Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0329
Vulnerability from certfr_avis - Published: 2026-03-20 - Updated: 2026-03-20
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un déni de service et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Micro Extras 6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Micro 6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Micro 6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Micro Extras 6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-23198",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23198"
},
{
"name": "CVE-2026-23202",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23202"
},
{
"name": "CVE-2026-23167",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23167"
},
{
"name": "CVE-2025-68374",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68374"
},
{
"name": "CVE-2026-23129",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23129"
},
{
"name": "CVE-2025-68778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68778"
},
{
"name": "CVE-2025-68736",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68736"
},
{
"name": "CVE-2025-68283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68283"
},
{
"name": "CVE-2026-23004",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23004"
},
{
"name": "CVE-2025-71071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71071"
},
{
"name": "CVE-2025-71191",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71191"
},
{
"name": "CVE-2025-68295",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68295"
},
{
"name": "CVE-2025-40103",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40103"
},
{
"name": "CVE-2025-21738",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21738"
},
{
"name": "CVE-2026-23139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23139"
},
{
"name": "CVE-2026-23208",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23208"
},
{
"name": "CVE-2026-23017",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23017"
},
{
"name": "CVE-2025-71189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71189"
},
{
"name": "CVE-2026-23179",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23179"
},
{
"name": "CVE-2026-23090",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23090"
},
{
"name": "CVE-2026-23035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23035"
},
{
"name": "CVE-2025-38375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38375"
},
{
"name": "CVE-2026-23064",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23064"
},
{
"name": "CVE-2026-23061",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23061"
},
{
"name": "CVE-2026-23135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23135"
},
{
"name": "CVE-2026-23119",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23119"
},
{
"name": "CVE-2026-23173",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23173"
},
{
"name": "CVE-2026-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23222"
},
{
"name": "CVE-2026-23094",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23094"
},
{
"name": "CVE-2026-23049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23049"
},
{
"name": "CVE-2026-23229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23229"
},
{
"name": "CVE-2026-23101",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23101"
},
{
"name": "CVE-2026-23099",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23099"
},
{
"name": "CVE-2026-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23085"
},
{
"name": "CVE-2026-23209",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23209"
},
{
"name": "CVE-2026-23150",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23150"
},
{
"name": "CVE-2026-23163",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23163"
},
{
"name": "CVE-2025-71235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71235"
},
{
"name": "CVE-2026-23057",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23057"
},
{
"name": "CVE-2026-23166",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23166"
},
{
"name": "CVE-2026-23116",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23116"
},
{
"name": "CVE-2026-23207",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23207"
},
{
"name": "CVE-2025-71200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71200"
},
{
"name": "CVE-2026-23172",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23172"
},
{
"name": "CVE-2026-23133",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23133"
},
{
"name": "CVE-2026-23170",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23170"
},
{
"name": "CVE-2026-23204",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23204"
},
{
"name": "CVE-2025-71188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71188"
},
{
"name": "CVE-2026-23214",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23214"
},
{
"name": "CVE-2025-37861",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37861"
},
{
"name": "CVE-2026-23178",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23178"
},
{
"name": "CVE-2025-71196",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71196"
},
{
"name": "CVE-2026-23191",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23191"
},
{
"name": "CVE-2026-23078",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23078"
},
{
"name": "CVE-2025-68785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68785"
},
{
"name": "CVE-2025-38224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38224"
},
{
"name": "CVE-2026-23074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23074"
},
{
"name": "CVE-2025-71126",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71126"
},
{
"name": "CVE-2025-71199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71199"
},
{
"name": "CVE-2025-71195",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71195"
},
{
"name": "CVE-2026-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23083"
},
{
"name": "CVE-2026-23108",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23108"
},
{
"name": "CVE-2025-71194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71194"
},
{
"name": "CVE-2026-23068",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23068"
},
{
"name": "CVE-2026-23089",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23089"
},
{
"name": "CVE-2025-71225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71225"
},
{
"name": "CVE-2026-23071",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23071"
},
{
"name": "CVE-2026-23056",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23056"
},
{
"name": "CVE-2026-23063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23063"
},
{
"name": "CVE-2026-23073",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23073"
},
{
"name": "CVE-2026-23058",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23058"
},
{
"name": "CVE-2025-71182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71182"
},
{
"name": "CVE-2026-23176",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23176"
},
{
"name": "CVE-2026-23026",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23026"
},
{
"name": "CVE-2025-71190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71190"
},
{
"name": "CVE-2026-23107",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23107"
},
{
"name": "CVE-2025-71104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71104"
},
{
"name": "CVE-2026-23146",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23146"
},
{
"name": "CVE-2025-38129",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38129"
},
{
"name": "CVE-2026-23037",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23037"
},
{
"name": "CVE-2025-71224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71224"
},
{
"name": "CVE-2026-23221",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23221"
},
{
"name": "CVE-2026-23151",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23151"
},
{
"name": "CVE-2026-23152",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23152"
},
{
"name": "CVE-2026-22982",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22982"
},
{
"name": "CVE-2025-71222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71222"
},
{
"name": "CVE-2025-71229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71229"
},
{
"name": "CVE-2026-23213",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23213"
},
{
"name": "CVE-2026-23091",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23091"
},
{
"name": "CVE-2023-53817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53817"
},
{
"name": "CVE-2025-71192",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71192"
},
{
"name": "CVE-2026-23121",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23121"
},
{
"name": "CVE-2025-39964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39964"
},
{
"name": "CVE-2025-71066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71066"
},
{
"name": "CVE-2025-71236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71236"
},
{
"name": "CVE-2025-71234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71234"
},
{
"name": "CVE-2025-71185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71185"
},
{
"name": "CVE-2026-23096",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23096"
},
{
"name": "CVE-2025-71232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71232"
},
{
"name": "CVE-2025-40099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40099"
},
{
"name": "CVE-2026-23105",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23105"
},
{
"name": "CVE-2026-23141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23141"
},
{
"name": "CVE-2026-23182",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23182"
},
{
"name": "CVE-2026-23086",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23086"
},
{
"name": "CVE-2025-71148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71148"
},
{
"name": "CVE-2026-23156",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23156"
},
{
"name": "CVE-2026-23095",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23095"
},
{
"name": "CVE-2025-39748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39748"
},
{
"name": "CVE-2023-53827",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53827"
},
{
"name": "CVE-2026-23033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23033"
},
{
"name": "CVE-2026-23145",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23145"
},
{
"name": "CVE-2026-23104",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23104"
},
{
"name": "CVE-2026-23003",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23003"
},
{
"name": "CVE-2026-23076",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23076"
},
{
"name": "CVE-2026-23171",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23171"
},
{
"name": "CVE-2026-23112",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23112"
},
{
"name": "CVE-2026-23084",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23084"
},
{
"name": "CVE-2026-23190",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23190"
},
{
"name": "CVE-2026-22979",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22979"
},
{
"name": "CVE-2026-23110",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23110"
},
{
"name": "CVE-2026-23060",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23060"
},
{
"name": "CVE-2025-71197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71197"
},
{
"name": "CVE-2025-71113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71113"
},
{
"name": "CVE-2026-23102",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23102"
},
{
"name": "CVE-2026-22998",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22998"
},
{
"name": "CVE-2026-23082",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23082"
},
{
"name": "CVE-2026-23155",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23155"
},
{
"name": "CVE-2026-23111",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23111"
},
{
"name": "CVE-2026-23113",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23113"
},
{
"name": "CVE-2025-71231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71231"
},
{
"name": "CVE-2023-53794",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53794"
},
{
"name": "CVE-2025-68810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68810"
},
{
"name": "CVE-2025-71198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71198"
},
{
"name": "CVE-2026-23021",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23021"
},
{
"name": "CVE-2025-68285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68285"
},
{
"name": "CVE-2026-23053",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23053"
},
{
"name": "CVE-2025-71184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71184"
},
{
"name": "CVE-2026-23080",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23080"
}
],
"initial_release_date": "2026-03-20T00:00:00",
"last_revision_date": "2026-03-20T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0329",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un d\u00e9ni de service et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20674-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620674-1"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20672-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620672-1"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20680-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620680-1"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20699-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620699-1"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20678-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620678-1"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20679-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620679-1"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20702-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620702-1"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20704-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620704-1"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20681-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620681-1"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20700-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620700-1"
},
{
"published_at": "2026-03-18",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:0928-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260928-1"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20719-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620719-1"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20711-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620711-1"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20720-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620720-1"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20701-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620701-1"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20713-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620713-1"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20703-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620703-1"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20705-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620705-1"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20667-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620667-1"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20673-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620673-1"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20676-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620676-1"
}
]
}
CVE-2026-23068 (GCVE-0-2026-23068)
Vulnerability from cvelistv5 – Published: 2026-02-04 16:07 – Updated: 2026-05-11 21:59
VLAI
EPSS
Title
spi: spi-sprd-adi: Fix double free in probe error path
Summary
In the Linux kernel, the following vulnerability has been resolved:
spi: spi-sprd-adi: Fix double free in probe error path
The driver currently uses spi_alloc_host() to allocate the controller
but registers it using devm_spi_register_controller().
If devm_register_restart_handler() fails, the code jumps to the
put_ctlr label and calls spi_controller_put(). However, since the
controller was registered via a devm function, the device core will
automatically call spi_controller_put() again when the probe fails.
