Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2026-0280
Vulnerability from csaf_certbund - Published: 2026-02-01 23:00 - Updated: 2026-03-30 22:00Summary
Linux Kernel: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff: Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um nicht näher spezifizierte Angriffe durchzuführen, die möglicherweise zu einer Denial-of-Service- Bedingung führen oder eine Speicherbeschädigung verursachen können.
Betroffene Betriebssysteme: - Linux
References
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren, die m\u00f6glicherweise zu einer Denial-of-Service- Bedingung f\u00fchren oder eine Speicherbesch\u00e4digung verursachen k\u00f6nnen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0280 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0280.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0280 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0280"
},
{
"category": "external",
"summary": "Kernel CVE Announce Mailingliste",
"url": "https://lore.kernel.org/linux-cve-announce/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71180",
"url": "https://lore.kernel.org/linux-cve-announce/2026013131-CVE-2025-71180-538e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71181",
"url": "https://lore.kernel.org/linux-cve-announce/2026013134-CVE-2025-71181-7481@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71182",
"url": "https://lore.kernel.org/linux-cve-announce/2026013134-CVE-2025-71182-54d0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71183",
"url": "https://lore.kernel.org/linux-cve-announce/2026013134-CVE-2025-71183-8bb4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71184",
"url": "https://lore.kernel.org/linux-cve-announce/2026013134-CVE-2025-71184-e27f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71185",
"url": "https://lore.kernel.org/linux-cve-announce/2026013117-CVE-2025-71185-231c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71186",
"url": "https://lore.kernel.org/linux-cve-announce/2026013118-CVE-2025-71186-48f2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71187",
"url": "https://lore.kernel.org/linux-cve-announce/2026013118-CVE-2025-71187-b0b2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71188",
"url": "https://lore.kernel.org/linux-cve-announce/2026013118-CVE-2025-71188-ba60@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71189",
"url": "https://lore.kernel.org/linux-cve-announce/2026013118-CVE-2025-71189-9b0f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71190",
"url": "https://lore.kernel.org/linux-cve-announce/2026013119-CVE-2025-71190-43b2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71191",
"url": "https://lore.kernel.org/linux-cve-announce/2026013119-CVE-2025-71191-f26d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23015",
"url": "https://lore.kernel.org/linux-cve-announce/2026013135-CVE-2026-23015-8d01@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23016",
"url": "https://lore.kernel.org/linux-cve-announce/2026013135-CVE-2026-23016-5869@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23017",
"url": "https://lore.kernel.org/linux-cve-announce/2026013135-CVE-2026-23017-f256@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23018",
"url": "https://lore.kernel.org/linux-cve-announce/2026013135-CVE-2026-23018-642e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23019",
"url": "https://lore.kernel.org/linux-cve-announce/2026013135-CVE-2026-23019-dce2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23020",
"url": "https://lore.kernel.org/linux-cve-announce/2026013136-CVE-2026-23020-07c3@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23021",
"url": "https://lore.kernel.org/linux-cve-announce/2026013136-CVE-2026-23021-8fc2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23022",
"url": "https://lore.kernel.org/linux-cve-announce/2026013136-CVE-2026-23022-fe24@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23023",
"url": "https://lore.kernel.org/linux-cve-announce/2026013136-CVE-2026-23023-0601@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23024",
"url": "https://lore.kernel.org/linux-cve-announce/2026013137-CVE-2026-23024-5861@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23025",
"url": "https://lore.kernel.org/linux-cve-announce/2026013119-CVE-2026-23025-ab02@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23026",
"url": "https://lore.kernel.org/linux-cve-announce/2026013119-CVE-2026-23026-5ca7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23027",
"url": "https://lore.kernel.org/linux-cve-announce/2026013119-CVE-2026-23027-119a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23028",
"url": "https://lore.kernel.org/linux-cve-announce/2026013120-CVE-2026-23028-4942@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23029",
"url": "https://lore.kernel.org/linux-cve-announce/2026013120-CVE-2026-23029-88a9@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23030",
"url": "https://lore.kernel.org/linux-cve-announce/2026013120-CVE-2026-23030-9cb8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23031",
"url": "https://lore.kernel.org/linux-cve-announce/2026013120-CVE-2026-23031-9e82@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23032",
"url": "https://lore.kernel.org/linux-cve-announce/2026013121-CVE-2026-23032-643a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23033",
"url": "https://lore.kernel.org/linux-cve-announce/2026013121-CVE-2026-23033-c543@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23034",
"url": "https://lore.kernel.org/linux-cve-announce/2026013121-CVE-2026-23034-9a60@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23035",
"url": "https://lore.kernel.org/linux-cve-announce/2026013121-CVE-2026-23035-0b86@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23036",
"url": "https://lore.kernel.org/linux-cve-announce/2026013121-CVE-2026-23036-17dd@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23037",
"url": "https://lore.kernel.org/linux-cve-announce/2026013122-CVE-2026-23037-6cae@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23038",
"url": "https://lore.kernel.org/linux-cve-announce/2026013122-CVE-2026-23038-2453@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23039",
"url": "https://lore.kernel.org/linux-cve-announce/2026013122-CVE-2026-23039-be18@gregkh/"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6126 vom 2026-02-09",
"url": "https://lists.debian.org/debian-security-announce/2026/msg00035.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6127 vom 2026-02-10",
"url": "https://lists.debian.org/debian-security-announce/2026/msg00036.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4475 vom 2026-02-11",
"url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00016.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4476 vom 2026-02-11",
"url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00017.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.10-2026-113 vom 2026-02-19",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.10-2026-113.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50145 vom 2026-03-12",
"url": "https://linux.oracle.com/errata/ELSA-2026-50145.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50144 vom 2026-03-11",
"url": "https://linux.oracle.com/errata/ELSA-2026-50144.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8096-2 vom 2026-03-17",
"url": "https://ubuntu.com/security/notices/USN-8096-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8096-1 vom 2026-03-17",
"url": "https://ubuntu.com/security/notices/USN-8096-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8096-3 vom 2026-03-17",
"url": "https://ubuntu.com/security/notices/USN-8096-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8096-4 vom 2026-03-17",
"url": "https://ubuntu.com/security/notices/USN-8096-4"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20667-1 vom 2026-03-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024746.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20711-1 vom 2026-03-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024715.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20720-1 vom 2026-03-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024766.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.15-2026-099 vom 2026-03-19",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.15-2026-099.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20713-1 vom 2026-03-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024771.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.10-2026-114 vom 2026-03-19",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.10-2026-114.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8096-5 vom 2026-03-23",
"url": "https://ubuntu.com/security/notices/USN-8096-5"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0962-1 vom 2026-03-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024803.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8116-1 vom 2026-03-23",
"url": "https://ubuntu.com/security/notices/USN-8116-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20819-1 vom 2026-03-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024871.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20772-1 vom 2026-03-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024862.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20794-1 vom 2026-03-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024895.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1081-1 vom 2026-03-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024953.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1078-1 vom 2026-03-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024954.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20845-1 vom 2026-03-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024994.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20873-1 vom 2026-03-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024968.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20872-1 vom 2026-03-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024969.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20838-1 vom 2026-03-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024999.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20876-1 vom 2026-03-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025054.html"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-30T22:00:00.000+00:00",
"generator": {
"date": "2026-03-31T08:19:13.590+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0280",
"initial_release_date": "2026-02-01T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-02-01T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-02-09T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2026-02-11T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2026-02-18T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2026-03-11T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-03-16T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2026-03-17T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2026-03-18T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-03-19T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE und Amazon aufgenommen"
},
{
"date": "2026-03-23T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Ubuntu und SUSE aufgenommen"
},
{
"date": "2026-03-24T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-03-26T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-03-29T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-03-30T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "14"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T028462",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:unspecified"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-71180",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2025-71180"
},
{
"cve": "CVE-2025-71181",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2025-71181"
},
{
"cve": "CVE-2025-71182",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2025-71182"
},
{
"cve": "CVE-2025-71183",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2025-71183"
},
{
"cve": "CVE-2025-71184",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2025-71184"
},
{
"cve": "CVE-2025-71185",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2025-71185"
},
{
"cve": "CVE-2025-71186",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2025-71186"
},
{
"cve": "CVE-2025-71187",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2025-71187"
},
{
"cve": "CVE-2025-71188",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2025-71188"
},
{
"cve": "CVE-2025-71189",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2025-71189"
},
{
"cve": "CVE-2025-71190",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2025-71190"
},
{
"cve": "CVE-2025-71191",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2025-71191"
},
{
"cve": "CVE-2026-23015",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2026-23015"
},
{
"cve": "CVE-2026-23016",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2026-23016"
},
{
"cve": "CVE-2026-23017",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2026-23017"
},
{
"cve": "CVE-2026-23018",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2026-23018"
},
{
"cve": "CVE-2026-23019",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2026-23019"
},
{
"cve": "CVE-2026-23020",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2026-23020"
},
{
"cve": "CVE-2026-23021",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2026-23021"
},
{
"cve": "CVE-2026-23022",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2026-23022"
},
{
"cve": "CVE-2026-23023",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2026-23023"
},
{
"cve": "CVE-2026-23024",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2026-23024"
},
{
"cve": "CVE-2026-23025",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2026-23025"
},
{
"cve": "CVE-2026-23026",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2026-23026"
},
{
"cve": "CVE-2026-23027",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2026-23027"
},
{
"cve": "CVE-2026-23028",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2026-23028"
},
{
"cve": "CVE-2026-23029",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2026-23029"
},
{
"cve": "CVE-2026-23030",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2026-23030"
},
{
"cve": "CVE-2026-23031",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2026-23031"
},
{
"cve": "CVE-2026-23032",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2026-23032"
},
{
"cve": "CVE-2026-23033",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2026-23033"
},
{
"cve": "CVE-2026-23034",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2026-23034"
},
{
"cve": "CVE-2026-23035",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2026-23035"
},
{
"cve": "CVE-2026-23036",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2026-23036"
},
{
"cve": "CVE-2026-23037",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2026-23037"
},
{
"cve": "CVE-2026-23038",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2026-23038"
},
{
"cve": "CVE-2026-23039",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"T000126",
"398363",
"T004914"
]
},
"release_date": "2026-02-01T23:00:00.000+00:00",
"title": "CVE-2026-23039"
}
]
}
CVE-2026-23025 (GCVE-0-2026-23025)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:42 – Updated: 2026-02-09 08:37
VLAI?
EPSS
Title
mm/page_alloc: prevent pcp corruption with SMP=n
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm/page_alloc: prevent pcp corruption with SMP=n
The kernel test robot has reported:
BUG: spinlock trylock failure on UP on CPU#0, kcompactd0/28
lock: 0xffff888807e35ef0, .magic: dead4ead, .owner: kcompactd0/28, .owner_cpu: 0
CPU: 0 UID: 0 PID: 28 Comm: kcompactd0 Not tainted 6.18.0-rc5-00127-ga06157804399 #1 PREEMPT 8cc09ef94dcec767faa911515ce9e609c45db470
Call Trace:
<IRQ>
__dump_stack (lib/dump_stack.c:95)
dump_stack_lvl (lib/dump_stack.c:123)
dump_stack (lib/dump_stack.c:130)
spin_dump (kernel/locking/spinlock_debug.c:71)
do_raw_spin_trylock (kernel/locking/spinlock_debug.c:?)
_raw_spin_trylock (include/linux/spinlock_api_smp.h:89 kernel/locking/spinlock.c:138)
__free_frozen_pages (mm/page_alloc.c:2973)
___free_pages (mm/page_alloc.c:5295)
__free_pages (mm/page_alloc.c:5334)
tlb_remove_table_rcu (include/linux/mm.h:? include/linux/mm.h:3122 include/asm-generic/tlb.h:220 mm/mmu_gather.c:227 mm/mmu_gather.c:290)
? __cfi_tlb_remove_table_rcu (mm/mmu_gather.c:289)
? rcu_core (kernel/rcu/tree.c:?)
rcu_core (include/linux/rcupdate.h:341 kernel/rcu/tree.c:2607 kernel/rcu/tree.c:2861)
rcu_core_si (kernel/rcu/tree.c:2879)
handle_softirqs (arch/x86/include/asm/jump_label.h:36 include/trace/events/irq.h:142 kernel/softirq.c:623)
__irq_exit_rcu (arch/x86/include/asm/jump_label.h:36 kernel/softirq.c:725)
irq_exit_rcu (kernel/softirq.c:741)
sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1052)
</IRQ>
<TASK>
RIP: 0010:_raw_spin_unlock_irqrestore (arch/x86/include/asm/preempt.h:95 include/linux/spinlock_api_smp.h:152 kernel/locking/spinlock.c:194)
free_pcppages_bulk (mm/page_alloc.c:1494)
drain_pages_zone (include/linux/spinlock.h:391 mm/page_alloc.c:2632)
__drain_all_pages (mm/page_alloc.c:2731)
drain_all_pages (mm/page_alloc.c:2747)
kcompactd (mm/compaction.c:3115)
kthread (kernel/kthread.c:465)
? __cfi_kcompactd (mm/compaction.c:3166)
? __cfi_kthread (kernel/kthread.c:412)
ret_from_fork (arch/x86/kernel/process.c:164)
? __cfi_kthread (kernel/kthread.c:412)
ret_from_fork_asm (arch/x86/entry/entry_64.S:255)
</TASK>
Matthew has analyzed the report and identified that in drain_page_zone()
we are in a section protected by spin_lock(&pcp->lock) and then get an
interrupt that attempts spin_trylock() on the same lock. The code is
designed to work this way without disabling IRQs and occasionally fail the
trylock with a fallback. However, the SMP=n spinlock implementation
assumes spin_trylock() will always succeed, and thus it's normally a
no-op. Here the enabled lock debugging catches the problem, but otherwise
it could cause a corruption of the pcp structure.
The problem has been introduced by commit 574907741599 ("mm/page_alloc:
leave IRQs enabled for per-cpu page allocations"). The pcp locking scheme
recognizes the need for disabling IRQs to prevent nesting spin_trylock()
sections on SMP=n, but the need to prevent the nesting in spin_lock() has
not been recognized. Fix it by introducing local wrappers that change the
spin_lock() to spin_lock_iqsave() with SMP=n and use them in all places
that do spin_lock(&pcp->lock).
[vbabka@suse.cz: add pcp_ prefix to the spin_lock_irqsave wrappers, per Steven]
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
d1da921452b3ee7e07383c12955ab1c6f3b08752 , < 68688fc4eab007834b4c2d740214423ba2a335a8
(git)
Affected: 5749077415994eb02d660b2559b9d8278521e73d , < 4a04ff9cd816e7346fcc8126f00ed80481f6569d (git) Affected: 5749077415994eb02d660b2559b9d8278521e73d , < df63d31e9ae02e2f6cd96147779e4ed7cd0e75f6 (git) Affected: 5749077415994eb02d660b2559b9d8278521e73d , < 3098f8f7c7b0686c74827aec42a2c45e69801ff8 (git) Affected: 5749077415994eb02d660b2559b9d8278521e73d , < 038a102535eb49e10e93eafac54352fcc5d78847 (git) |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"mm/page_alloc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "68688fc4eab007834b4c2d740214423ba2a335a8",
"status": "affected",
"version": "d1da921452b3ee7e07383c12955ab1c6f3b08752",
"versionType": "git"
},
{
"lessThan": "4a04ff9cd816e7346fcc8126f00ed80481f6569d",
"status": "affected",
"version": "5749077415994eb02d660b2559b9d8278521e73d",
"versionType": "git"
},
{
"lessThan": "df63d31e9ae02e2f6cd96147779e4ed7cd0e75f6",
"status": "affected",
"version": "5749077415994eb02d660b2559b9d8278521e73d",
"versionType": "git"
},
{
"lessThan": "3098f8f7c7b0686c74827aec42a2c45e69801ff8",
"status": "affected",
"version": "5749077415994eb02d660b2559b9d8278521e73d",
"versionType": "git"
},
{
"lessThan": "038a102535eb49e10e93eafac54352fcc5d78847",
"status": "affected",
"version": "5749077415994eb02d660b2559b9d8278521e73d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"mm/page_alloc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.67",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.162",
"versionStartIncluding": "6.1.57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.67",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.7",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_alloc: prevent pcp corruption with SMP=n\n\nThe kernel test robot has reported:\n\n BUG: spinlock trylock failure on UP on CPU#0, kcompactd0/28\n lock: 0xffff888807e35ef0, .magic: dead4ead, .owner: kcompactd0/28, .owner_cpu: 0\n CPU: 0 UID: 0 PID: 28 Comm: kcompactd0 Not tainted 6.18.0-rc5-00127-ga06157804399 #1 PREEMPT 8cc09ef94dcec767faa911515ce9e609c45db470\n Call Trace:\n \u003cIRQ\u003e\n __dump_stack (lib/dump_stack.c:95)\n dump_stack_lvl (lib/dump_stack.c:123)\n dump_stack (lib/dump_stack.c:130)\n spin_dump (kernel/locking/spinlock_debug.c:71)\n do_raw_spin_trylock (kernel/locking/spinlock_debug.c:?)\n _raw_spin_trylock (include/linux/spinlock_api_smp.h:89 kernel/locking/spinlock.c:138)\n __free_frozen_pages (mm/page_alloc.c:2973)\n ___free_pages (mm/page_alloc.c:5295)\n __free_pages (mm/page_alloc.c:5334)\n tlb_remove_table_rcu (include/linux/mm.h:? include/linux/mm.h:3122 include/asm-generic/tlb.h:220 mm/mmu_gather.c:227 mm/mmu_gather.c:290)\n ? __cfi_tlb_remove_table_rcu (mm/mmu_gather.c:289)\n ? rcu_core (kernel/rcu/tree.c:?)\n rcu_core (include/linux/rcupdate.h:341 kernel/rcu/tree.c:2607 kernel/rcu/tree.c:2861)\n rcu_core_si (kernel/rcu/tree.c:2879)\n handle_softirqs (arch/x86/include/asm/jump_label.h:36 include/trace/events/irq.h:142 kernel/softirq.c:623)\n __irq_exit_rcu (arch/x86/include/asm/jump_label.h:36 kernel/softirq.c:725)\n irq_exit_rcu (kernel/softirq.c:741)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1052)\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n RIP: 0010:_raw_spin_unlock_irqrestore (arch/x86/include/asm/preempt.h:95 include/linux/spinlock_api_smp.h:152 kernel/locking/spinlock.c:194)\n free_pcppages_bulk (mm/page_alloc.c:1494)\n drain_pages_zone (include/linux/spinlock.h:391 mm/page_alloc.c:2632)\n __drain_all_pages (mm/page_alloc.c:2731)\n drain_all_pages (mm/page_alloc.c:2747)\n kcompactd (mm/compaction.c:3115)\n kthread (kernel/kthread.c:465)\n ? __cfi_kcompactd (mm/compaction.c:3166)\n ? __cfi_kthread (kernel/kthread.c:412)\n ret_from_fork (arch/x86/kernel/process.c:164)\n ? __cfi_kthread (kernel/kthread.c:412)\n ret_from_fork_asm (arch/x86/entry/entry_64.S:255)\n \u003c/TASK\u003e\n\nMatthew has analyzed the report and identified that in drain_page_zone()\nwe are in a section protected by spin_lock(\u0026pcp-\u003elock) and then get an\ninterrupt that attempts spin_trylock() on the same lock. The code is\ndesigned to work this way without disabling IRQs and occasionally fail the\ntrylock with a fallback. However, the SMP=n spinlock implementation\nassumes spin_trylock() will always succeed, and thus it\u0027s normally a\nno-op. Here the enabled lock debugging catches the problem, but otherwise\nit could cause a corruption of the pcp structure.\n\nThe problem has been introduced by commit 574907741599 (\"mm/page_alloc:\nleave IRQs enabled for per-cpu page allocations\"). The pcp locking scheme\nrecognizes the need for disabling IRQs to prevent nesting spin_trylock()\nsections on SMP=n, but the need to prevent the nesting in spin_lock() has\nnot been recognized. Fix it by introducing local wrappers that change the\nspin_lock() to spin_lock_iqsave() with SMP=n and use them in all places\nthat do spin_lock(\u0026pcp-\u003elock).\n\n[vbabka@suse.cz: add pcp_ prefix to the spin_lock_irqsave wrappers, per Steven]"
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:37:19.230Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/68688fc4eab007834b4c2d740214423ba2a335a8"
},
{
"url": "https://git.kernel.org/stable/c/4a04ff9cd816e7346fcc8126f00ed80481f6569d"
},
{
"url": "https://git.kernel.org/stable/c/df63d31e9ae02e2f6cd96147779e4ed7cd0e75f6"
},
{
"url": "https://git.kernel.org/stable/c/3098f8f7c7b0686c74827aec42a2c45e69801ff8"
},
{
"url": "https://git.kernel.org/stable/c/038a102535eb49e10e93eafac54352fcc5d78847"
}
],
"title": "mm/page_alloc: prevent pcp corruption with SMP=n",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23025",
"datePublished": "2026-01-31T11:42:04.426Z",
"dateReserved": "2026-01-13T15:37:45.941Z",
"dateUpdated": "2026-02-09T08:37:19.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23035 (GCVE-0-2026-23035)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:42 – Updated: 2026-02-09 08:37
VLAI?
EPSS
Title
net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv
mlx5e_priv is an unstable structure that can be memset(0) if profile
attaching fails.
Pass netdev to mlx5e_destroy_netdev() to guarantee it will work on a
valid netdev.
On mlx5e_remove: Check validity of priv->profile, before attempting
to cleanup any resources that might be not there.
This fixes a kernel oops in mlx5e_remove when switchdev mode fails due
to change profile failure.
