Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0745
Vulnerability from certfr_avis - Published: 2026-06-12 - Updated: 2026-06-12
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | openSUSE Leap | openSUSE Leap 15.5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP6 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP6 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro for Rancher 5.4 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.6 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP applications 16.0 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro for Rancher 5.3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP6 | ||
| SUSE | SUSE Linux Micro Extras | SUSE Linux Micro Extras 6.2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 11 SP4 | ||
| SUSE | SUSE Linux Micro | SUSE Linux Micro 6.2 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.5 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15 SP6 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP6 LTSS | ||
| SUSE | SUSE Linux Enterprise High Availability Extension | SUSE Linux Enterprise High Availability Extension 15 SP6 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Micro Extras 6.2",
"product": {
"name": "SUSE Linux Micro Extras",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP6 LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP6",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-31483",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31483"
},
{
"name": "CVE-2026-43414",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43414"
},
{
"name": "CVE-2026-31493",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31493"
},
{
"name": "CVE-2026-31402",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31402"
},
{
"name": "CVE-2026-45852",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45852"
},
{
"name": "CVE-2026-31758",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31758"
},
{
"name": "CVE-2026-31685",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31685"
},
{
"name": "CVE-2026-45910",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45910"
},
{
"name": "CVE-2026-31405",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31405"
},
{
"name": "CVE-2026-43054",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43054"
},
{
"name": "CVE-2023-20585",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20585"
},
{
"name": "CVE-2026-31473",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31473"
},
{
"name": "CVE-2026-31613",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31613"
},
{
"name": "CVE-2026-46114",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46114"
},
{
"name": "CVE-2026-23380",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23380"
},
{
"name": "CVE-2026-43284",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43284"
},
{
"name": "CVE-2026-43362",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43362"
},
{
"name": "CVE-2026-23271",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23271"
},
{
"name": "CVE-2026-31614",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31614"
},
{
"name": "CVE-2026-46113",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46113"
},
{
"name": "CVE-2026-3150",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3150"
},
{
"name": "CVE-2026-31568",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31568"
},
{
"name": "CVE-2026-31516",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31516"
},
{
"name": "CVE-2026-23317",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23317"
},
{
"name": "CVE-2026-43012",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43012"
},
{
"name": "CVE-2026-43503",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43503"
},
{
"name": "CVE-2026-43009",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43009"
},
{
"name": "CVE-2026-43499",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43499"
},
{
"name": "CVE-2026-23359",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23359"
},
{
"name": "CVE-2026-46043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46043"
},
{
"name": "CVE-2026-43252",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43252"
},
{
"name": "CVE-2026-23437",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23437"
},
{
"name": "CVE-2026-46243",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46243"
},
{
"name": "CVE-2026-43360",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43360"
},
{
"name": "CVE-2026-43328",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43328"
},
{
"name": "CVE-2026-31480",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31480"
},
{
"name": "CVE-2026-43437",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43437"
},
{
"name": "CVE-2026-46300",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46300"
},
{
"name": "CVE-2026-43361",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43361"
},
{
"name": "CVE-2026-23444",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23444"
},
{
"name": "CVE-2026-31406",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31406"
},
{
"name": "CVE-2026-46110",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46110"
},
{
"name": "CVE-2026-43501",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43501"
},
{
"name": "CVE-2026-23243",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23243"
},
{
"name": "CVE-2026-31521",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31521"
},
{
"name": "CVE-2026-43126",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43126"
},
{
"name": "CVE-2026-31607",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31607"
},
{
"name": "CVE-2026-45970",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45970"
},
{
"name": "CVE-2026-23274",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23274"
},
{
"name": "CVE-2025-54518",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54518"
},
{
"name": "CVE-2026-43206",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43206"
},
{
"name": "CVE-2026-43190",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43190"
},
{
"name": "CVE-2026-45843",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45843"
},
{
"name": "CVE-2026-46004",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46004"
},
{
"name": "CVE-2026-31736",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31736"
},
{
"name": "CVE-2026-43341",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43341"
},
{
"name": "CVE-2026-46333",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46333"
},
{
"name": "CVE-2026-43037",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43037"
},
{
"name": "CVE-2026-46021",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46021"
},
{
"name": "CVE-2026-43112",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43112"
},
{
"name": "CVE-2026-31575",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31575"
},
{
"name": "CVE-2026-43338",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43338"
},
{
"name": "CVE-2026-43234",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43234"
},
{
"name": "CVE-2026-43359",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43359"
},
{
"name": "CVE-2026-31729",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31729"
},
{
"name": "CVE-2026-31464",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31464"
},
{
"name": "CVE-2026-43333",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43333"
},
{
"name": "CVE-2026-43325",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43325"
},
{
"name": "CVE-2026-43013",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43013"
},
{
"name": "CVE-2026-31629",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31629"
}
],
"initial_release_date": "2026-06-12T00:00:00",
"last_revision_date": "2026-06-12T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0745",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-06-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2026-06-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:22037-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622037-1"
},
{
"published_at": "2026-06-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:22040-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622040-1"
},
{
"published_at": "2026-06-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:22038-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622038-1"
},
{
"published_at": "2026-06-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:22035-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622035-1"
},
{
"published_at": "2026-06-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:22039-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622039-1"
},
{
"published_at": "2026-06-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:22042-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622042-1"
},
{
"published_at": "2026-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:2332-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262332-1"
},
{
"published_at": "2026-06-09",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:2317-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262317-1"
},
{
"published_at": "2026-06-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:22043-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622043-1"
},
{
"published_at": "2026-06-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:22036-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622036-1"
},
{
"published_at": "2026-06-01",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:22031-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622031-1"
},
{
"published_at": "2026-06-05",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:22048-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622048-1"
},
{
"published_at": "2026-06-01",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:22032-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622032-1"
},
{
"published_at": "2026-06-02",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:22034-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622034-1"
},
{
"published_at": "2026-06-01",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:22033-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622033-1"
},
{
"published_at": "2026-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:2331-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262331-1"
},
{
"published_at": "2026-06-09",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:2310-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262310-1"
}
]
}
CVE-2023-20585 (GCVE-0-2023-20585)
Vulnerability from cvelistv5 – Published: 2026-04-16 18:42 – Updated: 2026-04-16 19:12
VLAI
EPSS
Summary
Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervisor to trigger an out of bounds condition without RMP checks, resulting in a potential loss of confidential guest integrity.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-788 - Access of Memory Location After End of Buffer
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD EPYC™ 7003 Series Processors |
Unaffected:
SEV FW 1.37.23
|
|
| AMD | AMD EPYC™ 9004 Series Processors |
Unaffected:
SEV FW 1.37.31
|
|
| AMD | AMD EPYC™ Embedded 7003 Series Processors |
Unaffected:
EmbMilanPI-SP3 1.0.0.B
|
|
| AMD | AMD EPYC™ Embedded 9004 Series Processors |
Unaffected:
EmbGenoaPI-1.0.0.A
|
Date Public
2026-04-16 18:42
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20585",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-16T18:58:05.996293Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T18:58:58.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "SEV FW 1.37.23"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "SEV FW 1.37.31"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbMilanPI-SP3 1.0.0.B"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9004 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI-1.0.0.A"
}
]
}
],
"datePublic": "2026-04-16T18:42:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervisor to trigger an out of bounds condition without RMP checks, resulting in a potential loss of confidential guest integrity."