This results in a double-free of the spi_controller structure.
Fix this by switching to devm_spi_alloc_host() and removing the
manual spi_controller_put() call.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
ac1775012058e13ef1522938e27f5973d9e3f053 , < bddd3d10d039729b81cfb0804520c8832a701a0e
(git)
Affected: ac1775012058e13ef1522938e27f5973d9e3f053 , < 417cdfd9b9f986e95bfcb1d68eb443e6e0a15f8c (git) Affected: ac1775012058e13ef1522938e27f5973d9e3f053 , < 346775f2b4cf839177e8e86b94aa180a06dc15b0 (git) Affected: ac1775012058e13ef1522938e27f5973d9e3f053 , < f6d6b3f172df118db582fe5ec43ae223a55d99cf (git) Affected: ac1775012058e13ef1522938e27f5973d9e3f053 , < 383d4f5cffcc8df930d95b06518a9d25a6d74aac (git) |
|
| Linux | Linux |
Affected:
4.17
Unaffected: 0 , < 4.17 (semver) Unaffected: 6.1.162 , ≤ 6.1.* (semver) Unaffected: 6.6.122 , ≤ 6.6.* (semver) Unaffected: 6.12.68 , ≤ 6.12.* (semver) Unaffected: 6.18.8 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/spi/spi-sprd-adi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bddd3d10d039729b81cfb0804520c8832a701a0e",
"status": "affected",
"version": "ac1775012058e13ef1522938e27f5973d9e3f053",
"versionType": "git"
},
{
"lessThan": "417cdfd9b9f986e95bfcb1d68eb443e6e0a15f8c",
"status": "affected",
"version": "ac1775012058e13ef1522938e27f5973d9e3f053",
"versionType": "git"
},
{
"lessThan": "346775f2b4cf839177e8e86b94aa180a06dc15b0",
"status": "affected",
"version": "ac1775012058e13ef1522938e27f5973d9e3f053",
"versionType": "git"
},
{
"lessThan": "f6d6b3f172df118db582fe5ec43ae223a55d99cf",
"status": "affected",
"version": "ac1775012058e13ef1522938e27f5973d9e3f053",
"versionType": "git"
},
{
"lessThan": "383d4f5cffcc8df930d95b06518a9d25a6d74aac",
"status": "affected",
"version": "ac1775012058e13ef1522938e27f5973d9e3f053",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/spi/spi-sprd-adi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.68",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.162",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.68",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.8",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "4.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-sprd-adi: Fix double free in probe error path\n\nThe driver currently uses spi_alloc_host() to allocate the controller\nbut registers it using devm_spi_register_controller().\n\nIf devm_register_restart_handler() fails, the code jumps to the\nput_ctlr label and calls spi_controller_put(). However, since the\ncontroller was registered via a devm function, the device core will\nautomatically call spi_controller_put() again when the probe fails.\nThis results in a double-free of the spi_controller structure.\n\nFix this by switching to devm_spi_alloc_host() and removing the\nmanual spi_controller_put() call."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:59:22.846Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bddd3d10d039729b81cfb0804520c8832a701a0e"
},
{
"url": "https://git.kernel.org/stable/c/417cdfd9b9f986e95bfcb1d68eb443e6e0a15f8c"
},
{
"url": "https://git.kernel.org/stable/c/346775f2b4cf839177e8e86b94aa180a06dc15b0"
},
{
"url": "https://git.kernel.org/stable/c/f6d6b3f172df118db582fe5ec43ae223a55d99cf"
},
{
"url": "https://git.kernel.org/stable/c/383d4f5cffcc8df930d95b06518a9d25a6d74aac"
}
],
"title": "spi: spi-sprd-adi: Fix double free in probe error path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23068",
"datePublished": "2026-02-04T16:07:49.119Z",
"dateReserved": "2026-01-13T15:37:45.954Z",
"dateUpdated": "2026-05-11T21:59:22.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23071 (GCVE-0-2026-23071)
Vulnerability from cvelistv5 – Published: 2026-02-04 16:07 – Updated: 2026-06-11 18:44
VLAI
EPSS
Title
regmap: Fix race condition in hwspinlock irqsave routine
Summary
In the Linux kernel, the following vulnerability has been resolved:
regmap: Fix race condition in hwspinlock irqsave routine
Previously, the address of the shared member '&map->spinlock_flags' was
passed directly to 'hwspin_lock_timeout_irqsave'. This creates a race
condition where multiple contexts contending for the lock could overwrite
the shared flags variable, potentially corrupting the state for the
current lock owner.
Fix this by using a local stack variable 'flags' to store the IRQ state
temporarily.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/e1a7072bc4f958c9e… | |
| https://git.kernel.org/stable/c/766e243ae8c8b2708… | |
| https://git.kernel.org/stable/c/f1e2fe26a51eca95b… | |
| https://git.kernel.org/stable/c/24f31be6ad70537fd… | |
| https://git.kernel.org/stable/c/4aab0ca0a0f7760e3… | |
| https://git.kernel.org/stable/c/c2d2cf710dc3ee1a6… | |
| https://git.kernel.org/stable/c/4b58aac989c1e3faf… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
8698b9364710e7bac84b3af07dd410e39c8c2e08 , < e1a7072bc4f958c9e852dc7e57e39f12b0bb44b5
(git)
Affected: 8698b9364710e7bac84b3af07dd410e39c8c2e08 , < 766e243ae8c8b27087a4cc605752c0d5ee2daeab (git) Affected: 8698b9364710e7bac84b3af07dd410e39c8c2e08 , < f1e2fe26a51eca95b41420af76d22c2e613efd5e (git) Affected: 8698b9364710e7bac84b3af07dd410e39c8c2e08 , < 24f31be6ad70537fd7706269d99c92cade465a09 (git) Affected: 8698b9364710e7bac84b3af07dd410e39c8c2e08 , < 4aab0ca0a0f7760e33edcb4e47576064d05128f5 (git) Affected: 8698b9364710e7bac84b3af07dd410e39c8c2e08 , < c2d2cf710dc3ee1a69e00b4ed8de607a92a07889 (git) Affected: 8698b9364710e7bac84b3af07dd410e39c8c2e08 , < 4b58aac989c1e3fafb1c68a733811859df388250 (git) |
|
| Linux | Linux |
Affected:
4.15
Unaffected: 0 , < 4.15 (semver) Unaffected: 5.10.249 , ≤ 5.10.* (semver) Unaffected: 5.15.199 , ≤ 5.15.* (semver) Unaffected: 6.1.162 , ≤ 6.1.* (semver) Unaffected: 6.6.122 , ≤ 6.6.* (semver) Unaffected: 6.12.68 , ≤ 6.12.* (semver) Unaffected: 6.18.8 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23071",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T20:40:57.245934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T18:44:07.316Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/base/regmap/regmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e1a7072bc4f958c9e852dc7e57e39f12b0bb44b5",
"status": "affected",
"version": "8698b9364710e7bac84b3af07dd410e39c8c2e08",
"versionType": "git"
},
{
"lessThan": "766e243ae8c8b27087a4cc605752c0d5ee2daeab",
"status": "affected",
"version": "8698b9364710e7bac84b3af07dd410e39c8c2e08",
"versionType": "git"
},
{
"lessThan": "f1e2fe26a51eca95b41420af76d22c2e613efd5e",
"status": "affected",
"version": "8698b9364710e7bac84b3af07dd410e39c8c2e08",
"versionType": "git"
},
{
"lessThan": "24f31be6ad70537fd7706269d99c92cade465a09",
"status": "affected",
"version": "8698b9364710e7bac84b3af07dd410e39c8c2e08",
"versionType": "git"
},
{
"lessThan": "4aab0ca0a0f7760e33edcb4e47576064d05128f5",
"status": "affected",
"version": "8698b9364710e7bac84b3af07dd410e39c8c2e08",
"versionType": "git"
},
{
"lessThan": "c2d2cf710dc3ee1a69e00b4ed8de607a92a07889",
"status": "affected",
"version": "8698b9364710e7bac84b3af07dd410e39c8c2e08",
"versionType": "git"
},
{
"lessThan": "4b58aac989c1e3fafb1c68a733811859df388250",
"status": "affected",
"version": "8698b9364710e7bac84b3af07dd410e39c8c2e08",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/base/regmap/regmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.68",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.249",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.199",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.162",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.68",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.8",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: Fix race condition in hwspinlock irqsave routine\n\nPreviously, the address of the shared member \u0027\u0026map-\u003espinlock_flags\u0027 was\npassed directly to \u0027hwspin_lock_timeout_irqsave\u0027. This creates a race\ncondition where multiple contexts contending for the lock could overwrite\nthe shared flags variable, potentially corrupting the state for the\ncurrent lock owner.\n\nFix this by using a local stack variable \u0027flags\u0027 to store the IRQ state\ntemporarily."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:59:26.280Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e1a7072bc4f958c9e852dc7e57e39f12b0bb44b5"
},
{
"url": "https://git.kernel.org/stable/c/766e243ae8c8b27087a4cc605752c0d5ee2daeab"
},
{
"url": "https://git.kernel.org/stable/c/f1e2fe26a51eca95b41420af76d22c2e613efd5e"
},
{
"url": "https://git.kernel.org/stable/c/24f31be6ad70537fd7706269d99c92cade465a09"
},
{
"url": "https://git.kernel.org/stable/c/4aab0ca0a0f7760e33edcb4e47576064d05128f5"
},
{
"url": "https://git.kernel.org/stable/c/c2d2cf710dc3ee1a69e00b4ed8de607a92a07889"
},
{
"url": "https://git.kernel.org/stable/c/4b58aac989c1e3fafb1c68a733811859df388250"
}
],
"title": "regmap: Fix race condition in hwspinlock irqsave routine",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23071",
"datePublished": "2026-02-04T16:07:51.603Z",
"dateReserved": "2026-01-13T15:37:45.955Z",
"dateUpdated": "2026-06-11T18:44:07.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23073 (GCVE-0-2026-23073)
Vulnerability from cvelistv5 – Published: 2026-02-04 16:07 – Updated: 2026-06-11 18:44
VLAI
EPSS
Title
wifi: rsi: Fix memory corruption due to not set vif driver data size
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: rsi: Fix memory corruption due to not set vif driver data size
The struct ieee80211_vif contains trailing space for vif driver data,
when struct ieee80211_vif is allocated, the total memory size that is
allocated is sizeof(struct ieee80211_vif) + size of vif driver data.
