2026-02-14T16:27:11.463Z",
"dateReserved": "2026-01-13T15:37:45.984Z",
"dateUpdated": "2026-05-11T22:01:52.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23182 (GCVE-0-2026-23182)
Vulnerability from cvelistv5 – Published: 2026-02-14 16:27 – Updated: 2026-05-23 16:04
VLAI
EPSS
Title
spi: tegra: Fix a memory leak in tegra_slink_probe()
Summary
In the Linux kernel, the following vulnerability has been resolved:
spi: tegra: Fix a memory leak in tegra_slink_probe()
In tegra_slink_probe(), when platform_get_irq() fails, it directly
returns from the function with an error code, which causes a memory leak.
Replace it with a goto label to ensure proper cleanup.
Severity
No CVSS data available.
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
b64683f5d7282f7b160e9867e33cdac00b5c792b , < 6a04dc650cef8d52a1ccb4ae245dbe318ffff32e
(git)
Affected: 5c25f89c00b97844d0427f0f96818a15714bd609 , < 327b71326cc1834bc031e8f52a470a18dfd9caa6 (git) Affected: 46ee23101f32a1ced5335d5407d5ecffd160ccdf , < 126a09f4fcd2b895a818ca43fde078d907c1ac9a (git) Affected: eb9913b511f10968a02cfa5329a896855dd152a3 , < 075415ae18b5b3e4d0187962d538653154216fe7 (git) Affected: eb9913b511f10968a02cfa5329a896855dd152a3 , < b8eec12aa666c11f8a6ad1488c568f85c58875fa (git) Affected: eb9913b511f10968a02cfa5329a896855dd152a3 , < 41d9a6795b95d6ea28439ac1e9ce8c95bbca20fc (git) Affected: 4eb8065494ca19caba3f45fc83941fd568a8c3cd (git) Affected: 5.15.139 , < 5.15.200 (semver) Affected: 6.1.63 , < 6.1.163 (semver) Affected: 6.6.2 , < 6.6.124 (semver) Affected: 6.5.12 , < 6.6 (semver) |
|
| Linux | Linux |
Affected:
6.7
Unaffected: 0 , < 6.7 (semver) Unaffected: 5.15.200 , ≤ 5.15.* (semver) Unaffected: 6.1.163 , ≤ 6.1.* (semver) Unaffected: 6.6.124 , ≤ 6.6.* (semver) Unaffected: 6.12.70 , ≤ 6.12.* (semver) Unaffected: 6.18.10 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/spi/spi-tegra20-slink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6a04dc650cef8d52a1ccb4ae245dbe318ffff32e",
"status": "affected",
"version": "b64683f5d7282f7b160e9867e33cdac00b5c792b",
"versionType": "git"
},
{
"lessThan": "327b71326cc1834bc031e8f52a470a18dfd9caa6",
"status": "affected",
"version": "5c25f89c00b97844d0427f0f96818a15714bd609",
"versionType": "git"
},
{
"lessThan": "126a09f4fcd2b895a818ca43fde078d907c1ac9a",
"status": "affected",
"version": "46ee23101f32a1ced5335d5407d5ecffd160ccdf",
"versionType": "git"
},
{
"lessThan": "075415ae18b5b3e4d0187962d538653154216fe7",
"status": "affected",
"version": "eb9913b511f10968a02cfa5329a896855dd152a3",
"versionType": "git"
},
{
"lessThan": "b8eec12aa666c11f8a6ad1488c568f85c58875fa",
"status": "affected",
"version": "eb9913b511f10968a02cfa5329a896855dd152a3",
"versionType": "git"
},
{
"lessThan": "41d9a6795b95d6ea28439ac1e9ce8c95bbca20fc",
"status": "affected",
"version": "eb9913b511f10968a02cfa5329a896855dd152a3",
"versionType": "git"
},
{
"status": "affected",
"version": "4eb8065494ca19caba3f45fc83941fd568a8c3cd",
"versionType": "git"
},
{
"lessThan": "5.15.200",
"status": "affected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThan": "6.1.163",
"status": "affected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThan": "6.6.124",
"status": "affected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThan": "6.6",
"status": "affected",
"version": "6.5.12",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/spi/spi-tegra20-slink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.200",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.70",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.200",
