{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/core/gro.c",
            "net/core/skbuff.c",
            "net/ipv4/tcp_output.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fbeab9555564a1b98e8582cd106dfe46c4606991",
              "status": "affected",
              "version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
              "versionType": "git"
            },
            {
              "lessThan": "179f1852bdedc300e373e807cc102cd81feff196",
              "status": "affected",
              "version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
              "versionType": "git"
            },
            {
              "lessThan": "12401fcfb01f53ccc63ab0a3246570fe8f3105ee",
              "status": "affected",
              "version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
              "versionType": "git"
            },
            {
              "lessThan": "989214c66884d70716d83dc1d0bf5e16287bf349",
              "status": "affected",
              "version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
              "versionType": "git"
            },
            {
              "lessThan": "fc6eb39c55e97df2f94ad974b8a5bbcd019da2c8",
              "status": "affected",
              "version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
              "versionType": "git"
            },
            {
              "lessThan": "ff375cc75f9167168db38e0464a482d5fbc8d81d",
              "status": "affected",
              "version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
              "versionType": "git"
            },
            {
              "lessThan": "9bc9d6d6967a2239aa57af2aa53554eddd640d20",
              "status": "affected",
              "version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
              "versionType": "git"
            },
            {
              "lessThan": "48f6a5356a33dd78e7144ae1faef95ffc990aae0",
              "status": "affected",
              "version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/core/gro.c",
            "net/core/skbuff.c",
            "net/ipv4/tcp_output.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.9"
            },
            {
              "lessThan": "3.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.257",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.208",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.141",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.*",
              "status": "unaffected",
              "version": "7.0.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.1-rc5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.257",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.208",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.174",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.141",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.91",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.33",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0.10",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.1-rc5",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: propagate shared-frag marker through frag-transfer helpers\n\nTwo frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail\nto propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()-\u003eflags when\nmoving frags from source to destination.  __pskb_copy_fclone() defers\nthe rest of the shinfo metadata to skb_copy_header() after copying\nfrag descriptors, but that helper only carries over gso_{size,segs,\ntype} and never touches skb_shinfo()-\u003eflags; skb_shift() moves frag\ndescriptors directly and leaves flags untouched.  As a result, the\ndestination skb keeps a reference to the same externally-owned or\npage-cache-backed pages while reporting skb_has_shared_frag() as\nfalse.\n\nThe mismatch is harmful in any in-place writer that uses\nskb_has_shared_frag() to decide whether shared pages must be detoured\nthrough skb_cow_data().  ESP input is one such writer (esp4.c,\nesp6.c), and a single nft \u0027dup to \u003clocal\u003e\u0027 rule -- or any other\nnf_dup_ipv4() / xt_TEE caller -- is enough to land a pskb_copy()\u0027d\nskb in esp_input() with the marker stripped, letting an unprivileged\nuser write into the page cache of a root-owned read-only file via\nauthencesn-ESN stray writes.\n\nSet SKBFL_SHARED_FRAG on the destination whenever frag descriptors\nwere actually moved from the source.  skb_copy() and skb_copy_expand()\nshare skb_copy_header() too but linearize all paged data into freshly\nallocated head storage and emerge with nr_frags == 0, so\nskb_has_shared_frag() returns false on its own; they need no change.\n\nThe same omission exists in skb_gro_receive() and skb_gro_receive_list().\nThe former moves the incoming skb\u0027s frag descriptors into the\naccumulator\u0027s last sub-skb via two paths (a direct frag-move loop and\nthe head_frag + memcpy path); the latter chains the incoming skb whole\nonto p\u0027s frag_list.  