The size of vif driver data is set by each WiFi driver as needed.
The RSI911x driver does not set vif driver data size, no trailing space
for vif driver data is therefore allocated past struct ieee80211_vif .
The RSI911x driver does however use the vif driver data to store its
vif driver data structure "struct vif_priv". An access to vif->drv_priv
leads to access out of struct ieee80211_vif bounds and corruption of
some memory.
In case of the failure observed locally, rsi_mac80211_add_interface()
would write struct vif_priv *vif_info = (struct vif_priv *)vif->drv_priv;
vif_info->vap_id = vap_idx. This write corrupts struct fq_tin member
struct list_head new_flows . The flow = list_first_entry(head, struct
fq_flow, flowchain); in fq_tin_reset() then reports non-NULL bogus
address, which when accessed causes a crash.
The trigger is very simple, boot the machine with init=/bin/sh , mount
devtmpfs, sysfs, procfs, and then do "ip link set wlan0 up", "sleep 1",
"ip link set wlan0 down" and the crash occurs.
Fix this by setting the correct size of vif driver data, which is the
size of "struct vif_priv", so that memory is allocated and the driver
can store its driver data in it, instead of corrupting memory around
it.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/49ef094fdbc3526e5… | |
| https://git.kernel.org/stable/c/0d7c9e793e351cbbe… | |
| https://git.kernel.org/stable/c/7c54d0c3e2cad4300… | |
| https://git.kernel.org/stable/c/7761d7801f40e6106… | |
| https://git.kernel.org/stable/c/99129d80a5d4989ef… | |
| https://git.kernel.org/stable/c/31efbcff90884ea5f… | |
| https://git.kernel.org/stable/c/4f431d88ea8093afc… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
dad0d04fa7ba41ce603a01e8e64967650303e9a2 , < 49ef094fdbc3526e5db2aebb404b84f79c5603dc
(git)
Affected: dad0d04fa7ba41ce603a01e8e64967650303e9a2 , < 0d7c9e793e351cbbe9e06a9ca47d77b6ad288fb0 (git) Affected: dad0d04fa7ba41ce603a01e8e64967650303e9a2 , < 7c54d0c3e2cad4300be721ec2aecfcf8a63bc9f4 (git) Affected: dad0d04fa7ba41ce603a01e8e64967650303e9a2 , < 7761d7801f40e61069b4df3db88b36d80d089f8a (git) Affected: dad0d04fa7ba41ce603a01e8e64967650303e9a2 , < 99129d80a5d4989ef8566f434f3589f60f28042b (git) Affected: dad0d04fa7ba41ce603a01e8e64967650303e9a2 , < 31efbcff90884ea5f65bf3d1de01267db51ee3d1 (git) Affected: dad0d04fa7ba41ce603a01e8e64967650303e9a2 , < 4f431d88ea8093afc7ba55edf4652978c5a68f33 (git) |
|
| Linux | Linux |
Affected:
3.15
Unaffected: 0 , < 3.15 (semver) Unaffected: 5.10.249 , ≤ 5.10.* (semver) Unaffected: 5.15.199 , ≤ 5.15.* (semver) Unaffected: 6.1.162 , ≤ 6.1.* (semver) Unaffected: 6.6.122 , ≤ 6.6.* (semver) Unaffected: 6.12.68 , ≤ 6.12.* (semver) Unaffected: 6.18.8 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23073",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T20:41:45.448812Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T18:44:15.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/rsi/rsi_91x_mac80211.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "49ef094fdbc3526e5db2aebb404b84f79c5603dc",
"status": "affected",
"version": "dad0d04fa7ba41ce603a01e8e64967650303e9a2",
"versionType": "git"
},
{
"lessThan": "0d7c9e793e351cbbe9e06a9ca47d77b6ad288fb0",
"status": "affected",
"version": "dad0d04fa7ba41ce603a01e8e64967650303e9a2",
"versionType": "git"
},
{
"lessThan": "7c54d0c3e2cad4300be721ec2aecfcf8a63bc9f4",
"status": "affected",
"version": "dad0d04fa7ba41ce603a01e8e64967650303e9a2",
"versionType": "git"
},
{
"lessThan": "7761d7801f40e61069b4df3db88b36d80d089f8a",
"status": "affected",
"version": "dad0d04fa7ba41ce603a01e8e64967650303e9a2",
"versionType": "git"
},
{
"lessThan": "99129d80a5d4989ef8566f434f3589f60f28042b",
"status": "affected",
"version": "dad0d04fa7ba41ce603a01e8e64967650303e9a2",
"versionType": "git"
},
{
"lessThan": "31efbcff90884ea5f65bf3d1de01267db51ee3d1",
"status": "affected",
"version": "dad0d04fa7ba41ce603a01e8e64967650303e9a2",
"versionType": "git"
},
{
"lessThan": "4f431d88ea8093afc7ba55edf4652978c5a68f33",
"status": "affected",
"version": "dad0d04fa7ba41ce603a01e8e64967650303e9a2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/rsi/rsi_91x_mac80211.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.15"
},
{
"lessThan": "3.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.68",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.249",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.199",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.162",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.68",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.8",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "3.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rsi: Fix memory corruption due to not set vif driver data size\n\nThe struct ieee80211_vif contains trailing space for vif driver data,\nwhen struct ieee80211_vif is allocated, the total memory size that is\nallocated is sizeof(struct ieee80211_vif) + size of vif driver data.\nThe size of vif driver data is set by each WiFi driver as needed.\n\nThe RSI911x driver does not set vif driver data size, no trailing space\nfor vif driver data is therefore allocated past struct ieee80211_vif .\nThe RSI911x driver does however use the vif driver data to store its\nvif driver data structure \"struct vif_priv\". An access to vif-\u003edrv_priv\nleads to access out of struct ieee80211_vif bounds and corruption of\nsome memory.\n\nIn case of the failure observed locally, rsi_mac80211_add_interface()\nwould write struct vif_priv *vif_info = (struct vif_priv *)vif-\u003edrv_priv;\nvif_info-\u003evap_id = vap_idx. This write corrupts struct fq_tin member\nstruct list_head new_flows . The flow = list_first_entry(head, struct\nfq_flow, flowchain); in fq_tin_reset() then reports non-NULL bogus\naddress, which when accessed causes a crash.\n\nThe trigger is very simple, boot the machine with init=/bin/sh , mount\ndevtmpfs, sysfs, procfs, and then do \"ip link set wlan0 up\", \"sleep 1\",\n\"ip link set wlan0 down\" and the crash occurs.\n\nFix this by setting the correct size of vif driver data, which is the\nsize of \"struct vif_priv\", so that memory is allocated and the driver\ncan store its driver data in it, instead of corrupting memory around\nit."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:59:28.776Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/49ef094fdbc3526e5db2aebb404b84f79c5603dc"
},
{
"url": "https://git.kernel.org/stable/c/0d7c9e793e351cbbe9e06a9ca47d77b6ad288fb0"
},
{
"url": "https://git.kernel.org/stable/c/7c54d0c3e2cad4300be721ec2aecfcf8a63bc9f4"
},
{
"url": "https://git.kernel.org/stable/c/7761d7801f40e61069b4df3db88b36d80d089f8a"
},
{
"url": "https://git.kernel.org/stable/c/99129d80a5d4989ef8566f434f3589f60f28042b"
},
{
"url": "https://git.kernel.org/stable/c/31efbcff90884ea5f65bf3d1de01267db51ee3d1"
},
{
"url": "https://git.kernel.org/stable/c/4f431d88ea8093afc7ba55edf4652978c5a68f33"
}
],
"title": "wifi: rsi: Fix memory corruption due to not set vif driver data size",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23073",
"datePublished": "2026-02-04T16:07:53.527Z",
"dateReserved": "2026-01-13T15:37:45.958Z",
"dateUpdated": "2026-06-11T18:44:15.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23074 (GCVE-0-2026-23074)
Vulnerability from cvelistv5 – Published: 2026-02-04 16:07 – Updated: 2026-06-30 12:06
VLAI
EPSS
Title
net/sched: Enforce that teql can only be used as root qdisc
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/sched: Enforce that teql can only be used as root qdisc
Design intent of teql is that it is only supposed to be used as root qdisc.