"versionStartIncluding": "5.15.139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.163",
"versionStartIncluding": "6.1.63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.124",
"versionStartIncluding": "6.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.70",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.10",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: tegra: Fix a memory leak in tegra_slink_probe()\n\nIn tegra_slink_probe(), when platform_get_irq() fails, it directly\nreturns from the function with an error code, which causes a memory leak.\n\nReplace it with a goto label to ensure proper cleanup."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T16:04:03.906Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6a04dc650cef8d52a1ccb4ae245dbe318ffff32e"
},
{
"url": "https://git.kernel.org/stable/c/327b71326cc1834bc031e8f52a470a18dfd9caa6"
},
{
"url": "https://git.kernel.org/stable/c/126a09f4fcd2b895a818ca43fde078d907c1ac9a"
},
{
"url": "https://git.kernel.org/stable/c/075415ae18b5b3e4d0187962d538653154216fe7"
},
{
"url": "https://git.kernel.org/stable/c/b8eec12aa666c11f8a6ad1488c568f85c58875fa"
},
{
"url": "https://git.kernel.org/stable/c/41d9a6795b95d6ea28439ac1e9ce8c95bbca20fc"
}
],
"title": "spi: tegra: Fix a memory leak in tegra_slink_probe()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23182",
"datePublished": "2026-02-14T16:27:12.806Z",
"dateReserved": "2026-01-13T15:37:45.984Z",
"dateUpdated": "2026-05-23T16:04:03.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23187 (GCVE-0-2026-23187)
Vulnerability from cvelistv5 – Published: 2026-02-14 16:27 – Updated: 2026-05-11 22:02
VLAI
EPSS
Title
pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains
Summary
In the Linux kernel, the following vulnerability has been resolved:
pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains
Fix out-of-range access of bc->domains in imx8m_blk_ctrl_remove().
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
2684ac05a8c4d2d5c49e6c11eb6206b30a284813 , < 7842b5dfcac888ece025a2321257d74b2264b099
(git)
Affected: 2684ac05a8c4d2d5c49e6c11eb6206b30a284813 , < 071159ff5c0bf2e5efff79501e23faf3775cbcd1 (git) Affected: 2684ac05a8c4d2d5c49e6c11eb6206b30a284813 , < 4390dcdabb5fca4647bf56a5a6b050bbdfa5760f (git) Affected: 2684ac05a8c4d2d5c49e6c11eb6206b30a284813 , < eb54ce033b344b531b374496e68a2554b2b56b5a (git) Affected: 2684ac05a8c4d2d5c49e6c11eb6206b30a284813 , < 6bd8b4a92a901fae1a422e6f914801063c345e8d (git) |
|
| Linux | Linux |
Affected:
5.16
Unaffected: 0 , < 5.16 (semver) Unaffected: 6.1.163 , ≤ 6.1.* (semver) Unaffected: 6.6.124 , ≤ 6.6.* (semver) Unaffected: 6.12.70 , ≤ 6.12.* (semver) Unaffected: 6.18.10 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/pmdomain/imx/imx8m-blk-ctrl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7842b5dfcac888ece025a2321257d74b2264b099",
"status": "affected",
"version": "2684ac05a8c4d2d5c49e6c11eb6206b30a284813",
"versionType": "git"
},
{
"lessThan": "071159ff5c0bf2e5efff79501e23faf3775cbcd1",
"status": "affected",
"version": "2684ac05a8c4d2d5c49e6c11eb6206b30a284813",
"versionType": "git"
},
{
"lessThan": "4390dcdabb5fca4647bf56a5a6b050bbdfa5760f",
"status": "affected",
"version": "2684ac05a8c4d2d5c49e6c11eb6206b30a284813",
"versionType": "git"
},
{
"lessThan": "eb54ce033b344b531b374496e68a2554b2b56b5a",
"status": "affected",