Downstream skb_segment() reads only\nskb_shinfo(p)-\u003eflags, and skb_segment_list() reuses each sub-skb\u0027s\nshinfo as the nskb -- both p and lp must carry the marker.\n\nThe same omission also exists in tcp_clone_payload(), which builds an\nMTU probe skb by moving frag descriptors from skbs on sk_write_queue\ninto a freshly allocated nskb.  The helper falls into the same family\nand warrants the same fix for consistency; no TCP TX-side in-place\nwriter is currently known to reach a user page through this gap, but\na future consumer depending on the marker would regress silently.\n\nThe same omission exists in skb_segment(): the per-iteration flag\nmerge takes only head_skb\u0027s flag, and the inner switch that rebinds\nfrag_skb to list_skb on head_skb-frags exhaustion does not fold the\nnew frag_skb\u0027s flag into nskb.  Fold frag_skb\u0027s flag at both sites\nso segments drawing frags from frag_list members carry the marker."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-30T10:45:26.395Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fbeab9555564a1b98e8582cd106dfe46c4606991"
        },
        {
          "url": "https://git.kernel.org/stable/c/179f1852bdedc300e373e807cc102cd81feff196"
        },
        {
          "url": "https://git.kernel.org/stable/c/12401fcfb01f53ccc63ab0a3246570fe8f3105ee"
        },
        {
          "url": "https://git.kernel.org/stable/c/989214c66884d70716d83dc1d0bf5e16287bf349"
        },
        {
          "url": "https://git.kernel.org/stable/c/fc6eb39c55e97df2f94ad974b8a5bbcd019da2c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/ff375cc75f9167168db38e0464a482d5fbc8d81d"
        },
        {
          "url": "https://git.kernel.org/stable/c/9bc9d6d6967a2239aa57af2aa53554eddd640d20"
        },
        {
          "url": "https://git.kernel.org/stable/c/48f6a5356a33dd78e7144ae1faef95ffc990aae0"
        }
      ],
      "title": "net: skbuff: propagate shared-frag marker through frag-transfer helpers",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-43503",
    "datePublished": "2026-05-23T11:44:01.103Z",
    "dateReserved": "2026-05-01T14:12:56.014Z",
    "dateUpdated": "2026-05-30T10:45:26.395Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/radio/radio-keene.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ad85bb5623079a35bd400f51de2e2fbc2170bdb2",
              "status": "affected",
              "version": "1bf20c3a0c616f44359c573b533d06bae960ee45",
              "versionType": "git"
            },
            {
              "lessThan": "242b0aabb1866024a7995a767ac330c158b39aa4",
              "status": "affected",
              "version": "1bf20c3a0c616f44359c573b533d06bae960ee45",
              "versionType": "git"
            },
            {
              "lessThan": "2fe28a63d598235595a9601e0d8fdc7c8f4fd575",
              "status": "affected",
              "version": "1bf20c3a0c616f44359c573b533d06bae960ee45",
              "versionType": "git"
            },
            {
              "lessThan": "27c508f61963013fdf29097578284099ee7a85a4",
              "status": "affected",
              "version": "1bf20c3a0c616f44359c573b533d06bae960ee45",
              "versionType": "git"
            },
            {
              "lessThan": "7fa9754f48cb8eefa566156be341e63d313247e5",
              "status": "affected",
              "version": "1bf20c3a0c616f44359c573b533d06bae960ee45",
              "versionType": "git"
            },
            {
              "lessThan": "1d8558a232ecb187e8e0328d6347a125f437a0fc",
              "status": "affected",
              "version": "1bf20c3a0c616f44359c573b533d06bae960ee45",
              "versionType": "git"
            },
            {
              "lessThan": "de204d87e7d61859937272fe30cbdd46a4cfb10a",
              "status": "affected",
              "version": "1bf20c3a0c616f44359c573b533d06bae960ee45",
              "versionType": "git"
            },
            {
              "lessThan": "b8bf939d77c0cd01118e953bbf554e0fa15e9006",
              "status": "affected",
              "version": "1bf20c3a0c616f44359c573b533d06bae960ee45",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/radio/radio-keene.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.4"
            },
            {
              "lessThan": "3.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.252",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.202",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.128",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.252",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.202",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.165",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.128",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.75",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.16",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.6",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: radio-keene: fix memory leak in error path\n\nFix a memory leak in usb_keene_probe(). The v4l2 control handler is\ninitialized and controls are added, but if v4l2_device_register() or\nvideo_register_device() fails afterward, the handler was never freed,\nleaking memory.\n\nAdd v4l2_ctrl_handler_free() call in the err_v4l2 error path to ensure\nthe control handler is properly freed for all error paths after it is\ninitialized."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:20:32.379Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ad85bb5623079a35bd400f51de2e2fbc2170bdb2"