$ devlink dev eswitch set pci/0000:00:03.0 mode switchdev
Error: mlx5_core: Failed setting eswitch to offloads.
dmesg:
workqueue: Failed to create a rescuer kthread for wq "mlx5e": -EINTR
mlx5_core 0012:03:00.1: mlx5e_netdev_init_profile:6214:(pid 37199): mlx5e_priv_init failed, err=-12
mlx5_core 0012:03:00.1 gpu3rdma1: mlx5e_netdev_change_profile: new profile init failed, -12
workqueue: Failed to create a rescuer kthread for wq "mlx5e": -EINTR
mlx5_core 0012:03:00.1: mlx5e_netdev_init_profile:6214:(pid 37199): mlx5e_priv_init failed, err=-12
mlx5_core 0012:03:00.1 gpu3rdma1: mlx5e_netdev_change_profile: failed to rollback to orig profile, -12
$ devlink dev reload pci/0000:00:03.0 ==> oops
BUG: kernel NULL pointer dereference, address: 0000000000000370
PGD 0 P4D 0
Oops: Oops: 0000 [#1] SMP NOPTI
CPU: 15 UID: 0 PID: 520 Comm: devlink Not tainted 6.18.0-rc5+ #115 PREEMPT(voluntary)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014
RIP: 0010:mlx5e_dcbnl_dscp_app+0x23/0x100
RSP: 0018:ffffc9000083f8b8 EFLAGS: 00010286
RAX: ffff8881126fc380 RBX: ffff8881015ac400 RCX: ffffffff826ffc45
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8881035109c0
RBP: ffff8881035109c0 R08: ffff888101e3e838 R09: ffff888100264e10
R10: ffffc9000083f898 R11: ffffc9000083f8a0 R12: ffff888101b921a0
R13: ffff888101b921a0 R14: ffff8881015ac9a0 R15: ffff8881015ac400
FS: 00007f789a3c8740(0000) GS:ffff88856aa59000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000370 CR3: 000000010b6c0001 CR4: 0000000000370ef0
Call Trace:
<TASK>
mlx5e_remove+0x57/0x110
device_release_driver_internal+0x19c/0x200
bus_remove_device+0xc6/0x130
device_del+0x160/0x3d0
? devl_param_driverinit_value_get+0x2d/0x90
mlx5_detach_device+0x89/0xe0
mlx5_unload_one_devl_locked+0x3a/0x70
mlx5_devlink_reload_down+0xc8/0x220
devlink_reload+0x7d/0x260
devlink_nl_reload_doit+0x45b/0x5a0
genl_family_rcv_msg_doit+0xe8/0x140
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
c4d7eb57687f358cd498ea3624519236af8db97e , < a7625bacaa8c8c2bfcde6dd6d1397bd63ad82b02
(git)
Affected: c4d7eb57687f358cd498ea3624519236af8db97e , < 66a25f6b7c0bfd84e6d27b536f5d24116dbd52da (git) Affected: c4d7eb57687f358cd498ea3624519236af8db97e , < 4ef8512e1427111f7ba92b4a847d181ff0aeec42 (git) |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en.h",
"drivers/net/ethernet/mellanox/mlx5/core/en_main.c",
"drivers/net/ethernet/mellanox/mlx5/core/en_rep.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a7625bacaa8c8c2bfcde6dd6d1397bd63ad82b02",
"status": "affected",
"version": "c4d7eb57687f358cd498ea3624519236af8db97e",
"versionType": "git"
},
{
"lessThan": "66a25f6b7c0bfd84e6d27b536f5d24116dbd52da",
"status": "affected",
"version": "c4d7eb57687f358cd498ea3624519236af8db97e",
"versionType": "git"
},
{
"lessThan": "4ef8512e1427111f7ba92b4a847d181ff0aeec42",
"status": "affected",
"version": "c4d7eb57687f358cd498ea3624519236af8db97e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en.h",
"drivers/net/ethernet/mellanox/mlx5/core/en_main.c",
"drivers/net/ethernet/mellanox/mlx5/core/en_rep.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.67",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.67",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.7",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv\n\nmlx5e_priv is an unstable structure that can be memset(0) if profile\nattaching fails.\n\nPass netdev to mlx5e_destroy_netdev() to guarantee it will work on a\nvalid netdev.\n\nOn mlx5e_remove: Check validity of priv-\u003eprofile, before attempting\nto cleanup any resources that might be not there.\n\nThis fixes a kernel oops in mlx5e_remove when switchdev mode fails due\nto change profile failure.\n\n$ devlink dev eswitch set pci/0000:00:03.0 mode switchdev\nError: mlx5_core: Failed setting eswitch to offloads.\ndmesg:\nworkqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\nmlx5_core 0012:03:00.1: mlx5e_netdev_init_profile:6214:(pid 37199): mlx5e_priv_init failed, err=-12\nmlx5_core 0012:03:00.1 gpu3rdma1: mlx5e_netdev_change_profile: new profile init failed, -12\nworkqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\nmlx5_core 0012:03:00.1: mlx5e_netdev_init_profile:6214:(pid 37199): mlx5e_priv_init failed, err=-12\nmlx5_core 0012:03:00.1 gpu3rdma1: mlx5e_netdev_change_profile: failed to rollback to orig profile, -12\n\n$ devlink dev reload pci/0000:00:03.0 ==\u003e oops\n\nBUG: kernel NULL pointer dereference, address: 0000000000000370\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] SMP NOPTI\nCPU: 15 UID: 0 PID: 520 Comm: devlink Not tainted 6.18.0-rc5+ #115 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nRIP: 0010:mlx5e_dcbnl_dscp_app+0x23/0x100\nRSP: 0018:ffffc9000083f8b8 EFLAGS: 00010286\nRAX: ffff8881126fc380 RBX: ffff8881015ac400 RCX: ffffffff826ffc45\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8881035109c0\nRBP: ffff8881035109c0 R08: ffff888101e3e838 R09: ffff888100264e10\nR10: ffffc9000083f898 R11: ffffc9000083f8a0 R12: ffff888101b921a0\nR13: ffff888101b921a0 R14: ffff8881015ac9a0 R15: ffff8881015ac400\nFS: 00007f789a3c8740(0000) GS:ffff88856aa59000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000370 CR3: 000000010b6c0001 CR4: 0000000000370ef0\nCall Trace:\n \u003cTASK\u003e\n mlx5e_remove+0x57/0x110\n device_release_driver_internal+0x19c/0x200\n bus_remove_device+0xc6/0x130\n device_del+0x160/0x3d0\n ? devl_param_driverinit_value_get+0x2d/0x90\n mlx5_detach_device+0x89/0xe0\n mlx5_unload_one_devl_locked+0x3a/0x70\n mlx5_devlink_reload_down+0xc8/0x220\n devlink_reload+0x7d/0x260\n devlink_nl_reload_doit+0x45b/0x5a0\n genl_family_rcv_msg_doit+0xe8/0x140"
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:37:29.873Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a7625bacaa8c8c2bfcde6dd6d1397bd63ad82b02"
},
{
"url": "https://git.kernel.org/stable/c/66a25f6b7c0bfd84e6d27b536f5d24116dbd52da"
},
{
"url": "https://git.kernel.org/stable/c/4ef8512e1427111f7ba92b4a847d181ff0aeec42"
}
],
"title": "net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23035",
"datePublished": "2026-01-31T11:42:29.960Z",
"dateReserved": "2026-01-13T15:37:45.943Z",
"dateUpdated": "2026-02-09T08:37:29.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23024 (GCVE-0-2026-23024)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:39 – Updated: 2026-02-09 08:37
VLAI?
EPSS
Title
idpf: fix memory leak of flow steer list on rmmod
Summary
In the Linux kernel, the following vulnerability has been resolved:
idpf: fix memory leak of flow steer list on rmmod
The flow steering list maintains entries that are added and removed as
ethtool creates and deletes flow steering rules. Module removal with active
entries causes memory leak as the list is not properly cleaned up.
Prevent this by iterating through the remaining entries in the list and
freeing the associated memory during module removal. Add a spinlock
(flow_steer_list_lock) to protect the list access from multiple threads.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/idpf/idpf.h",
"drivers/net/ethernet/intel/idpf/idpf_ethtool.c",
"drivers/net/ethernet/intel/idpf/idpf_lib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1aedff70a5e97628eaaf17b169774cb6a45a1dc5",
"status": "affected",
"version": "ada3e24b84a097b27a823f1ad98e5b2e8c979689",
"versionType": "git"
},
{
"lessThan": "f9841bd28b600526ca4f6713b0ca49bf7bb98452",
"status": "affected",
"version": "ada3e24b84a097b27a823f1ad98e5b2e8c979689",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/idpf/idpf.h",
"drivers/net/ethernet/intel/idpf/idpf_ethtool.c",
"drivers/net/ethernet/intel/idpf/idpf_lib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.17"
},
{
"lessThan": "6.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.6",
"versionStartIncluding": "6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix memory leak of flow steer list on rmmod\n\nThe flow steering list maintains entries that are added and removed as\nethtool creates and deletes flow steering rules. Module removal with active\nentries causes memory leak as the list is not properly cleaned up.\n\nPrevent this by iterating through the remaining entries in the list and\nfreeing the associated memory during module removal. Add a spinlock\n(flow_steer_list_lock) to protect the list access from multiple threads."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:37:18.088Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1aedff70a5e97628eaaf17b169774cb6a45a1dc5"
},
{
"url": "https://git.kernel.org/stable/c/f9841bd28b600526ca4f6713b0ca49bf7bb98452"
}
],
"title": "idpf: fix memory leak of flow steer list on rmmod",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23024",
"datePublished": "2026-01-31T11:39:07.604Z",
"dateReserved": "2026-01-13T15:37:45.941Z",
"dateUpdated": "2026-02-09T08:37:18.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71191 (GCVE-0-2025-71191)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:42 – Updated: 2026-02-09 08:36
VLAI?
EPSS
Title
dmaengine: at_hdmac: fix device leak on of_dma_xlate()
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: at_hdmac: fix device leak on of_dma_xlate()
Make sure to drop the reference taken when looking up the DMA platform
device during of_dma_xlate() when releasing channel resources.
Note that commit 3832b78b3ec2 ("dmaengine: at_hdmac: add missing
put_device() call in at_dma_xlate()") fixed the leak in a couple of
error paths but the reference is still leaking on successful allocation.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
bbe89c8e3d598129b728d1388c3ad9abe4e8e261 , < 49d964cde422dc66fea514b7ab24aa729df7081d
(git)
Affected: bbe89c8e3d598129b728d1388c3ad9abe4e8e261 , < 4c67b4f45c8540ee4e62e24ca4608c6a9a81ee0f (git) Affected: bbe89c8e3d598129b728d1388c3ad9abe4e8e261 , < 48b2d7f530b83cb149dbf0e48f95ccadb2d90da9 (git) Affected: bbe89c8e3d598129b728d1388c3ad9abe4e8e261 , < 987c71671367f42460689b78244d7b894c50999a (git) Affected: bbe89c8e3d598129b728d1388c3ad9abe4e8e261 , < 6a86cf2c09e149d5718a5b7090545f7566da9334 (git) Affected: bbe89c8e3d598129b728d1388c3ad9abe4e8e261 , < f3c23b7e941349505c3d40de2cc0acd93d9ac057 (git) Affected: bbe89c8e3d598129b728d1388c3ad9abe4e8e261 , < b9074b2d7a230b6e28caa23165e9d8bc0677d333 (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/at_hdmac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "49d964cde422dc66fea514b7ab24aa729df7081d",
"status": "affected",
"version": "bbe89c8e3d598129b728d1388c3ad9abe4e8e261",
"versionType": "git"
},
{
"lessThan": "4c67b4f45c8540ee4e62e24ca4608c6a9a81ee0f",
"status": "affected",
"version": "bbe89c8e3d598129b728d1388c3ad9abe4e8e261",
"versionType": "git"
},
{
"lessThan": "48b2d7f530b83cb149dbf0e48f95ccadb2d90da9",
"status": "affected",
"version": "bbe89c8e3d598129b728d1388c3ad9abe4e8e261",
"versionType": "git"
},
{
"lessThan": "987c71671367f42460689b78244d7b894c50999a",
"status": "affected",
"version": "bbe89c8e3d598129b728d1388c3ad9abe4e8e261",
"versionType": "git"
},
{
"lessThan": "6a86cf2c09e149d5718a5b7090545f7566da9334",
"status": "affected",
"version": "bbe89c8e3d598129b728d1388c3ad9abe4e8e261",
"versionType": "git"
},
{
"lessThan": "f3c23b7e941349505c3d40de2cc0acd93d9ac057",
"status": "affected",
"version": "bbe89c8e3d598129b728d1388c3ad9abe4e8e261",
"versionType": "git"
},
{
"lessThan": "b9074b2d7a230b6e28caa23165e9d8bc0677d333",
"status": "affected",
"version": "bbe89c8e3d598129b728d1388c3ad9abe4e8e261",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/at_hdmac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.10"
},
{
"lessThan": "3.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.67",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.249",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.199",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.162",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.67",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.7",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: at_hdmac: fix device leak on of_dma_xlate()\n\nMake sure to drop the reference taken when looking up the DMA platform\ndevice during of_dma_xlate() when releasing channel resources.\n\nNote that commit 3832b78b3ec2 (\"dmaengine: at_hdmac: add missing\nput_device() call in at_dma_xlate()\") fixed the leak in a couple of\nerror paths but the reference is still leaking on successful allocation."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:36:15.973Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/49d964cde422dc66fea514b7ab24aa729df7081d"
},
{
"url": "https://git.kernel.org/stable/c/4c67b4f45c8540ee4e62e24ca4608c6a9a81ee0f"
},
{
"url": "https://git.kernel.org/stable/c/48b2d7f530b83cb149dbf0e48f95ccadb2d90da9"
},
{
"url": "https://git.kernel.org/stable/c/987c71671367f42460689b78244d7b894c50999a"
},
{
"url": "https://git.kernel.org/stable/c/6a86cf2c09e149d5718a5b7090545f7566da9334"
},
{
"url": "https://git.kernel.org/stable/c/f3c23b7e941349505c3d40de2cc0acd93d9ac057"
},
{
"url": "https://git.kernel.org/stable/c/b9074b2d7a230b6e28caa23165e9d8bc0677d333"
}
],
"title": "dmaengine: at_hdmac: fix device leak on of_dma_xlate()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71191",
"datePublished": "2026-01-31T11:42:03.545Z",
"dateReserved": "2026-01-31T11:36:51.189Z",
"dateUpdated": "2026-02-09T08:36:15.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23021 (GCVE-0-2026-23021)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:39 – Updated: 2026-02-09 08:37
VLAI?
EPSS
Title
net: usb: pegasus: fix memory leak in update_eth_regs_async()
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: usb: pegasus: fix memory leak in update_eth_regs_async()
When asynchronously writing to the device registers and if usb_submit_urb()
fail, the code fail to release allocated to this point resources.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
323b34963d113efb566635f43858f40cce01d5f9 , < 5397ea6d21c35a17707e201a60761bdee00bcc4e
(git)
Affected: 323b34963d113efb566635f43858f40cce01d5f9 , < a40af9a2904a1ab8ce61866ebe2a894ef30754ba (git) Affected: 323b34963d113efb566635f43858f40cce01d5f9 , < ac5d92d2826dec51e5d4c6854865bc5817277452 (git) Affected: 323b34963d113efb566635f43858f40cce01d5f9 , < 93f18eaa190374e0f2d253e3b1a65cee19a7abe6 (git) Affected: 323b34963d113efb566635f43858f40cce01d5f9 , < 471dfb97599eec74e0476046b3ef8e7037f27b34 (git) Affected: 323b34963d113efb566635f43858f40cce01d5f9 , < ce6eef731aba23a988decea1df3b08cf978f7b01 (git) Affected: 323b34963d113efb566635f43858f40cce01d5f9 , < afa27621a28af317523e0836dad430bec551eb54 (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/pegasus.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5397ea6d21c35a17707e201a60761bdee00bcc4e",
"status": "affected",
"version": "323b34963d113efb566635f43858f40cce01d5f9",
"versionType": "git"
},
{
"lessThan": "a40af9a2904a1ab8ce61866ebe2a894ef30754ba",
"status": "affected",
"version": "323b34963d113efb566635f43858f40cce01d5f9",
"versionType": "git"
},
{
"lessThan": "ac5d92d2826dec51e5d4c6854865bc5817277452",
"status": "affected",
"version": "323b34963d113efb566635f43858f40cce01d5f9",
"versionType": "git"
},
{
"lessThan": "93f18eaa190374e0f2d253e3b1a65cee19a7abe6",
"status": "affected",
"version": "323b34963d113efb566635f43858f40cce01d5f9",
"versionType": "git"
},
{
"lessThan": "471dfb97599eec74e0476046b3ef8e7037f27b34",
"status": "affected",
"version": "323b34963d113efb566635f43858f40cce01d5f9",
"versionType": "git"
},
{
"lessThan": "ce6eef731aba23a988decea1df3b08cf978f7b01",
"status": "affected",
"version": "323b34963d113efb566635f43858f40cce01d5f9",
"versionType": "git"
},
{
"lessThan": "afa27621a28af317523e0836dad430bec551eb54",
"status": "affected",
"version": "323b34963d113efb566635f43858f40cce01d5f9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/pegasus.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.10"
},
{
"lessThan": "3.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.248",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.66",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.248",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.198",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.161",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.121",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.66",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.6",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: pegasus: fix memory leak in update_eth_regs_async()\n\nWhen asynchronously writing to the device registers and if usb_submit_urb()\nfail, the code fail to release allocated to this point resources."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:37:14.933Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5397ea6d21c35a17707e201a60761bdee00bcc4e"
},
{
"url": "https://git.kernel.org/stable/c/a40af9a2904a1ab8ce61866ebe2a894ef30754ba"
},
{
"url": "https://git.kernel.org/stable/c/ac5d92d2826dec51e5d4c6854865bc5817277452"
},
{
"url": "https://git.kernel.org/stable/c/93f18eaa190374e0f2d253e3b1a65cee19a7abe6"
},
{
"url": "https://git.kernel.org/stable/c/471dfb97599eec74e0476046b3ef8e7037f27b34"
},
{
"url": "https://git.kernel.org/stable/c/ce6eef731aba23a988decea1df3b08cf978f7b01"
},
{
"url": "https://git.kernel.org/stable/c/afa27621a28af317523e0836dad430bec551eb54"
}
],
"title": "net: usb: pegasus: fix memory leak in update_eth_regs_async()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23021",
"datePublished": "2026-01-31T11:39:05.152Z",
"dateReserved": "2026-01-13T15:37:45.941Z",
"dateUpdated": "2026-02-09T08:37:14.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23023 (GCVE-0-2026-23023)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:39 – Updated: 2026-02-09 08:37
VLAI?
EPSS
Title
idpf: fix memory leak in idpf_vport_rel()
Summary
In the Linux kernel, the following vulnerability has been resolved:
idpf: fix memory leak in idpf_vport_rel()
Free vport->rx_ptype_lkup in idpf_vport_rel() to avoid leaking memory
during a reset. Reported by kmemleak:
unreferenced object 0xff450acac838a000 (size 4096):
comm "kworker/u258:5", pid 7732, jiffies 4296830044
hex dump (first 32 bytes):
00 00 00 00 00 10 00 00 00 10 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 ................
backtrace (crc 3da81902):
__kmalloc_cache_noprof+0x469/0x7a0
idpf_send_get_rx_ptype_msg+0x90/0x570 [idpf]
idpf_init_task+0x1ec/0x8d0 [idpf]
process_one_work+0x226/0x6d0
worker_thread+0x19e/0x340
kthread+0x10f/0x250
ret_from_fork+0x251/0x2b0
ret_from_fork_asm+0x1a/0x30
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
0fe45467a1041ea3657a7fa3a791c84c104fbd34 , < a4212d6732e3f674c6cc7d0b642f276d827e8f94
(git)
Affected: 0fe45467a1041ea3657a7fa3a791c84c104fbd34 , < ec602a2a4071eb956d656ba968c58fee09f0622d (git) Affected: 0fe45467a1041ea3657a7fa3a791c84c104fbd34 , < f6242b354605faff263ca45882b148200915a3f6 (git) |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/idpf/idpf_lib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a4212d6732e3f674c6cc7d0b642f276d827e8f94",
"status": "affected",
"version": "0fe45467a1041ea3657a7fa3a791c84c104fbd34",
"versionType": "git"
},
{
"lessThan": "ec602a2a4071eb956d656ba968c58fee09f0622d",
"status": "affected",
"version": "0fe45467a1041ea3657a7fa3a791c84c104fbd34",
"versionType": "git"
},
{
"lessThan": "f6242b354605faff263ca45882b148200915a3f6",
"status": "affected",
"version": "0fe45467a1041ea3657a7fa3a791c84c104fbd34",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/idpf/idpf_lib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.66",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.66",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.6",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix memory leak in idpf_vport_rel()\n\nFree vport-\u003erx_ptype_lkup in idpf_vport_rel() to avoid leaking memory\nduring a reset. Reported by kmemleak:\n\nunreferenced object 0xff450acac838a000 (size 4096):\n comm \"kworker/u258:5\", pid 7732, jiffies 4296830044\n hex dump (first 32 bytes):\n 00 00 00 00 00 10 00 00 00 10 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 ................\n backtrace (crc 3da81902):\n __kmalloc_cache_noprof+0x469/0x7a0\n idpf_send_get_rx_ptype_msg+0x90/0x570 [idpf]\n idpf_init_task+0x1ec/0x8d0 [idpf]\n process_one_work+0x226/0x6d0\n worker_thread+0x19e/0x340\n kthread+0x10f/0x250\n ret_from_fork+0x251/0x2b0\n ret_from_fork_asm+0x1a/0x30"
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:37:17.049Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a4212d6732e3f674c6cc7d0b642f276d827e8f94"
},
{
"url": "https://git.kernel.org/stable/c/ec602a2a4071eb956d656ba968c58fee09f0622d"
},
{
"url": "https://git.kernel.org/stable/c/f6242b354605faff263ca45882b148200915a3f6"
}
],
"title": "idpf: fix memory leak in idpf_vport_rel()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23023",
"datePublished": "2026-01-31T11:39:06.718Z",
"dateReserved": "2026-01-13T15:37:45.941Z",
"dateUpdated": "2026-02-09T08:37:17.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23027 (GCVE-0-2026-23027)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:42 – Updated: 2026-02-09 08:37
VLAI?
EPSS
Title
LoongArch: KVM: Fix kvm_device leak in kvm_pch_pic_destroy()
Summary
In the Linux kernel, the following vulnerability has been resolved:
LoongArch: KVM: Fix kvm_device leak in kvm_pch_pic_destroy()
In kvm_ioctl_create_device(), kvm_device has allocated memory,
kvm_device->destroy() seems to be supposed to free its kvm_device
struct, but kvm_pch_pic_destroy() is not currently doing this, that
would lead to a memory leak.
So, fix it.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/loongarch/kvm/intc/pch_pic.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fc53a66227af08d868face4b33fa8b2e1ba187ed",
"status": "affected",
"version": "e785dfacf7e7fe94370fa0e8e3ff1bc8fe179831",
"versionType": "git"
},
{
"lessThan": "1cf342a7c3adc5877837b53bbceb5cc9eff60bbf",
"status": "affected",
"version": "e785dfacf7e7fe94370fa0e8e3ff1bc8fe179831",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/loongarch/kvm/intc/pch_pic.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.13"
},
{
"lessThan": "6.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.7",
"versionStartIncluding": "6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: KVM: Fix kvm_device leak in kvm_pch_pic_destroy()\n\nIn kvm_ioctl_create_device(), kvm_device has allocated memory,\nkvm_device-\u003edestroy() seems to be supposed to free its kvm_device\nstruct, but kvm_pch_pic_destroy() is not currently doing this, that\nwould lead to a memory leak.\n\nSo, fix it."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:37:21.456Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fc53a66227af08d868face4b33fa8b2e1ba187ed"
},
{
"url": "https://git.kernel.org/stable/c/1cf342a7c3adc5877837b53bbceb5cc9eff60bbf"
}
],
"title": "LoongArch: KVM: Fix kvm_device leak in kvm_pch_pic_destroy()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23027",
"datePublished": "2026-01-31T11:42:06.183Z",
"dateReserved": "2026-01-13T15:37:45.941Z",
"dateUpdated": "2026-02-09T08:37:21.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23030 (GCVE-0-2026-23030)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:42 – Updated: 2026-02-09 08:37
VLAI?
EPSS
Title
phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe()
Summary
In the Linux kernel, the following vulnerability has been resolved:
phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe()
The for_each_available_child_of_node() calls of_node_put() to
release child_np in each success loop. After breaking from the
loop with the child_np has been released, the code will jump to
the put_child label and will call the of_node_put() again if the
devm_request_threaded_irq() fails. These cause a double free bug.