"version": "2684ac05a8c4d2d5c49e6c11eb6206b30a284813",
"versionType": "git"
},
{
"lessThan": "6bd8b4a92a901fae1a422e6f914801063c345e8d",
"status": "affected",
"version": "2684ac05a8c4d2d5c49e6c11eb6206b30a284813",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/pmdomain/imx/imx8m-blk-ctrl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.70",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.163",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.124",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.70",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.10",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "5.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8m-blk-ctrl: fix out-of-range access of bc-\u003edomains\n\nFix out-of-range access of bc-\u003edomains in imx8m_blk_ctrl_remove()."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T22:02:00.524Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7842b5dfcac888ece025a2321257d74b2264b099"
},
{
"url": "https://git.kernel.org/stable/c/071159ff5c0bf2e5efff79501e23faf3775cbcd1"
},
{
"url": "https://git.kernel.org/stable/c/4390dcdabb5fca4647bf56a5a6b050bbdfa5760f"
},
{
"url": "https://git.kernel.org/stable/c/eb54ce033b344b531b374496e68a2554b2b56b5a"
},
{
"url": "https://git.kernel.org/stable/c/6bd8b4a92a901fae1a422e6f914801063c345e8d"
}
],
"title": "pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc-\u003edomains",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23187",
"datePublished": "2026-02-14T16:27:16.200Z",
"dateReserved": "2026-01-13T15:37:45.985Z",
"dateUpdated": "2026-05-11T22:02:00.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23188 (GCVE-0-2026-23188)
Vulnerability from cvelistv5 – Published: 2026-02-14 16:27 – Updated: 2026-05-11 22:02
VLAI
EPSS
Title
net: usb: r8152: fix resume reset deadlock
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: usb: r8152: fix resume reset deadlock
rtl8152 can trigger device reset during reset which
potentially can result in a deadlock:
**** DPM device timeout after 10 seconds; 15 seconds until panic ****
Call Trace:
<TASK>
schedule+0x483/0x1370
schedule_preempt_disabled+0x15/0x30
__mutex_lock_common+0x1fd/0x470
__rtl8152_set_mac_address+0x80/0x1f0
dev_set_mac_address+0x7f/0x150
rtl8152_post_reset+0x72/0x150
usb_reset_device+0x1d0/0x220
rtl8152_resume+0x99/0xc0
usb_resume_interface+0x3e/0xc0
usb_resume_both+0x104/0x150
usb_resume+0x22/0x110
The problem is that rtl8152 resume calls reset under
tp->control mutex while reset basically re-enters rtl8152
and attempts to acquire the same tp->control lock once
again.
Reset INACCESSIBLE device outside of tp->control mutex
scope to avoid recursive mutex_lock() deadlock.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
4933b066fefbee4f1d2d708de53c4ab7f09026ad , < 61c8091b7937f91f9bc0b7f6b578de270fe35dc7
(git)
Affected: 4933b066fefbee4f1d2d708de53c4ab7f09026ad , < 1b2efc593dca99d8e8e6f6d6c7ccd9a972679702 (git) Affected: 4933b066fefbee4f1d2d708de53c4ab7f09026ad , < 6d06bc83a5ae8777a5f7a81c32dd75b8d9b2fe04 (git) |
|
| Linux | Linux |
Affected:
6.11
Unaffected: 0 , < 6.11 (semver) Unaffected: 6.12.70 , ≤ 6.12.* (semver) Unaffected: 6.18.10 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/r8152.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "61c8091b7937f91f9bc0b7f6b578de270fe35dc7",
"status": "affected",
"version": "4933b066fefbee4f1d2d708de53c4ab7f09026ad",
"versionType": "git"
},
{
"lessThan": "1b2efc593dca99d8e8e6f6d6c7ccd9a972679702",