        },
        {
          "url": "https://git.kernel.org/stable/c/242b0aabb1866024a7995a767ac330c158b39aa4"
        },
        {
          "url": "https://git.kernel.org/stable/c/2fe28a63d598235595a9601e0d8fdc7c8f4fd575"
        },
        {
          "url": "https://git.kernel.org/stable/c/27c508f61963013fdf29097578284099ee7a85a4"
        },
        {
          "url": "https://git.kernel.org/stable/c/7fa9754f48cb8eefa566156be341e63d313247e5"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d8558a232ecb187e8e0328d6347a125f437a0fc"
        },
        {
          "url": "https://git.kernel.org/stable/c/de204d87e7d61859937272fe30cbdd46a4cfb10a"
        },
        {
          "url": "https://git.kernel.org/stable/c/b8bf939d77c0cd01118e953bbf554e0fa15e9006"
        }
      ],
      "title": "media: radio-keene: fix memory leak in error path",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-43231",
    "datePublished": "2026-05-06T11:28:28.268Z",
    "dateReserved": "2026-05-01T14:12:55.995Z",
    "dateUpdated": "2026-05-11T22:20:32.379Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/rfkill/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4bcd1615a4e2a185ae9edd27b4143d7dfa7134f4",
              "status": "affected",
              "version": "c64fb01627e24725d1f9d535e4426475a4415753",
              "versionType": "git"
            },
            {
              "lessThan": "b1e0c8d3ab58a0161db487bf5fc47adfcaf5d5ca",
              "status": "affected",
              "version": "c64fb01627e24725d1f9d535e4426475a4415753",
              "versionType": "git"
            },
            {
              "lessThan": "e3842779547c83150569071d9980517cc9029fc0",
              "status": "affected",
              "version": "c64fb01627e24725d1f9d535e4426475a4415753",
              "versionType": "git"
            },
            {
              "lessThan": "673d2a3eef6e0ee9736501a150c9e4024a4e60a6",
              "status": "affected",
              "version": "c64fb01627e24725d1f9d535e4426475a4415753",
              "versionType": "git"
            },
            {
              "lessThan": "82843afc19012a29ba863961ef494165aa1a88f4",
              "status": "affected",
              "version": "c64fb01627e24725d1f9d535e4426475a4415753",
              "versionType": "git"
            },
            {
              "lessThan": "a8c26800e0220e1550af012f5a20e50f5c78864d",
              "status": "affected",
              "version": "c64fb01627e24725d1f9d535e4426475a4415753",
              "versionType": "git"
            },
            {
              "lessThan": "80ce4cb026f0a4c4532b6cad827b44debda6256a",
              "status": "affected",
              "version": "c64fb01627e24725d1f9d535e4426475a4415753",
              "versionType": "git"
            },
            {
              "lessThan": "ea245d78dec594372e27d8c79616baf49e98a4a1",
              "status": "affected",
              "version": "c64fb01627e24725d1f9d535e4426475a4415753",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/rfkill/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.31"
            },
            {
              "lessThan": "2.6.31",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.203",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.169",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.135",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.82",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.253",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.203",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.169",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.135",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.82",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.23",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.13",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rfkill: prevent unlimited numbers of rfkill events from being created\n\nUserspace can create an unlimited number of rfkill events if the system\nis so configured, while not consuming them from the rfkill file\ndescriptor, causing a potential out of memory situation.  Prevent this\nfrom bounding the number of pending rfkill events at a \"large\" number\n(i.e. 1000) to prevent abuses like this."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:13:22.249Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4bcd1615a4e2a185ae9edd27b4143d7dfa7134f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/b1e0c8d3ab58a0161db487bf5fc47adfcaf5d5ca"