Fix by returning directly to avoid the duplicate of_node_put().
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
ed2b5a8e6b98d042b323afbe177a5dc618921b31 , < b97b2c9808c9a97e0ce30216fa12096d8b0eaa75
(git)
Affected: ed2b5a8e6b98d042b323afbe177a5dc618921b31 , < ebae26dd15140b840cf65be5e1c0daee949ba70b (git) Affected: ed2b5a8e6b98d042b323afbe177a5dc618921b31 , < 027d42b97e6eb827c3438ebc09bab7efaee9270d (git) Affected: ed2b5a8e6b98d042b323afbe177a5dc618921b31 , < efe92ee7a111fe0f4d75f3ed6b7e3f86322279d5 (git) Affected: ed2b5a8e6b98d042b323afbe177a5dc618921b31 , < e07dea3de508cd6950c937cec42de7603190e1ca (git) |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/phy/rockchip/phy-rockchip-inno-usb2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b97b2c9808c9a97e0ce30216fa12096d8b0eaa75",
"status": "affected",
"version": "ed2b5a8e6b98d042b323afbe177a5dc618921b31",
"versionType": "git"
},
{
"lessThan": "ebae26dd15140b840cf65be5e1c0daee949ba70b",
"status": "affected",
"version": "ed2b5a8e6b98d042b323afbe177a5dc618921b31",
"versionType": "git"
},
{
"lessThan": "027d42b97e6eb827c3438ebc09bab7efaee9270d",
"status": "affected",
"version": "ed2b5a8e6b98d042b323afbe177a5dc618921b31",
"versionType": "git"
},
{
"lessThan": "efe92ee7a111fe0f4d75f3ed6b7e3f86322279d5",
"status": "affected",
"version": "ed2b5a8e6b98d042b323afbe177a5dc618921b31",
"versionType": "git"
},
{
"lessThan": "e07dea3de508cd6950c937cec42de7603190e1ca",
"status": "affected",
"version": "ed2b5a8e6b98d042b323afbe177a5dc618921b31",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/phy/rockchip/phy-rockchip-inno-usb2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.67",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.162",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.67",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.7",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe()\n\nThe for_each_available_child_of_node() calls of_node_put() to\nrelease child_np in each success loop. After breaking from the\nloop with the child_np has been released, the code will jump to\nthe put_child label and will call the of_node_put() again if the\ndevm_request_threaded_irq() fails. These cause a double free bug.\n\nFix by returning directly to avoid the duplicate of_node_put()."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:37:24.591Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b97b2c9808c9a97e0ce30216fa12096d8b0eaa75"
},
{
"url": "https://git.kernel.org/stable/c/ebae26dd15140b840cf65be5e1c0daee949ba70b"
},
{
"url": "https://git.kernel.org/stable/c/027d42b97e6eb827c3438ebc09bab7efaee9270d"
},
{
"url": "https://git.kernel.org/stable/c/efe92ee7a111fe0f4d75f3ed6b7e3f86322279d5"
},
{
"url": "https://git.kernel.org/stable/c/e07dea3de508cd6950c937cec42de7603190e1ca"
}
],
"title": "phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23030",
"datePublished": "2026-01-31T11:42:08.525Z",
"dateReserved": "2026-01-13T15:37:45.942Z",
"dateUpdated": "2026-02-09T08:37:24.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71182 (GCVE-0-2025-71182)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:38 – Updated: 2026-02-09 08:36
VLAI?
EPSS
Title
can: j1939: make j1939_session_activate() fail if device is no longer registered
Summary
In the Linux kernel, the following vulnerability has been resolved:
can: j1939: make j1939_session_activate() fail if device is no longer registered
syzbot is still reporting
unregister_netdevice: waiting for vcan0 to become free. Usage count = 2
even after commit 93a27b5891b8 ("can: j1939: add missing calls in
NETDEV_UNREGISTER notification handler") was added. A debug printk() patch
found that j1939_session_activate() can succeed even after
j1939_cancel_active_session() from j1939_netdev_notify(NETDEV_UNREGISTER)
has completed.
Since j1939_cancel_active_session() is processed with the session list lock
held, checking ndev->reg_state in j1939_session_activate() with the session
list lock held can reliably close the race window.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
9d71dd0c70099914fcd063135da3c580865e924c , < ebb0dfd718dd31c8d3600612ca4b7207ec3d923a
(git)
Affected: 9d71dd0c70099914fcd063135da3c580865e924c , < c3a4316e3c746af415c0fd6c6d489ad13f53714d (git) Affected: 9d71dd0c70099914fcd063135da3c580865e924c , < 46ca9dc978923c5e1247a9e9519240ba7ace413c (git) Affected: 9d71dd0c70099914fcd063135da3c580865e924c , < 78d87b72cebe2a993fd5b017e9f14fb6278f2eae (git) Affected: 9d71dd0c70099914fcd063135da3c580865e924c , < ba6f0d1832eeb5eb3a6dc5cb30e0f720b3cb3536 (git) Affected: 9d71dd0c70099914fcd063135da3c580865e924c , < 79dd3f1d9dd310c2af89b09c71f34d93973b200f (git) Affected: 9d71dd0c70099914fcd063135da3c580865e924c , < 5d5602236f5db19e8b337a2cd87a90ace5ea776d (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/can/j1939/transport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ebb0dfd718dd31c8d3600612ca4b7207ec3d923a",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "c3a4316e3c746af415c0fd6c6d489ad13f53714d",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "46ca9dc978923c5e1247a9e9519240ba7ace413c",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "78d87b72cebe2a993fd5b017e9f14fb6278f2eae",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "ba6f0d1832eeb5eb3a6dc5cb30e0f720b3cb3536",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "79dd3f1d9dd310c2af89b09c71f34d93973b200f",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "5d5602236f5db19e8b337a2cd87a90ace5ea776d",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/can/j1939/transport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.248",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.66",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.248",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.198",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.161",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.121",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.66",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.6",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: j1939: make j1939_session_activate() fail if device is no longer registered\n\nsyzbot is still reporting\n\n unregister_netdevice: waiting for vcan0 to become free. Usage count = 2\n\neven after commit 93a27b5891b8 (\"can: j1939: add missing calls in\nNETDEV_UNREGISTER notification handler\") was added. A debug printk() patch\nfound that j1939_session_activate() can succeed even after\nj1939_cancel_active_session() from j1939_netdev_notify(NETDEV_UNREGISTER)\nhas completed.\n\nSince j1939_cancel_active_session() is processed with the session list lock\nheld, checking ndev-\u003ereg_state in j1939_session_activate() with the session\nlist lock held can reliably close the race window."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:36:06.320Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ebb0dfd718dd31c8d3600612ca4b7207ec3d923a"
},
{
"url": "https://git.kernel.org/stable/c/c3a4316e3c746af415c0fd6c6d489ad13f53714d"
},
{
"url": "https://git.kernel.org/stable/c/46ca9dc978923c5e1247a9e9519240ba7ace413c"
},
{
"url": "https://git.kernel.org/stable/c/78d87b72cebe2a993fd5b017e9f14fb6278f2eae"
},
{
"url": "https://git.kernel.org/stable/c/ba6f0d1832eeb5eb3a6dc5cb30e0f720b3cb3536"
},
{
"url": "https://git.kernel.org/stable/c/79dd3f1d9dd310c2af89b09c71f34d93973b200f"
},
{
"url": "https://git.kernel.org/stable/c/5d5602236f5db19e8b337a2cd87a90ace5ea776d"
}
],
"title": "can: j1939: make j1939_session_activate() fail if device is no longer registered",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71182",
"datePublished": "2026-01-31T11:38:55.157Z",
"dateReserved": "2026-01-31T11:36:51.185Z",
"dateUpdated": "2026-02-09T08:36:06.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23026 (GCVE-0-2026-23026)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:42 – Updated: 2026-02-09 08:37
VLAI?
EPSS
Title
dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config()
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config()
Fix a memory leak in gpi_peripheral_config() where the original memory
pointed to by gchan->config could be lost if krealloc() fails.
The issue occurs when:
1. gchan->config points to previously allocated memory
2. krealloc() fails and returns NULL
3. The function directly assigns NULL to gchan->config, losing the
reference to the original memory
4. The original memory becomes unreachable and cannot be freed
Fix this by using a temporary variable to hold the krealloc() result
and only updating gchan->config when the allocation succeeds.
Found via static analysis and code review.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
5d0c3533a19f48e5e7e73806a3e4b29cd4364130 , < 4532f18e4ab36def1f55cd936d0fc002b2ce34c2
(git)
Affected: 5d0c3533a19f48e5e7e73806a3e4b29cd4364130 , < 694ab1f6f16cb69f7c5ef2452b22ba7b00a3c7c7 (git) Affected: 5d0c3533a19f48e5e7e73806a3e4b29cd4364130 , < 6bf4ef078fd11910988889a6c0b3698d2e0c89af (git) Affected: 5d0c3533a19f48e5e7e73806a3e4b29cd4364130 , < 01b1d781394fc9b83015e3a3cd46b17bda842bd8 (git) Affected: 5d0c3533a19f48e5e7e73806a3e4b29cd4364130 , < 55a67ba5ac4cebfd54cc8305d4d57a0f1dfe6a85 (git) Affected: 5d0c3533a19f48e5e7e73806a3e4b29cd4364130 , < 3f747004bbd641131d9396d87b5d2d3d1e182728 (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/qcom/gpi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4532f18e4ab36def1f55cd936d0fc002b2ce34c2",
"status": "affected",
"version": "5d0c3533a19f48e5e7e73806a3e4b29cd4364130",
"versionType": "git"
},
{
"lessThan": "694ab1f6f16cb69f7c5ef2452b22ba7b00a3c7c7",
"status": "affected",
"version": "5d0c3533a19f48e5e7e73806a3e4b29cd4364130",
"versionType": "git"
},
{
"lessThan": "6bf4ef078fd11910988889a6c0b3698d2e0c89af",
"status": "affected",
"version": "5d0c3533a19f48e5e7e73806a3e4b29cd4364130",
"versionType": "git"
},
{
"lessThan": "01b1d781394fc9b83015e3a3cd46b17bda842bd8",
"status": "affected",
"version": "5d0c3533a19f48e5e7e73806a3e4b29cd4364130",
"versionType": "git"
},
{
"lessThan": "55a67ba5ac4cebfd54cc8305d4d57a0f1dfe6a85",
"status": "affected",
"version": "5d0c3533a19f48e5e7e73806a3e4b29cd4364130",
"versionType": "git"
},
{
"lessThan": "3f747004bbd641131d9396d87b5d2d3d1e182728",
"status": "affected",
"version": "5d0c3533a19f48e5e7e73806a3e4b29cd4364130",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/qcom/gpi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.67",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.199",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.162",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.67",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.7",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config()\n\nFix a memory leak in gpi_peripheral_config() where the original memory\npointed to by gchan-\u003econfig could be lost if krealloc() fails.\n\nThe issue occurs when:\n1. gchan-\u003econfig points to previously allocated memory\n2. krealloc() fails and returns NULL\n3. The function directly assigns NULL to gchan-\u003econfig, losing the\n reference to the original memory\n4. The original memory becomes unreachable and cannot be freed\n\nFix this by using a temporary variable to hold the krealloc() result\nand only updating gchan-\u003econfig when the allocation succeeds.\n\nFound via static analysis and code review."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:37:20.372Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4532f18e4ab36def1f55cd936d0fc002b2ce34c2"
},
{
"url": "https://git.kernel.org/stable/c/694ab1f6f16cb69f7c5ef2452b22ba7b00a3c7c7"
},
{
"url": "https://git.kernel.org/stable/c/6bf4ef078fd11910988889a6c0b3698d2e0c89af"
},
{
"url": "https://git.kernel.org/stable/c/01b1d781394fc9b83015e3a3cd46b17bda842bd8"
},
{
"url": "https://git.kernel.org/stable/c/55a67ba5ac4cebfd54cc8305d4d57a0f1dfe6a85"
},
{
"url": "https://git.kernel.org/stable/c/3f747004bbd641131d9396d87b5d2d3d1e182728"
}
],
"title": "dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23026",
"datePublished": "2026-01-31T11:42:05.185Z",
"dateReserved": "2026-01-13T15:37:45.941Z",
"dateUpdated": "2026-02-09T08:37:20.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71189 (GCVE-0-2025-71189)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:42 – Updated: 2026-02-09 08:36
VLAI?
EPSS
Title
dmaengine: dw: dmamux: fix OF node leak on route allocation failure
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: dw: dmamux: fix OF node leak on route allocation failure
Make sure to drop the reference taken to the DMA master OF node also on
late route allocation failures.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
134d9c52fca26d2d199516e915da00f0cc6adc73 , < 6b87288581a0fcbe54b39da5c10e1aee2df8776e
(git)
Affected: 134d9c52fca26d2d199516e915da00f0cc6adc73 , < db7c79c1bbfb1b0184e78a17ac2bd0f2bc3134d1 (git) Affected: 134d9c52fca26d2d199516e915da00f0cc6adc73 , < 8f7a391211381ed2f6802032c78c7820d166bc49 (git) Affected: 134d9c52fca26d2d199516e915da00f0cc6adc73 , < eabe40f8a53c29f531e92778ea243e379f4f7978 (git) Affected: 134d9c52fca26d2d199516e915da00f0cc6adc73 , < ec25e60f9f95464aa11411db31d0906b3fb7b9f2 (git) |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/dw/rzn1-dmamux.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6b87288581a0fcbe54b39da5c10e1aee2df8776e",
"status": "affected",
"version": "134d9c52fca26d2d199516e915da00f0cc6adc73",
"versionType": "git"
},
{
"lessThan": "db7c79c1bbfb1b0184e78a17ac2bd0f2bc3134d1",
"status": "affected",
"version": "134d9c52fca26d2d199516e915da00f0cc6adc73",
"versionType": "git"
},
{
"lessThan": "8f7a391211381ed2f6802032c78c7820d166bc49",
"status": "affected",
"version": "134d9c52fca26d2d199516e915da00f0cc6adc73",
"versionType": "git"
},
{
"lessThan": "eabe40f8a53c29f531e92778ea243e379f4f7978",
"status": "affected",
"version": "134d9c52fca26d2d199516e915da00f0cc6adc73",
"versionType": "git"
},
{
"lessThan": "ec25e60f9f95464aa11411db31d0906b3fb7b9f2",
"status": "affected",
"version": "134d9c52fca26d2d199516e915da00f0cc6adc73",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/dw/rzn1-dmamux.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.19"
},
{
"lessThan": "5.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.67",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.162",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.67",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.7",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: dw: dmamux: fix OF node leak on route allocation failure\n\nMake sure to drop the reference taken to the DMA master OF node also on\nlate route allocation failures."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:36:13.808Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6b87288581a0fcbe54b39da5c10e1aee2df8776e"
},
{
"url": "https://git.kernel.org/stable/c/db7c79c1bbfb1b0184e78a17ac2bd0f2bc3134d1"
},
{
"url": "https://git.kernel.org/stable/c/8f7a391211381ed2f6802032c78c7820d166bc49"
},
{
"url": "https://git.kernel.org/stable/c/eabe40f8a53c29f531e92778ea243e379f4f7978"
},
{
"url": "https://git.kernel.org/stable/c/ec25e60f9f95464aa11411db31d0906b3fb7b9f2"
}
],
"title": "dmaengine: dw: dmamux: fix OF node leak on route allocation failure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71189",
"datePublished": "2026-01-31T11:42:00.345Z",
"dateReserved": "2026-01-31T11:36:51.188Z",
"dateUpdated": "2026-02-09T08:36:13.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23015 (GCVE-0-2026-23015)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:38 – Updated: 2026-02-09 08:37
VLAI?
EPSS
Title
gpio: mpsse: fix reference leak in gpio_mpsse_probe() error paths
Summary
In the Linux kernel, the following vulnerability has been resolved:
gpio: mpsse: fix reference leak in gpio_mpsse_probe() error paths
The reference obtained by calling usb_get_dev() is not released in the
gpio_mpsse_probe() error paths. Fix that by using device managed helper
functions. Also remove the usb_put_dev() call in the disconnect function
since now it will be released automatically.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpio-mpsse.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7ea26e6dcabc270433b6ded2a1aee85b215d1b28",
"status": "affected",
"version": "c46a74ff05c0ac76ba11ef21c930c3b447abf31a",
"versionType": "git"
},
{
"lessThan": "1e876e5a0875e71e34148c9feb2eedd3bf6b2b43",
"status": "affected",
"version": "c46a74ff05c0ac76ba11ef21c930c3b447abf31a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpio-mpsse.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.13"
},
{
"lessThan": "6.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.6",
"versionStartIncluding": "6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: mpsse: fix reference leak in gpio_mpsse_probe() error paths\n\nThe reference obtained by calling usb_get_dev() is not released in the\ngpio_mpsse_probe() error paths. Fix that by using device managed helper\nfunctions. Also remove the usb_put_dev() call in the disconnect function\nsince now it will be released automatically."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:37:08.715Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7ea26e6dcabc270433b6ded2a1aee85b215d1b28"
},
{
"url": "https://git.kernel.org/stable/c/1e876e5a0875e71e34148c9feb2eedd3bf6b2b43"
}
],
"title": "gpio: mpsse: fix reference leak in gpio_mpsse_probe() error paths",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23015",
"datePublished": "2026-01-31T11:38:57.983Z",
"dateReserved": "2026-01-13T15:37:45.940Z",
"dateUpdated": "2026-02-09T08:37:08.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71186 (GCVE-0-2025-71186)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:41 – Updated: 2026-02-09 08:36
VLAI?
EPSS
Title
dmaengine: stm32: dmamux: fix device leak on route allocation
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: stm32: dmamux: fix device leak on route allocation
Make sure to drop the reference taken when looking up the DMA mux
platform device during route allocation.
Note that holding a reference to a device does not prevent its driver
data from going away so there is no point in keeping the reference.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
df7e762db5f6c8dbd9e480f1c9ef9851de346657 , < 3b42020e6790a5e19b36c187ed5b488a5716f97f
(git)
Affected: df7e762db5f6c8dbd9e480f1c9ef9851de346657 , < 6393da54dcb3488c080a183c4182ddec71ba8d7f (git) Affected: df7e762db5f6c8dbd9e480f1c9ef9851de346657 , < 1dda2a32303df0091896b01a9d09070d61fa344c (git) Affected: df7e762db5f6c8dbd9e480f1c9ef9851de346657 , < 1a179ac01ff3993ab97e33cc77c316ed7415cda1 (git) Affected: df7e762db5f6c8dbd9e480f1c9ef9851de346657 , < 2fb10259d4efb4367787b5ae9c94192e8a91c648 (git) Affected: df7e762db5f6c8dbd9e480f1c9ef9851de346657 , < 3ef52d31cce8ba816739085a61efe07b63c6cf27 (git) Affected: df7e762db5f6c8dbd9e480f1c9ef9851de346657 , < dd6e4943889fb354efa3f700e42739da9bddb6ef (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/stm32/stm32-dmamux.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3b42020e6790a5e19b36c187ed5b488a5716f97f",
"status": "affected",
"version": "df7e762db5f6c8dbd9e480f1c9ef9851de346657",
"versionType": "git"
},
{
"lessThan": "6393da54dcb3488c080a183c4182ddec71ba8d7f",
"status": "affected",
"version": "df7e762db5f6c8dbd9e480f1c9ef9851de346657",
"versionType": "git"
},
{
"lessThan": "1dda2a32303df0091896b01a9d09070d61fa344c",
"status": "affected",
"version": "df7e762db5f6c8dbd9e480f1c9ef9851de346657",
"versionType": "git"
},
{
"lessThan": "1a179ac01ff3993ab97e33cc77c316ed7415cda1",
"status": "affected",
"version": "df7e762db5f6c8dbd9e480f1c9ef9851de346657",
"versionType": "git"
},
{
"lessThan": "2fb10259d4efb4367787b5ae9c94192e8a91c648",
"status": "affected",
"version": "df7e762db5f6c8dbd9e480f1c9ef9851de346657",
"versionType": "git"
},
{
"lessThan": "3ef52d31cce8ba816739085a61efe07b63c6cf27",
"status": "affected",
"version": "df7e762db5f6c8dbd9e480f1c9ef9851de346657",
"versionType": "git"
},
{
"lessThan": "dd6e4943889fb354efa3f700e42739da9bddb6ef",
"status": "affected",
"version": "df7e762db5f6c8dbd9e480f1c9ef9851de346657",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/stm32/stm32-dmamux.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.67",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.249",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.199",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.162",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.67",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.7",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: stm32: dmamux: fix device leak on route allocation\n\nMake sure to drop the reference taken when looking up the DMA mux\nplatform device during route allocation.\n\nNote that holding a reference to a device does not prevent its driver\ndata from going away so there is no point in keeping the reference."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:36:10.714Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3b42020e6790a5e19b36c187ed5b488a5716f97f"
},
{
"url": "https://git.kernel.org/stable/c/6393da54dcb3488c080a183c4182ddec71ba8d7f"
},
{
"url": "https://git.kernel.org/stable/c/1dda2a32303df0091896b01a9d09070d61fa344c"
},
{
"url": "https://git.kernel.org/stable/c/1a179ac01ff3993ab97e33cc77c316ed7415cda1"
},
{
"url": "https://git.kernel.org/stable/c/2fb10259d4efb4367787b5ae9c94192e8a91c648"
},
{
"url": "https://git.kernel.org/stable/c/3ef52d31cce8ba816739085a61efe07b63c6cf27"
},
{
"url": "https://git.kernel.org/stable/c/dd6e4943889fb354efa3f700e42739da9bddb6ef"
}
],
"title": "dmaengine: stm32: dmamux: fix device leak on route allocation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71186",
"datePublished": "2026-01-31T11:41:57.921Z",
"dateReserved": "2026-01-31T11:36:51.187Z",
"dateUpdated": "2026-02-09T08:36:10.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71188 (GCVE-0-2025-71188)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:41 – Updated: 2026-02-09 08:36
VLAI?
EPSS
Title
dmaengine: lpc18xx-dmamux: fix device leak on route allocation
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: lpc18xx-dmamux: fix device leak on route allocation
Make sure to drop the reference taken when looking up the DMA mux
platform device during route allocation.