We need to check for that constraint.
Although not important, I will describe the scenario that unearthed this
issue for the curious.
GangMin Kim <km.kim1503@gmail.com> managed to concot a scenario as follows:
ROOT qdisc 1:0 (QFQ)
├── class 1:1 (weight=15, lmax=16384) netem with delay 6.4s
└── class 1:2 (weight=1, lmax=1514) teql
GangMin sends a packet which is enqueued to 1:1 (netem).
Any invocation of dequeue by QFQ from this class will not return a packet
until after 6.4s. In the meantime, a second packet is sent and it lands on
1:2. teql's enqueue will return success and this will activate class 1:2.
Main issue is that teql only updates the parent visible qlen (sch->q.qlen)
at dequeue. Since QFQ will only call dequeue if peek succeeds (and teql's
peek always returns NULL), dequeue will never be called and thus the qlen
will remain as 0. With that in mind, when GangMin updates 1:2's lmax value,
the qfq_change_class calls qfq_deact_rm_from_agg. Since the child qdisc's
qlen was not incremented, qfq fails to deactivate the class, but still
frees its pointers from the aggregate. So when the first packet is
rescheduled after 6.4 seconds (netem's delay), a dangling pointer is
accessed causing GangMin's causing a UAF.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-825 - Expired Pointer Dereference
Assigner
References
19 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/73d970ff0eddd874a… | |
| https://git.kernel.org/stable/c/ae810e6a8ac4fe250… | |
| https://git.kernel.org/stable/c/dad49a67c2d817bfe… | |
| https://git.kernel.org/stable/c/0686bedfed3415552… | |
| https://git.kernel.org/stable/c/4c7e8aa71c9232cba… | |
| https://git.kernel.org/stable/c/16ed73c1282d376b9… | |
| https://git.kernel.org/stable/c/50da4b9d07a7a463e… | |
| https://access.redhat.com/security/cve/CVE-2026-23074 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2436791 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:3810 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:3685 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:3634 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:3083 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:3388 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:3360 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:3268 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:3277 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:3110 | vendor-advisoryx_refsource_REDHAT |
Impacted products
21 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 73d970ff0eddd874a84c953387c7f4464b705fc6
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ae810e6a8ac4fe25042e6825d2a401207a2e41fb (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < dad49a67c2d817bfec98e6e45121b351e3a0202c (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 0686bedfed34155520f3f735cbf3210cb9044380 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 4c7e8aa71c9232cba84c289b4b56cba80b280841 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 16ed73c1282d376b956bff23e5139add061767ba (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 50da4b9d07a7a463e2cfb738f3ad4cff6b2c9c3b (git) |
|
| Linux | Linux |
Affected:
2.6.12
Unaffected: 0 , < 2.6.12 (semver) Unaffected: 5.10.249 , ≤ 5.10.* (semver) Unaffected: 5.15.199 , ≤ 5.15.* (semver) Unaffected: 6.1.162 , ≤ 6.1.* (semver) Unaffected: 6.6.122 , ≤ 6.6.* (semver) Unaffected: 6.12.68 , ≤ 6.12.* (semver) Unaffected: 6.18.8 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
|
| Red Hat | Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION) |
cpe:/o:redhat:rhel_els:6 |
|
| Red Hat | Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION) |
cpe:/o:redhat:rhel_els:6 |
|
| Red Hat | Red Hat Enterprise Linux Server (v. 7 ELS) |
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux for Real Time (v. 7 ELS) |
cpe:/a:redhat:rhel_extras_rt_els:7 |
|
| Red Hat | Red Hat Enterprise Linux Server Optional (v. 7 ELS) |
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux BaseOS (v. 8) |
cpe:/o:redhat:enterprise_linux:8::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS AUS (v. 8.2) |
cpe:/o:redhat:rhel_aus:8.2::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS AUS (v.8.4) |
cpe:/o:redhat:rhel_aus:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4) |
cpe:/o:redhat:rhel_eus_long_life:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS AUS (v.8.6) |
cpe:/o:redhat:rhel_aus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS E4S (v.8.6) |
cpe:/o:redhat:rhel_e4s:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS TUS (v.8.6) |
cpe:/o:redhat:rhel_tus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS E4S (v.8.8) |
cpe:/o:redhat:rhel_e4s:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS TUS (v.8.8) |
cpe:/o:redhat:rhel_tus:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux CRB (v. 8) |
cpe:/a:redhat:enterprise_linux:8::crb |
|
| Red Hat | Red Hat Enterprise Linux NFV (v. 8) |
cpe:/a:redhat:enterprise_linux:8::nfv |
|
| Red Hat | Red Hat Enterprise Linux RT (v. 8) |
cpe:/a:redhat:enterprise_linux:8::realtime |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23074",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-16T20:34:18.445688Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T20:34:30.393Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_extras_rt_els:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_aus:8.2::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_aus:8.4::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_aus:8.6::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.6::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_tus:8.6::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.8::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_tus:8.8::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CRB (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::nfv"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux NFV (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::realtime"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux RT (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2026-02-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u0027s networking component. A local attacker with low privileges could exploit a design issue in the teql queueing discipline, which is responsible for managing network traffic. By sending specially crafted network packets, an attacker could trigger a use-after-free (UAF) vulnerability, which is a type of memory corruption. This could lead to a system crash, or potentially allow the attacker to execute unauthorized code or gain elevated system access."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-825",
"description": "Expired Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:06:45.872Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-23074"
},
{
"name": "RHBZ#2436791",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436791"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23074.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3810"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3685"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3634"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3083"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3388"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3360"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3268"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3277"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3110"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:3810: Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION), Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)"
},
{
"lang": "en",
"value": "RHSA-2026:3685: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
},
{
"lang": "en",
"value": "RHSA-2026:3634: Red Hat Enterprise Linux for Real Time (v. 7 ELS)"
},
{
"lang": "en",
"value": "RHSA-2026:3083: Red Hat Enterprise Linux BaseOS (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:3388: Red Hat Enterprise Linux BaseOS AUS (v. 8.2)"
},
{
"lang": "en",
"value": "RHSA-2026:3360: Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2026:3268: Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:3277: Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:3110: Red Hat Enterprise Linux NFV (v. 8), Red Hat Enterprise Linux RT (v. 8)"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-04T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-02-04T00:00:00.000Z",
"value": "Made public."
}
],
"title": "kernel: Linux kernel: Use-after-free in teql queueing discipline can lead to privilege escalation",
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sched/sch_teql.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "73d970ff0eddd874a84c953387c7f4464b705fc6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ae810e6a8ac4fe25042e6825d2a401207a2e41fb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "dad49a67c2d817bfec98e6e45121b351e3a0202c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0686bedfed34155520f3f735cbf3210cb9044380",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4c7e8aa71c9232cba84c289b4b56cba80b280841",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "16ed73c1282d376b956bff23e5139add061767ba",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "50da4b9d07a7a463e2cfb738f3ad4cff6b2c9c3b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sched/sch_teql.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.68",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.249",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.199",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.162",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.68",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.8",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Enforce that teql can only be used as root qdisc\n\nDesign intent of teql is that it is only supposed to be used as root qdisc.\nWe need to check for that constraint.\n\nAlthough not important, I will describe the scenario that unearthed this\nissue for the curious.\n\nGangMin Kim \u003ckm.kim1503@gmail.com\u003e managed to concot a scenario as follows:\n\nROOT qdisc 1:0 (QFQ)\n \u251c\u2500\u2500 class 1:1 (weight=15, lmax=16384) netem with delay 6.4s\n \u2514\u2500\u2500 class 1:2 (weight=1, lmax=1514) teql\n\nGangMin sends a packet which is enqueued to 1:1 (netem).\nAny invocation of dequeue by QFQ from this class will not return a packet\nuntil after 6.4s. In the meantime, a second packet is sent and it lands on\n1:2. teql\u0027s enqueue will return success and this will activate class 1:2.\nMain issue is that teql only updates the parent visible qlen (sch-\u003eq.qlen)\nat dequeue. Since QFQ will only call dequeue if peek succeeds (and teql\u0027s\npeek always returns NULL), dequeue will never be called and thus the qlen\nwill remain as 0. With that in mind, when GangMin updates 1:2\u0027s lmax value,\nthe qfq_change_class calls qfq_deact_rm_from_agg. Since the child qdisc\u0027s\nqlen was not incremented, qfq fails to deactivate the class, but still\nfrees its pointers from the aggregate. So when the first packet is\nrescheduled after 6.4 seconds (netem\u0027s delay), a dangling pointer is\naccessed causing GangMin\u0027s causing a UAF."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:59:29.932Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/73d970ff0eddd874a84c953387c7f4464b705fc6"
},
{
"url": "https://git.kernel.org/stable/c/ae810e6a8ac4fe25042e6825d2a401207a2e41fb"
},
{
"url": "https://git.kernel.org/stable/c/dad49a67c2d817bfec98e6e45121b351e3a0202c"
},
{
"url": "https://git.kernel.org/stable/c/0686bedfed34155520f3f735cbf3210cb9044380"
},
{
"url": "https://git.kernel.org/stable/c/4c7e8aa71c9232cba84c289b4b56cba80b280841"
},
{
"url": "https://git.kernel.org/stable/c/16ed73c1282d376b956bff23e5139add061767ba"
},
{
"url": "https://git.kernel.org/stable/c/50da4b9d07a7a463e2cfb738f3ad4cff6b2c9c3b"
}
],
"title": "net/sched: Enforce that teql can only be used as root qdisc",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23074",
"datePublished": "2026-02-04T16:07:59.379Z",
"dateReserved": "2026-01-13T15:37:45.958Z",
"dateUpdated": "2026-06-30T12:06:45.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23076 (GCVE-0-2026-23076)
Vulnerability from cvelistv5 – Published: 2026-02-04 16:08 – Updated: 2026-06-11 18:44
VLAI
EPSS
Title
ALSA: ctxfi: Fix potential OOB access in audio mixer handling
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: ctxfi: Fix potential OOB access in audio mixer handling
In the audio mixer handling code of ctxfi driver, the conf field is
used as a kind of loop index, and it's referred in the index callbacks
(amixer_index() and sum_index()).