}
],
"value": "Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervisor to trigger an out of bounds condition without RMP checks, resulting in a potential loss of confidential guest integrity."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-788",
"description": "CWE-788 Access of Memory Location After End of Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T19:12:06.991Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3016.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20585",
"datePublished": "2026-04-16T18:42:28.281Z",
"dateReserved": "2022-10-27T18:53:39.759Z",
"dateUpdated": "2026-04-16T19:12:06.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54518 (GCVE-0-2025-54518)
Vulnerability from cvelistv5 – Published: 2026-05-15 03:06 – Updated: 2026-06-30 12:07
VLAI
EPSS
Summary
Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/resources/product-security… | |
| http://www.openwall.com/lists/oss-security/2026/0… | |
| http://xenbits.xen.org/xsa/advisory-490.html | |
| https://access.redhat.com/security/cve/CVE-2025-54518 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477784 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
Impacted products
21 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD EPYC™ 7002 Series Processors |
Unaffected:
os kernel
|
|
| AMD | AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
RenoirPI-FP6_1.0.0.Ed
|
|
| AMD | AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics |
Unaffected:
MendocinoPI-FT6_1.0.0.7f
|
|
| AMD | AMD Ryzen™ 3000 Series Desktop Processors |
Unaffected:
ComboAM4v2 1.2.0.10
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 3000 WX-Series Processors |
Unaffected:
ChagallWSPI-sWRX8-1.0.0.D
|
|
| AMD | AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
CezannePI-FP6_1.0.1.1d
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 3000 WX-Series Processors |
Unaffected:
CastlePeakWSPI-sWRX8 1.0.0.I
|
|
| AMD | AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
CezannePI-FP6_1.0.1.1d
|
|
| AMD | AMD Ryzen™ 4000 Series Desktop Processors |
Unaffected:
ComboAM4v2 1.2.0.10
|
|
| AMD | AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics |
Unaffected:
ComboAM4v2 1.2.0.10
|
|
| AMD | AMD Ryzen™ 3000 Series Desktop Processors |
Unaffected:
ComboAM4PI 1.0.0.10
|
|
| AMD | AMD EPYC™ Embedded 7002 Series Processors |
Unaffected:
OS kernel
|
|
| AMD | AMD Ryzen Embedded V2000A Series Processors |
Unaffected:
EmbeddedV2KAPI-FP6 1.0.0.A
|
|
| AMD | AMD Ryzen™ Embedded V2000 Series Processors |
Unaffected:
EmbeddedPI-FP6_1.0.0.D
|
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux for NVIDIA 26 |
cpe:/a:redhat:enterprise_linux_nvidia: |
Date Public
2026-05-15 03:05
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-15T03:09:03.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/12/15"
},
{
"url": "http://xenbits.xen.org/xsa/advisory-490.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54518",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-16T03:56:02.809Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_nvidia:"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux for NVIDIA 26",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-15T03:06:30.822Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in AMD Zen 2-based processors, affecting components such as the kernel and Xen hypervisor. Improper isolation of shared resources within the CPU operation cache could allow an attacker to corrupt instructions executed at a different privilege level. This could potentially result in privilege escalation, granting an attacker higher system access than intended."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "Insufficient Granularity of Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:07:18.344Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-54518"
},
{
"name": "RHBZ#2477784",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477784"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-54518.json"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-15T05:01:27.379Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-15T03:06:30.822Z",
"value": "Made public."
}
],
"title": "kernel: xen: AMD Zen 2 Processors: Privilege escalation via improper CPU cache isolation",
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7002 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "os kernel"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RenoirPI-FP6_1.0.0.Ed"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MendocinoPI-FT6_1.0.0.7f"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 1.2.0.10"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000 WX-Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8-1.0.0.D"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6_1.0.1.1d"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000 WX-Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CastlePeakWSPI-sWRX8 1.0.0.I"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6_1.0.1.1d"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6_1.0.1.1d"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 1.2.0.10"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 1.2.0.10"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4PI 1.0.0.10"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "OS kernel"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen Embedded V2000A Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedV2KAPI-FP6 1.0.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP6_1.0.0.D"
}
]
}
],
"datePublic": "2026-05-15T03:05:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.\u003cbr\u003e"
}
],
"value": "Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1189",
"description": "CWE-1189 Improper Isolation of Shared Resources on System-on-a-Chip (SoC)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:06:57.446Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-7052.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2025-54518",
"datePublished": "2026-05-15T03:06:30.822Z",
"dateReserved": "2025-07-23T15:01:52.883Z",
"dateUpdated": "2026-06-30T12:07:18.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23243 (GCVE-0-2026-23243)
Vulnerability from cvelistv5 – Published: 2026-03-18 10:05 – Updated: 2026-06-17 17:47
VLAI
EPSS
Title
RDMA/umad: Reject negative data_len in ib_umad_write
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/umad: Reject negative data_len in ib_umad_write
ib_umad_write computes data_len from user-controlled count and the
MAD header sizes. With a mismatched user MAD header size and RMPP
header length, data_len can become negative and reach ib_create_send_mad().
This can make the padding calculation exceed the segment size and trigger
an out-of-bounds memset in alloc_send_rmpp_list().
Add an explicit check to reject negative data_len before creating the
send buffer.