Note that holding a reference to a device does not prevent its driver
data from going away so there is no point in keeping the reference.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
e5f4ae84be7421010780984bdc121eac15997327 , < 3d396ebfb3049a2b5fac51d2c967db5114b685e8
(git)
Affected: e5f4ae84be7421010780984bdc121eac15997327 , < 499ddae78c4baa9b94df76b2d2eb6b150d15377f (git) Affected: e5f4ae84be7421010780984bdc121eac15997327 , < adef147a8d8c3d767abf88ad2c381ffab2993086 (git) Affected: e5f4ae84be7421010780984bdc121eac15997327 , < 9fba97baa520c9446df51a64708daf27c5a7ed32 (git) Affected: e5f4ae84be7421010780984bdc121eac15997327 , < 992eb8055a6e5dbb808672d20d68e60d5a89b12b (git) Affected: e5f4ae84be7421010780984bdc121eac15997327 , < 1e47d80f6720f0224efd19bcf081d39637569c10 (git) Affected: e5f4ae84be7421010780984bdc121eac15997327 , < d4d63059dee7e7cae0c4d9a532ed558bc90efb55 (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/lpc18xx-dmamux.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3d396ebfb3049a2b5fac51d2c967db5114b685e8",
"status": "affected",
"version": "e5f4ae84be7421010780984bdc121eac15997327",
"versionType": "git"
},
{
"lessThan": "499ddae78c4baa9b94df76b2d2eb6b150d15377f",
"status": "affected",
"version": "e5f4ae84be7421010780984bdc121eac15997327",
"versionType": "git"
},
{
"lessThan": "adef147a8d8c3d767abf88ad2c381ffab2993086",
"status": "affected",
"version": "e5f4ae84be7421010780984bdc121eac15997327",
"versionType": "git"
},
{
"lessThan": "9fba97baa520c9446df51a64708daf27c5a7ed32",
"status": "affected",
"version": "e5f4ae84be7421010780984bdc121eac15997327",
"versionType": "git"
},
{
"lessThan": "992eb8055a6e5dbb808672d20d68e60d5a89b12b",
"status": "affected",
"version": "e5f4ae84be7421010780984bdc121eac15997327",
"versionType": "git"
},
{
"lessThan": "1e47d80f6720f0224efd19bcf081d39637569c10",
"status": "affected",
"version": "e5f4ae84be7421010780984bdc121eac15997327",
"versionType": "git"
},
{
"lessThan": "d4d63059dee7e7cae0c4d9a532ed558bc90efb55",
"status": "affected",
"version": "e5f4ae84be7421010780984bdc121eac15997327",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/lpc18xx-dmamux.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.67",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.249",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.199",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.162",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.67",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.7",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: lpc18xx-dmamux: fix device leak on route allocation\n\nMake sure to drop the reference taken when looking up the DMA mux\nplatform device during route allocation.\n\nNote that holding a reference to a device does not prevent its driver\ndata from going away so there is no point in keeping the reference."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:36:12.766Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3d396ebfb3049a2b5fac51d2c967db5114b685e8"
},
{
"url": "https://git.kernel.org/stable/c/499ddae78c4baa9b94df76b2d2eb6b150d15377f"
},
{
"url": "https://git.kernel.org/stable/c/adef147a8d8c3d767abf88ad2c381ffab2993086"
},
{
"url": "https://git.kernel.org/stable/c/9fba97baa520c9446df51a64708daf27c5a7ed32"
},
{
"url": "https://git.kernel.org/stable/c/992eb8055a6e5dbb808672d20d68e60d5a89b12b"
},
{
"url": "https://git.kernel.org/stable/c/1e47d80f6720f0224efd19bcf081d39637569c10"
},
{
"url": "https://git.kernel.org/stable/c/d4d63059dee7e7cae0c4d9a532ed558bc90efb55"
}
],
"title": "dmaengine: lpc18xx-dmamux: fix device leak on route allocation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71188",
"datePublished": "2026-01-31T11:41:59.624Z",
"dateReserved": "2026-01-31T11:36:51.188Z",
"dateUpdated": "2026-02-09T08:36:12.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71180 (GCVE-0-2025-71180)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:38 – Updated: 2026-02-09 08:36
VLAI?
EPSS
Title
counter: interrupt-cnt: Drop IRQF_NO_THREAD flag
Summary
In the Linux kernel, the following vulnerability has been resolved:
counter: interrupt-cnt: Drop IRQF_NO_THREAD flag
An IRQ handler can either be IRQF_NO_THREAD or acquire spinlock_t, as
CONFIG_PROVE_RAW_LOCK_NESTING warns:
=============================
[ BUG: Invalid wait context ]
6.18.0-rc1+git... #1
-----------------------------
some-user-space-process/1251 is trying to lock:
(&counter->events_list_lock){....}-{3:3}, at: counter_push_event [counter]
other info that might help us debug this:
context-{2:2}
no locks held by some-user-space-process/....
stack backtrace:
CPU: 0 UID: 0 PID: 1251 Comm: some-user-space-process 6.18.0-rc1+git... #1 PREEMPT
Call trace:
show_stack (C)
dump_stack_lvl
dump_stack
__lock_acquire
lock_acquire
_raw_spin_lock_irqsave
counter_push_event [counter]
interrupt_cnt_isr [interrupt_cnt]
__handle_irq_event_percpu
handle_irq_event
handle_simple_irq
handle_irq_desc
generic_handle_domain_irq
gpio_irq_handler
handle_irq_desc
generic_handle_domain_irq
gic_handle_irq
call_on_irq_stack
do_interrupt_handler
el0_interrupt
__el0_irq_handler_common
el0t_64_irq_handler
el0t_64_irq
... and Sebastian correctly points out. Remove IRQF_NO_THREAD as an
alternative to switching to raw_spinlock_t, because the latter would limit
all potential nested locks to raw_spinlock_t only.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
a55ebd47f21f6f0472766fb52c973849e31d1466 , < ef668c9a2261ec9287faba6e6ef05a98b391aa2b
(git)
Affected: a55ebd47f21f6f0472766fb52c973849e31d1466 , < 51d2e5d6491447258cb39ff1deb93df15d3c23cb (git) Affected: a55ebd47f21f6f0472766fb52c973849e31d1466 , < 1c5a3175aecf82cd86dfcbef2a23e8b26d8d8e7c (git) Affected: a55ebd47f21f6f0472766fb52c973849e31d1466 , < 49a66829dd3653695e60d7cae13521d131362fcd (git) Affected: a55ebd47f21f6f0472766fb52c973849e31d1466 , < 425886b1f8304621b3f16632b274357067d5f13f (git) Affected: a55ebd47f21f6f0472766fb52c973849e31d1466 , < 23f9485510c338476b9735d516c1d4aacb810d46 (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/counter/interrupt-cnt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ef668c9a2261ec9287faba6e6ef05a98b391aa2b",
"status": "affected",
"version": "a55ebd47f21f6f0472766fb52c973849e31d1466",
"versionType": "git"
},
{
"lessThan": "51d2e5d6491447258cb39ff1deb93df15d3c23cb",
"status": "affected",
"version": "a55ebd47f21f6f0472766fb52c973849e31d1466",
"versionType": "git"
},
{
"lessThan": "1c5a3175aecf82cd86dfcbef2a23e8b26d8d8e7c",
"status": "affected",
"version": "a55ebd47f21f6f0472766fb52c973849e31d1466",
"versionType": "git"
},
{
"lessThan": "49a66829dd3653695e60d7cae13521d131362fcd",
"status": "affected",
"version": "a55ebd47f21f6f0472766fb52c973849e31d1466",
"versionType": "git"
},
{
"lessThan": "425886b1f8304621b3f16632b274357067d5f13f",
"status": "affected",
"version": "a55ebd47f21f6f0472766fb52c973849e31d1466",
"versionType": "git"
},
{
"lessThan": "23f9485510c338476b9735d516c1d4aacb810d46",
"status": "affected",
"version": "a55ebd47f21f6f0472766fb52c973849e31d1466",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/counter/interrupt-cnt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.66",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.198",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.161",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.121",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.66",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.6",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncounter: interrupt-cnt: Drop IRQF_NO_THREAD flag\n\nAn IRQ handler can either be IRQF_NO_THREAD or acquire spinlock_t, as\nCONFIG_PROVE_RAW_LOCK_NESTING warns:\n=============================\n[ BUG: Invalid wait context ]\n6.18.0-rc1+git... #1\n-----------------------------\nsome-user-space-process/1251 is trying to lock:\n(\u0026counter-\u003eevents_list_lock){....}-{3:3}, at: counter_push_event [counter]\nother info that might help us debug this:\ncontext-{2:2}\nno locks held by some-user-space-process/....\nstack backtrace:\nCPU: 0 UID: 0 PID: 1251 Comm: some-user-space-process 6.18.0-rc1+git... #1 PREEMPT\nCall trace:\n show_stack (C)\n dump_stack_lvl\n dump_stack\n __lock_acquire\n lock_acquire\n _raw_spin_lock_irqsave\n counter_push_event [counter]\n interrupt_cnt_isr [interrupt_cnt]\n __handle_irq_event_percpu\n handle_irq_event\n handle_simple_irq\n handle_irq_desc\n generic_handle_domain_irq\n gpio_irq_handler\n handle_irq_desc\n generic_handle_domain_irq\n gic_handle_irq\n call_on_irq_stack\n do_interrupt_handler\n el0_interrupt\n __el0_irq_handler_common\n el0t_64_irq_handler\n el0t_64_irq\n\n... and Sebastian correctly points out. Remove IRQF_NO_THREAD as an\nalternative to switching to raw_spinlock_t, because the latter would limit\nall potential nested locks to raw_spinlock_t only."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:36:04.225Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ef668c9a2261ec9287faba6e6ef05a98b391aa2b"
},
{
"url": "https://git.kernel.org/stable/c/51d2e5d6491447258cb39ff1deb93df15d3c23cb"
},
{
"url": "https://git.kernel.org/stable/c/1c5a3175aecf82cd86dfcbef2a23e8b26d8d8e7c"
},
{
"url": "https://git.kernel.org/stable/c/49a66829dd3653695e60d7cae13521d131362fcd"
},
{
"url": "https://git.kernel.org/stable/c/425886b1f8304621b3f16632b274357067d5f13f"
},
{
"url": "https://git.kernel.org/stable/c/23f9485510c338476b9735d516c1d4aacb810d46"
}
],
"title": "counter: interrupt-cnt: Drop IRQF_NO_THREAD flag",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71180",
"datePublished": "2026-01-31T11:38:52.481Z",
"dateReserved": "2026-01-31T11:36:51.183Z",
"dateUpdated": "2026-02-09T08:36:04.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23031 (GCVE-0-2026-23031)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:42 – Updated: 2026-02-09 08:37
VLAI?
EPSS
Title
can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak
Summary
In the Linux kernel, the following vulnerability has been resolved:
can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak
In gs_can_open(), the URBs for USB-in transfers are allocated, added to the
parent->rx_submitted anchor and submitted. In the complete callback
gs_usb_receive_bulk_callback(), the URB is processed and resubmitted. In
gs_can_close() the URBs are freed by calling
usb_kill_anchored_urbs(parent->rx_submitted).
However, this does not take into account that the USB framework unanchors
the URB before the complete function is called. This means that once an
in-URB has been completed, it is no longer anchored and is ultimately not
released in gs_can_close().
Fix the memory leak by anchoring the URB in the
gs_usb_receive_bulk_callback() to the parent->rx_submitted anchor.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
d08e973a77d128b25e01a08c34d89593fdf222da , < ec5ccc2af9e5b045671f3f604b57512feda8bcc5
(git)
Affected: d08e973a77d128b25e01a08c34d89593fdf222da , < f905bcfa971edb89e398c98957838d8c6381c0c7 (git) Affected: d08e973a77d128b25e01a08c34d89593fdf222da , < 08624b7206ddb9148eeffc2384ebda2c47b6d1e9 (git) Affected: d08e973a77d128b25e01a08c34d89593fdf222da , < 9f669a38ca70839229b7ba0f851820850a2fe1f7 (git) Affected: d08e973a77d128b25e01a08c34d89593fdf222da , < 7352e1d5932a0e777e39fa4b619801191f57e603 (git) |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/can/usb/gs_usb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ec5ccc2af9e5b045671f3f604b57512feda8bcc5",
"status": "affected",
"version": "d08e973a77d128b25e01a08c34d89593fdf222da",
"versionType": "git"
},
{
"lessThan": "f905bcfa971edb89e398c98957838d8c6381c0c7",
"status": "affected",
"version": "d08e973a77d128b25e01a08c34d89593fdf222da",
"versionType": "git"
},
{
"lessThan": "08624b7206ddb9148eeffc2384ebda2c47b6d1e9",
"status": "affected",
"version": "d08e973a77d128b25e01a08c34d89593fdf222da",
"versionType": "git"
},
{
"lessThan": "9f669a38ca70839229b7ba0f851820850a2fe1f7",
"status": "affected",
"version": "d08e973a77d128b25e01a08c34d89593fdf222da",
"versionType": "git"
},
{
"lessThan": "7352e1d5932a0e777e39fa4b619801191f57e603",
"status": "affected",
"version": "d08e973a77d128b25e01a08c34d89593fdf222da",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/can/usb/gs_usb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.16"
},
{
"lessThan": "3.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.67",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.162",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.67",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.7",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "3.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak\n\nIn gs_can_open(), the URBs for USB-in transfers are allocated, added to the\nparent-\u003erx_submitted anchor and submitted. In the complete callback\ngs_usb_receive_bulk_callback(), the URB is processed and resubmitted. In\ngs_can_close() the URBs are freed by calling\nusb_kill_anchored_urbs(parent-\u003erx_submitted).\n\nHowever, this does not take into account that the USB framework unanchors\nthe URB before the complete function is called. This means that once an\nin-URB has been completed, it is no longer anchored and is ultimately not\nreleased in gs_can_close().\n\nFix the memory leak by anchoring the URB in the\ngs_usb_receive_bulk_callback() to the parent-\u003erx_submitted anchor."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:37:25.657Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ec5ccc2af9e5b045671f3f604b57512feda8bcc5"
},
{
"url": "https://git.kernel.org/stable/c/f905bcfa971edb89e398c98957838d8c6381c0c7"
},
{
"url": "https://git.kernel.org/stable/c/08624b7206ddb9148eeffc2384ebda2c47b6d1e9"
},
{
"url": "https://git.kernel.org/stable/c/9f669a38ca70839229b7ba0f851820850a2fe1f7"
},
{
"url": "https://git.kernel.org/stable/c/7352e1d5932a0e777e39fa4b619801191f57e603"
}
],
"title": "can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23031",
"datePublished": "2026-01-31T11:42:09.276Z",
"dateReserved": "2026-01-13T15:37:45.942Z",
"dateUpdated": "2026-02-09T08:37:25.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23020 (GCVE-0-2026-23020)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:39 – Updated: 2026-02-09 08:37
VLAI?
EPSS
Title
net: 3com: 3c59x: fix possible null dereference in vortex_probe1()
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: 3com: 3c59x: fix possible null dereference in vortex_probe1()
pdev can be null and free_ring: can be called in 1297 with a null
pdev.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
55c82617c3e82210b7471e9334e8fc5df6a9961f , < 053ac9e37eee435e999277c0f1ef890dad6064bf
(git)
Affected: 55c82617c3e82210b7471e9334e8fc5df6a9961f , < 6cff14b831dbdb32675b4c7904dcc3eeeaf47e9d (git) Affected: 55c82617c3e82210b7471e9334e8fc5df6a9961f , < 606872c8e8bf96066730f6a2317502c5633c37f1 (git) Affected: 55c82617c3e82210b7471e9334e8fc5df6a9961f , < 28b2a805609699be7b90020ae7dccfb234be1ceb (git) Affected: 55c82617c3e82210b7471e9334e8fc5df6a9961f , < 2f05f7737e16d9a40038cc1c38a96a3f7964898b (git) Affected: 55c82617c3e82210b7471e9334e8fc5df6a9961f , < d82796a57cc0dac1dbef19d913c8f02a8cc7b1a7 (git) Affected: 55c82617c3e82210b7471e9334e8fc5df6a9961f , < a4e305ed60f7c41bbf9aabc16dd75267194e0de3 (git) Affected: d30fdc02c49ad9965bba25015ae66c22dae967d1 (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/3com/3c59x.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "053ac9e37eee435e999277c0f1ef890dad6064bf",
"status": "affected",
"version": "55c82617c3e82210b7471e9334e8fc5df6a9961f",
"versionType": "git"
},
{
"lessThan": "6cff14b831dbdb32675b4c7904dcc3eeeaf47e9d",
"status": "affected",
"version": "55c82617c3e82210b7471e9334e8fc5df6a9961f",
"versionType": "git"
},
{
"lessThan": "606872c8e8bf96066730f6a2317502c5633c37f1",
"status": "affected",
"version": "55c82617c3e82210b7471e9334e8fc5df6a9961f",
"versionType": "git"
},
{
"lessThan": "28b2a805609699be7b90020ae7dccfb234be1ceb",
"status": "affected",
"version": "55c82617c3e82210b7471e9334e8fc5df6a9961f",
"versionType": "git"
},
{
"lessThan": "2f05f7737e16d9a40038cc1c38a96a3f7964898b",
"status": "affected",
"version": "55c82617c3e82210b7471e9334e8fc5df6a9961f",
"versionType": "git"
},
{
"lessThan": "d82796a57cc0dac1dbef19d913c8f02a8cc7b1a7",
"status": "affected",
"version": "55c82617c3e82210b7471e9334e8fc5df6a9961f",
"versionType": "git"
},
{
"lessThan": "a4e305ed60f7c41bbf9aabc16dd75267194e0de3",
"status": "affected",
"version": "55c82617c3e82210b7471e9334e8fc5df6a9961f",
"versionType": "git"
},
{
"status": "affected",
"version": "d30fdc02c49ad9965bba25015ae66c22dae967d1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/3com/3c59x.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.248",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.66",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.248",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.198",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.161",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.121",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.66",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.6",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.16.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: 3com: 3c59x: fix possible null dereference in vortex_probe1()\n\npdev can be null and free_ring: can be called in 1297 with a null\npdev."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:37:13.897Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/053ac9e37eee435e999277c0f1ef890dad6064bf"
},
{
"url": "https://git.kernel.org/stable/c/6cff14b831dbdb32675b4c7904dcc3eeeaf47e9d"
},
{
"url": "https://git.kernel.org/stable/c/606872c8e8bf96066730f6a2317502c5633c37f1"
},
{
"url": "https://git.kernel.org/stable/c/28b2a805609699be7b90020ae7dccfb234be1ceb"
},
{
"url": "https://git.kernel.org/stable/c/2f05f7737e16d9a40038cc1c38a96a3f7964898b"
},
{
"url": "https://git.kernel.org/stable/c/d82796a57cc0dac1dbef19d913c8f02a8cc7b1a7"
},
{
"url": "https://git.kernel.org/stable/c/a4e305ed60f7c41bbf9aabc16dd75267194e0de3"
}
],
"title": "net: 3com: 3c59x: fix possible null dereference in vortex_probe1()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23020",
"datePublished": "2026-01-31T11:39:04.023Z",
"dateReserved": "2026-01-13T15:37:45.941Z",
"dateUpdated": "2026-02-09T08:37:13.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71185 (GCVE-0-2025-71185)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:41 – Updated: 2026-02-09 08:36
VLAI?
EPSS
Title
dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation
Make sure to drop the reference taken when looking up the crossbar
platform device during am335x route allocation.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
42dbdcc6bf965997c088caff2a8be7f9bf44f701 , < 1befa553f1ecc045dc9ff56107ff50162f63f3c0
(git)
Affected: 42dbdcc6bf965997c088caff2a8be7f9bf44f701 , < c933aa74d9f8d35e6cda322c38c4a907d37a9a2b (git) Affected: 42dbdcc6bf965997c088caff2a8be7f9bf44f701 , < 43725bd47d984937c429919ae291896d982d1f17 (git) Affected: 42dbdcc6bf965997c088caff2a8be7f9bf44f701 , < 6fdf168f57e331e148a1177a9b590a845c21b315 (git) Affected: 42dbdcc6bf965997c088caff2a8be7f9bf44f701 , < f810132e825588fbad3cba940458c58bb7ec4d84 (git) Affected: 42dbdcc6bf965997c088caff2a8be7f9bf44f701 , < 30352277d8e09c972436f883a5efd1f1b763ac14 (git) Affected: 42dbdcc6bf965997c088caff2a8be7f9bf44f701 , < 4fc17b1c6d2e04ad13fd6c21cfbac68043ec03f9 (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/ti/dma-crossbar.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1befa553f1ecc045dc9ff56107ff50162f63f3c0",
"status": "affected",
"version": "42dbdcc6bf965997c088caff2a8be7f9bf44f701",
"versionType": "git"
},
{
"lessThan": "c933aa74d9f8d35e6cda322c38c4a907d37a9a2b",
"status": "affected",
"version": "42dbdcc6bf965997c088caff2a8be7f9bf44f701",
"versionType": "git"
},
{
"lessThan": "43725bd47d984937c429919ae291896d982d1f17",
"status": "affected",
"version": "42dbdcc6bf965997c088caff2a8be7f9bf44f701",
"versionType": "git"
},
{
"lessThan": "6fdf168f57e331e148a1177a9b590a845c21b315",
"status": "affected",
"version": "42dbdcc6bf965997c088caff2a8be7f9bf44f701",
"versionType": "git"
},
{
"lessThan": "f810132e825588fbad3cba940458c58bb7ec4d84",
"status": "affected",
"version": "42dbdcc6bf965997c088caff2a8be7f9bf44f701",
"versionType": "git"
},
{
"lessThan": "30352277d8e09c972436f883a5efd1f1b763ac14",
"status": "affected",
"version": "42dbdcc6bf965997c088caff2a8be7f9bf44f701",
"versionType": "git"
},
{
"lessThan": "4fc17b1c6d2e04ad13fd6c21cfbac68043ec03f9",
"status": "affected",
"version": "42dbdcc6bf965997c088caff2a8be7f9bf44f701",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/ti/dma-crossbar.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.4"
},
{
"lessThan": "4.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.67",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.249",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.199",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.162",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.67",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.7",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: dma-crossbar: fix device leak on am335x route allocation\n\nMake sure to drop the reference taken when looking up the crossbar\nplatform device during am335x route allocation."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:36:09.661Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1befa553f1ecc045dc9ff56107ff50162f63f3c0"
},
{
"url": "https://git.kernel.org/stable/c/c933aa74d9f8d35e6cda322c38c4a907d37a9a2b"
},
{
"url": "https://git.kernel.org/stable/c/43725bd47d984937c429919ae291896d982d1f17"
},
{
"url": "https://git.kernel.org/stable/c/6fdf168f57e331e148a1177a9b590a845c21b315"
},
{
"url": "https://git.kernel.org/stable/c/f810132e825588fbad3cba940458c58bb7ec4d84"
},
{
"url": "https://git.kernel.org/stable/c/30352277d8e09c972436f883a5efd1f1b763ac14"
},
{
"url": "https://git.kernel.org/stable/c/4fc17b1c6d2e04ad13fd6c21cfbac68043ec03f9"
}
],
"title": "dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71185",
"datePublished": "2026-01-31T11:41:57.082Z",
"dateReserved": "2026-01-31T11:36:51.187Z",
"dateUpdated": "2026-02-09T08:36:09.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23022 (GCVE-0-2026-23022)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:39 – Updated: 2026-02-09 08:37
VLAI?
EPSS
Title
idpf: fix memory leak in idpf_vc_core_deinit()
Summary
In the Linux kernel, the following vulnerability has been resolved:
idpf: fix memory leak in idpf_vc_core_deinit()
Make sure to free hw->lan_regs. Reported by kmemleak during reset:
unreferenced object 0xff1b913d02a936c0 (size 96):
comm "kworker/u258:14", pid 2174, jiffies 4294958305
hex dump (first 32 bytes):
00 00 00 c0 a8 ba 2d ff 00 00 00 00 00 00 00 00 ......-.........