As spotted recently by fuzzers, the current code causes OOB access at
those functions.
| UBSAN: array-index-out-of-bounds in /build/reproducible-path/linux-6.17.8/sound/pci/ctxfi/ctamixer.c:347:48
| index 8 is out of range for type 'unsigned char [8]'
After the analysis, the cause was found to be the lack of the proper
(re-)initialization of conj field.
This patch addresses those OOB accesses by adding the proper
initializations of the loop indices.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/6524205326e0c1a21… | |
| https://git.kernel.org/stable/c/afca7ff5d5d4d63a1… | |
| https://git.kernel.org/stable/c/8c1d09806e1441bc6… | |
| https://git.kernel.org/stable/c/a8c42d11b0526a891… | |
| https://git.kernel.org/stable/c/d77ba72558cd66704… | |
| https://git.kernel.org/stable/c/873e2360d247eeee6… | |
| https://git.kernel.org/stable/c/61006c540cbdedea8… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
8cc72361481f00253f1e468ade5795427386d593 , < 6524205326e0c1a21263b5c14e48e14ef7e449ae
(git)
Affected: 8cc72361481f00253f1e468ade5795427386d593 , < afca7ff5d5d4d63a1acb95461f55ca9a729feedf (git) Affected: 8cc72361481f00253f1e468ade5795427386d593 , < 8c1d09806e1441bc6a54b9a4f2818918046d5174 (git) Affected: 8cc72361481f00253f1e468ade5795427386d593 , < a8c42d11b0526a89192bd2f79facb4c60c8a1f38 (git) Affected: 8cc72361481f00253f1e468ade5795427386d593 , < d77ba72558cd66704f0fb7e0969f697e87c0f71c (git) Affected: 8cc72361481f00253f1e468ade5795427386d593 , < 873e2360d247eeee642878fcc3398babff7e387c (git) Affected: 8cc72361481f00253f1e468ade5795427386d593 , < 61006c540cbdedea83b05577dc7fb7fa18fe1276 (git) |
|
| Linux | Linux |
Affected:
2.6.31
Unaffected: 0 , < 2.6.31 (semver) Unaffected: 5.10.249 , ≤ 5.10.* (semver) Unaffected: 5.15.199 , ≤ 5.15.* (semver) Unaffected: 6.1.162 , ≤ 6.1.* (semver) Unaffected: 6.6.122 , ≤ 6.6.* (semver) Unaffected: 6.12.68 , ≤ 6.12.* (semver) Unaffected: 6.18.8 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23076",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T20:42:28.584114Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T18:44:23.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/pci/ctxfi/ctamixer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6524205326e0c1a21263b5c14e48e14ef7e449ae",
"status": "affected",
"version": "8cc72361481f00253f1e468ade5795427386d593",
"versionType": "git"
},
{
"lessThan": "afca7ff5d5d4d63a1acb95461f55ca9a729feedf",
"status": "affected",
"version": "8cc72361481f00253f1e468ade5795427386d593",
"versionType": "git"
},
{
"lessThan": "8c1d09806e1441bc6a54b9a4f2818918046d5174",
"status": "affected",
"version": "8cc72361481f00253f1e468ade5795427386d593",
"versionType": "git"
},
{
"lessThan": "a8c42d11b0526a89192bd2f79facb4c60c8a1f38",
"status": "affected",
"version": "8cc72361481f00253f1e468ade5795427386d593",
"versionType": "git"
},
{
"lessThan": "d77ba72558cd66704f0fb7e0969f697e87c0f71c",
"status": "affected",
"version": "8cc72361481f00253f1e468ade5795427386d593",
"versionType": "git"
},
{
"lessThan": "873e2360d247eeee642878fcc3398babff7e387c",
"status": "affected",
"version": "8cc72361481f00253f1e468ade5795427386d593",
"versionType": "git"
},
{
"lessThan": "61006c540cbdedea83b05577dc7fb7fa18fe1276",
"status": "affected",
"version": "8cc72361481f00253f1e468ade5795427386d593",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/pci/ctxfi/ctamixer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.31"
},
{
"lessThan": "2.6.31",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.68",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.249",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.199",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.162",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.68",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.8",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "2.6.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: ctxfi: Fix potential OOB access in audio mixer handling\n\nIn the audio mixer handling code of ctxfi driver, the conf field is\nused as a kind of loop index, and it\u0027s referred in the index callbacks\n(amixer_index() and sum_index()).\n\nAs spotted recently by fuzzers, the current code causes OOB access at\nthose functions.\n| UBSAN: array-index-out-of-bounds in /build/reproducible-path/linux-6.17.8/sound/pci/ctxfi/ctamixer.c:347:48\n| index 8 is out of range for type \u0027unsigned char [8]\u0027\n\nAfter the analysis, the cause was found to be the lack of the proper\n(re-)initialization of conj field.\n\nThis patch addresses those OOB accesses by adding the proper\ninitializations of the loop indices."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:59:32.239Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6524205326e0c1a21263b5c14e48e14ef7e449ae"
},
{
"url": "https://git.kernel.org/stable/c/afca7ff5d5d4d63a1acb95461f55ca9a729feedf"
},
{
"url": "https://git.kernel.org/stable/c/8c1d09806e1441bc6a54b9a4f2818918046d5174"
},
{
"url": "https://git.kernel.org/stable/c/a8c42d11b0526a89192bd2f79facb4c60c8a1f38"
},
{
"url": "https://git.kernel.org/stable/c/d77ba72558cd66704f0fb7e0969f697e87c0f71c"
},
{
"url": "https://git.kernel.org/stable/c/873e2360d247eeee642878fcc3398babff7e387c"
},
{
"url": "https://git.kernel.org/stable/c/61006c540cbdedea83b05577dc7fb7fa18fe1276"
}
],
"title": "ALSA: ctxfi: Fix potential OOB access in audio mixer handling",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23076",
"datePublished": "2026-02-04T16:08:01.204Z",
"dateReserved": "2026-01-13T15:37:45.958Z",
"dateUpdated": "2026-06-11T18:44:23.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23078 (GCVE-0-2026-23078)
Vulnerability from cvelistv5 – Published: 2026-02-04 16:08 – Updated: 2026-05-11 21:59
VLAI
EPSS
Title
ALSA: scarlett2: Fix buffer overflow in config retrieval
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: scarlett2: Fix buffer overflow in config retrieval
The scarlett2_usb_get_config() function has a logic error in the
endianness conversion code that can cause buffer overflows when
count > 1.
The code checks `if (size == 2)` where `size` is the total buffer size in
bytes, then loops `count` times treating each element as u16 (2 bytes).
This causes the loop to access `count * 2` bytes when the buffer only
has `size` bytes allocated.
Fix by checking the element size (config_item->size) instead of the
total buffer size. This ensures the endianness conversion matches the
actual element type.
Severity
No CVSS data available.