KASAN splat:
[ 211.363464] BUG: KASAN: slab-out-of-bounds in ib_create_send_mad+0xa01/0x11b0
[ 211.364077] Write of size 220 at addr ffff88800c3fa1f8 by task spray_thread/102
[ 211.365867] ib_create_send_mad+0xa01/0x11b0
[ 211.365887] ib_umad_write+0x853/0x1c80
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/1371ef6b1ecf3676b… | |
| https://git.kernel.org/stable/c/362e45fd9069ffa15… | |
| https://git.kernel.org/stable/c/6eb2919474ca105c5… | |
| https://git.kernel.org/stable/c/a6a3e4af10993cb9e… | |
| https://git.kernel.org/stable/c/9c80d688f402539df… | |
| https://git.kernel.org/stable/c/205955f29c26330b1… | |
| https://git.kernel.org/stable/c/52ab82cc5cf8ada5c… | |
| https://git.kernel.org/stable/c/5551b02fdbfd85a32… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
2be8e3ee8efd6f99ce454115c29d09750915021a , < 1371ef6b1ecf3676b8942f5dfb3634fb0648128e
(git)
Affected: 2be8e3ee8efd6f99ce454115c29d09750915021a , < 362e45fd9069ffa1523f9f1633b606ebf72060d7 (git) Affected: 2be8e3ee8efd6f99ce454115c29d09750915021a , < 6eb2919474ca105c5b13d19574e25f0ddcf19ca2 (git) Affected: 2be8e3ee8efd6f99ce454115c29d09750915021a , < a6a3e4af10993cb9e4b8f0548680aba0ab5f3b0d (git) Affected: 2be8e3ee8efd6f99ce454115c29d09750915021a , < 9c80d688f402539dfc8f336de1380d6b4ee14316 (git) Affected: 2be8e3ee8efd6f99ce454115c29d09750915021a , < 205955f29c26330b1dc7fdeadd5bb97c38e26f56 (git) Affected: 2be8e3ee8efd6f99ce454115c29d09750915021a , < 52ab82cc5cf8ada5c3fb6ffe8f32fdb2fc27a34b (git) Affected: 2be8e3ee8efd6f99ce454115c29d09750915021a , < 5551b02fdbfd85a325bb857f3a8f9c9f33397ed2 (git) |
|
| Linux | Linux |
Affected:
2.6.24
Unaffected: 0 , < 2.6.24 (semver) Unaffected: 5.10.252 , ≤ 5.10.* (semver) Unaffected: 5.15.202 , ≤ 5.15.* (semver) Unaffected: 6.1.165 , ≤ 6.1.* (semver) Unaffected: 6.6.128 , ≤ 6.6.* (semver) Unaffected: 6.12.75 , ≤ 6.12.* (semver) Unaffected: 6.18.14 , ≤ 6.18.* (semver) Unaffected: 6.19.4 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23243",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T17:47:24.163717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T17:47:33.620Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/core/user_mad.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1371ef6b1ecf3676b8942f5dfb3634fb0648128e",
"status": "affected",
"version": "2be8e3ee8efd6f99ce454115c29d09750915021a",
"versionType": "git"
},
{
"lessThan": "362e45fd9069ffa1523f9f1633b606ebf72060d7",
"status": "affected",
"version": "2be8e3ee8efd6f99ce454115c29d09750915021a",
"versionType": "git"
},
{
"lessThan": "6eb2919474ca105c5b13d19574e25f0ddcf19ca2",
"status": "affected",
"version": "2be8e3ee8efd6f99ce454115c29d09750915021a",
"versionType": "git"
},
{
"lessThan": "a6a3e4af10993cb9e4b8f0548680aba0ab5f3b0d",
"status": "affected",
"version": "2be8e3ee8efd6f99ce454115c29d09750915021a",
"versionType": "git"
},
{
"lessThan": "9c80d688f402539dfc8f336de1380d6b4ee14316",
"status": "affected",
"version": "2be8e3ee8efd6f99ce454115c29d09750915021a",
"versionType": "git"
},
{
"lessThan": "205955f29c26330b1dc7fdeadd5bb97c38e26f56",
"status": "affected",
"version": "2be8e3ee8efd6f99ce454115c29d09750915021a",
"versionType": "git"
},
{
"lessThan": "52ab82cc5cf8ada5c3fb6ffe8f32fdb2fc27a34b",
"status": "affected",
"version": "2be8e3ee8efd6f99ce454115c29d09750915021a",
"versionType": "git"
},
{
"lessThan": "5551b02fdbfd85a325bb857f3a8f9c9f33397ed2",
"status": "affected",
"version": "2be8e3ee8efd6f99ce454115c29d09750915021a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/core/user_mad.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.24"
},
{
"lessThan": "2.6.24",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.252",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.128",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.252",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.202",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.165",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.128",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.75",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.14",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.4",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "2.6.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/umad: Reject negative data_len in ib_umad_write\n\nib_umad_write computes data_len from user-controlled count and the\nMAD header sizes. With a mismatched user MAD header size and RMPP\nheader length, data_len can become negative and reach ib_create_send_mad().\nThis can make the padding calculation exceed the segment size and trigger\nan out-of-bounds memset in alloc_send_rmpp_list().\n\nAdd an explicit check to reject negative data_len before creating the\nsend buffer.\n\nKASAN splat:\n[ 211.363464] BUG: KASAN: slab-out-of-bounds in ib_create_send_mad+0xa01/0x11b0\n[ 211.364077] Write of size 220 at addr ffff88800c3fa1f8 by task spray_thread/102\n[ 211.365867] ib_create_send_mad+0xa01/0x11b0\n[ 211.365887] ib_umad_write+0x853/0x1c80"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T22:03:05.550Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1371ef6b1ecf3676b8942f5dfb3634fb0648128e"
},
{
"url": "https://git.kernel.org/stable/c/362e45fd9069ffa1523f9f1633b606ebf72060d7"
},
{
"url": "https://git.kernel.org/stable/c/6eb2919474ca105c5b13d19574e25f0ddcf19ca2"
},
{
"url": "https://git.kernel.org/stable/c/a6a3e4af10993cb9e4b8f0548680aba0ab5f3b0d"
},
{
"url": "https://git.kernel.org/stable/c/9c80d688f402539dfc8f336de1380d6b4ee14316"
},
{
"url": "https://git.kernel.org/stable/c/205955f29c26330b1dc7fdeadd5bb97c38e26f56"
},
{
"url": "https://git.kernel.org/stable/c/52ab82cc5cf8ada5c3fb6ffe8f32fdb2fc27a34b"
},
{
"url": "https://git.kernel.org/stable/c/5551b02fdbfd85a325bb857f3a8f9c9f33397ed2"
}
],
"title": "RDMA/umad: Reject negative data_len in ib_umad_write",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23243",
"datePublished": "2026-03-18T10:05:05.826Z",
"dateReserved": "2026-01-13T15:37:45.989Z",
"dateUpdated": "2026-06-17T17:47:33.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23271 (GCVE-0-2026-23271)
Vulnerability from cvelistv5 – Published: 2026-03-20 08:08 – Updated: 2026-05-11 22:03
VLAI
EPSS
Title
perf: Fix __perf_event_overflow() vs perf_remove_from_context() race
Summary
In the Linux kernel, the following vulnerability has been resolved:
perf: Fix __perf_event_overflow() vs perf_remove_from_context() race
Make sure that __perf_event_overflow() runs with IRQs disabled for all
possible callchains. Specifically the software events can end up running
it with only preemption disabled.
This opens up a race vs perf_event_exit_event() and friends that will go
and free various things the overflow path expects to be present, like
the BPF program.