00 00 40 08 00 00 00 00 00 00 25 b3 a8 ba 2d ff ..@.......%...-.
backtrace (crc 36063c4f):
__kmalloc_noprof+0x48f/0x890
idpf_vc_core_init+0x6ce/0x9b0 [idpf]
idpf_vc_event_task+0x1fb/0x350 [idpf]
process_one_work+0x226/0x6d0
worker_thread+0x19e/0x340
kthread+0x10f/0x250
ret_from_fork+0x251/0x2b0
ret_from_fork_asm+0x1a/0x30
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/idpf/idpf_virtchnl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "23391db8a00c23854915b8b72ec1aa10080aa540",
"status": "affected",
"version": "6aa53e861c1a0c042690c9b7c5c153088ae61079",
"versionType": "git"
},
{
"lessThan": "e111cbc4adf9f9974eed040aeece7e17460f6bff",
"status": "affected",
"version": "6aa53e861c1a0c042690c9b7c5c153088ae61079",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/idpf/idpf_virtchnl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.17"
},
{
"lessThan": "6.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.6",
"versionStartIncluding": "6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix memory leak in idpf_vc_core_deinit()\n\nMake sure to free hw-\u003elan_regs. Reported by kmemleak during reset:\n\nunreferenced object 0xff1b913d02a936c0 (size 96):\n comm \"kworker/u258:14\", pid 2174, jiffies 4294958305\n hex dump (first 32 bytes):\n 00 00 00 c0 a8 ba 2d ff 00 00 00 00 00 00 00 00 ......-.........\n 00 00 40 08 00 00 00 00 00 00 25 b3 a8 ba 2d ff ..@.......%...-.\n backtrace (crc 36063c4f):\n __kmalloc_noprof+0x48f/0x890\n idpf_vc_core_init+0x6ce/0x9b0 [idpf]\n idpf_vc_event_task+0x1fb/0x350 [idpf]\n process_one_work+0x226/0x6d0\n worker_thread+0x19e/0x340\n kthread+0x10f/0x250\n ret_from_fork+0x251/0x2b0\n ret_from_fork_asm+0x1a/0x30"
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:37:16.041Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/23391db8a00c23854915b8b72ec1aa10080aa540"
},
{
"url": "https://git.kernel.org/stable/c/e111cbc4adf9f9974eed040aeece7e17460f6bff"
}
],
"title": "idpf: fix memory leak in idpf_vc_core_deinit()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23022",
"datePublished": "2026-01-31T11:39:05.973Z",
"dateReserved": "2026-01-13T15:37:45.941Z",
"dateUpdated": "2026-02-09T08:37:16.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23034 (GCVE-0-2026-23034)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:42 – Updated: 2026-02-09 08:37
VLAI?
EPSS
Title
drm/amdgpu/userq: Fix fence reference leak on queue teardown v2
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu/userq: Fix fence reference leak on queue teardown v2
The user mode queue keeps a pointer to the most recent fence in
userq->last_fence. This pointer holds an extra dma_fence reference.
When the queue is destroyed, we free the fence driver and its xarray,
but we forgot to drop the last_fence reference.
Because of the missing dma_fence_put(), the last fence object can stay
alive when the driver unloads. This leaves an allocated object in the
amdgpu_userq_fence slab cache and triggers
This is visible during driver unload as:
BUG amdgpu_userq_fence: Objects remaining on __kmem_cache_shutdown()
kmem_cache_destroy amdgpu_userq_fence: Slab cache still has objects
Call Trace:
kmem_cache_destroy
amdgpu_userq_fence_slab_fini
amdgpu_exit
__do_sys_delete_module
Fix this by putting userq->last_fence and clearing the pointer during
amdgpu_userq_fence_driver_free().
This makes sure the fence reference is released and the slab cache is
empty when the module exits.
v2: Update to only release userq->last_fence with dma_fence_put()
(Christian)
(cherry picked from commit 8e051e38a8d45caf6a866d4ff842105b577953bb)
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e1a30e1ab33fc522785d04bbf7e1b13a5c5c9175",
"status": "affected",
"version": "edc762a51c7181d6fe1e0837e2eb69afb406f98e",
"versionType": "git"
},
{
"lessThan": "b2426a211dba6432e32a2e70e9183c6e134475c6",
"status": "affected",
"version": "edc762a51c7181d6fe1e0837e2eb69afb406f98e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.16"
},
{
"lessThan": "6.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.7",
"versionStartIncluding": "6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/userq: Fix fence reference leak on queue teardown v2\n\nThe user mode queue keeps a pointer to the most recent fence in\nuserq-\u003elast_fence. This pointer holds an extra dma_fence reference.\n\nWhen the queue is destroyed, we free the fence driver and its xarray,\nbut we forgot to drop the last_fence reference.\n\nBecause of the missing dma_fence_put(), the last fence object can stay\nalive when the driver unloads. This leaves an allocated object in the\namdgpu_userq_fence slab cache and triggers\n\nThis is visible during driver unload as:\n\n BUG amdgpu_userq_fence: Objects remaining on __kmem_cache_shutdown()\n kmem_cache_destroy amdgpu_userq_fence: Slab cache still has objects\n Call Trace:\n kmem_cache_destroy\n amdgpu_userq_fence_slab_fini\n amdgpu_exit\n __do_sys_delete_module\n\nFix this by putting userq-\u003elast_fence and clearing the pointer during\namdgpu_userq_fence_driver_free().\n\nThis makes sure the fence reference is released and the slab cache is\nempty when the module exits.\n\nv2: Update to only release userq-\u003elast_fence with dma_fence_put()\n (Christian)\n\n(cherry picked from commit 8e051e38a8d45caf6a866d4ff842105b577953bb)"
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:37:28.849Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e1a30e1ab33fc522785d04bbf7e1b13a5c5c9175"
},
{
"url": "https://git.kernel.org/stable/c/b2426a211dba6432e32a2e70e9183c6e134475c6"
}
],
"title": "drm/amdgpu/userq: Fix fence reference leak on queue teardown v2",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23034",
"datePublished": "2026-01-31T11:42:29.137Z",
"dateReserved": "2026-01-13T15:37:45.942Z",
"dateUpdated": "2026-02-09T08:37:28.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23033 (GCVE-0-2026-23033)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:42 – Updated: 2026-02-09 08:37
VLAI?
EPSS
Title
dmaengine: omap-dma: fix dma_pool resource leak in error paths
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: omap-dma: fix dma_pool resource leak in error paths
The dma_pool created by dma_pool_create() is not destroyed when
dma_async_device_register() or of_dma_controller_register() fails,
causing a resource leak in the probe error paths.
Add dma_pool_destroy() in both error paths to properly release the
allocated dma_pool resource.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
7bedaa5537604f34d1d63c5ec7891e559d2a61ed , < 8d66cb05b8b76396387a7b3a91f9284225c87f04
(git)
Affected: 7bedaa5537604f34d1d63c5ec7891e559d2a61ed , < 2b29f38f4f9660595e8272b8e8b82ffcca7ce592 (git) Affected: 7bedaa5537604f34d1d63c5ec7891e559d2a61ed , < 6b867a98699657c2a698bbc9e60656349b39b905 (git) Affected: 7bedaa5537604f34d1d63c5ec7891e559d2a61ed , < 88a9483f093bbb9263dcf21bc7fdb5132e5de88d (git) Affected: 7bedaa5537604f34d1d63c5ec7891e559d2a61ed , < 4b93712e96be17029bd22787f2e39feb0e73272c (git) Affected: 7bedaa5537604f34d1d63c5ec7891e559d2a61ed , < 829b00481734dd54e72f755fd6584bce6fbffbb0 (git) Affected: 7bedaa5537604f34d1d63c5ec7891e559d2a61ed , < 2e1136acf8a8887c29f52e35a77b537309af321f (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/ti/omap-dma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8d66cb05b8b76396387a7b3a91f9284225c87f04",
"status": "affected",
"version": "7bedaa5537604f34d1d63c5ec7891e559d2a61ed",
"versionType": "git"
},
{
"lessThan": "2b29f38f4f9660595e8272b8e8b82ffcca7ce592",
"status": "affected",
"version": "7bedaa5537604f34d1d63c5ec7891e559d2a61ed",
"versionType": "git"
},
{
"lessThan": "6b867a98699657c2a698bbc9e60656349b39b905",
"status": "affected",
"version": "7bedaa5537604f34d1d63c5ec7891e559d2a61ed",
"versionType": "git"
},
{
"lessThan": "88a9483f093bbb9263dcf21bc7fdb5132e5de88d",
"status": "affected",
"version": "7bedaa5537604f34d1d63c5ec7891e559d2a61ed",
"versionType": "git"
},
{
"lessThan": "4b93712e96be17029bd22787f2e39feb0e73272c",
"status": "affected",
"version": "7bedaa5537604f34d1d63c5ec7891e559d2a61ed",
"versionType": "git"
},
{
"lessThan": "829b00481734dd54e72f755fd6584bce6fbffbb0",
"status": "affected",
"version": "7bedaa5537604f34d1d63c5ec7891e559d2a61ed",
"versionType": "git"
},
{
"lessThan": "2e1136acf8a8887c29f52e35a77b537309af321f",
"status": "affected",
"version": "7bedaa5537604f34d1d63c5ec7891e559d2a61ed",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/ti/omap-dma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.6"
},
{
"lessThan": "3.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.67",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.249",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.199",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.162",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.67",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.7",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: omap-dma: fix dma_pool resource leak in error paths\n\nThe dma_pool created by dma_pool_create() is not destroyed when\ndma_async_device_register() or of_dma_controller_register() fails,\ncausing a resource leak in the probe error paths.\n\nAdd dma_pool_destroy() in both error paths to properly release the\nallocated dma_pool resource."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:37:27.739Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8d66cb05b8b76396387a7b3a91f9284225c87f04"
},
{
"url": "https://git.kernel.org/stable/c/2b29f38f4f9660595e8272b8e8b82ffcca7ce592"
},
{
"url": "https://git.kernel.org/stable/c/6b867a98699657c2a698bbc9e60656349b39b905"
},
{
"url": "https://git.kernel.org/stable/c/88a9483f093bbb9263dcf21bc7fdb5132e5de88d"
},
{
"url": "https://git.kernel.org/stable/c/4b93712e96be17029bd22787f2e39feb0e73272c"
},
{
"url": "https://git.kernel.org/stable/c/829b00481734dd54e72f755fd6584bce6fbffbb0"
},
{
"url": "https://git.kernel.org/stable/c/2e1136acf8a8887c29f52e35a77b537309af321f"
}
],
"title": "dmaengine: omap-dma: fix dma_pool resource leak in error paths",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23033",
"datePublished": "2026-01-31T11:42:28.352Z",
"dateReserved": "2026-01-13T15:37:45.942Z",
"dateUpdated": "2026-02-09T08:37:27.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23016 (GCVE-0-2026-23016)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:38 – Updated: 2026-02-09 08:37
VLAI?
EPSS
Title
inet: frags: drop fraglist conntrack references
Summary
In the Linux kernel, the following vulnerability has been resolved:
inet: frags: drop fraglist conntrack references
Jakub added a warning in nf_conntrack_cleanup_net_list() to make debugging
leaked skbs/conntrack references more obvious.
syzbot reports this as triggering, and I can also reproduce this via
ip_defrag.sh selftest:
conntrack cleanup blocked for 60s
WARNING: net/netfilter/nf_conntrack_core.c:2512
[..]
conntrack clenups gets stuck because there are skbs with still hold nf_conn
references via their frag_list.
net.core.skb_defer_max=0 makes the hang disappear.
Eric Dumazet points out that skb_release_head_state() doesn't follow the
fraglist.
ip_defrag.sh can only reproduce this problem since
commit 6471658dc66c ("udp: use skb_attempt_defer_free()"), but AFAICS this
problem could happen with TCP as well if pmtu discovery is off.
The relevant problem path for udp is:
1. netns emits fragmented packets
2. nf_defrag_v6_hook reassembles them (in output hook)
3. reassembled skb is tracked (skb owns nf_conn reference)
4. ip6_output refragments
5. refragmented packets also own nf_conn reference (ip6_fragment
calls ip6_copy_metadata())
6. on input path, nf_defrag_v6_hook skips defragmentation: the
fragments already have skb->nf_conn attached
7. skbs are reassembled via ipv6_frag_rcv()
8. skb_consume_udp -> skb_attempt_defer_free() -> skb ends up
in pcpu freelist, but still has nf_conn reference.
Possible solutions:
1 let defrag engine drop nf_conn entry, OR
2 export kick_defer_list_purge() and call it from the conntrack
netns exit callback, OR
3 add skb_has_frag_list() check to skb_attempt_defer_free()
2 & 3 also solve ip_defrag.sh hang but share same drawback:
Such reassembled skbs, queued to socket, can prevent conntrack module
removal until userspace has consumed the packet. While both tcp and udp
stack do call nf_reset_ct() before placing skb on socket queue, that
function doesn't iterate frag_list skbs.
Therefore drop nf_conn entries when they are placed in defrag queue.
Keep the nf_conn entry of the first (offset 0) skb so that reassembled
skb retains nf_conn entry for sake of TX path.
Note that fixes tag is incorrect; it points to the commit introducing the
'ip_defrag.sh reproducible problem': no need to backport this patch to
every stable kernel.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/inet_fragment.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "088ca99dbb039c444c3ff987c5412a73f4f0cbf8",
"status": "affected",
"version": "6471658dc66c670580a7616e75f51b52917e7883",
"versionType": "git"
},
{
"lessThan": "2ef02ac38d3c17f34a00c4b267d961a8d4b45d1a",
"status": "affected",
"version": "6471658dc66c670580a7616e75f51b52917e7883",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/inet_fragment.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.18"
},
{
"lessThan": "6.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.6",
"versionStartIncluding": "6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ninet: frags: drop fraglist conntrack references\n\nJakub added a warning in nf_conntrack_cleanup_net_list() to make debugging\nleaked skbs/conntrack references more obvious.\n\nsyzbot reports this as triggering, and I can also reproduce this via\nip_defrag.sh selftest:\n\n conntrack cleanup blocked for 60s\n WARNING: net/netfilter/nf_conntrack_core.c:2512\n [..]\n\nconntrack clenups gets stuck because there are skbs with still hold nf_conn\nreferences via their frag_list.\n\n net.core.skb_defer_max=0 makes the hang disappear.\n\nEric Dumazet points out that skb_release_head_state() doesn\u0027t follow the\nfraglist.\n\nip_defrag.sh can only reproduce this problem since\ncommit 6471658dc66c (\"udp: use skb_attempt_defer_free()\"), but AFAICS this\nproblem could happen with TCP as well if pmtu discovery is off.\n\nThe relevant problem path for udp is:\n1. netns emits fragmented packets\n2. nf_defrag_v6_hook reassembles them (in output hook)\n3. reassembled skb is tracked (skb owns nf_conn reference)\n4. ip6_output refragments\n5. refragmented packets also own nf_conn reference (ip6_fragment\n calls ip6_copy_metadata())\n6. on input path, nf_defrag_v6_hook skips defragmentation: the\n fragments already have skb-\u003enf_conn attached\n7. skbs are reassembled via ipv6_frag_rcv()\n8. skb_consume_udp -\u003e skb_attempt_defer_free() -\u003e skb ends up\n in pcpu freelist, but still has nf_conn reference.\n\nPossible solutions:\n 1 let defrag engine drop nf_conn entry, OR\n 2 export kick_defer_list_purge() and call it from the conntrack\n netns exit callback, OR\n 3 add skb_has_frag_list() check to skb_attempt_defer_free()\n\n2 \u0026 3 also solve ip_defrag.sh hang but share same drawback:\n\nSuch reassembled skbs, queued to socket, can prevent conntrack module\nremoval until userspace has consumed the packet. While both tcp and udp\nstack do call nf_reset_ct() before placing skb on socket queue, that\nfunction doesn\u0027t iterate frag_list skbs.\n\nTherefore drop nf_conn entries when they are placed in defrag queue.\nKeep the nf_conn entry of the first (offset 0) skb so that reassembled\nskb retains nf_conn entry for sake of TX path.\n\nNote that fixes tag is incorrect; it points to the commit introducing the\n\u0027ip_defrag.sh reproducible problem\u0027: no need to backport this patch to\nevery stable kernel."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:37:09.768Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/088ca99dbb039c444c3ff987c5412a73f4f0cbf8"
},
{
"url": "https://git.kernel.org/stable/c/2ef02ac38d3c17f34a00c4b267d961a8d4b45d1a"
}
],
"title": "inet: frags: drop fraglist conntrack references",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23016",
"datePublished": "2026-01-31T11:38:59.578Z",
"dateReserved": "2026-01-13T15:37:45.940Z",
"dateUpdated": "2026-02-09T08:37:09.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23039 (GCVE-0-2026-23039)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:42 – Updated: 2026-02-09 08:37
VLAI?
EPSS
Title
drm/gud: fix NULL fb and crtc dereferences on USB disconnect
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/gud: fix NULL fb and crtc dereferences on USB disconnect
On disconnect drm_atomic_helper_disable_all() is called which
sets both the fb and crtc for a plane to NULL before invoking a commit.
This causes a kernel oops on every display disconnect.
Add guards for those dereferences.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/gud/gud_pipe.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a255ec07f91d4c73a361a28b7a3d82f5710245f1",
"status": "affected",
"version": "73cfd166e045769a1b42d36897accaa6e06b8102",
"versionType": "git"
},
{
"lessThan": "dc2d5ddb193e363187bae2ad358245642d2721fb",
"status": "affected",
"version": "73cfd166e045769a1b42d36897accaa6e06b8102",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/gud/gud_pipe.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.18"
},
{
"lessThan": "6.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.7",
"versionStartIncluding": "6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gud: fix NULL fb and crtc dereferences on USB disconnect\n\nOn disconnect drm_atomic_helper_disable_all() is called which\nsets both the fb and crtc for a plane to NULL before invoking a commit.\n\nThis causes a kernel oops on every display disconnect.\n\nAdd guards for those dereferences."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:37:34.029Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a255ec07f91d4c73a361a28b7a3d82f5710245f1"
},
{
"url": "https://git.kernel.org/stable/c/dc2d5ddb193e363187bae2ad358245642d2721fb"
}
],
"title": "drm/gud: fix NULL fb and crtc dereferences on USB disconnect",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23039",
"datePublished": "2026-01-31T11:42:33.377Z",
"dateReserved": "2026-01-13T15:37:45.943Z",
"dateUpdated": "2026-02-09T08:37:34.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71181 (GCVE-0-2025-71181)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:38 – Updated: 2026-02-09 08:36
VLAI?
EPSS
Title
rust_binder: remove spin_lock() in rust_shrink_free_page()
Summary
In the Linux kernel, the following vulnerability has been resolved:
rust_binder: remove spin_lock() in rust_shrink_free_page()
When forward-porting Rust Binder to 6.18, I neglected to take commit
fb56fdf8b9a2 ("mm/list_lru: split the lock to per-cgroup scope") into
account, and apparently I did not end up running the shrinker callback
when I sanity tested the driver before submission. This leads to crashes
like the following:
============================================
WARNING: possible recursive locking detected
6.18.0-mainline-maybe-dirty #1 Tainted: G IO
--------------------------------------------
kswapd0/68 is trying to acquire lock:
ffff956000fa18b0 (&l->lock){+.+.}-{2:2}, at: lock_list_lru_of_memcg+0x128/0x230
but task is already holding lock:
ffff956000fa18b0 (&l->lock){+.+.}-{2:2}, at: rust_helper_spin_lock+0xd/0x20
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&l->lock);
lock(&l->lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
3 locks held by kswapd0/68:
#0: ffffffff90d2e260 (fs_reclaim){+.+.}-{0:0}, at: kswapd+0x597/0x1160
#1: ffff956000fa18b0 (&l->lock){+.+.}-{2:2}, at: rust_helper_spin_lock+0xd/0x20
#2: ffffffff90cf3680 (rcu_read_lock){....}-{1:2}, at: lock_list_lru_of_memcg+0x2d/0x230
To fix this, remove the spin_lock() call from rust_shrink_free_page().
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/android/binder/page_range.rs"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "30a98c97f7874031f2e1de19c777ce011143cba4",
"status": "affected",
"version": "eafedbc7c050c44744fbdf80bdf3315e860b7513",
"versionType": "git"
},
{
"lessThan": "361e0ff456a8daf9753c18030533256e4133ce7a",
"status": "affected",
"version": "eafedbc7c050c44744fbdf80bdf3315e860b7513",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/android/binder/page_range.rs"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.18"
},
{
"lessThan": "6.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.6",
"versionStartIncluding": "6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrust_binder: remove spin_lock() in rust_shrink_free_page()\n\nWhen forward-porting Rust Binder to 6.18, I neglected to take commit\nfb56fdf8b9a2 (\"mm/list_lru: split the lock to per-cgroup scope\") into\naccount, and apparently I did not end up running the shrinker callback\nwhen I sanity tested the driver before submission. This leads to crashes\nlike the following:\n\n\t============================================\n\tWARNING: possible recursive locking detected\n\t6.18.0-mainline-maybe-dirty #1 Tainted: G IO\n\t--------------------------------------------\n\tkswapd0/68 is trying to acquire lock:\n\tffff956000fa18b0 (\u0026l-\u003elock){+.+.}-{2:2}, at: lock_list_lru_of_memcg+0x128/0x230\n\n\tbut task is already holding lock:\n\tffff956000fa18b0 (\u0026l-\u003elock){+.+.}-{2:2}, at: rust_helper_spin_lock+0xd/0x20\n\n\tother info that might help us debug this:\n\t Possible unsafe locking scenario:\n\n\t CPU0\n\t ----\n\t lock(\u0026l-\u003elock);\n\t lock(\u0026l-\u003elock);\n\n\t *** DEADLOCK ***\n\n\t May be due to missing lock nesting notation\n\n\t3 locks held by kswapd0/68:\n\t #0: ffffffff90d2e260 (fs_reclaim){+.+.}-{0:0}, at: kswapd+0x597/0x1160\n\t #1: ffff956000fa18b0 (\u0026l-\u003elock){+.+.}-{2:2}, at: rust_helper_spin_lock+0xd/0x20\n\t #2: ffffffff90cf3680 (rcu_read_lock){....}-{1:2}, at: lock_list_lru_of_memcg+0x2d/0x230\n\nTo fix this, remove the spin_lock() call from rust_shrink_free_page()."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:36:05.247Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/30a98c97f7874031f2e1de19c777ce011143cba4"
},
{
"url": "https://git.kernel.org/stable/c/361e0ff456a8daf9753c18030533256e4133ce7a"
}
],
"title": "rust_binder: remove spin_lock() in rust_shrink_free_page()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71181",
"datePublished": "2026-01-31T11:38:54.221Z",
"dateReserved": "2026-01-31T11:36:51.185Z",
"dateUpdated": "2026-02-09T08:36:05.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71190 (GCVE-0-2025-71190)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:42 – Updated: 2026-02-09 08:36
VLAI?