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/d5e80d1f97ae55bce… | |
| https://git.kernel.org/stable/c/51049f6e3f05d7066… | |
| https://git.kernel.org/stable/c/91a756d22f0482eac… | |
| https://git.kernel.org/stable/c/27049f50be9f5ae3a… | |
| https://git.kernel.org/stable/c/31a3eba5c265a7632… | |
| https://git.kernel.org/stable/c/6f5c69f72e50d51be… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
ac34df733d2dfe3b553897a1e9e1a44414f09834 , < d5e80d1f97ae55bcea1426f551e4419245b41b9c
(git)
Affected: ac34df733d2dfe3b553897a1e9e1a44414f09834 , < 51049f6e3f05d70660e2458ad3bb302a3721b751 (git) Affected: ac34df733d2dfe3b553897a1e9e1a44414f09834 , < 91a756d22f0482eac5bedb113c8922f90b254449 (git) Affected: ac34df733d2dfe3b553897a1e9e1a44414f09834 , < 27049f50be9f5ae3a62d272128ce0b381cb26a24 (git) Affected: ac34df733d2dfe3b553897a1e9e1a44414f09834 , < 31a3eba5c265a763260976674a22851e83128f6d (git) Affected: ac34df733d2dfe3b553897a1e9e1a44414f09834 , < 6f5c69f72e50d51be3a8c028ae7eda42c82902cb (git) |
|
| Linux | Linux |
Affected:
5.14
Unaffected: 0 , < 5.14 (semver) Unaffected: 5.15.199 , ≤ 5.15.* (semver) Unaffected: 6.1.162 , ≤ 6.1.* (semver) Unaffected: 6.6.122 , ≤ 6.6.* (semver) Unaffected: 6.12.68 , ≤ 6.12.* (semver) Unaffected: 6.18.8 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/usb/mixer_scarlett2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d5e80d1f97ae55bcea1426f551e4419245b41b9c",
"status": "affected",
"version": "ac34df733d2dfe3b553897a1e9e1a44414f09834",
"versionType": "git"
},
{
"lessThan": "51049f6e3f05d70660e2458ad3bb302a3721b751",
"status": "affected",
"version": "ac34df733d2dfe3b553897a1e9e1a44414f09834",
"versionType": "git"
},
{
"lessThan": "91a756d22f0482eac5bedb113c8922f90b254449",
"status": "affected",
"version": "ac34df733d2dfe3b553897a1e9e1a44414f09834",
"versionType": "git"
},
{
"lessThan": "27049f50be9f5ae3a62d272128ce0b381cb26a24",
"status": "affected",
"version": "ac34df733d2dfe3b553897a1e9e1a44414f09834",
"versionType": "git"
},
{
"lessThan": "31a3eba5c265a763260976674a22851e83128f6d",
"status": "affected",
"version": "ac34df733d2dfe3b553897a1e9e1a44414f09834",
"versionType": "git"
},
{
"lessThan": "6f5c69f72e50d51be3a8c028ae7eda42c82902cb",
"status": "affected",
"version": "ac34df733d2dfe3b553897a1e9e1a44414f09834",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/usb/mixer_scarlett2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.68",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.199",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.162",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.68",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.8",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: scarlett2: Fix buffer overflow in config retrieval\n\nThe scarlett2_usb_get_config() function has a logic error in the\nendianness conversion code that can cause buffer overflows when\ncount \u003e 1.\n\nThe code checks `if (size == 2)` where `size` is the total buffer size in\nbytes, then loops `count` times treating each element as u16 (2 bytes).\nThis causes the loop to access `count * 2` bytes when the buffer only\nhas `size` bytes allocated.\n\nFix by checking the element size (config_item-\u003esize) instead of the\ntotal buffer size. This ensures the endianness conversion matches the\nactual element type."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:59:34.569Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d5e80d1f97ae55bcea1426f551e4419245b41b9c"
},
{
"url": "https://git.kernel.org/stable/c/51049f6e3f05d70660e2458ad3bb302a3721b751"
},
{
"url": "https://git.kernel.org/stable/c/91a756d22f0482eac5bedb113c8922f90b254449"
},
{
"url": "https://git.kernel.org/stable/c/27049f50be9f5ae3a62d272128ce0b381cb26a24"
},
{
"url": "https://git.kernel.org/stable/c/31a3eba5c265a763260976674a22851e83128f6d"
},
{
"url": "https://git.kernel.org/stable/c/6f5c69f72e50d51be3a8c028ae7eda42c82902cb"
}
],
"title": "ALSA: scarlett2: Fix buffer overflow in config retrieval",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23078",
"datePublished": "2026-02-04T16:08:03.283Z",
"dateReserved": "2026-01-13T15:37:45.959Z",
"dateUpdated": "2026-05-11T21:59:34.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23080 (GCVE-0-2026-23080)
Vulnerability from cvelistv5 – Published: 2026-02-04 16:08 – Updated: 2026-05-11 21:59
VLAI
EPSS
Title
can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak
Summary
In the Linux kernel, the following vulnerability has been resolved:
can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak
Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb:
gs_usb_receive_bulk_callback(): fix URB memory leak").
In mcba_usb_probe() -> mcba_usb_start(), the URBs for USB-in transfers are
allocated, added to the priv->rx_submitted anchor and submitted. In the
complete callback mcba_usb_read_bulk_callback(), the URBs are processed and
resubmitted. In mcba_usb_close() -> mcba_urb_unlink() the URBs are freed by
calling usb_kill_anchored_urbs(&priv->rx_submitted).
However, this does not take into account that the USB framework unanchors
the URB before the complete function is called. This means that once an
in-URB has been completed, it is no longer anchored and is ultimately not
released in usb_kill_anchored_urbs().
Fix the memory leak by anchoring the URB in the
mcba_usb_read_bulk_callback()to the priv->rx_submitted anchor.
Severity
No CVSS data available.
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/8b34c611a4feb8192… | |
| https://git.kernel.org/stable/c/b5a1ccdc63b71d93a… | |
| https://git.kernel.org/stable/c/59153b6388e056091… | |
| https://git.kernel.org/stable/c/179f6f0cf5ae48974… | |
| https://git.kernel.org/stable/c/94c9f6f7b953f6382… | |
| https://git.kernel.org/stable/c/d374d715e338dfc38… | |
| https://git.kernel.org/stable/c/710a7529fb13c5a47… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
51f3baad7de943780ce0c17bd7975df567dd6e14 , < 8b34c611a4feb81921bc4728c091e4e3ba0270c0
(git)
Affected: 51f3baad7de943780ce0c17bd7975df567dd6e14 , < b5a1ccdc63b71d93a69a6b72f7a3f3934293ea60 (git) Affected: 51f3baad7de943780ce0c17bd7975df567dd6e14 , < 59153b6388e05609144ad56a9b354e9100a91983 (git) Affected: 51f3baad7de943780ce0c17bd7975df567dd6e14 , < 179f6f0cf5ae489743273b7c1644324c0c477ea9 (git) Affected: 51f3baad7de943780ce0c17bd7975df567dd6e14 , < 94c9f6f7b953f6382fef4bdc48c046b861b8868f (git) Affected: 51f3baad7de943780ce0c17bd7975df567dd6e14 , < d374d715e338dfc3804aaa006fa6e470ffebb264 (git) Affected: 51f3baad7de943780ce0c17bd7975df567dd6e14 , < 710a7529fb13c5a470258ff5508ed3c498d54729 (git) |
|
| Linux | Linux |
Affected:
4.12
Unaffected: 0 , < 4.12 (semver) Unaffected: 5.10.249 , ≤ 5.10.* (semver) Unaffected: 5.15.199 , ≤ 5.15.* (semver) Unaffected: 6.1.162 , ≤ 6.1.* (semver) Unaffected: 6.6.122 , ≤ 6.6.* (semver) Unaffected: 6.12.68 , ≤ 6.12.* (semver) Unaffected: 6.18.8 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/can/usb/mcba_usb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8b34c611a4feb81921bc4728c091e4e3ba0270c0",
"status": "affected",
"version": "51f3baad7de943780ce0c17bd7975df567dd6e14",
"versionType": "git"
},
{
"lessThan": "b5a1ccdc63b71d93a69a6b72f7a3f3934293ea60",
"status": "affected",
"version": "51f3baad7de943780ce0c17bd7975df567dd6e14",
"versionType": "git"
},
{
"lessThan": "59153b6388e05609144ad56a9b354e9100a91983",
"status": "affected",
"version": "51f3baad7de943780ce0c17bd7975df567dd6e14",
"versionType": "git"
},
{
"lessThan": "179f6f0cf5ae489743273b7c1644324c0c477ea9",
"status": "affected",
"version": "51f3baad7de943780ce0c17bd7975df567dd6e14",
"versionType": "git"
},
{
"lessThan": "94c9f6f7b953f6382fef4bdc48c046b861b8868f",
"status": "affected",
"version": "51f3baad7de943780ce0c17bd7975df567dd6e14",
"versionType": "git"
},
{
"lessThan": "d374d715e338dfc3804aaa006fa6e470ffebb264",
"status": "affected",
"version": "51f3baad7de943780ce0c17bd7975df567dd6e14",
"versionType": "git"
},
{
"lessThan": "710a7529fb13c5a470258ff5508ed3c498d54729",
"status": "affected",
"version": "51f3baad7de943780ce0c17bd7975df567dd6e14",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/can/usb/mcba_usb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.68",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.249",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.199",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.162",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.68",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.8",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak\n\nFix similar memory leak as in commit 7352e1d5932a (\"can: gs_usb:\ngs_usb_receive_bulk_callback(): fix URB memory leak\").\n\nIn mcba_usb_probe() -\u003e mcba_usb_start(), the URBs for USB-in transfers are\nallocated, added to the priv-\u003erx_submitted anchor and submitted. In the\ncomplete callback mcba_usb_read_bulk_callback(), the URBs are processed and\nresubmitted. In mcba_usb_close() -\u003e mcba_urb_unlink() the URBs are freed by\ncalling usb_kill_anchored_urbs(\u0026priv-\u003erx_submitted).\n\nHowever, this does not take into account that the USB framework unanchors\nthe URB before the complete function is called. This means that once an\nin-URB has been completed, it is no longer anchored and is ultimately not\nreleased in usb_kill_anchored_urbs().\n\nFix the memory leak by anchoring the URB in the\nmcba_usb_read_bulk_callback()to the priv-\u003erx_submitted anchor."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:59:36.827Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8b34c611a4feb81921bc4728c091e4e3ba0270c0"
},
{
"url": "https://git.kernel.org/stable/c/b5a1ccdc63b71d93a69a6b72f7a3f3934293ea60"
},
{
"url": "https://git.kernel.org/stable/c/59153b6388e05609144ad56a9b354e9100a91983"
},
{
"url": "https://git.kernel.org/stable/c/179f6f0cf5ae489743273b7c1644324c0c477ea9"
},
{
"url": "https://git.kernel.org/stable/c/94c9f6f7b953f6382fef4bdc48c046b861b8868f"
},
{
"url": "https://git.kernel.org/stable/c/d374d715e338dfc3804aaa006fa6e470ffebb264"
},
{
"url": "https://git.kernel.org/stable/c/710a7529fb13c5a470258ff5508ed3c498d54729"
}
],
"title": "can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23080",
"datePublished": "2026-02-04T16:08:04.982Z",
"dateReserved": "2026-01-13T15:37:45.959Z",
"dateUpdated": "2026-05-11T21:59:36.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23082 (GCVE-0-2026-23082)
Vulnerability from cvelistv5 – Published: 2026-02-04 16:08 – Updated: 2026-05-11 21:59
VLAI
EPSS
Title
can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error
Summary
In the Linux kernel, the following vulnerability has been resolved:
can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error
In commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix
URB memory leak"), the URB was re-anchored before usb_submit_urb() in
gs_usb_receive_bulk_callback() to prevent a leak of this URB during
cleanup.