"status": "affected",
"version": "4933b066fefbee4f1d2d708de53c4ab7f09026ad",
"versionType": "git"
},
{
"lessThan": "6d06bc83a5ae8777a5f7a81c32dd75b8d9b2fe04",
"status": "affected",
"version": "4933b066fefbee4f1d2d708de53c4ab7f09026ad",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/r8152.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.11"
},
{
"lessThan": "6.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.70",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.70",
"versionStartIncluding": "6.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.10",
"versionStartIncluding": "6.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: r8152: fix resume reset deadlock\n\nrtl8152 can trigger device reset during reset which\npotentially can result in a deadlock:\n\n **** DPM device timeout after 10 seconds; 15 seconds until panic ****\n Call Trace:\n \u003cTASK\u003e\n schedule+0x483/0x1370\n schedule_preempt_disabled+0x15/0x30\n __mutex_lock_common+0x1fd/0x470\n __rtl8152_set_mac_address+0x80/0x1f0\n dev_set_mac_address+0x7f/0x150\n rtl8152_post_reset+0x72/0x150\n usb_reset_device+0x1d0/0x220\n rtl8152_resume+0x99/0xc0\n usb_resume_interface+0x3e/0xc0\n usb_resume_both+0x104/0x150\n usb_resume+0x22/0x110\n\nThe problem is that rtl8152 resume calls reset under\ntp-\u003econtrol mutex while reset basically re-enters rtl8152\nand attempts to acquire the same tp-\u003econtrol lock once\nagain.\n\nReset INACCESSIBLE device outside of tp-\u003econtrol mutex\nscope to avoid recursive mutex_lock() deadlock."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T22:02:01.716Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/61c8091b7937f91f9bc0b7f6b578de270fe35dc7"
},
{
"url": "https://git.kernel.org/stable/c/1b2efc593dca99d8e8e6f6d6c7ccd9a972679702"
},
{
"url": "https://git.kernel.org/stable/c/6d06bc83a5ae8777a5f7a81c32dd75b8d9b2fe04"
}
],
"title": "net: usb: r8152: fix resume reset deadlock",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23188",
"datePublished": "2026-02-14T16:27:16.869Z",
"dateReserved": "2026-01-13T15:37:45.985Z",
"dateUpdated": "2026-05-11T22:02:01.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23189 (GCVE-0-2026-23189)
Vulnerability from cvelistv5 – Published: 2026-02-14 16:27 – Updated: 2026-05-23 16:04
VLAI
EPSS
Title
ceph: fix NULL pointer dereference in ceph_mds_auth_match()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ceph: fix NULL pointer dereference in ceph_mds_auth_match()
The CephFS kernel client has regression starting from 6.18-rc1.
We have issue in ceph_mds_auth_match() if fs_name == NULL:
const char fs_name = mdsc->fsc->mount_options->mds_namespace;
...
if (auth->match.fs_name && strcmp(auth->match.fs_name, fs_name)) {
/ fsname mismatch, try next one */
return 0;
}
Patrick Donnelly suggested that: In summary, we should definitely start
decoding `fs_name` from the MDSMap and do strict authorizations checks
against it. Note that the `-o mds_namespace=foo` should only be used for
selecting the file system to mount and nothing else. It's possible
no mds_namespace is specified but the kernel will mount the only
file system that exists which may have name "foo".
This patch reworks ceph_mdsmap_decode() and namespace_equals() with
the goal of supporting the suggested concept. Now struct ceph_mdsmap
contains m_fs_name field that receives copy of extracted FS name
by ceph_extract_encoded_string(). For the case of "old" CephFS file
systems, it is used "cephfs" name.