EPSS
Title
dmaengine: bcm-sba-raid: fix device leak on probe
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: bcm-sba-raid: fix device leak on probe
Make sure to drop the reference taken when looking up the mailbox device
during probe on probe failures and on driver unbind.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
743e1c8ffe4ee5dd7596556dcc3f022ccde13d7b , < 4316e4c4fd2c09f68a262365f21847cafa8fe9dd
(git)
Affected: 743e1c8ffe4ee5dd7596556dcc3f022ccde13d7b , < 4730f12a192d7314119b3d8331611ab151b87bdf (git) Affected: 743e1c8ffe4ee5dd7596556dcc3f022ccde13d7b , < bc98e68adfef3b25c06ff08f0808bb59f787420c (git) Affected: 743e1c8ffe4ee5dd7596556dcc3f022ccde13d7b , < c80ca7bdff158401440741bdcf9175bd8608580b (git) Affected: 743e1c8ffe4ee5dd7596556dcc3f022ccde13d7b , < db6f1d6d31711e73e6a214c73e6a8fb4cda0483d (git) Affected: 743e1c8ffe4ee5dd7596556dcc3f022ccde13d7b , < 2ed1a9de1f2d727ccae5bc9cc7c63ee3519c0c8b (git) Affected: 743e1c8ffe4ee5dd7596556dcc3f022ccde13d7b , < 7c3a46ebf15a9796b763a54272407fdbf945bed8 (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/bcm-sba-raid.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4316e4c4fd2c09f68a262365f21847cafa8fe9dd",
"status": "affected",
"version": "743e1c8ffe4ee5dd7596556dcc3f022ccde13d7b",
"versionType": "git"
},
{
"lessThan": "4730f12a192d7314119b3d8331611ab151b87bdf",
"status": "affected",
"version": "743e1c8ffe4ee5dd7596556dcc3f022ccde13d7b",
"versionType": "git"
},
{
"lessThan": "bc98e68adfef3b25c06ff08f0808bb59f787420c",
"status": "affected",
"version": "743e1c8ffe4ee5dd7596556dcc3f022ccde13d7b",
"versionType": "git"
},
{
"lessThan": "c80ca7bdff158401440741bdcf9175bd8608580b",
"status": "affected",
"version": "743e1c8ffe4ee5dd7596556dcc3f022ccde13d7b",
"versionType": "git"
},
{
"lessThan": "db6f1d6d31711e73e6a214c73e6a8fb4cda0483d",
"status": "affected",
"version": "743e1c8ffe4ee5dd7596556dcc3f022ccde13d7b",
"versionType": "git"
},
{
"lessThan": "2ed1a9de1f2d727ccae5bc9cc7c63ee3519c0c8b",
"status": "affected",
"version": "743e1c8ffe4ee5dd7596556dcc3f022ccde13d7b",
"versionType": "git"
},
{
"lessThan": "7c3a46ebf15a9796b763a54272407fdbf945bed8",
"status": "affected",
"version": "743e1c8ffe4ee5dd7596556dcc3f022ccde13d7b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/bcm-sba-raid.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.13"
},
{
"lessThan": "4.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.67",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.249",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.199",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.162",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.67",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.7",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "4.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: bcm-sba-raid: fix device leak on probe\n\nMake sure to drop the reference taken when looking up the mailbox device\nduring probe on probe failures and on driver unbind."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:36:14.927Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4316e4c4fd2c09f68a262365f21847cafa8fe9dd"
},
{
"url": "https://git.kernel.org/stable/c/4730f12a192d7314119b3d8331611ab151b87bdf"
},
{
"url": "https://git.kernel.org/stable/c/bc98e68adfef3b25c06ff08f0808bb59f787420c"
},
{
"url": "https://git.kernel.org/stable/c/c80ca7bdff158401440741bdcf9175bd8608580b"
},
{
"url": "https://git.kernel.org/stable/c/db6f1d6d31711e73e6a214c73e6a8fb4cda0483d"
},
{
"url": "https://git.kernel.org/stable/c/2ed1a9de1f2d727ccae5bc9cc7c63ee3519c0c8b"
},
{
"url": "https://git.kernel.org/stable/c/7c3a46ebf15a9796b763a54272407fdbf945bed8"
}
],
"title": "dmaengine: bcm-sba-raid: fix device leak on probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71190",
"datePublished": "2026-01-31T11:42:01.092Z",
"dateReserved": "2026-01-31T11:36:51.189Z",
"dateUpdated": "2026-02-09T08:36:14.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23038 (GCVE-0-2026-23038)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:42 – Updated: 2026-02-09 08:37
VLAI?
EPSS
Title
pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node()
Summary
In the Linux kernel, the following vulnerability has been resolved:
pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node()
In nfs4_ff_alloc_deviceid_node(), if the allocation for ds_versions fails,
the function jumps to the out_scratch label without freeing the already
allocated dsaddrs list, leading to a memory leak.
Fix this by jumping to the out_err_drain_dsaddrs label, which properly
frees the dsaddrs list before cleaning up other resources.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
d67ae825a59d639e4d8b82413af84d854617a87e , < e2dde5dafb80f1af4028ed10ad255f42af71c784
(git)
Affected: d67ae825a59d639e4d8b82413af84d854617a87e , < 27c90d8ed81e7a289c9fe41b5e31d8bb609a3385 (git) Affected: d67ae825a59d639e4d8b82413af84d854617a87e , < 34b9dd179818ff7af2b36410985fd8166573c62d (git) Affected: d67ae825a59d639e4d8b82413af84d854617a87e , < 869862056e100973e76ce9f5f1b01837771b7722 (git) Affected: d67ae825a59d639e4d8b82413af84d854617a87e , < 86da7efd12295a7e2b4abde5e5984c821edd938f (git) Affected: d67ae825a59d639e4d8b82413af84d854617a87e , < ed5d3f2f6885eb99f729e6ffd946e3aa058bd3eb (git) Affected: d67ae825a59d639e4d8b82413af84d854617a87e , < 0c728083654f0066f5e10a1d2b0bd0907af19a58 (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfs/flexfilelayout/flexfilelayoutdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e2dde5dafb80f1af4028ed10ad255f42af71c784",
"status": "affected",
"version": "d67ae825a59d639e4d8b82413af84d854617a87e",
"versionType": "git"
},
{
"lessThan": "27c90d8ed81e7a289c9fe41b5e31d8bb609a3385",
"status": "affected",
"version": "d67ae825a59d639e4d8b82413af84d854617a87e",
"versionType": "git"
},
{
"lessThan": "34b9dd179818ff7af2b36410985fd8166573c62d",
"status": "affected",
"version": "d67ae825a59d639e4d8b82413af84d854617a87e",
"versionType": "git"
},
{
"lessThan": "869862056e100973e76ce9f5f1b01837771b7722",
"status": "affected",
"version": "d67ae825a59d639e4d8b82413af84d854617a87e",
"versionType": "git"
},
{
"lessThan": "86da7efd12295a7e2b4abde5e5984c821edd938f",
"status": "affected",
"version": "d67ae825a59d639e4d8b82413af84d854617a87e",
"versionType": "git"
},
{
"lessThan": "ed5d3f2f6885eb99f729e6ffd946e3aa058bd3eb",
"status": "affected",
"version": "d67ae825a59d639e4d8b82413af84d854617a87e",
"versionType": "git"
},
{
"lessThan": "0c728083654f0066f5e10a1d2b0bd0907af19a58",
"status": "affected",
"version": "d67ae825a59d639e4d8b82413af84d854617a87e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfs/flexfilelayout/flexfilelayoutdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"lessThan": "4.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.67",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.249",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.199",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.162",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.67",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.7",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node()\n\nIn nfs4_ff_alloc_deviceid_node(), if the allocation for ds_versions fails,\nthe function jumps to the out_scratch label without freeing the already\nallocated dsaddrs list, leading to a memory leak.\n\nFix this by jumping to the out_err_drain_dsaddrs label, which properly\nfrees the dsaddrs list before cleaning up other resources."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:37:33.004Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e2dde5dafb80f1af4028ed10ad255f42af71c784"
},
{
"url": "https://git.kernel.org/stable/c/27c90d8ed81e7a289c9fe41b5e31d8bb609a3385"
},
{
"url": "https://git.kernel.org/stable/c/34b9dd179818ff7af2b36410985fd8166573c62d"
},
{
"url": "https://git.kernel.org/stable/c/869862056e100973e76ce9f5f1b01837771b7722"
},
{
"url": "https://git.kernel.org/stable/c/86da7efd12295a7e2b4abde5e5984c821edd938f"
},
{
"url": "https://git.kernel.org/stable/c/ed5d3f2f6885eb99f729e6ffd946e3aa058bd3eb"
},
{
"url": "https://git.kernel.org/stable/c/0c728083654f0066f5e10a1d2b0bd0907af19a58"
}
],
"title": "pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23038",
"datePublished": "2026-01-31T11:42:32.599Z",
"dateReserved": "2026-01-13T15:37:45.943Z",
"dateUpdated": "2026-02-09T08:37:33.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23018 (GCVE-0-2026-23018)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:39 – Updated: 2026-02-09 08:37
VLAI?
EPSS
Title
btrfs: release path before initializing extent tree in btrfs_read_locked_inode()
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: release path before initializing extent tree in btrfs_read_locked_inode()
In btrfs_read_locked_inode() we are calling btrfs_init_file_extent_tree()
while holding a path with a read locked leaf from a subvolume tree, and
btrfs_init_file_extent_tree() may do a GFP_KERNEL allocation, which can
trigger reclaim.
This can create a circular lock dependency which lockdep warns about with
the following splat:
[6.1433] ======================================================
[6.1574] WARNING: possible circular locking dependency detected
[6.1583] 6.18.0+ #4 Tainted: G U
[6.1591] ------------------------------------------------------
[6.1599] kswapd0/117 is trying to acquire lock:
[6.1606] ffff8d9b6333c5b8 (&delayed_node->mutex){+.+.}-{3:3}, at: __btrfs_release_delayed_node.part.0+0x39/0x2f0
[6.1625]
but task is already holding lock:
[6.1633] ffffffffa4ab8ce0 (fs_reclaim){+.+.}-{0:0}, at: balance_pgdat+0x195/0xc60
[6.1646]
which lock already depends on the new lock.
[6.1657]
the existing dependency chain (in reverse order) is:
[6.1667]
-> #2 (fs_reclaim){+.+.}-{0:0}:
[6.1677] fs_reclaim_acquire+0x9d/0xd0
[6.1685] __kmalloc_cache_noprof+0x59/0x750
[6.1694] btrfs_init_file_extent_tree+0x90/0x100
[6.1702] btrfs_read_locked_inode+0xc3/0x6b0
[6.1710] btrfs_iget+0xbb/0xf0
[6.1716] btrfs_lookup_dentry+0x3c5/0x8e0
[6.1724] btrfs_lookup+0x12/0x30
[6.1731] lookup_open.isra.0+0x1aa/0x6a0
[6.1739] path_openat+0x5f7/0xc60
[6.1746] do_filp_open+0xd6/0x180
[6.1753] do_sys_openat2+0x8b/0xe0
[6.1760] __x64_sys_openat+0x54/0xa0
[6.1768] do_syscall_64+0x97/0x3e0
[6.1776] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[6.1784]
-> #1 (btrfs-tree-00){++++}-{3:3}:
[6.1794] lock_release+0x127/0x2a0
[6.1801] up_read+0x1b/0x30
[6.1808] btrfs_search_slot+0x8e0/0xff0
[6.1817] btrfs_lookup_inode+0x52/0xd0
[6.1825] __btrfs_update_delayed_inode+0x73/0x520
[6.1833] btrfs_commit_inode_delayed_inode+0x11a/0x120
[6.1842] btrfs_log_inode+0x608/0x1aa0
[6.1849] btrfs_log_inode_parent+0x249/0xf80
[6.1857] btrfs_log_dentry_safe+0x3e/0x60
[6.1865] btrfs_sync_file+0x431/0x690
[6.1872] do_fsync+0x39/0x80
[6.1879] __x64_sys_fsync+0x13/0x20
[6.1887] do_syscall_64+0x97/0x3e0
[6.1894] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[6.1903]
-> #0 (&delayed_node->mutex){+.+.}-{3:3}:
[6.1913] __lock_acquire+0x15e9/0x2820
[6.1920] lock_acquire+0xc9/0x2d0
[6.1927] __mutex_lock+0xcc/0x10a0
[6.1934] __btrfs_release_delayed_node.part.0+0x39/0x2f0
[6.1944] btrfs_evict_inode+0x20b/0x4b0
[6.1952] evict+0x15a/0x2f0
[6.1958] prune_icache_sb+0x91/0xd0
[6.1966] super_cache_scan+0x150/0x1d0
[6.1974] do_shrink_slab+0x155/0x6f0
[6.1981] shrink_slab+0x48e/0x890
[6.1988] shrink_one+0x11a/0x1f0
[6.1995] shrink_node+0xbfd/0x1320
[6.1002] balance_pgdat+0x67f/0xc60
[6.1321] kswapd+0x1dc/0x3e0
[6.1643] kthread+0xff/0x240
[6.1965] ret_from_fork+0x223/0x280
[6.1287] ret_from_fork_asm+0x1a/0x30
[6.1616]
other info that might help us debug this:
[6.1561] Chain exists of:
&delayed_node->mutex --> btrfs-tree-00 --> fs_reclaim
[6.1503] Possible unsafe locking scenario:
[6.1110] CPU0 CPU1
[6.1411] ---- ----
[6.1707] lock(fs_reclaim);
[6.1998] lock(btrfs-tree-00);
[6.1291] lock(fs_reclaim);
[6.1581] lock(&del
---truncated---
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "92a5590851144f034adc51fee55e6878ccac716e",
"status": "affected",
"version": "8679d2687c351824d08cf1f0e86f3b65f22a00fe",
"versionType": "git"
},
{
"lessThan": "8731f2c50b0b1d2b58ed5b9671ef2c4bdc2f8347",
"status": "affected",
"version": "8679d2687c351824d08cf1f0e86f3b65f22a00fe",
"versionType": "git"
},
{
"status": "affected",
"version": "e8f496001e0c7832d188ab91fea294e19a128202",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.17"
},
{
"lessThan": "6.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.6",
"versionStartIncluding": "6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.16.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: release path before initializing extent tree in btrfs_read_locked_inode()\n\nIn btrfs_read_locked_inode() we are calling btrfs_init_file_extent_tree()\nwhile holding a path with a read locked leaf from a subvolume tree, and\nbtrfs_init_file_extent_tree() may do a GFP_KERNEL allocation, which can\ntrigger reclaim.\n\nThis can create a circular lock dependency which lockdep warns about with\nthe following splat:\n\n [6.1433] ======================================================\n [6.1574] WARNING: possible circular locking dependency detected\n [6.1583] 6.18.0+ #4 Tainted: G U\n [6.1591] ------------------------------------------------------\n [6.1599] kswapd0/117 is trying to acquire lock:\n [6.1606] ffff8d9b6333c5b8 (\u0026delayed_node-\u003emutex){+.+.}-{3:3}, at: __btrfs_release_delayed_node.part.0+0x39/0x2f0\n [6.1625]\n but task is already holding lock:\n [6.1633] ffffffffa4ab8ce0 (fs_reclaim){+.+.}-{0:0}, at: balance_pgdat+0x195/0xc60\n [6.1646]\n which lock already depends on the new lock.\n\n [6.1657]\n the existing dependency chain (in reverse order) is:\n [6.1667]\n -\u003e #2 (fs_reclaim){+.+.}-{0:0}:\n [6.1677] fs_reclaim_acquire+0x9d/0xd0\n [6.1685] __kmalloc_cache_noprof+0x59/0x750\n [6.1694] btrfs_init_file_extent_tree+0x90/0x100\n [6.1702] btrfs_read_locked_inode+0xc3/0x6b0\n [6.1710] btrfs_iget+0xbb/0xf0\n [6.1716] btrfs_lookup_dentry+0x3c5/0x8e0\n [6.1724] btrfs_lookup+0x12/0x30\n [6.1731] lookup_open.isra.0+0x1aa/0x6a0\n [6.1739] path_openat+0x5f7/0xc60\n [6.1746] do_filp_open+0xd6/0x180\n [6.1753] do_sys_openat2+0x8b/0xe0\n [6.1760] __x64_sys_openat+0x54/0xa0\n [6.1768] do_syscall_64+0x97/0x3e0\n [6.1776] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [6.1784]\n -\u003e #1 (btrfs-tree-00){++++}-{3:3}:\n [6.1794] lock_release+0x127/0x2a0\n [6.1801] up_read+0x1b/0x30\n [6.1808] btrfs_search_slot+0x8e0/0xff0\n [6.1817] btrfs_lookup_inode+0x52/0xd0\n [6.1825] __btrfs_update_delayed_inode+0x73/0x520\n [6.1833] btrfs_commit_inode_delayed_inode+0x11a/0x120\n [6.1842] btrfs_log_inode+0x608/0x1aa0\n [6.1849] btrfs_log_inode_parent+0x249/0xf80\n [6.1857] btrfs_log_dentry_safe+0x3e/0x60\n [6.1865] btrfs_sync_file+0x431/0x690\n [6.1872] do_fsync+0x39/0x80\n [6.1879] __x64_sys_fsync+0x13/0x20\n [6.1887] do_syscall_64+0x97/0x3e0\n [6.1894] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [6.1903]\n -\u003e #0 (\u0026delayed_node-\u003emutex){+.+.}-{3:3}:\n [6.1913] __lock_acquire+0x15e9/0x2820\n [6.1920] lock_acquire+0xc9/0x2d0\n [6.1927] __mutex_lock+0xcc/0x10a0\n [6.1934] __btrfs_release_delayed_node.part.0+0x39/0x2f0\n [6.1944] btrfs_evict_inode+0x20b/0x4b0\n [6.1952] evict+0x15a/0x2f0\n [6.1958] prune_icache_sb+0x91/0xd0\n [6.1966] super_cache_scan+0x150/0x1d0\n [6.1974] do_shrink_slab+0x155/0x6f0\n [6.1981] shrink_slab+0x48e/0x890\n [6.1988] shrink_one+0x11a/0x1f0\n [6.1995] shrink_node+0xbfd/0x1320\n [6.1002] balance_pgdat+0x67f/0xc60\n [6.1321] kswapd+0x1dc/0x3e0\n [6.1643] kthread+0xff/0x240\n [6.1965] ret_from_fork+0x223/0x280\n [6.1287] ret_from_fork_asm+0x1a/0x30\n [6.1616]\n other info that might help us debug this:\n\n [6.1561] Chain exists of:\n \u0026delayed_node-\u003emutex --\u003e btrfs-tree-00 --\u003e fs_reclaim\n\n [6.1503] Possible unsafe locking scenario:\n\n [6.1110] CPU0 CPU1\n [6.1411] ---- ----\n [6.1707] lock(fs_reclaim);\n [6.1998] lock(btrfs-tree-00);\n [6.1291] lock(fs_reclaim);\n [6.1581] lock(\u0026del\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:37:11.853Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/92a5590851144f034adc51fee55e6878ccac716e"
},
{
"url": "https://git.kernel.org/stable/c/8731f2c50b0b1d2b58ed5b9671ef2c4bdc2f8347"
}
],
"title": "btrfs: release path before initializing extent tree in btrfs_read_locked_inode()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23018",
"datePublished": "2026-01-31T11:39:02.330Z",
"dateReserved": "2026-01-13T15:37:45.940Z",
"dateUpdated": "2026-02-09T08:37:11.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23017 (GCVE-0-2026-23017)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:39 – Updated: 2026-02-09 08:37
VLAI?
EPSS
Title
idpf: fix error handling in the init_task on load
Summary
In the Linux kernel, the following vulnerability has been resolved:
idpf: fix error handling in the init_task on load
If the init_task fails during a driver load, we end up without vports and
netdevs, effectively failing the entire process. In that state a
subsequent reset will result in a crash as the service task attempts to
access uninitialized resources. Following trace is from an error in the
init_task where the CREATE_VPORT (op 501) is rejected by the FW:
[40922.763136] idpf 0000:83:00.0: Device HW Reset initiated
[40924.449797] idpf 0000:83:00.0: Transaction failed (op 501)
[40958.148190] idpf 0000:83:00.0: HW reset detected
[40958.161202] BUG: kernel NULL pointer dereference, address: 00000000000000a8
...
[40958.168094] Workqueue: idpf-0000:83:00.0-vc_event idpf_vc_event_task [idpf]
[40958.168865] RIP: 0010:idpf_vc_event_task+0x9b/0x350 [idpf]
...
[40958.177932] Call Trace:
[40958.178491] <TASK>
[40958.179040] process_one_work+0x226/0x6d0
[40958.179609] worker_thread+0x19e/0x340
[40958.180158] ? __pfx_worker_thread+0x10/0x10
[40958.180702] kthread+0x10f/0x250
[40958.181238] ? __pfx_kthread+0x10/0x10
[40958.181774] ret_from_fork+0x251/0x2b0
[40958.182307] ? __pfx_kthread+0x10/0x10
[40958.182834] ret_from_fork_asm+0x1a/0x30
[40958.183370] </TASK>
Fix the error handling in the init_task to make sure the service and
mailbox tasks are disabled if the error happens during load. These are
started in idpf_vc_core_init(), which spawns the init_task and has no way
of knowing if it failed. If the error happens on reset, following
successful driver load, the tasks can still run, as that will allow the
netdevs to attempt recovery through another reset. Stop the PTP callbacks
either way as those will be restarted by the call to idpf_vc_core_init()
during a successful reset.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/idpf/idpf_lib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a514c374edcd33581cdcccf8faa7cc606a600319",
"status": "affected",
"version": "0fe45467a1041ea3657a7fa3a791c84c104fbd34",
"versionType": "git"
},
{
"lessThan": "4d792219fe6f891b5b557a607ac8a0a14eda6e38",
"status": "affected",
"version": "0fe45467a1041ea3657a7fa3a791c84c104fbd34",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/idpf/idpf_lib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.6",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix error handling in the init_task on load\n\nIf the init_task fails during a driver load, we end up without vports and\nnetdevs, effectively failing the entire process. In that state a\nsubsequent reset will result in a crash as the service task attempts to\naccess uninitialized resources. Following trace is from an error in the\ninit_task where the CREATE_VPORT (op 501) is rejected by the FW:\n\n[40922.763136] idpf 0000:83:00.0: Device HW Reset initiated\n[40924.449797] idpf 0000:83:00.0: Transaction failed (op 501)\n[40958.148190] idpf 0000:83:00.0: HW reset detected\n[40958.161202] BUG: kernel NULL pointer dereference, address: 00000000000000a8\n...\n[40958.168094] Workqueue: idpf-0000:83:00.0-vc_event idpf_vc_event_task [idpf]\n[40958.168865] RIP: 0010:idpf_vc_event_task+0x9b/0x350 [idpf]\n...\n[40958.177932] Call Trace:\n[40958.178491] \u003cTASK\u003e\n[40958.179040] process_one_work+0x226/0x6d0\n[40958.179609] worker_thread+0x19e/0x340\n[40958.180158] ? __pfx_worker_thread+0x10/0x10\n[40958.180702] kthread+0x10f/0x250\n[40958.181238] ? __pfx_kthread+0x10/0x10\n[40958.181774] ret_from_fork+0x251/0x2b0\n[40958.182307] ? __pfx_kthread+0x10/0x10\n[40958.182834] ret_from_fork_asm+0x1a/0x30\n[40958.183370] \u003c/TASK\u003e\n\nFix the error handling in the init_task to make sure the service and\nmailbox tasks are disabled if the error happens during load. These are\nstarted in idpf_vc_core_init(), which spawns the init_task and has no way\nof knowing if it failed. If the error happens on reset, following\nsuccessful driver load, the tasks can still run, as that will allow the\nnetdevs to attempt recovery through another reset. Stop the PTP callbacks\neither way as those will be restarted by the call to idpf_vc_core_init()\nduring a successful reset."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:37:10.780Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a514c374edcd33581cdcccf8faa7cc606a600319"
},
{
"url": "https://git.kernel.org/stable/c/4d792219fe6f891b5b557a607ac8a0a14eda6e38"
}
],
"title": "idpf: fix error handling in the init_task on load",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23017",
"datePublished": "2026-01-31T11:39:01.204Z",
"dateReserved": "2026-01-13T15:37:45.940Z",
"dateUpdated": "2026-02-09T08:37:10.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23028 (GCVE-0-2026-23028)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:42 – Updated: 2026-02-09 08:37
VLAI?