Severity
7.8 (High)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/4df1a45819e50993c… | |
| https://git.kernel.org/stable/c/4f8d5812337871227… | |
| https://git.kernel.org/stable/c/5c48fdc4b4623533d… | |
| https://git.kernel.org/stable/c/3f89b61dd504c5b67… | |
| https://git.kernel.org/stable/c/bb190628fe5f2a73b… | |
| https://git.kernel.org/stable/c/c9bc1753b3cc41d0e… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
592903cdcbf606a838056bae6d03fc557806c914 , < 4df1a45819e50993cb351682a6ae8e7ed2d233a0
(git)
Affected: 592903cdcbf606a838056bae6d03fc557806c914 , < 4f8d5812337871227bb2c98669a87c306a2f86ef (git) Affected: 592903cdcbf606a838056bae6d03fc557806c914 , < 5c48fdc4b4623533d86e279f51531a7ba212eb87 (git) Affected: 592903cdcbf606a838056bae6d03fc557806c914 , < 3f89b61dd504c5b6711de9759e053b082f9abf12 (git) Affected: 592903cdcbf606a838056bae6d03fc557806c914 , < bb190628fe5f2a73ba762a9972ba16c5e895f73e (git) Affected: 592903cdcbf606a838056bae6d03fc557806c914 , < c9bc1753b3cc41d0e01fbca7f035258b5f4db0ae (git) |
|
| Linux | Linux |
Affected:
2.6.31
Unaffected: 0 , < 2.6.31 (semver) Unaffected: 6.1.167 , ≤ 6.1.* (semver) Unaffected: 6.6.130 , ≤ 6.6.* (semver) Unaffected: 6.12.77 , ≤ 6.12.* (semver) Unaffected: 6.18.17 , ≤ 6.18.* (semver) Unaffected: 6.19.7 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/events/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4df1a45819e50993cb351682a6ae8e7ed2d233a0",
"status": "affected",
"version": "592903cdcbf606a838056bae6d03fc557806c914",
"versionType": "git"
},
{
"lessThan": "4f8d5812337871227bb2c98669a87c306a2f86ef",
"status": "affected",
"version": "592903cdcbf606a838056bae6d03fc557806c914",
"versionType": "git"
},
{
"lessThan": "5c48fdc4b4623533d86e279f51531a7ba212eb87",
"status": "affected",
"version": "592903cdcbf606a838056bae6d03fc557806c914",
"versionType": "git"
},
{
"lessThan": "3f89b61dd504c5b6711de9759e053b082f9abf12",
"status": "affected",
"version": "592903cdcbf606a838056bae6d03fc557806c914",
"versionType": "git"
},
{
"lessThan": "bb190628fe5f2a73ba762a9972ba16c5e895f73e",
"status": "affected",
"version": "592903cdcbf606a838056bae6d03fc557806c914",
"versionType": "git"
},
{
"lessThan": "c9bc1753b3cc41d0e01fbca7f035258b5f4db0ae",
"status": "affected",
"version": "592903cdcbf606a838056bae6d03fc557806c914",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/events/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.31"
},
{
"lessThan": "2.6.31",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.130",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.167",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.130",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.77",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.17",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.7",
"versionStartIncluding": "2.6.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "2.6.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix __perf_event_overflow() vs perf_remove_from_context() race\n\nMake sure that __perf_event_overflow() runs with IRQs disabled for all\npossible callchains. Specifically the software events can end up running\nit with only preemption disabled.\n\nThis opens up a race vs perf_event_exit_event() and friends that will go\nand free various things the overflow path expects to be present, like\nthe BPF program."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T22:03:38.124Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4df1a45819e50993cb351682a6ae8e7ed2d233a0"
},
{
"url": "https://git.kernel.org/stable/c/4f8d5812337871227bb2c98669a87c306a2f86ef"
},
{
"url": "https://git.kernel.org/stable/c/5c48fdc4b4623533d86e279f51531a7ba212eb87"
},
{
"url": "https://git.kernel.org/stable/c/3f89b61dd504c5b6711de9759e053b082f9abf12"
},
{
"url": "https://git.kernel.org/stable/c/bb190628fe5f2a73ba762a9972ba16c5e895f73e"
},
{
"url": "https://git.kernel.org/stable/c/c9bc1753b3cc41d0e01fbca7f035258b5f4db0ae"
}
],
"title": "perf: Fix __perf_event_overflow() vs perf_remove_from_context() race",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23271",
"datePublished": "2026-03-20T08:08:46.711Z",
"dateReserved": "2026-01-13T15:37:45.991Z",
"dateUpdated": "2026-05-11T22:03:38.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23274 (GCVE-0-2026-23274)
Vulnerability from cvelistv5 – Published: 2026-03-20 08:08 – Updated: 2026-05-11 22:03
VLAI
EPSS
Title
netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels
IDLETIMER revision 0 rules reuse existing timers by label and always call
mod_timer() on timer->timer.
If the label was created first by revision 1 with XT_IDLETIMER_ALARM,
the object uses alarm timer semantics and timer->timer is never initialized.
Reusing that object from revision 0 causes mod_timer() on an uninitialized
timer_list, triggering debugobjects warnings and possible panic when
panic_on_warn=1.
Fix this by rejecting revision 0 rule insertion when an existing timer with
the same label is of ALARM type.
Severity
7.8 (High)
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/32e937dc6e97f5ed3… | |
| https://git.kernel.org/stable/c/144f88054ba018046… | |
| https://git.kernel.org/stable/c/28c7cfaf0c0ab17cb… | |
| https://git.kernel.org/stable/c/54080355999381fed… | |
| https://git.kernel.org/stable/c/5e7ece24c5cb75a60… | |
| https://git.kernel.org/stable/c/f5ef97c1316554248… | |
| https://git.kernel.org/stable/c/f228b9ae2a7e84d11… | |
| https://git.kernel.org/stable/c/329f0b9b48ee6ab59… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
68983a354a655c35d3fb204489d383a2a051fda7 , < 32e937dc6e97f5ed3cdfe3fc0b2b19a05e23fa44
(git)
Affected: 68983a354a655c35d3fb204489d383a2a051fda7 , < 144f88054ba0180467356f40895bd660b5dceeec (git) Affected: 68983a354a655c35d3fb204489d383a2a051fda7 , < 28c7cfaf0c0ab17cbd7754092116fd1af45271f9 (git) Affected: 68983a354a655c35d3fb204489d383a2a051fda7 , < 54080355999381fed4a26129579a5765bab87491 (git) Affected: 68983a354a655c35d3fb204489d383a2a051fda7 , < 5e7ece24c5cb75a60402aad4d803c7898ea40aa9 (git) Affected: 68983a354a655c35d3fb204489d383a2a051fda7 , < f5ef97c13165542480a6ffdbe6f09f40bbb7cbf1 (git) Affected: 68983a354a655c35d3fb204489d383a2a051fda7 , < f228b9ae2a7e84d1153616d8e71c4236cb1f1309 (git) Affected: 68983a354a655c35d3fb204489d383a2a051fda7 , < 329f0b9b48ee6ab59d1ab72fef55fe8c6463a6cf (git) |
|
| Linux | Linux |
Affected:
5.7
Unaffected: 0 , < 5.7 (semver) Unaffected: 5.10.253 , ≤ 5.10.* (semver) Unaffected: 5.15.203 , ≤ 5.15.* (semver) Unaffected: 6.1.167 , ≤ 6.1.* (semver) Unaffected: 6.6.130 , ≤ 6.6.* (semver) Unaffected: 6.12.78 , ≤ 6.12.* (semver) Unaffected: 6.18.19 , ≤ 6.18.* (semver) Unaffected: 6.19.9 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/xt_IDLETIMER.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "32e937dc6e97f5ed3cdfe3fc0b2b19a05e23fa44",
"status": "affected",
"version": "68983a354a655c35d3fb204489d383a2a051fda7",
"versionType": "git"
},
{
"lessThan": "144f88054ba0180467356f40895bd660b5dceeec",
"status": "affected",
"version": "68983a354a655c35d3fb204489d383a2a051fda7",
"versionType": "git"
},
{
"lessThan": "28c7cfaf0c0ab17cbd7754092116fd1af45271f9",
"status": "affected",
"version": "68983a354a655c35d3fb204489d383a2a051fda7",
"versionType": "git"
},
{
"lessThan": "54080355999381fed4a26129579a5765bab87491",
"status": "affected",
"version": "68983a354a655c35d3fb204489d383a2a051fda7",
"versionType": "git"
},
{
"lessThan": "5e7ece24c5cb75a60402aad4d803c7898ea40aa9",
"status": "affected",
"version": "68983a354a655c35d3fb204489d383a2a051fda7",
"versionType": "git"
},
{
"lessThan": "f5ef97c13165542480a6ffdbe6f09f40bbb7cbf1",
"status": "affected",
"version": "68983a354a655c35d3fb204489d383a2a051fda7",
"versionType": "git"
},
{
"lessThan": "f228b9ae2a7e84d1153616d8e71c4236cb1f1309",
"status": "affected",
"version": "68983a354a655c35d3fb204489d383a2a051fda7",
"versionType": "git"
},
{