However, this patch did not take into account that usb_submit_urb() could
fail. The URB remains anchored and
usb_kill_anchored_urbs(&parent->rx_submitted) in gs_can_close() loops
infinitely since the anchor list never becomes empty.
To fix the bug, unanchor the URB when an usb_submit_urb() error occurs,
also print an info message.
Severity
No CVSS data available.
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/da01de754e455e259… | |
| https://git.kernel.org/stable/c/aa8a8866c533a150b… | |
| https://git.kernel.org/stable/c/ce4352057fc5a986c… | |
| https://git.kernel.org/stable/c/c610b550ccc0438d4… | |
| https://git.kernel.org/stable/c/c3edc14da81a8d839… | |
| https://git.kernel.org/stable/c/79a6d1bfe1148bc92… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
9c151898cc259a7784be60ba38664f42ede39b31 , < da01de754e455e2598a7f1ce4ff2078c4f0ecde1
(git)
Affected: ec5ccc2af9e5b045671f3f604b57512feda8bcc5 , < aa8a8866c533a150be4763bcb27993603bd5426c (git) Affected: f905bcfa971edb89e398c98957838d8c6381c0c7 , < ce4352057fc5a986c76ece90801b9755e7c6e56c (git) Affected: 08624b7206ddb9148eeffc2384ebda2c47b6d1e9 , < c610b550ccc0438d456dfe1df9f4f36254ccaae3 (git) Affected: 9f669a38ca70839229b7ba0f851820850a2fe1f7 , < c3edc14da81a8d8398682f6e4ab819f09f37c0b7 (git) Affected: 7352e1d5932a0e777e39fa4b619801191f57e603 , < 79a6d1bfe1148bc921b8d7f3371a7fbce44e30f7 (git) |
|
| Linux | Linux |
Affected:
6.12.67 , < 6.12.68
(semver)
Affected: 6.18.7 , < 6.18.8 (semver) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/can/usb/gs_usb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "da01de754e455e2598a7f1ce4ff2078c4f0ecde1",
"status": "affected",
"version": "9c151898cc259a7784be60ba38664f42ede39b31",
"versionType": "git"
},
{
"lessThan": "aa8a8866c533a150be4763bcb27993603bd5426c",
"status": "affected",
"version": "ec5ccc2af9e5b045671f3f604b57512feda8bcc5",
"versionType": "git"
},
{
"lessThan": "ce4352057fc5a986c76ece90801b9755e7c6e56c",
"status": "affected",
"version": "f905bcfa971edb89e398c98957838d8c6381c0c7",
"versionType": "git"
},
{
"lessThan": "c610b550ccc0438d456dfe1df9f4f36254ccaae3",
"status": "affected",
"version": "08624b7206ddb9148eeffc2384ebda2c47b6d1e9",
"versionType": "git"
},
{
"lessThan": "c3edc14da81a8d8398682f6e4ab819f09f37c0b7",
"status": "affected",
"version": "9f669a38ca70839229b7ba0f851820850a2fe1f7",
"versionType": "git"
},
{
"lessThan": "79a6d1bfe1148bc921b8d7f3371a7fbce44e30f7",
"status": "affected",
"version": "7352e1d5932a0e777e39fa4b619801191f57e603",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/can/usb/gs_usb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.12.68",
"status": "affected",
"version": "6.12.67",
"versionType": "semver"
},
{
"lessThan": "6.18.8",
"status": "affected",
"version": "6.18.7",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.68",
"versionStartIncluding": "6.12.67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.8",
"versionStartIncluding": "6.18.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error\n\nIn commit 7352e1d5932a (\"can: gs_usb: gs_usb_receive_bulk_callback(): fix\nURB memory leak\"), the URB was re-anchored before usb_submit_urb() in\ngs_usb_receive_bulk_callback() to prevent a leak of this URB during\ncleanup.\n\nHowever, this patch did not take into account that usb_submit_urb() could\nfail. The URB remains anchored and\nusb_kill_anchored_urbs(\u0026parent-\u003erx_submitted) in gs_can_close() loops\ninfinitely since the anchor list never becomes empty.\n\nTo fix the bug, unanchor the URB when an usb_submit_urb() error occurs,\nalso print an info message."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:59:39.102Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/da01de754e455e2598a7f1ce4ff2078c4f0ecde1"
},
{
"url": "https://git.kernel.org/stable/c/aa8a8866c533a150be4763bcb27993603bd5426c"
},
{
"url": "https://git.kernel.org/stable/c/ce4352057fc5a986c76ece90801b9755e7c6e56c"
},
{
"url": "https://git.kernel.org/stable/c/c610b550ccc0438d456dfe1df9f4f36254ccaae3"
},
{
"url": "https://git.kernel.org/stable/c/c3edc14da81a8d8398682f6e4ab819f09f37c0b7"
},
{
"url": "https://git.kernel.org/stable/c/79a6d1bfe1148bc921b8d7f3371a7fbce44e30f7"
}
],
"title": "can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23082",
"datePublished": "2026-02-04T16:08:06.731Z",
"dateReserved": "2026-01-13T15:37:45.960Z",
"dateUpdated": "2026-05-11T21:59:39.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23083 (GCVE-0-2026-23083)
Vulnerability from cvelistv5 – Published: 2026-02-04 16:08 – Updated: 2026-06-11 18:44
VLAI
EPSS
Title
fou: Don't allow 0 for FOU_ATTR_IPPROTO.
Summary
In the Linux kernel, the following vulnerability has been resolved:
fou: Don't allow 0 for FOU_ATTR_IPPROTO.
fou_udp_recv() has the same problem mentioned in the previous
patch.
If FOU_ATTR_IPPROTO is set to 0, skb is not freed by
fou_udp_recv() nor "resubmit"-ted in ip_protocol_deliver_rcu().