[ idryomov: replace redundant %*pE with %s in ceph_mdsmap_decode(),
get rid of a series of strlen() calls in ceph_namespace_match(),
drop changes to namespace_equals() body to avoid treating empty
mds_namespace as equal, drop changes to ceph_mdsc_handle_fsmap()
as namespace_equals() isn't an equivalent substitution there ]
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
07640d34a781bb2e39020a39137073c03c4aa932 , < c6f8326f26bd20d648d9a55afd68148d1b6afe28
(git)
Affected: 22c73d52a6d05c5a2053385c0d6cd9984732799d , < 57b36ffc8881dd455d875f85c105901974af2130 (git) Affected: 22c73d52a6d05c5a2053385c0d6cd9984732799d , < 7987cce375ac8ce98e170a77aa2399f2cf6eb99f (git) Affected: ca3da8b27ab9a0923ad477447cfb8fc7f4b4c523 (git) Affected: 6.12.58 , < 6.12.70 (semver) Affected: 6.17.8 , < 6.18 (semver) |
|
| Linux | Linux |
Affected:
6.18
Unaffected: 0 , < 6.18 (semver) Unaffected: 6.12.70 , ≤ 6.12.* (semver) Unaffected: 6.18.10 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ceph/mds_client.c",
"fs/ceph/mdsmap.c",
"fs/ceph/mdsmap.h",
"fs/ceph/super.h",
"include/linux/ceph/ceph_fs.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c6f8326f26bd20d648d9a55afd68148d1b6afe28",
"status": "affected",
"version": "07640d34a781bb2e39020a39137073c03c4aa932",
"versionType": "git"
},
{
"lessThan": "57b36ffc8881dd455d875f85c105901974af2130",
"status": "affected",
"version": "22c73d52a6d05c5a2053385c0d6cd9984732799d",
"versionType": "git"
},
{
"lessThan": "7987cce375ac8ce98e170a77aa2399f2cf6eb99f",
"status": "affected",
"version": "22c73d52a6d05c5a2053385c0d6cd9984732799d",
"versionType": "git"
},
{
"status": "affected",
"version": "ca3da8b27ab9a0923ad477447cfb8fc7f4b4c523",
"versionType": "git"
},
{
"lessThan": "6.12.70",
"status": "affected",
"version": "6.12.58",
"versionType": "semver"
},
{
"lessThan": "6.18",
"status": "affected",
"version": "6.17.8",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ceph/mds_client.c",
"fs/ceph/mdsmap.c",
"fs/ceph/mdsmap.h",
"fs/ceph/super.h",
"include/linux/ceph/ceph_fs.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.18"
},
{
"lessThan": "6.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.70",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.70",
"versionStartIncluding": "6.12.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.10",
"versionStartIncluding": "6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.17.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix NULL pointer dereference in ceph_mds_auth_match()\n\nThe CephFS kernel client has regression starting from 6.18-rc1.\nWe have issue in ceph_mds_auth_match() if fs_name == NULL:\n\n const char fs_name = mdsc-\u003efsc-\u003emount_options-\u003emds_namespace;\n ...\n if (auth-\u003ematch.fs_name \u0026\u0026 strcmp(auth-\u003ematch.fs_name, fs_name)) {\n / fsname mismatch, try next one */\n return 0;\n }\n\nPatrick Donnelly suggested that: In summary, we should definitely start\ndecoding `fs_name` from the MDSMap and do strict authorizations checks\nagainst it. Note that the `-o mds_namespace=foo` should only be used for\nselecting the file system to mount and nothing else. It\u0027s possible\nno mds_namespace is specified but the kernel will mount the only\nfile system that exists which may have name \"foo\".\n\nThis patch reworks ceph_mdsmap_decode() and namespace_equals() with\nthe goal of supporting the suggested concept. Now struct ceph_mdsmap\ncontains m_fs_name field that receives copy of extracted FS name\nby ceph_extract_encoded_string(). For the case of \"old\" CephFS file\nsystems, it is used \"cephfs\" name.\n\n[ idryomov: replace redundant %*pE with %s in ceph_mdsmap_decode(),\n get rid of a series of strlen() calls in ceph_namespace_match(),\n drop changes to namespace_equals() body to avoid treating empty\n mds_namespace as equal, drop changes to ceph_mdsc_handle_fsmap()\n as namespace_equals() isn\u0027t an equivalent substitution there ]"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T16:04:05.037Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c6f8326f26bd20d648d9a55afd68148d1b6afe28"
},
{
"url": "https://git.kernel.org/stable/c/57b36ffc8881dd455d875f85c105901974af2130"
},
{
"url": "https://git.kernel.org/stable/c/7987cce375ac8ce98e170a77aa2399f2cf6eb99f"
}
],
"title": "ceph: fix NULL pointer dereference in ceph_mds_auth_match()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23189",
"datePublished": "2026-02-14T16:27:17.549Z",
"dateReserved": "2026-01-13T15:37:45.985Z",
"dateUpdated": "2026-05-23T16:04:05.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…