"lessThan": "329f0b9b48ee6ab59d1ab72fef55fe8c6463a6cf",
"status": "affected",
"version": "68983a354a655c35d3fb204489d383a2a051fda7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/xt_IDLETIMER.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.253",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.203",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.130",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.253",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.203",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.167",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.130",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.78",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.19",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.9",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels\n\nIDLETIMER revision 0 rules reuse existing timers by label and always call\nmod_timer() on timer-\u003etimer.\n\nIf the label was created first by revision 1 with XT_IDLETIMER_ALARM,\nthe object uses alarm timer semantics and timer-\u003etimer is never initialized.\nReusing that object from revision 0 causes mod_timer() on an uninitialized\ntimer_list, triggering debugobjects warnings and possible panic when\npanic_on_warn=1.\n\nFix this by rejecting revision 0 rule insertion when an existing timer with\nthe same label is of ALARM type."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T22:03:41.745Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/32e937dc6e97f5ed3cdfe3fc0b2b19a05e23fa44"
},
{
"url": "https://git.kernel.org/stable/c/144f88054ba0180467356f40895bd660b5dceeec"
},
{
"url": "https://git.kernel.org/stable/c/28c7cfaf0c0ab17cbd7754092116fd1af45271f9"
},
{
"url": "https://git.kernel.org/stable/c/54080355999381fed4a26129579a5765bab87491"
},
{
"url": "https://git.kernel.org/stable/c/5e7ece24c5cb75a60402aad4d803c7898ea40aa9"
},
{
"url": "https://git.kernel.org/stable/c/f5ef97c13165542480a6ffdbe6f09f40bbb7cbf1"
},
{
"url": "https://git.kernel.org/stable/c/f228b9ae2a7e84d1153616d8e71c4236cb1f1309"
},
{
"url": "https://git.kernel.org/stable/c/329f0b9b48ee6ab59d1ab72fef55fe8c6463a6cf"
}
],
"title": "netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23274",
"datePublished": "2026-03-20T08:08:54.918Z",
"dateReserved": "2026-01-13T15:37:45.991Z",
"dateUpdated": "2026-05-11T22:03:41.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23317 (GCVE-0-2026-23317)
Vulnerability from cvelistv5 – Published: 2026-03-25 10:27 – Updated: 2026-05-23 16:04
VLAI
EPSS
Title
drm/vmwgfx: Return the correct value in vmw_translate_ptr functions
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Return the correct value in vmw_translate_ptr functions
Before the referenced fixes these functions used a lookup function that
returned a pointer. This was changed to another lookup function that
returned an error code with the pointer becoming an out parameter.
The error path when the lookup failed was not changed to reflect this
change and the code continued to return the PTR_ERR of the now
uninitialized pointer. This could cause the vmw_translate_ptr functions
to return success when they actually failed causing further uninitialized
and OOB accesses.
Severity
7.8 (High)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/ce3a5cf139787c186… | |
| https://git.kernel.org/stable/c/7e55d0788b362c936… | |
| https://git.kernel.org/stable/c/36cb28b6d303a81e6… | |
| https://git.kernel.org/stable/c/531f45589787799aa… | |
| https://git.kernel.org/stable/c/149f028772fa2879d… | |
| https://git.kernel.org/stable/c/5023ca80f9589295c… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
7ac9578e45b20e3f3c0c8eb71f5417a499a7226a , < ce3a5cf139787c186d5d54336107298cacaad2b9
(git)
Affected: a309c7194e8a2f8bd4539b9449917913f6c2cd50 , < 7e55d0788b362c93660b80cc5603031bbbdefa98 (git) Affected: a309c7194e8a2f8bd4539b9449917913f6c2cd50 , < 36cb28b6d303a81e6ed4536017090e85e0143e42 (git) Affected: a309c7194e8a2f8bd4539b9449917913f6c2cd50 , < 531f45589787799aa81b63e1e1f8e71db5d93dd1 (git) Affected: a309c7194e8a2f8bd4539b9449917913f6c2cd50 , < 149f028772fa2879d9316b924ce948a6a0877e45 (git) Affected: a309c7194e8a2f8bd4539b9449917913f6c2cd50 , < 5023ca80f9589295cb60735016e39fc5cc714243 (git) Affected: 6.1.7 , < 6.1.167 (semver) |
|
| Linux | Linux |
Affected:
6.2
Unaffected: 0 , < 6.2 (semver) Unaffected: 6.1.167 , ≤ 6.1.* (semver) Unaffected: 6.6.130 , ≤ 6.6.* (semver) Unaffected: 6.12.77 , ≤ 6.12.* (semver) Unaffected: 6.18.17 , ≤ 6.18.* (semver) Unaffected: 6.19.7 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ce3a5cf139787c186d5d54336107298cacaad2b9",
"status": "affected",
"version": "7ac9578e45b20e3f3c0c8eb71f5417a499a7226a",
"versionType": "git"
},
{
"lessThan": "7e55d0788b362c93660b80cc5603031bbbdefa98",
"status": "affected",
"version": "a309c7194e8a2f8bd4539b9449917913f6c2cd50",
"versionType": "git"
},
{
"lessThan": "36cb28b6d303a81e6ed4536017090e85e0143e42",
"status": "affected",
"version": "a309c7194e8a2f8bd4539b9449917913f6c2cd50",
"versionType": "git"
},
{
"lessThan": "531f45589787799aa81b63e1e1f8e71db5d93dd1",
"status": "affected",
"version": "a309c7194e8a2f8bd4539b9449917913f6c2cd50",
"versionType": "git"
},
{
"lessThan": "149f028772fa2879d9316b924ce948a6a0877e45",
"status": "affected",
"version": "a309c7194e8a2f8bd4539b9449917913f6c2cd50",
"versionType": "git"
},
{
"lessThan": "5023ca80f9589295cb60735016e39fc5cc714243",
"status": "affected",
"version": "a309c7194e8a2f8bd4539b9449917913f6c2cd50",
"versionType": "git"
},
{
"lessThan": "6.1.167",
"status": "affected",
"version": "6.1.7",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.130",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.167",
"versionStartIncluding": "6.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.130",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.77",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.17",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.7",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Return the correct value in vmw_translate_ptr functions\n\nBefore the referenced fixes these functions used a lookup function that\nreturned a pointer. This was changed to another lookup function that\nreturned an error code with the pointer becoming an out parameter.\n\nThe error path when the lookup failed was not changed to reflect this\nchange and the code continued to return the PTR_ERR of the now\nuninitialized pointer. This could cause the vmw_translate_ptr functions\nto return success when they actually failed causing further uninitialized\nand OOB accesses."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T16:04:32.382Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ce3a5cf139787c186d5d54336107298cacaad2b9"
},
{
"url": "https://git.kernel.org/stable/c/7e55d0788b362c93660b80cc5603031bbbdefa98"
},
{
"url": "https://git.kernel.org/stable/c/36cb28b6d303a81e6ed4536017090e85e0143e42"
},
{
"url": "https://git.kernel.org/stable/c/531f45589787799aa81b63e1e1f8e71db5d93dd1"
},
{
"url": "https://git.kernel.org/stable/c/149f028772fa2879d9316b924ce948a6a0877e45"
},
{
"url": "https://git.kernel.org/stable/c/5023ca80f9589295cb60735016e39fc5cc714243"
}
],
"title": "drm/vmwgfx: Return the correct value in vmw_translate_ptr functions",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23317",
"datePublished": "2026-03-25T10:27:11.884Z",
"dateReserved": "2026-01-13T15:37:45.995Z",
"dateUpdated": "2026-05-23T16:04:32.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23359 (GCVE-0-2026-23359)
Vulnerability from cvelistv5 – Published: 2026-03-25 10:27 – Updated: 2026-05-11 22:05
VLAI
EPSS
Title
bpf: Fix stack-out-of-bounds write in devmap
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix stack-out-of-bounds write in devmap
get_upper_ifindexes() iterates over all upper devices and writes their
indices into an array without checking bounds.