Let's forbid 0 for FOU_ATTR_IPPROTO.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/c7498f9bc390479cc… | |
| https://git.kernel.org/stable/c/611ef4bd9c73d9e6d… | |
| https://git.kernel.org/stable/c/6e983789b7588ee59… | |
| https://git.kernel.org/stable/c/1cc98b8887cabb180… | |
| https://git.kernel.org/stable/c/b7db31a52c3862a1a… | |
| https://git.kernel.org/stable/c/9b75dff8446ec8710… | |
| https://git.kernel.org/stable/c/7a9bc9e3f42391e4c… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
23461551c00628c3f3fe9cf837bf53cf8f212b63 , < c7498f9bc390479ccfad7c7f2332237ff4945b03
(git)
Affected: 23461551c00628c3f3fe9cf837bf53cf8f212b63 , < 611ef4bd9c73d9e6d87bed57a635ff1fdd8c91ea (git) Affected: 23461551c00628c3f3fe9cf837bf53cf8f212b63 , < 6e983789b7588ee59cbf303583546c043bad8e19 (git) Affected: 23461551c00628c3f3fe9cf837bf53cf8f212b63 , < 1cc98b8887cabb1808d2f4a37cd10a7be7574771 (git) Affected: 23461551c00628c3f3fe9cf837bf53cf8f212b63 , < b7db31a52c3862a1a32202a273a4c32e7f5f4823 (git) Affected: 23461551c00628c3f3fe9cf837bf53cf8f212b63 , < 9b75dff8446ec871030d8daf5a69e74f5fe8b956 (git) Affected: 23461551c00628c3f3fe9cf837bf53cf8f212b63 , < 7a9bc9e3f42391e4c187e099263cf7a1c4b69ff5 (git) |
|
| Linux | Linux |
Affected:
3.18
Unaffected: 0 , < 3.18 (semver) Unaffected: 5.10.249 , ≤ 5.10.* (semver) Unaffected: 5.15.199 , ≤ 5.15.* (semver) Unaffected: 6.1.162 , ≤ 6.1.* (semver) Unaffected: 6.6.122 , ≤ 6.6.* (semver) Unaffected: 6.12.68 , ≤ 6.12.* (semver) Unaffected: 6.18.8 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23083",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T20:41:31.350182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T18:44:13.302Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"Documentation/netlink/specs/fou.yaml",
"net/ipv4/fou_nl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c7498f9bc390479ccfad7c7f2332237ff4945b03",
"status": "affected",
"version": "23461551c00628c3f3fe9cf837bf53cf8f212b63",
"versionType": "git"
},
{
"lessThan": "611ef4bd9c73d9e6d87bed57a635ff1fdd8c91ea",
"status": "affected",
"version": "23461551c00628c3f3fe9cf837bf53cf8f212b63",
"versionType": "git"
},
{
"lessThan": "6e983789b7588ee59cbf303583546c043bad8e19",
"status": "affected",
"version": "23461551c00628c3f3fe9cf837bf53cf8f212b63",
"versionType": "git"
},
{
"lessThan": "1cc98b8887cabb1808d2f4a37cd10a7be7574771",
"status": "affected",
"version": "23461551c00628c3f3fe9cf837bf53cf8f212b63",
"versionType": "git"
},
{
"lessThan": "b7db31a52c3862a1a32202a273a4c32e7f5f4823",
"status": "affected",
"version": "23461551c00628c3f3fe9cf837bf53cf8f212b63",
"versionType": "git"
},
{
"lessThan": "9b75dff8446ec871030d8daf5a69e74f5fe8b956",
"status": "affected",
"version": "23461551c00628c3f3fe9cf837bf53cf8f212b63",
"versionType": "git"
},
{
"lessThan": "7a9bc9e3f42391e4c187e099263cf7a1c4b69ff5",
"status": "affected",
"version": "23461551c00628c3f3fe9cf837bf53cf8f212b63",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"Documentation/netlink/specs/fou.yaml",
"net/ipv4/fou_nl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.18"
},
{
"lessThan": "3.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.68",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.249",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.199",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.162",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.68",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.8",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "3.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfou: Don\u0027t allow 0 for FOU_ATTR_IPPROTO.\n\nfou_udp_recv() has the same problem mentioned in the previous\npatch.\n\nIf FOU_ATTR_IPPROTO is set to 0, skb is not freed by\nfou_udp_recv() nor \"resubmit\"-ted in ip_protocol_deliver_rcu().\n\nLet\u0027s forbid 0 for FOU_ATTR_IPPROTO."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:59:40.268Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c7498f9bc390479ccfad7c7f2332237ff4945b03"
},
{
"url": "https://git.kernel.org/stable/c/611ef4bd9c73d9e6d87bed57a635ff1fdd8c91ea"
},
{
"url": "https://git.kernel.org/stable/c/6e983789b7588ee59cbf303583546c043bad8e19"
},
{
"url": "https://git.kernel.org/stable/c/1cc98b8887cabb1808d2f4a37cd10a7be7574771"
},
{
"url": "https://git.kernel.org/stable/c/b7db31a52c3862a1a32202a273a4c32e7f5f4823"
},
{
"url": "https://git.kernel.org/stable/c/9b75dff8446ec871030d8daf5a69e74f5fe8b956"
},
{
"url": "https://git.kernel.org/stable/c/7a9bc9e3f42391e4c187e099263cf7a1c4b69ff5"
}
],
"title": "fou: Don\u0027t allow 0 for FOU_ATTR_IPPROTO.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23083",
"datePublished": "2026-02-04T16:08:07.561Z",
"dateReserved": "2026-01-13T15:37:45.960Z",
"dateUpdated": "2026-06-11T18:44:13.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23084 (GCVE-0-2026-23084)
Vulnerability from cvelistv5 – Published: 2026-02-04 16:08 – Updated: 2026-06-11 18:44
VLAI
EPSS
Title
be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list
Summary
In the Linux kernel, the following vulnerability has been resolved:
be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list
When the parameter pmac_id_valid argument of be_cmd_get_mac_from_list() is
set to false, the driver may request the PMAC_ID from the firmware of the
network card, and this function will store that PMAC_ID at the provided
address pmac_id. This is the contract of this function.
However, there is a location within the driver where both
pmac_id_valid == false and pmac_id == NULL are being passed. This could
result in dereferencing a NULL pointer.
To resolve this issue, it is necessary to pass the address of a stub
variable to the function.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/4cba480c9b9a3861a… | |
| https://git.kernel.org/stable/c/92c6dc181a18e6e0d… | |
| https://git.kernel.org/stable/c/6c3e00888dbec8871… | |
| https://git.kernel.org/stable/c/e206fb415db36bad5… | |
| https://git.kernel.org/stable/c/47ffb4dcffe336f4a… | |
| https://git.kernel.org/stable/c/31410a01a86bcb98c… | |
| https://git.kernel.org/stable/c/8215794403d264739… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
95046b927a54f461766f83a212c6a93bc5fd2e67 , < 4cba480c9b9a3861a515262225cb53a1f5978344
(git)
Affected: 95046b927a54f461766f83a212c6a93bc5fd2e67 , < 92c6dc181a18e6e0ddb872ed35cb48a9274829e4 (git) Affected: 95046b927a54f461766f83a212c6a93bc5fd2e67 , < 6c3e00888dbec887125a08b51a705b9b163fcdd1 (git) Affected: 95046b927a54f461766f83a212c6a93bc5fd2e67 , < e206fb415db36bad52bb90c08d46ce71ffbe8a80 (git) Affected: 95046b927a54f461766f83a212c6a93bc5fd2e67 , < 47ffb4dcffe336f4a7bd0f3284be7aadc6484698 (git) Affected: 95046b927a54f461766f83a212c6a93bc5fd2e67 , < 31410a01a86bcb98c798d01061abf1f789c4f75a (git) Affected: 95046b927a54f461766f83a212c6a93bc5fd2e67 , < 8215794403d264739cc676668087512950b2ff31 (git) |
|
| Linux | Linux |
Affected:
3.12
Unaffected: 0 , < 3.12 (semver) Unaffected: 5.10.249 , ≤ 5.10.* (semver) Unaffected: 5.15.199 , ≤ 5.15.* (semver) Unaffected: 6.1.162 , ≤ 6.1.* (semver) Unaffected: 6.6.122 , ≤ 6.6.* (semver) Unaffected: 6.12.68 , ≤ 6.12.* (semver) Unaffected: 6.18.8 , ≤ 6.18.* (semver) Unaffected: 6.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23084",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T20:41:28.786911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T18:44:12.837Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/emulex/benet/be_cmds.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4cba480c9b9a3861a515262225cb53a1f5978344",
"status": "affected",
"version": "95046b927a54f461766f83a212c6a93bc5fd2e67",
"versionType": "git"
},
{
"lessThan": "92c6dc181a18e6e0ddb872ed35cb48a9274829e4",
"status": "affected",
"version": "95046b927a54f461766f83a212c6a93bc5fd2e67",
"versionType": "git"
},
{
"lessThan": "6c3e00888dbec887125a08b51a705b9b163fcdd1",
"status": "affected",
"version": "95046b927a54f461766f83a212c6a93bc5fd2e67",
"versionType": "git"
},
{
"lessThan": "e206fb415db36bad52bb90c08d46ce71ffbe8a80",
"status": "affected",
"version": "95046b927a54f461766f83a212c6a93bc5fd2e67",
"versionType": "git"
},
{
"lessThan": "47ffb4dcffe336f4a7bd0f3284be7aadc6484698",
"status": "affected",
"version": "95046b927a54f461766f83a212c6a93bc5fd2e67",
"versionType": "git"
},
{
"lessThan": "31410a01a86bcb98c798d01061abf1f789c4f75a",
"status": "affected",
"version": "95046b927a54f461766f83a212c6a93bc5fd2e67",
"versionType": "git"
},
{
"lessThan": "8215794403d264739cc676668087512950b2ff31",
"status": "affected",
"version": "95046b927a54f461766f83a212c6a93bc5fd2e67",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/emulex/benet/be_cmds.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.12"
},
{
"lessThan": "3.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.68",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.249",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.199",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.162",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.68",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.8",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "3.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbe2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list\n\nWhen the parameter pmac_id_valid argument of be_cmd_get_mac_from_list() is\nset to false, the driver may request the PMAC_ID from the firmware of the\nnetwork card, and this function will store that PMAC_ID at the provided\naddress pmac_id. This is the contract of this function.\n\nHowever, there is a location within the driver where both\npmac_id_valid == false and pmac_id == NULL are being passed. This could\nresult in dereferencing a NULL pointer.\n\nTo resolve this issue, it is necessary to pass the address of a stub\nvariable to the function."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:59:41.422Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4cba480c9b9a3861a515262225cb53a1f5978344"
},
{
"url": "https://git.kernel.org/stable/c/92c6dc181a18e6e0ddb872ed35cb48a9274829e4"
},
{
"url": "https://git.kernel.org/stable/c/6c3e00888dbec887125a08b51a705b9b163fcdd1"
},
{
"url": "https://git.kernel.org/stable/c/e206fb415db36bad52bb90c08d46ce71ffbe8a80"
},
{
"url": "https://git.kernel.org/stable/c/47ffb4dcffe336f4a7bd0f3284be7aadc6484698"
},
{
"url": "https://git.kernel.org/stable/c/31410a01a86bcb98c798d01061abf1f789c4f75a"
},
{
"url": "https://git.kernel.org/stable/c/8215794403d264739cc676668087512950b2ff31"
}
],
"title": "be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23084",
"datePublished": "2026-02-04T16:08:08.456Z",
"dateReserved": "2026-01-13T15:37:45.960Z",
"dateUpdated": "2026-06-11T18:44:12.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…