EPSS
Title
LoongArch: KVM: Fix kvm_device leak in kvm_ipi_destroy()
Summary
In the Linux kernel, the following vulnerability has been resolved:
LoongArch: KVM: Fix kvm_device leak in kvm_ipi_destroy()
In kvm_ioctl_create_device(), kvm_device has allocated memory,
kvm_device->destroy() seems to be supposed to free its kvm_device
struct, but kvm_ipi_destroy() is not currently doing this, that
would lead to a memory leak.
So, fix it.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/loongarch/kvm/intc/ipi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5defcc2f9c22e6e09b5be68234ad10f4ba0292b7",
"status": "affected",
"version": "c532de5a67a70f8533d495f8f2aaa9a0491c3ad0",
"versionType": "git"
},
{
"lessThan": "0bf58cb7288a4d3de6d8ecbb3a65928a9362bf21",
"status": "affected",
"version": "c532de5a67a70f8533d495f8f2aaa9a0491c3ad0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/loongarch/kvm/intc/ipi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.13"
},
{
"lessThan": "6.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.7",
"versionStartIncluding": "6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: KVM: Fix kvm_device leak in kvm_ipi_destroy()\n\nIn kvm_ioctl_create_device(), kvm_device has allocated memory,\nkvm_device-\u003edestroy() seems to be supposed to free its kvm_device\nstruct, but kvm_ipi_destroy() is not currently doing this, that\nwould lead to a memory leak.\n\nSo, fix it."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:37:22.464Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5defcc2f9c22e6e09b5be68234ad10f4ba0292b7"
},
{
"url": "https://git.kernel.org/stable/c/0bf58cb7288a4d3de6d8ecbb3a65928a9362bf21"
}
],
"title": "LoongArch: KVM: Fix kvm_device leak in kvm_ipi_destroy()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23028",
"datePublished": "2026-01-31T11:42:06.984Z",
"dateReserved": "2026-01-13T15:37:45.942Z",
"dateUpdated": "2026-02-09T08:37:22.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23019 (GCVE-0-2026-23019)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:39 – Updated: 2026-02-09 08:37
VLAI?
EPSS
Title
net: marvell: prestera: fix NULL dereference on devlink_alloc() failure
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: marvell: prestera: fix NULL dereference on devlink_alloc() failure
devlink_alloc() may return NULL on allocation failure, but
prestera_devlink_alloc() unconditionally calls devlink_priv() on
the returned pointer.
This leads to a NULL pointer dereference if devlink allocation fails.
Add a check for a NULL devlink pointer and return NULL early to avoid
the crash.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
34dd1710f5a3c9a7dc78e1ff6de69a19d407db25 , < 8a4333b2818f0d853b43e139936c20659366e4a0
(git)
Affected: 34dd1710f5a3c9a7dc78e1ff6de69a19d407db25 , < 325aea74be7e192b5c947c782da23b0d19a5fda2 (git) Affected: 34dd1710f5a3c9a7dc78e1ff6de69a19d407db25 , < 94e070cd50790317fba7787ae6006934b7edcb6f (git) Affected: 34dd1710f5a3c9a7dc78e1ff6de69a19d407db25 , < 3950054c9512add0cc79ab7e72b6d2f9f675e25b (git) Affected: 34dd1710f5a3c9a7dc78e1ff6de69a19d407db25 , < 326a4b7e61d01db3507f71c8bb5e85362f607064 (git) Affected: 34dd1710f5a3c9a7dc78e1ff6de69a19d407db25 , < a428e0da1248c353557970848994f35fd3f005e2 (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/prestera/prestera_devlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8a4333b2818f0d853b43e139936c20659366e4a0",
"status": "affected",
"version": "34dd1710f5a3c9a7dc78e1ff6de69a19d407db25",
"versionType": "git"
},
{
"lessThan": "325aea74be7e192b5c947c782da23b0d19a5fda2",
"status": "affected",
"version": "34dd1710f5a3c9a7dc78e1ff6de69a19d407db25",
"versionType": "git"
},
{
"lessThan": "94e070cd50790317fba7787ae6006934b7edcb6f",
"status": "affected",
"version": "34dd1710f5a3c9a7dc78e1ff6de69a19d407db25",
"versionType": "git"
},
{
"lessThan": "3950054c9512add0cc79ab7e72b6d2f9f675e25b",
"status": "affected",
"version": "34dd1710f5a3c9a7dc78e1ff6de69a19d407db25",
"versionType": "git"
},
{
"lessThan": "326a4b7e61d01db3507f71c8bb5e85362f607064",
"status": "affected",
"version": "34dd1710f5a3c9a7dc78e1ff6de69a19d407db25",
"versionType": "git"
},
{
"lessThan": "a428e0da1248c353557970848994f35fd3f005e2",
"status": "affected",
"version": "34dd1710f5a3c9a7dc78e1ff6de69a19d407db25",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/prestera/prestera_devlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.66",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.198",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.161",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.121",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.66",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.6",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: marvell: prestera: fix NULL dereference on devlink_alloc() failure\n\ndevlink_alloc() may return NULL on allocation failure, but\nprestera_devlink_alloc() unconditionally calls devlink_priv() on\nthe returned pointer.\n\nThis leads to a NULL pointer dereference if devlink allocation fails.\nAdd a check for a NULL devlink pointer and return NULL early to avoid\nthe crash."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:37:12.887Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8a4333b2818f0d853b43e139936c20659366e4a0"
},
{
"url": "https://git.kernel.org/stable/c/325aea74be7e192b5c947c782da23b0d19a5fda2"
},
{
"url": "https://git.kernel.org/stable/c/94e070cd50790317fba7787ae6006934b7edcb6f"
},
{
"url": "https://git.kernel.org/stable/c/3950054c9512add0cc79ab7e72b6d2f9f675e25b"
},
{
"url": "https://git.kernel.org/stable/c/326a4b7e61d01db3507f71c8bb5e85362f607064"
},
{
"url": "https://git.kernel.org/stable/c/a428e0da1248c353557970848994f35fd3f005e2"
}
],
"title": "net: marvell: prestera: fix NULL dereference on devlink_alloc() failure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23019",
"datePublished": "2026-01-31T11:39:03.179Z",
"dateReserved": "2026-01-13T15:37:45.940Z",
"dateUpdated": "2026-02-09T08:37:12.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23037 (GCVE-0-2026-23037)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:42 – Updated: 2026-02-09 08:37
VLAI?
EPSS
Title
can: etas_es58x: allow partial RX URB allocation to succeed
Summary
In the Linux kernel, the following vulnerability has been resolved:
can: etas_es58x: allow partial RX URB allocation to succeed
When es58x_alloc_rx_urbs() fails to allocate the requested number of
URBs but succeeds in allocating some, it returns an error code.
This causes es58x_open() to return early, skipping the cleanup label
'free_urbs', which leads to the anchored URBs being leaked.
As pointed out by maintainer Vincent Mailhol, the driver is designed
to handle partial URB allocation gracefully. Therefore, partial
allocation should not be treated as a fatal error.
Modify es58x_alloc_rx_urbs() to return 0 if at least one URB has been
allocated, restoring the intended behavior and preventing the leak
in es58x_open().
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
8537257874e949a59c834cecfd5a063e11b64b0b , < 97250eb05e4b6afe787290e8fd97d0675116c61b
(git)
Affected: 8537257874e949a59c834cecfd5a063e11b64b0b , < aec888f44853584b5a7cd01249806030cf94a73d (git) Affected: 8537257874e949a59c834cecfd5a063e11b64b0b , < 611e839d2d552416b498ed5593e10670f61fcd4d (git) Affected: 8537257874e949a59c834cecfd5a063e11b64b0b , < ba45e3d6b02c97dbb4578fbae7027fd66f3caa10 (git) Affected: 8537257874e949a59c834cecfd5a063e11b64b0b , < 6c5124a60989051799037834f0a1a4b428718157 (git) Affected: 8537257874e949a59c834cecfd5a063e11b64b0b , < b1979778e98569c1e78c2c7f16bb24d76541ab00 (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/can/usb/etas_es58x/es58x_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "97250eb05e4b6afe787290e8fd97d0675116c61b",
"status": "affected",
"version": "8537257874e949a59c834cecfd5a063e11b64b0b",
"versionType": "git"
},
{
"lessThan": "aec888f44853584b5a7cd01249806030cf94a73d",
"status": "affected",
"version": "8537257874e949a59c834cecfd5a063e11b64b0b",
"versionType": "git"
},
{
"lessThan": "611e839d2d552416b498ed5593e10670f61fcd4d",
"status": "affected",
"version": "8537257874e949a59c834cecfd5a063e11b64b0b",
"versionType": "git"
},
{
"lessThan": "ba45e3d6b02c97dbb4578fbae7027fd66f3caa10",
"status": "affected",
"version": "8537257874e949a59c834cecfd5a063e11b64b0b",
"versionType": "git"
},
{
"lessThan": "6c5124a60989051799037834f0a1a4b428718157",
"status": "affected",
"version": "8537257874e949a59c834cecfd5a063e11b64b0b",
"versionType": "git"
},
{
"lessThan": "b1979778e98569c1e78c2c7f16bb24d76541ab00",
"status": "affected",
"version": "8537257874e949a59c834cecfd5a063e11b64b0b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/can/usb/etas_es58x/es58x_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.67",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.199",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.162",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.67",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.7",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: allow partial RX URB allocation to succeed\n\nWhen es58x_alloc_rx_urbs() fails to allocate the requested number of\nURBs but succeeds in allocating some, it returns an error code.\nThis causes es58x_open() to return early, skipping the cleanup label\n\u0027free_urbs\u0027, which leads to the anchored URBs being leaked.\n\nAs pointed out by maintainer Vincent Mailhol, the driver is designed\nto handle partial URB allocation gracefully. Therefore, partial\nallocation should not be treated as a fatal error.\n\nModify es58x_alloc_rx_urbs() to return 0 if at least one URB has been\nallocated, restoring the intended behavior and preventing the leak\nin es58x_open()."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:37:31.963Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/97250eb05e4b6afe787290e8fd97d0675116c61b"
},
{
"url": "https://git.kernel.org/stable/c/aec888f44853584b5a7cd01249806030cf94a73d"
},
{
"url": "https://git.kernel.org/stable/c/611e839d2d552416b498ed5593e10670f61fcd4d"
},
{
"url": "https://git.kernel.org/stable/c/ba45e3d6b02c97dbb4578fbae7027fd66f3caa10"
},
{
"url": "https://git.kernel.org/stable/c/6c5124a60989051799037834f0a1a4b428718157"
},
{
"url": "https://git.kernel.org/stable/c/b1979778e98569c1e78c2c7f16bb24d76541ab00"
}
],
"title": "can: etas_es58x: allow partial RX URB allocation to succeed",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23037",
"datePublished": "2026-01-31T11:42:31.689Z",
"dateReserved": "2026-01-13T15:37:45.943Z",
"dateUpdated": "2026-02-09T08:37:31.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71184 (GCVE-0-2025-71184)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:38 – Updated: 2026-03-25 10:20
VLAI?
EPSS
Title
btrfs: fix NULL dereference on root when tracing inode eviction
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix NULL dereference on root when tracing inode eviction
When evicting an inode the first thing we do is to setup tracing for it,
which implies fetching the root's id. But in btrfs_evict_inode() the
root might be NULL, as implied in the next check that we do in
btrfs_evict_inode().
Hence, we either should set the ->root_objectid to 0 in case the root is
NULL, or we move tracing setup after checking that the root is not
NULL. Setting the rootid to 0 at least gives us the possibility to trace
this call even in the case when the root is NULL, so that's the solution
taken here.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
1abe9b8a138c9988ba8f7bfded6453649a31541f , < 64d8abd8c5305795a2b35fc96039d99d34f5e762
(git)
Affected: 1abe9b8a138c9988ba8f7bfded6453649a31541f , < 582ba48e4a4c06fef6bdcf4e57b7b9af660bbd0c (git) Affected: 1abe9b8a138c9988ba8f7bfded6453649a31541f , < 99e057f3d3ef24b99a7b1d84e01dd1bd890098da (git) Affected: 1abe9b8a138c9988ba8f7bfded6453649a31541f , < f157dd661339fc6f5f2b574fe2429c43bd309534 (git) |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/trace/events/btrfs.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "64d8abd8c5305795a2b35fc96039d99d34f5e762",
"status": "affected",
"version": "1abe9b8a138c9988ba8f7bfded6453649a31541f",
"versionType": "git"
},
{
"lessThan": "582ba48e4a4c06fef6bdcf4e57b7b9af660bbd0c",
"status": "affected",
"version": "1abe9b8a138c9988ba8f7bfded6453649a31541f",
"versionType": "git"
},
{
"lessThan": "99e057f3d3ef24b99a7b1d84e01dd1bd890098da",
"status": "affected",
"version": "1abe9b8a138c9988ba8f7bfded6453649a31541f",
"versionType": "git"
},
{
"lessThan": "f157dd661339fc6f5f2b574fe2429c43bd309534",
"status": "affected",
"version": "1abe9b8a138c9988ba8f7bfded6453649a31541f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/trace/events/btrfs.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.39"
},
{
"lessThan": "2.6.39",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.130",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.66",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.130",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.66",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.6",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "2.6.39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix NULL dereference on root when tracing inode eviction\n\nWhen evicting an inode the first thing we do is to setup tracing for it,\nwhich implies fetching the root\u0027s id. But in btrfs_evict_inode() the\nroot might be NULL, as implied in the next check that we do in\nbtrfs_evict_inode().\n\nHence, we either should set the -\u003eroot_objectid to 0 in case the root is\nNULL, or we move tracing setup after checking that the root is not\nNULL. Setting the rootid to 0 at least gives us the possibility to trace\nthis call even in the case when the root is NULL, so that\u0027s the solution\ntaken here."
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T10:20:07.089Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/64d8abd8c5305795a2b35fc96039d99d34f5e762"
},
{
"url": "https://git.kernel.org/stable/c/582ba48e4a4c06fef6bdcf4e57b7b9af660bbd0c"
},
{
"url": "https://git.kernel.org/stable/c/99e057f3d3ef24b99a7b1d84e01dd1bd890098da"
},
{
"url": "https://git.kernel.org/stable/c/f157dd661339fc6f5f2b574fe2429c43bd309534"
}
],
"title": "btrfs: fix NULL dereference on root when tracing inode eviction",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71184",
"datePublished": "2026-01-31T11:38:57.171Z",
"dateReserved": "2026-01-31T11:36:51.187Z",
"dateUpdated": "2026-03-25T10:20:07.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23032 (GCVE-0-2026-23032)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:42 – Updated: 2026-02-09 08:37
VLAI?
EPSS
Title
null_blk: fix kmemleak by releasing references to fault configfs items
Summary
In the Linux kernel, the following vulnerability has been resolved:
null_blk: fix kmemleak by releasing references to fault configfs items
When CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, the null-blk
driver sets up fault injection support by creating the timeout_inject,
requeue_inject, and init_hctx_fault_inject configfs items as children
of the top-level nullbX configfs group.
However, when the nullbX device is removed, the references taken to
these fault-config configfs items are not released. As a result,
kmemleak reports a memory leak, for example:
unreferenced object 0xc00000021ff25c40 (size 32):
comm "mkdir", pid 10665, jiffies 4322121578
hex dump (first 32 bytes):
69 6e 69 74 5f 68 63 74 78 5f 66 61 75 6c 74 5f init_hctx_fault_
69 6e 6a 65 63 74 00 88 00 00 00 00 00 00 00 00 inject..........
backtrace (crc 1a018c86):
__kmalloc_node_track_caller_noprof+0x494/0xbd8
kvasprintf+0x74/0xf4
config_item_set_name+0xf0/0x104
config_group_init_type_name+0x48/0xfc
fault_config_init+0x48/0xf0
0xc0080000180559e4
configfs_mkdir+0x304/0x814
vfs_mkdir+0x49c/0x604
do_mkdirat+0x314/0x3d0
sys_mkdir+0xa0/0xd8
system_call_exception+0x1b0/0x4f0
system_call_vectored_common+0x15c/0x2ec
Fix this by explicitly releasing the references to the fault-config
configfs items when dropping the reference to the top-level nullbX
configfs group.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
bb4c19e030f45c5416f1eb4daa94fbaf7165e9ea , < 1a3286edf4d48ce37f8982ff3c3b65159a5ecbb2
(git)
Affected: bb4c19e030f45c5416f1eb4daa94fbaf7165e9ea , < d59ba448ccd595d5d65e197216cf781a87db2b28 (git) Affected: bb4c19e030f45c5416f1eb4daa94fbaf7165e9ea , < f1718da051282698aa8fa150bebb9724f6389fda (git) Affected: bb4c19e030f45c5416f1eb4daa94fbaf7165e9ea , < 40b94ec7edbbb867c4e26a1a43d2b898f04b93c5 (git) |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/block/null_blk/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1a3286edf4d48ce37f8982ff3c3b65159a5ecbb2",
"status": "affected",
"version": "bb4c19e030f45c5416f1eb4daa94fbaf7165e9ea",
"versionType": "git"
},
{
"lessThan": "d59ba448ccd595d5d65e197216cf781a87db2b28",
"status": "affected",
"version": "bb4c19e030f45c5416f1eb4daa94fbaf7165e9ea",
"versionType": "git"
},
{
"lessThan": "f1718da051282698aa8fa150bebb9724f6389fda",
"status": "affected",
"version": "bb4c19e030f45c5416f1eb4daa94fbaf7165e9ea",
"versionType": "git"
},
{
"lessThan": "40b94ec7edbbb867c4e26a1a43d2b898f04b93c5",
"status": "affected",
"version": "bb4c19e030f45c5416f1eb4daa94fbaf7165e9ea",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/block/null_blk/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.67",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.67",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.7",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: fix kmemleak by releasing references to fault configfs items\n\nWhen CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, the null-blk\ndriver sets up fault injection support by creating the timeout_inject,\nrequeue_inject, and init_hctx_fault_inject configfs items as children\nof the top-level nullbX configfs group.\n\nHowever, when the nullbX device is removed, the references taken to\nthese fault-config configfs items are not released. As a result,\nkmemleak reports a memory leak, for example:\n\nunreferenced object 0xc00000021ff25c40 (size 32):\n comm \"mkdir\", pid 10665, jiffies 4322121578\n hex dump (first 32 bytes):\n 69 6e 69 74 5f 68 63 74 78 5f 66 61 75 6c 74 5f init_hctx_fault_\n 69 6e 6a 65 63 74 00 88 00 00 00 00 00 00 00 00 inject..........\n backtrace (crc 1a018c86):\n __kmalloc_node_track_caller_noprof+0x494/0xbd8\n kvasprintf+0x74/0xf4\n config_item_set_name+0xf0/0x104\n config_group_init_type_name+0x48/0xfc\n fault_config_init+0x48/0xf0\n 0xc0080000180559e4\n configfs_mkdir+0x304/0x814\n vfs_mkdir+0x49c/0x604\n do_mkdirat+0x314/0x3d0\n sys_mkdir+0xa0/0xd8\n system_call_exception+0x1b0/0x4f0\n system_call_vectored_common+0x15c/0x2ec\n\nFix this by explicitly releasing the references to the fault-config\nconfigfs items when dropping the reference to the top-level nullbX\nconfigfs group."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:37:26.714Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1a3286edf4d48ce37f8982ff3c3b65159a5ecbb2"
},
{
"url": "https://git.kernel.org/stable/c/d59ba448ccd595d5d65e197216cf781a87db2b28"
},
{
"url": "https://git.kernel.org/stable/c/f1718da051282698aa8fa150bebb9724f6389fda"
},
{
"url": "https://git.kernel.org/stable/c/40b94ec7edbbb867c4e26a1a43d2b898f04b93c5"
}
],
"title": "null_blk: fix kmemleak by releasing references to fault configfs items",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23032",
"datePublished": "2026-01-31T11:42:11.640Z",
"dateReserved": "2026-01-13T15:37:45.942Z",
"dateUpdated": "2026-02-09T08:37:26.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23036 (GCVE-0-2026-23036)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:42 – Updated: 2026-02-09 08:37
VLAI?
EPSS
Title
btrfs: release path before iget_failed() in btrfs_read_locked_inode()
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: release path before iget_failed() in btrfs_read_locked_inode()
In btrfs_read_locked_inode() if we fail to lookup the inode, we jump to
the 'out' label with a path that has a read locked leaf and then we call
iget_failed(). This can result in a ABBA deadlock, since iget_failed()
triggers inode eviction and that causes the release of the delayed inode,
which must lock the delayed inode's mutex, and a task updating a delayed
inode starts by taking the node's mutex and then modifying the inode's
subvolume btree.