Also the callers assume that the max number of upper devices is
MAX_NEST_DEV and allocate excluded_devices[1+MAX_NEST_DEV] on the stack,
but that assumption is not correct and the number of upper devices could
be larger than MAX_NEST_DEV (e.g., many macvlans), causing a
stack-out-of-bounds write.
Add a max parameter to get_upper_ifindexes() to avoid the issue.
When there are too many upper devices, return -EOVERFLOW and abort the
redirect.
To reproduce, create more than MAX_NEST_DEV(8) macvlans on a device with
an XDP program attached using BPF_F_BROADCAST | BPF_F_EXCLUDE_INGRESS.
Then send a packet to the device to trigger the XDP redirect path.
Severity
No CVSS data available.
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/88df604f0d16a6928… | |
| https://git.kernel.org/stable/c/5000e40acc8d0c36a… | |
| https://git.kernel.org/stable/c/8a95fb9df1105b161… | |
| https://git.kernel.org/stable/c/d2c31d8e03d05edc1… | |
| https://git.kernel.org/stable/c/75d474702b2ba8b6b… | |
| https://git.kernel.org/stable/c/ca831567908fd3f73… | |
| https://git.kernel.org/stable/c/b7bf516c3ecd9a2aa… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
aeea1b86f9363f3feabb496534d886f082a89f21 , < 88df604f0d16a692867582350ce3f2fcd22243f1
(git)
Affected: aeea1b86f9363f3feabb496534d886f082a89f21 , < 5000e40acc8d0c36ab709662e32120986ac22e7e (git) Affected: aeea1b86f9363f3feabb496534d886f082a89f21 , < 8a95fb9df1105b1618872c2846a6c01e3ba20b45 (git) Affected: aeea1b86f9363f3feabb496534d886f082a89f21 , < d2c31d8e03d05edc16656e5ffe187f0d1da763d7 (git) Affected: aeea1b86f9363f3feabb496534d886f082a89f21 , < 75d474702b2ba8b6bcb26eb3004dbc5e95ffd5d2 (git) Affected: aeea1b86f9363f3feabb496534d886f082a89f21 , < ca831567908fd3f73cf97d8a6c09a5054697a182 (git) Affected: aeea1b86f9363f3feabb496534d886f082a89f21 , < b7bf516c3ecd9a2aae2dc2635178ab87b734fef1 (git) |
|
| Linux | Linux |
Affected:
5.15
Unaffected: 0 , < 5.15 (semver) Unaffected: 5.15.203 , ≤ 5.15.* (semver) Unaffected: 6.1.167 , ≤ 6.1.* (semver) Unaffected: 6.6.130 , ≤ 6.6.* (semver) Unaffected: 6.12.77 , ≤ 6.12.* (semver) Unaffected: 6.18.17 , ≤ 6.18.* (semver) Unaffected: 6.19.7 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/devmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "88df604f0d16a692867582350ce3f2fcd22243f1",
"status": "affected",
"version": "aeea1b86f9363f3feabb496534d886f082a89f21",
"versionType": "git"
},
{
"lessThan": "5000e40acc8d0c36ab709662e32120986ac22e7e",
"status": "affected",
"version": "aeea1b86f9363f3feabb496534d886f082a89f21",
"versionType": "git"
},
{
"lessThan": "8a95fb9df1105b1618872c2846a6c01e3ba20b45",
"status": "affected",
"version": "aeea1b86f9363f3feabb496534d886f082a89f21",
"versionType": "git"
},
{
"lessThan": "d2c31d8e03d05edc16656e5ffe187f0d1da763d7",
"status": "affected",
"version": "aeea1b86f9363f3feabb496534d886f082a89f21",
"versionType": "git"
},
{
"lessThan": "75d474702b2ba8b6bcb26eb3004dbc5e95ffd5d2",
"status": "affected",
"version": "aeea1b86f9363f3feabb496534d886f082a89f21",
"versionType": "git"
},
{
"lessThan": "ca831567908fd3f73cf97d8a6c09a5054697a182",
"status": "affected",
"version": "aeea1b86f9363f3feabb496534d886f082a89f21",
"versionType": "git"
},
{
"lessThan": "b7bf516c3ecd9a2aae2dc2635178ab87b734fef1",
"status": "affected",
"version": "aeea1b86f9363f3feabb496534d886f082a89f21",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/devmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.203",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.130",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.203",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.167",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.130",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.77",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.17",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.7",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix stack-out-of-bounds write in devmap\n\nget_upper_ifindexes() iterates over all upper devices and writes their\nindices into an array without checking bounds.\n\nAlso the callers assume that the max number of upper devices is\nMAX_NEST_DEV and allocate excluded_devices[1+MAX_NEST_DEV] on the stack,\nbut that assumption is not correct and the number of upper devices could\nbe larger than MAX_NEST_DEV (e.g., many macvlans), causing a\nstack-out-of-bounds write.\n\nAdd a max parameter to get_upper_ifindexes() to avoid the issue.\nWhen there are too many upper devices, return -EOVERFLOW and abort the\nredirect.\n\nTo reproduce, create more than MAX_NEST_DEV(8) macvlans on a device with\nan XDP program attached using BPF_F_BROADCAST | BPF_F_EXCLUDE_INGRESS.\nThen send a packet to the device to trigger the XDP redirect path."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T22:05:20.650Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/88df604f0d16a692867582350ce3f2fcd22243f1"
},
{
"url": "https://git.kernel.org/stable/c/5000e40acc8d0c36ab709662e32120986ac22e7e"
},
{
"url": "https://git.kernel.org/stable/c/8a95fb9df1105b1618872c2846a6c01e3ba20b45"
},
{
"url": "https://git.kernel.org/stable/c/d2c31d8e03d05edc16656e5ffe187f0d1da763d7"
},
{
"url": "https://git.kernel.org/stable/c/75d474702b2ba8b6bcb26eb3004dbc5e95ffd5d2"
},
{
"url": "https://git.kernel.org/stable/c/ca831567908fd3f73cf97d8a6c09a5054697a182"
},
{
"url": "https://git.kernel.org/stable/c/b7bf516c3ecd9a2aae2dc2635178ab87b734fef1"
}
],
"title": "bpf: Fix stack-out-of-bounds write in devmap",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23359",
"datePublished": "2026-03-25T10:27:43.070Z",
"dateReserved": "2026-01-13T15:37:46.000Z",
"dateUpdated": "2026-05-11T22:05:20.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23380 (GCVE-0-2026-23380)
Vulnerability from cvelistv5 – Published: 2026-03-25 10:27 – Updated: 2026-05-11 22:05
VLAI
EPSS
Title
tracing: Fix WARN_ON in tracing_buffers_mmap_close
Summary
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix WARN_ON in tracing_buffers_mmap_close
When a process forks, the child process copies the parent's VMAs but the
user_mapped reference count is not incremented. As a result, when both the
parent and child processes exit, tracing_buffers_mmap_close() is called
twice. On the second call, user_mapped is already 0, causing the function to
return -ENODEV and triggering a WARN_ON.
Normally, this isn't an issue as the memory is mapped with VM_DONTCOPY set.
But this is only a hint, and the application can call
madvise(MADVISE_DOFORK) which resets the VM_DONTCOPY flag. When the
application does that, it can trigger this issue on fork.
Fix it by incrementing the user_mapped reference count without re-mapping
the pages in the VMA's open callback.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
cf9f0f7c4c5bb45e7bb270e48bab6f7837825a64 , < 91f3e8d84c89918769e71393f839c9fefadc2580
(git)
Affected: cf9f0f7c4c5bb45e7bb270e48bab6f7837825a64 , < cdd96641b64297a2db42676f051362b76280a58b (git) Affected: cf9f0f7c4c5bb45e7bb270e48bab6f7837825a64 , < b0f269ba6fefe9e3cb9feedcf78fcd0b633800c0 (git) Affected: cf9f0f7c4c5bb45e7bb270e48bab6f7837825a64 , < e39bb9e02b68942f8e9359d2a3efe7d37ae6be0e (git) |
|
| Linux | Linux |
Affected:
6.10
Unaffected: 0 , < 6.10 (semver) Unaffected: 6.12.77 , ≤ 6.12.* (semver) Unaffected: 6.18.17 , ≤ 6.18.* (semver) Unaffected: 6.19.7 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/ring_buffer.h",
"kernel/trace/ring_buffer.c",
"kernel/trace/trace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "91f3e8d84c89918769e71393f839c9fefadc2580",
"status": "affected",
"version": "cf9f0f7c4c5bb45e7bb270e48bab6f7837825a64",
"versionType": "git"
},
{
"lessThan": "cdd96641b64297a2db42676f051362b76280a58b",
"status": "affected",
"version": "cf9f0f7c4c5bb45e7bb270e48bab6f7837825a64",
"versionType": "git"
},
{
"lessThan": "b0f269ba6fefe9e3cb9feedcf78fcd0b633800c0",
"status": "affected",
"version": "cf9f0f7c4c5bb45e7bb270e48bab6f7837825a64",
"versionType": "git"
},
{
"lessThan": "e39bb9e02b68942f8e9359d2a3efe7d37ae6be0e",
"status": "affected",
"version": "cf9f0f7c4c5bb45e7bb270e48bab6f7837825a64",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/ring_buffer.h",
"kernel/trace/ring_buffer.c",
"kernel/trace/trace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.10"
},
{
"lessThan": "6.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.77",
"versionStartIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.17",
"versionStartIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.7",
"versionStartIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix WARN_ON in tracing_buffers_mmap_close\n\nWhen a process forks, the child process copies the parent\u0027s VMAs but the\nuser_mapped reference count is not incremented. As a result, when both the\nparent and child processes exit, tracing_buffers_mmap_close() is called\ntwice. On the second call, user_mapped is already 0, causing the function to\nreturn -ENODEV and triggering a WARN_ON.\n\nNormally, this isn\u0027t an issue as the memory is mapped with VM_DONTCOPY set.\nBut this is only a hint, and the application can call\nmadvise(MADVISE_DOFORK) which resets the VM_DONTCOPY flag. When the\napplication does that, it can trigger this issue on fork.\n\nFix it by incrementing the user_mapped reference count without re-mapping\nthe pages in the VMA\u0027s open callback."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T22:05:45.422Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/91f3e8d84c89918769e71393f839c9fefadc2580"
},
{
"url": "https://git.kernel.org/stable/c/cdd96641b64297a2db42676f051362b76280a58b"
},
{
"url": "https://git.kernel.org/stable/c/b0f269ba6fefe9e3cb9feedcf78fcd0b633800c0"
},
{
"url": "https://git.kernel.org/stable/c/e39bb9e02b68942f8e9359d2a3efe7d37ae6be0e"
}
],
"title": "tracing: Fix WARN_ON in tracing_buffers_mmap_close",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23380",
"datePublished": "2026-03-25T10:27:59.682Z",
"dateReserved": "2026-01-13T15:37:46.007Z",
"dateUpdated": "2026-05-11T22:05:45.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23437 (GCVE-0-2026-23437)
Vulnerability from cvelistv5 – Published: 2026-04-03 15:15 – Updated: 2026-05-11 22:06
VLAI
EPSS
Title
net: shaper: protect late read accesses to the hierarchy
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: shaper: protect late read accesses to the hierarchy
We look up a netdev during prep of Netlink ops (pre- callbacks)
and take a ref to it. Then later in the body of the callback
we take its lock or RCU which are the actual protections.
This is not proper, a conversion from a ref to a locked netdev
must include a liveness check (a check if the netdev hasn't been
unregistered already). Fix the read cases (those under RCU).
Writes needs a separate change to protect from creating the
hierarchy after flush has already run.
Severity
7.8 (High)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
4b623f9f0f59652ea71fcb27d60b4c3b65126dbb , < 581eee0890a8bde44f1fb78ad3e70502a897d583
(git)
Affected: 4b623f9f0f59652ea71fcb27d60b4c3b65126dbb , < 348758ba74e6a348299965b16a97cfb817545cc0 (git) Affected: 4b623f9f0f59652ea71fcb27d60b4c3b65126dbb , < 0f9ea7141f365b4f27226898e62220fb98ef8dc6 (git) |
|
| Linux | Linux |
Affected:
6.13
Unaffected: 0 , < 6.13 (semver) Unaffected: 6.18.20 , ≤ 6.18.* (semver) Unaffected: 6.19.10 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/shaper/shaper.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "581eee0890a8bde44f1fb78ad3e70502a897d583",
"status": "affected",
"version": "4b623f9f0f59652ea71fcb27d60b4c3b65126dbb",
"versionType": "git"
},
{
"lessThan": "348758ba74e6a348299965b16a97cfb817545cc0",
"status": "affected",
"version": "4b623f9f0f59652ea71fcb27d60b4c3b65126dbb",
"versionType": "git"
},
{
"lessThan": "0f9ea7141f365b4f27226898e62220fb98ef8dc6",
"status": "affected",
"version": "4b623f9f0f59652ea71fcb27d60b4c3b65126dbb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/shaper/shaper.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.13"
},
{
"lessThan": "6.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.20",
"versionStartIncluding": "6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.10",
"versionStartIncluding": "6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "6.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: shaper: protect late read accesses to the hierarchy\n\nWe look up a netdev during prep of Netlink ops (pre- callbacks)\nand take a ref to it. Then later in the body of the callback\nwe take its lock or RCU which are the actual protections.\n\nThis is not proper, a conversion from a ref to a locked netdev\nmust include a liveness check (a check if the netdev hasn\u0027t been\nunregistered already). Fix the read cases (those under RCU).\nWrites needs a separate change to protect from creating the\nhierarchy after flush has already run."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T22:06:53.453Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/581eee0890a8bde44f1fb78ad3e70502a897d583"
},
{
"url": "https://git.kernel.org/stable/c/348758ba74e6a348299965b16a97cfb817545cc0"
},
{
"url": "https://git.kernel.org/stable/c/0f9ea7141f365b4f27226898e62220fb98ef8dc6"
}
],
"title": "net: shaper: protect late read accesses to the hierarchy",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23437",
"datePublished": "2026-04-03T15:15:22.048Z",
"dateReserved": "2026-01-13T15:37:46.017Z",
"dateUpdated": "2026-05-11T22:06:53.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23444 (GCVE-0-2026-23444)
Vulnerability from cvelistv5 – Published: 2026-04-03 15:15 – Updated: 2026-06-01 16:11
VLAI
EPSS
Title
wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure
ieee80211_tx_prepare_skb() has three error paths, but only two of them
free the skb. The first error path (ieee80211_tx_prepare() returning
TX_DROP) does not free it, while invoke_tx_handlers() failure and the
fragmentation check both do.