Syzbot reported the following lockdep splat for this:
======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Not tainted
------------------------------------------------------
btrfs-cleaner/8725 is trying to acquire lock:
ffff0000d6826a48 (&delayed_node->mutex){+.+.}-{4:4}, at: __btrfs_release_delayed_node+0xa0/0x9b0 fs/btrfs/delayed-inode.c:290
but task is already holding lock:
ffff0000dbeba878 (btrfs-tree-00){++++}-{4:4}, at: btrfs_tree_read_lock_nested+0x44/0x2ec fs/btrfs/locking.c:145
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (btrfs-tree-00){++++}-{4:4}:
__lock_release kernel/locking/lockdep.c:5574 [inline]
lock_release+0x198/0x39c kernel/locking/lockdep.c:5889
up_read+0x24/0x3c kernel/locking/rwsem.c:1632
btrfs_tree_read_unlock+0xdc/0x298 fs/btrfs/locking.c:169
btrfs_tree_unlock_rw fs/btrfs/locking.h:218 [inline]
btrfs_search_slot+0xa6c/0x223c fs/btrfs/ctree.c:2133
btrfs_lookup_inode+0xd8/0x38c fs/btrfs/inode-item.c:395
__btrfs_update_delayed_inode+0x124/0xed0 fs/btrfs/delayed-inode.c:1032
btrfs_update_delayed_inode fs/btrfs/delayed-inode.c:1118 [inline]
__btrfs_commit_inode_delayed_items+0x15f8/0x1748 fs/btrfs/delayed-inode.c:1141
__btrfs_run_delayed_items+0x1ac/0x514 fs/btrfs/delayed-inode.c:1176
btrfs_run_delayed_items_nr+0x28/0x38 fs/btrfs/delayed-inode.c:1219
flush_space+0x26c/0xb68 fs/btrfs/space-info.c:828
do_async_reclaim_metadata_space+0x110/0x364 fs/btrfs/space-info.c:1158
btrfs_async_reclaim_metadata_space+0x90/0xd8 fs/btrfs/space-info.c:1226
process_one_work+0x7e8/0x155c kernel/workqueue.c:3263
process_scheduled_works kernel/workqueue.c:3346 [inline]
worker_thread+0x958/0xed8 kernel/workqueue.c:3427
kthread+0x5fc/0x75c kernel/kthread.c:463
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844
-> #0 (&delayed_node->mutex){+.+.}-{4:4}:
check_prev_add kernel/locking/lockdep.c:3165 [inline]
check_prevs_add kernel/locking/lockdep.c:3284 [inline]
validate_chain kernel/locking/lockdep.c:3908 [inline]
__lock_acquire+0x1774/0x30a4 kernel/locking/lockdep.c:5237
lock_acquire+0x14c/0x2e0 kernel/locking/lockdep.c:5868
__mutex_lock_common+0x1d0/0x2678 kernel/locking/mutex.c:598
__mutex_lock kernel/locking/mutex.c:760 [inline]
mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:812
__btrfs_release_delayed_node+0xa0/0x9b0 fs/btrfs/delayed-inode.c:290
btrfs_release_delayed_node fs/btrfs/delayed-inode.c:315 [inline]
btrfs_remove_delayed_node+0x68/0x84 fs/btrfs/delayed-inode.c:1326
btrfs_evict_inode+0x578/0xe28 fs/btrfs/inode.c:5587
evict+0x414/0x928 fs/inode.c:810
iput_final fs/inode.c:1914 [inline]
iput+0x95c/0xad4 fs/inode.c:1966
iget_failed+0xec/0x134 fs/bad_inode.c:248
btrfs_read_locked_inode+0xe1c/0x1234 fs/btrfs/inode.c:4101
btrfs_iget+0x1b0/0x264 fs/btrfs/inode.c:5837
btrfs_run_defrag_inode fs/btrfs/defrag.c:237 [inline]
btrfs_run_defrag_inodes+0x520/0xdc4 fs/btrf
---truncated---
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "65241e3ddda60b53a4ee3ae12721fc9ee21d5827",
"status": "affected",
"version": "69673992b1aea5540199d9b8b658ede72f55a6cf",
"versionType": "git"
},
{
"lessThan": "1e1f2055ad5a7a5d548789b334a4473a7665c418",
"status": "affected",
"version": "69673992b1aea5540199d9b8b658ede72f55a6cf",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.13"
},
{
"lessThan": "6.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.7",
"versionStartIncluding": "6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: release path before iget_failed() in btrfs_read_locked_inode()\n\nIn btrfs_read_locked_inode() if we fail to lookup the inode, we jump to\nthe \u0027out\u0027 label with a path that has a read locked leaf and then we call\niget_failed(). This can result in a ABBA deadlock, since iget_failed()\ntriggers inode eviction and that causes the release of the delayed inode,\nwhich must lock the delayed inode\u0027s mutex, and a task updating a delayed\ninode starts by taking the node\u0027s mutex and then modifying the inode\u0027s\nsubvolume btree.\n\nSyzbot reported the following lockdep splat for this:\n\n ======================================================\n WARNING: possible circular locking dependency detected\n syzkaller #0 Not tainted\n ------------------------------------------------------\n btrfs-cleaner/8725 is trying to acquire lock:\n ffff0000d6826a48 (\u0026delayed_node-\u003emutex){+.+.}-{4:4}, at: __btrfs_release_delayed_node+0xa0/0x9b0 fs/btrfs/delayed-inode.c:290\n\n but task is already holding lock:\n ffff0000dbeba878 (btrfs-tree-00){++++}-{4:4}, at: btrfs_tree_read_lock_nested+0x44/0x2ec fs/btrfs/locking.c:145\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -\u003e #1 (btrfs-tree-00){++++}-{4:4}:\n __lock_release kernel/locking/lockdep.c:5574 [inline]\n lock_release+0x198/0x39c kernel/locking/lockdep.c:5889\n up_read+0x24/0x3c kernel/locking/rwsem.c:1632\n btrfs_tree_read_unlock+0xdc/0x298 fs/btrfs/locking.c:169\n btrfs_tree_unlock_rw fs/btrfs/locking.h:218 [inline]\n btrfs_search_slot+0xa6c/0x223c fs/btrfs/ctree.c:2133\n btrfs_lookup_inode+0xd8/0x38c fs/btrfs/inode-item.c:395\n __btrfs_update_delayed_inode+0x124/0xed0 fs/btrfs/delayed-inode.c:1032\n btrfs_update_delayed_inode fs/btrfs/delayed-inode.c:1118 [inline]\n __btrfs_commit_inode_delayed_items+0x15f8/0x1748 fs/btrfs/delayed-inode.c:1141\n __btrfs_run_delayed_items+0x1ac/0x514 fs/btrfs/delayed-inode.c:1176\n btrfs_run_delayed_items_nr+0x28/0x38 fs/btrfs/delayed-inode.c:1219\n flush_space+0x26c/0xb68 fs/btrfs/space-info.c:828\n do_async_reclaim_metadata_space+0x110/0x364 fs/btrfs/space-info.c:1158\n btrfs_async_reclaim_metadata_space+0x90/0xd8 fs/btrfs/space-info.c:1226\n process_one_work+0x7e8/0x155c kernel/workqueue.c:3263\n process_scheduled_works kernel/workqueue.c:3346 [inline]\n worker_thread+0x958/0xed8 kernel/workqueue.c:3427\n kthread+0x5fc/0x75c kernel/kthread.c:463\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844\n\n -\u003e #0 (\u0026delayed_node-\u003emutex){+.+.}-{4:4}:\n check_prev_add kernel/locking/lockdep.c:3165 [inline]\n check_prevs_add kernel/locking/lockdep.c:3284 [inline]\n validate_chain kernel/locking/lockdep.c:3908 [inline]\n __lock_acquire+0x1774/0x30a4 kernel/locking/lockdep.c:5237\n lock_acquire+0x14c/0x2e0 kernel/locking/lockdep.c:5868\n __mutex_lock_common+0x1d0/0x2678 kernel/locking/mutex.c:598\n __mutex_lock kernel/locking/mutex.c:760 [inline]\n mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:812\n __btrfs_release_delayed_node+0xa0/0x9b0 fs/btrfs/delayed-inode.c:290\n btrfs_release_delayed_node fs/btrfs/delayed-inode.c:315 [inline]\n btrfs_remove_delayed_node+0x68/0x84 fs/btrfs/delayed-inode.c:1326\n btrfs_evict_inode+0x578/0xe28 fs/btrfs/inode.c:5587\n evict+0x414/0x928 fs/inode.c:810\n iput_final fs/inode.c:1914 [inline]\n iput+0x95c/0xad4 fs/inode.c:1966\n iget_failed+0xec/0x134 fs/bad_inode.c:248\n btrfs_read_locked_inode+0xe1c/0x1234 fs/btrfs/inode.c:4101\n btrfs_iget+0x1b0/0x264 fs/btrfs/inode.c:5837\n btrfs_run_defrag_inode fs/btrfs/defrag.c:237 [inline]\n btrfs_run_defrag_inodes+0x520/0xdc4 fs/btrf\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:37:30.880Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/65241e3ddda60b53a4ee3ae12721fc9ee21d5827"
},
{
"url": "https://git.kernel.org/stable/c/1e1f2055ad5a7a5d548789b334a4473a7665c418"
}
],
"title": "btrfs: release path before iget_failed() in btrfs_read_locked_inode()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23036",
"datePublished": "2026-01-31T11:42:30.782Z",
"dateReserved": "2026-01-13T15:37:45.943Z",
"dateUpdated": "2026-02-09T08:37:30.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71187 (GCVE-0-2025-71187)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:41 – Updated: 2026-02-09 08:36
VLAI?
EPSS
Title
dmaengine: sh: rz-dmac: fix device leak on probe failure
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: sh: rz-dmac: fix device leak on probe failure
Make sure to drop the reference taken when looking up the ICU device
during probe also on probe failures (e.g. probe deferral).
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/sh/rz-dmac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "926d1666420c227eab50962a8622c1b8444720e8",
"status": "affected",
"version": "7de873201c44bff5b42f2e560098d463843b8a4c",
"versionType": "git"
},
{
"lessThan": "9fb490323997dcb6f749cd2660a17a39854600cd",
"status": "affected",
"version": "7de873201c44bff5b42f2e560098d463843b8a4c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/sh/rz-dmac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.16"
},
{
"lessThan": "6.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.7",
"versionStartIncluding": "6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: sh: rz-dmac: fix device leak on probe failure\n\nMake sure to drop the reference taken when looking up the ICU device\nduring probe also on probe failures (e.g. probe deferral)."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:36:11.748Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/926d1666420c227eab50962a8622c1b8444720e8"
},
{
"url": "https://git.kernel.org/stable/c/9fb490323997dcb6f749cd2660a17a39854600cd"
}
],
"title": "dmaengine: sh: rz-dmac: fix device leak on probe failure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71187",
"datePublished": "2026-01-31T11:41:58.816Z",
"dateReserved": "2026-01-31T11:36:51.188Z",
"dateUpdated": "2026-02-09T08:36:11.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23029 (GCVE-0-2026-23029)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:42 – Updated: 2026-02-09 08:37
VLAI?
EPSS
Title
LoongArch: KVM: Fix kvm_device leak in kvm_eiointc_destroy()
Summary
In the Linux kernel, the following vulnerability has been resolved:
LoongArch: KVM: Fix kvm_device leak in kvm_eiointc_destroy()
In kvm_ioctl_create_device(), kvm_device has allocated memory,
kvm_device->destroy() seems to be supposed to free its kvm_device
struct, but kvm_eiointc_destroy() is not currently doing this, that
would lead to a memory leak.
So, fix it.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/loongarch/kvm/intc/eiointc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e94ec9661c5820d157d2cc4b6cf4a6ab656a7b4d",
"status": "affected",
"version": "2e8b9df82631e714cc2b7bf302772c8259673180",
"versionType": "git"
},
{
"lessThan": "7d8553fc75aefa7ec936af0cf8443ff90b51732e",
"status": "affected",
"version": "2e8b9df82631e714cc2b7bf302772c8259673180",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/loongarch/kvm/intc/eiointc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.13"
},
{
"lessThan": "6.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.7",
"versionStartIncluding": "6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: KVM: Fix kvm_device leak in kvm_eiointc_destroy()\n\nIn kvm_ioctl_create_device(), kvm_device has allocated memory,\nkvm_device-\u003edestroy() seems to be supposed to free its kvm_device\nstruct, but kvm_eiointc_destroy() is not currently doing this, that\nwould lead to a memory leak.\n\nSo, fix it."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:37:23.573Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e94ec9661c5820d157d2cc4b6cf4a6ab656a7b4d"
},
{
"url": "https://git.kernel.org/stable/c/7d8553fc75aefa7ec936af0cf8443ff90b51732e"
}
],
"title": "LoongArch: KVM: Fix kvm_device leak in kvm_eiointc_destroy()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23029",
"datePublished": "2026-01-31T11:42:07.750Z",
"dateReserved": "2026-01-13T15:37:45.942Z",
"dateUpdated": "2026-02-09T08:37:23.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71183 (GCVE-0-2025-71183)
Vulnerability from cvelistv5 – Published: 2026-01-31 11:38 – Updated: 2026-02-09 08:36
VLAI?
EPSS
Title
btrfs: always detect conflicting inodes when logging inode refs
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: always detect conflicting inodes when logging inode refs
After rename exchanging (either with the rename exchange operation or
regular renames in multiple non-atomic steps) two inodes and at least
one of them is a directory, we can end up with a log tree that contains
only of the inodes and after a power failure that can result in an attempt
to delete the other inode when it should not because it was not deleted
before the power failure. In some case that delete attempt fails when
the target inode is a directory that contains a subvolume inside it, since
the log replay code is not prepared to deal with directory entries that
point to root items (only inode items).
1) We have directories "dir1" (inode A) and "dir2" (inode B) under the
same parent directory;
2) We have a file (inode C) under directory "dir1" (inode A);
3) We have a subvolume inside directory "dir2" (inode B);
4) All these inodes were persisted in a past transaction and we are
currently at transaction N;
5) We rename the file (inode C), so at btrfs_log_new_name() we update
inode C's last_unlink_trans to N;
6) We get a rename exchange for "dir1" (inode A) and "dir2" (inode B),
so after the exchange "dir1" is inode B and "dir2" is inode A.
During the rename exchange we call btrfs_log_new_name() for inodes
A and B, but because they are directories, we don't update their
last_unlink_trans to N;
7) An fsync against the file (inode C) is done, and because its inode
has a last_unlink_trans with a value of N we log its parent directory
(inode A) (through btrfs_log_all_parents(), called from
btrfs_log_inode_parent()).
8) So we end up with inode B not logged, which now has the old name
of inode A. At copy_inode_items_to_log(), when logging inode A, we
did not check if we had any conflicting inode to log because inode
A has a generation lower than the current transaction (created in
a past transaction);
9) After a power failure, when replaying the log tree, since we find that
inode A has a new name that conflicts with the name of inode B in the
fs tree, we attempt to delete inode B... this is wrong since that
directory was never deleted before the power failure, and because there
is a subvolume inside that directory, attempting to delete it will fail
since replay_dir_deletes() and btrfs_unlink_inode() are not prepared
to deal with dir items that point to roots instead of inodes.
When that happens the mount fails and we get a stack trace like the
following:
[87.2314] BTRFS info (device dm-0): start tree-log replay
[87.2318] BTRFS critical (device dm-0): failed to delete reference to subvol, root 5 inode 256 parent 259
[87.2332] ------------[ cut here ]------------
[87.2338] BTRFS: Transaction aborted (error -2)
[87.2346] WARNING: CPU: 1 PID: 638968 at fs/btrfs/inode.c:4345 __btrfs_unlink_inode+0x416/0x440 [btrfs]
[87.2368] Modules linked in: btrfs loop dm_thin_pool (...)
[87.2470] CPU: 1 UID: 0 PID: 638968 Comm: mount Tainted: G W 6.18.0-rc7-btrfs-next-218+ #2 PREEMPT(full)
[87.2489] Tainted: [W]=WARN
[87.2494] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014
[87.2514] RIP: 0010:__btrfs_unlink_inode+0x416/0x440 [btrfs]
[87.2538] Code: c0 89 04 24 (...)
[87.2568] RSP: 0018:ffffc0e741f4b9b8 EFLAGS: 00010286
[87.2574] RAX: 0000000000000000 RBX: ffff9d3ec8a6cf60 RCX: 0000000000000000
[87.2582] RDX: 0000000000000002 RSI: ffffffff84ab45a1 RDI: 00000000ffffffff
[87.2591] RBP: ffff9d3ec8a6ef20 R08: 0000000000000000 R09: ffffc0e741f4b840
[87.2599] R10: ffff9d45dc1fffa8 R11: 0000000000000003 R12: ffff9d3ee26d77e0
[87.2608] R13: ffffc0e741f4ba98 R14: ffff9d4458040800 R15: ffff9d44b6b7ca10
[87.2618] FS: 00007f7b9603a840(0000) GS:ffff9d4658982000(0000) knlGS:0000000000000000
[87.
---truncated---
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
56f23fdbb600e6087db7b009775b95ce07cc3195 , < c7f0207db68d5a1b4af23acbef1a8e8ddc431ebb
(git)
Affected: 56f23fdbb600e6087db7b009775b95ce07cc3195 , < a63998cd6687c14b160dccb0bbcf281b2eb0dab3 (git) Affected: 56f23fdbb600e6087db7b009775b95ce07cc3195 , < 0c2413c69129f6ce60157f7b53d9ba880260400b (git) Affected: 56f23fdbb600e6087db7b009775b95ce07cc3195 , < d52af58dd463821c5c516aebb031a58934f696ea (git) Affected: 56f23fdbb600e6087db7b009775b95ce07cc3195 , < 7ba0b6461bc4edb3005ea6e00cdae189bcf908a5 (git) Affected: 048605483fbdd1e77ead32a7cd7b95cc17eaaf0e (git) Affected: 033ad030df0ea932a21499582fea59e1df95769b (git) Affected: 1653a3b0e9436c10eb307c318776cf91fe18ff08 (git) Affected: ff440e9185e96cbb94481fc8b6192b944dcfc061 (git) |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/tree-log.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c7f0207db68d5a1b4af23acbef1a8e8ddc431ebb",
"status": "affected",
"version": "56f23fdbb600e6087db7b009775b95ce07cc3195",
"versionType": "git"
},
{
"lessThan": "a63998cd6687c14b160dccb0bbcf281b2eb0dab3",
"status": "affected",
"version": "56f23fdbb600e6087db7b009775b95ce07cc3195",
"versionType": "git"
},
{
"lessThan": "0c2413c69129f6ce60157f7b53d9ba880260400b",
"status": "affected",
"version": "56f23fdbb600e6087db7b009775b95ce07cc3195",
"versionType": "git"
},
{
"lessThan": "d52af58dd463821c5c516aebb031a58934f696ea",
"status": "affected",
"version": "56f23fdbb600e6087db7b009775b95ce07cc3195",
"versionType": "git"
},
{
"lessThan": "7ba0b6461bc4edb3005ea6e00cdae189bcf908a5",
"status": "affected",
"version": "56f23fdbb600e6087db7b009775b95ce07cc3195",
"versionType": "git"
},
{
"status": "affected",
"version": "048605483fbdd1e77ead32a7cd7b95cc17eaaf0e",
"versionType": "git"
},
{
"status": "affected",
"version": "033ad030df0ea932a21499582fea59e1df95769b",
"versionType": "git"
},
{
"status": "affected",
"version": "1653a3b0e9436c10eb307c318776cf91fe18ff08",
"versionType": "git"
},
{
"status": "affected",
"version": "ff440e9185e96cbb94481fc8b6192b944dcfc061",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/tree-log.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.6"
},
{
"lessThan": "4.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.66",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.161",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.121",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.66",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.6",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.18.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: always detect conflicting inodes when logging inode refs\n\nAfter rename exchanging (either with the rename exchange operation or\nregular renames in multiple non-atomic steps) two inodes and at least\none of them is a directory, we can end up with a log tree that contains\nonly of the inodes and after a power failure that can result in an attempt\nto delete the other inode when it should not because it was not deleted\nbefore the power failure. In some case that delete attempt fails when\nthe target inode is a directory that contains a subvolume inside it, since\nthe log replay code is not prepared to deal with directory entries that\npoint to root items (only inode items).\n\n1) We have directories \"dir1\" (inode A) and \"dir2\" (inode B) under the\n same parent directory;\n\n2) We have a file (inode C) under directory \"dir1\" (inode A);\n\n3) We have a subvolume inside directory \"dir2\" (inode B);\n\n4) All these inodes were persisted in a past transaction and we are\n currently at transaction N;\n\n5) We rename the file (inode C), so at btrfs_log_new_name() we update\n inode C\u0027s last_unlink_trans to N;\n\n6) We get a rename exchange for \"dir1\" (inode A) and \"dir2\" (inode B),\n so after the exchange \"dir1\" is inode B and \"dir2\" is inode A.\n During the rename exchange we call btrfs_log_new_name() for inodes\n A and B, but because they are directories, we don\u0027t update their\n last_unlink_trans to N;\n\n7) An fsync against the file (inode C) is done, and because its inode\n has a last_unlink_trans with a value of N we log its parent directory\n (inode A) (through btrfs_log_all_parents(), called from\n btrfs_log_inode_parent()).\n\n8) So we end up with inode B not logged, which now has the old name\n of inode A. At copy_inode_items_to_log(), when logging inode A, we\n did not check if we had any conflicting inode to log because inode\n A has a generation lower than the current transaction (created in\n a past transaction);\n\n9) After a power failure, when replaying the log tree, since we find that\n inode A has a new name that conflicts with the name of inode B in the\n fs tree, we attempt to delete inode B... this is wrong since that\n directory was never deleted before the power failure, and because there\n is a subvolume inside that directory, attempting to delete it will fail\n since replay_dir_deletes() and btrfs_unlink_inode() are not prepared\n to deal with dir items that point to roots instead of inodes.\n\n When that happens the mount fails and we get a stack trace like the\n following:\n\n [87.2314] BTRFS info (device dm-0): start tree-log replay\n [87.2318] BTRFS critical (device dm-0): failed to delete reference to subvol, root 5 inode 256 parent 259\n [87.2332] ------------[ cut here ]------------\n [87.2338] BTRFS: Transaction aborted (error -2)\n [87.2346] WARNING: CPU: 1 PID: 638968 at fs/btrfs/inode.c:4345 __btrfs_unlink_inode+0x416/0x440 [btrfs]\n [87.2368] Modules linked in: btrfs loop dm_thin_pool (...)\n [87.2470] CPU: 1 UID: 0 PID: 638968 Comm: mount Tainted: G W 6.18.0-rc7-btrfs-next-218+ #2 PREEMPT(full)\n [87.2489] Tainted: [W]=WARN\n [87.2494] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014\n [87.2514] RIP: 0010:__btrfs_unlink_inode+0x416/0x440 [btrfs]\n [87.2538] Code: c0 89 04 24 (...)\n [87.2568] RSP: 0018:ffffc0e741f4b9b8 EFLAGS: 00010286\n [87.2574] RAX: 0000000000000000 RBX: ffff9d3ec8a6cf60 RCX: 0000000000000000\n [87.2582] RDX: 0000000000000002 RSI: ffffffff84ab45a1 RDI: 00000000ffffffff\n [87.2591] RBP: ffff9d3ec8a6ef20 R08: 0000000000000000 R09: ffffc0e741f4b840\n [87.2599] R10: ffff9d45dc1fffa8 R11: 0000000000000003 R12: ffff9d3ee26d77e0\n [87.2608] R13: ffffc0e741f4ba98 R14: ffff9d4458040800 R15: ffff9d44b6b7ca10\n [87.2618] FS: 00007f7b9603a840(0000) GS:ffff9d4658982000(0000) knlGS:0000000000000000\n [87.\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:36:07.352Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c7f0207db68d5a1b4af23acbef1a8e8ddc431ebb"
},
{
"url": "https://git.kernel.org/stable/c/a63998cd6687c14b160dccb0bbcf281b2eb0dab3"
},
{
"url": "https://git.kernel.org/stable/c/0c2413c69129f6ce60157f7b53d9ba880260400b"
},
{
"url": "https://git.kernel.org/stable/c/d52af58dd463821c5c516aebb031a58934f696ea"
},
{
"url": "https://git.kernel.org/stable/c/7ba0b6461bc4edb3005ea6e00cdae189bcf908a5"
}
],
"title": "btrfs: always detect conflicting inodes when logging inode refs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-71183",
"datePublished": "2026-01-31T11:38:56.067Z",
"dateReserved": "2026-01-31T11:36:51.186Z",
"dateUpdated": "2026-02-09T08:36:07.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…