Add kfree_skb() to the first error path so all three are consistent,
and remove the now-redundant frees in callers (ath9k, mt76,
mac80211_hwsim) to avoid double-free.
Document the skb ownership guarantee in the function's kdoc.
Severity
7.8 (High)
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/905ef207d5ed99ca6… | |
| https://git.kernel.org/stable/c/5ef8ca1c164786da2… | |
| https://git.kernel.org/stable/c/9a779d1f480e83720… | |
| https://git.kernel.org/stable/c/f77b51bcee7be2bb6… | |
| https://git.kernel.org/stable/c/3b4d27acafaeab478… | |
| https://git.kernel.org/stable/c/06e769dddcbeb3baf… | |
| https://git.kernel.org/stable/c/50f1b690b4868923f… | |
| https://git.kernel.org/stable/c/d5ad6ab61cbd89afd… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
06be6b149f7e406bcf16098567f5a6c9f042bced , < 905ef207d5ed99ca64adfe39fba9ac46e434327a
(git)
Affected: 06be6b149f7e406bcf16098567f5a6c9f042bced , < 5ef8ca1c164786da24169af155c1ca1ff1353cf8 (git) Affected: 06be6b149f7e406bcf16098567f5a6c9f042bced , < 9a779d1f480e83720b5384adf165604e7ee226bd (git) Affected: 06be6b149f7e406bcf16098567f5a6c9f042bced , < f77b51bcee7be2bb686b5f7a2d4a1921e4bdb9f4 (git) Affected: 06be6b149f7e406bcf16098567f5a6c9f042bced , < 3b4d27acafaeab478fd24f79ad6e593a892828b9 (git) Affected: 06be6b149f7e406bcf16098567f5a6c9f042bced , < 06e769dddcbeb3baf2ce346273b53dd61fdbecf4 (git) Affected: 06be6b149f7e406bcf16098567f5a6c9f042bced , < 50f1b690b4868923fbd242298def2fb88662f108 (git) Affected: 06be6b149f7e406bcf16098567f5a6c9f042bced , < d5ad6ab61cbd89afdb60881f6274f74328af3ee9 (git) |
|
| Linux | Linux |
Affected:
3.13
Unaffected: 0 , < 3.13 (semver) Unaffected: 5.10.258 , ≤ 5.10.* (semver) Unaffected: 5.15.209 , ≤ 5.15.* (semver) Unaffected: 6.1.175 , ≤ 6.1.* (semver) Unaffected: 6.6.136 , ≤ 6.6.* (semver) Unaffected: 6.12.84 , ≤ 6.12.* (semver) Unaffected: 6.18.20 , ≤ 6.18.* (semver) Unaffected: 6.19.10 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath9k/channel.c",
"drivers/net/wireless/mediatek/mt76/scan.c",
"drivers/net/wireless/virtual/mac80211_hwsim.c",
"include/net/mac80211.h",
"net/mac80211/tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "905ef207d5ed99ca64adfe39fba9ac46e434327a",
"status": "affected",
"version": "06be6b149f7e406bcf16098567f5a6c9f042bced",
"versionType": "git"
},
{
"lessThan": "5ef8ca1c164786da24169af155c1ca1ff1353cf8",
"status": "affected",
"version": "06be6b149f7e406bcf16098567f5a6c9f042bced",
"versionType": "git"
},
{
"lessThan": "9a779d1f480e83720b5384adf165604e7ee226bd",
"status": "affected",
"version": "06be6b149f7e406bcf16098567f5a6c9f042bced",
"versionType": "git"
},
{
"lessThan": "f77b51bcee7be2bb686b5f7a2d4a1921e4bdb9f4",
"status": "affected",
"version": "06be6b149f7e406bcf16098567f5a6c9f042bced",
"versionType": "git"
},
{
"lessThan": "3b4d27acafaeab478fd24f79ad6e593a892828b9",
"status": "affected",
"version": "06be6b149f7e406bcf16098567f5a6c9f042bced",
"versionType": "git"
},
{
"lessThan": "06e769dddcbeb3baf2ce346273b53dd61fdbecf4",
"status": "affected",
"version": "06be6b149f7e406bcf16098567f5a6c9f042bced",
"versionType": "git"
},
{
"lessThan": "50f1b690b4868923fbd242298def2fb88662f108",
"status": "affected",
"version": "06be6b149f7e406bcf16098567f5a6c9f042bced",
"versionType": "git"
},
{
"lessThan": "d5ad6ab61cbd89afdb60881f6274f74328af3ee9",
"status": "affected",
"version": "06be6b149f7e406bcf16098567f5a6c9f042bced",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath9k/channel.c",
"drivers/net/wireless/mediatek/mt76/scan.c",
"drivers/net/wireless/virtual/mac80211_hwsim.c",
"include/net/mac80211.h",
"net/mac80211/tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.13"
},
{
"lessThan": "3.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.258",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.175",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.136",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.258",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.209",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.175",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.136",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.84",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.20",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.10",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "3.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure\n\nieee80211_tx_prepare_skb() has three error paths, but only two of them\nfree the skb. The first error path (ieee80211_tx_prepare() returning\nTX_DROP) does not free it, while invoke_tx_handlers() failure and the\nfragmentation check both do.\n\nAdd kfree_skb() to the first error path so all three are consistent,\nand remove the now-redundant frees in callers (ath9k, mt76,\nmac80211_hwsim) to avoid double-free.\n\nDocument the skb ownership guarantee in the function\u0027s kdoc."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T16:11:13.915Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/905ef207d5ed99ca64adfe39fba9ac46e434327a"
},
{
"url": "https://git.kernel.org/stable/c/5ef8ca1c164786da24169af155c1ca1ff1353cf8"
},
{
"url": "https://git.kernel.org/stable/c/9a779d1f480e83720b5384adf165604e7ee226bd"
},
{
"url": "https://git.kernel.org/stable/c/f77b51bcee7be2bb686b5f7a2d4a1921e4bdb9f4"
},
{
"url": "https://git.kernel.org/stable/c/3b4d27acafaeab478fd24f79ad6e593a892828b9"
},
{
"url": "https://git.kernel.org/stable/c/06e769dddcbeb3baf2ce346273b53dd61fdbecf4"
},
{
"url": "https://git.kernel.org/stable/c/50f1b690b4868923fbd242298def2fb88662f108"
},
{
"url": "https://git.kernel.org/stable/c/d5ad6ab61cbd89afdb60881f6274f74328af3ee9"
}
],
"title": "wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23444",
"datePublished": "2026-04-03T15:15:28.464Z",
"dateReserved": "2026-01-13T15:37:46.019Z",
"dateUpdated": "2026-06-01T16:11:13.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…