        },
        {
          "url": "https://git.kernel.org/stable/c/e3842779547c83150569071d9980517cc9029fc0"
        },
        {
          "url": "https://git.kernel.org/stable/c/673d2a3eef6e0ee9736501a150c9e4024a4e60a6"
        },
        {
          "url": "https://git.kernel.org/stable/c/82843afc19012a29ba863961ef494165aa1a88f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/a8c26800e0220e1550af012f5a20e50f5c78864d"
        },
        {
          "url": "https://git.kernel.org/stable/c/80ce4cb026f0a4c4532b6cad827b44debda6256a"
        },
        {
          "url": "https://git.kernel.org/stable/c/ea245d78dec594372e27d8c79616baf49e98a4a1"
        }
      ],
      "title": "net: rfkill: prevent unlimited numbers of rfkill events from being created",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-31670",
    "datePublished": "2026-04-24T14:45:17.958Z",
    "dateReserved": "2026-03-09T15:48:24.130Z",
    "dateUpdated": "2026-05-11T22:13:22.249Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hidp/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d955ccbf91ab74d76fe9e4eab2846a7d8a173075",
              "status": "affected",
              "version": "b4f34d8d9d26b2428fa7cf7c8f97690a297978e6",
              "versionType": "git"
            },
            {
              "lessThan": "18b1263ece6431bd78fa6b61faaef5281203741c",
              "status": "affected",
              "version": "b4f34d8d9d26b2428fa7cf7c8f97690a297978e6",
              "versionType": "git"
            },
            {
              "lessThan": "21a47a119f33df9bb157326846390d7e8e1b45ba",
              "status": "affected",
              "version": "b4f34d8d9d26b2428fa7cf7c8f97690a297978e6",
              "versionType": "git"
            },
            {
              "lessThan": "45ebe5b900200ac3e01f3470506a44a447825721",
              "status": "affected",
              "version": "b4f34d8d9d26b2428fa7cf7c8f97690a297978e6",
              "versionType": "git"
            },
            {
              "lessThan": "7c805b7d1e580eececcc92470292e3dbc42bc3f5",
              "status": "affected",
              "version": "b4f34d8d9d26b2428fa7cf7c8f97690a297978e6",
              "versionType": "git"
            },
            {
              "lessThan": "f8b6ed2f06d3baa44f347a0fa2af52433f386463",
              "status": "affected",
              "version": "b4f34d8d9d26b2428fa7cf7c8f97690a297978e6",
              "versionType": "git"
            },
            {
              "lessThan": "4d37fa7582aa960ba23e10a7a2596a29f37ad281",
              "status": "affected",
              "version": "b4f34d8d9d26b2428fa7cf7c8f97690a297978e6",
              "versionType": "git"
            },
            {
              "lessThan": "dbf666e4fc9bdd975a61bf682b3f75cb0145eedd",
              "status": "affected",
              "version": "b4f34d8d9d26b2428fa7cf7c8f97690a297978e6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hidp/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.10"
            },
            {
              "lessThan": "3.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.203",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.130",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.78",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.20",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.253",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.203",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.167",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.130",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.78",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.20",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.10",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: HIDP: Fix possible UAF\n\nThis fixes the following trace caused by not dropping l2cap_conn\nreference when user-\u003eremove callback is called:\n\n[   97.809249] l2cap_conn_free: freeing conn ffff88810a171c00\n[   97.809907] CPU: 1 UID: 0 PID: 1419 Comm: repro_standalon Not tainted 7.0.0-rc1-dirty #14 PREEMPT(lazy)\n[   97.809935] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-debian-1.17.0-1 04/01/2014\n[   97.809947] Call Trace:\n[   97.809954]  \u003cTASK\u003e\n[   97.809961]  dump_stack_lvl (lib/dump_stack.c:122)\n[   97.809990]  l2cap_conn_free (net/bluetooth/l2cap_core.c:1808)\n[   97.810017]  l2cap_conn_del (./include/linux/kref.h:66 net/bluetooth/l2cap_core.c:1821 net/bluetooth/l2cap_core.c:1798)\n[   97.810055]  l2cap_disconn_cfm (net/bluetooth/l2cap_core.c:7347 (discriminator 1) net/bluetooth/l2cap_core.c:7340 (discriminator 1))\n[   97.810086]  ? __pfx_l2cap_disconn_cfm (net/bluetooth/l2cap_core.c:7341)\n[   97.810117]  hci_conn_hash_flush (./include/net/bluetooth/hci_core.h:2152 (discriminator 2) net/bluetooth/hci_conn.c:2644 (discriminator 2))\n[   97.810148]  hci_dev_close_sync (net/bluetooth/hci_sync.c:5360)\n[   97.810180]  ? __pfx_hci_dev_close_sync (net/bluetooth/hci_sync.c:5285)\n[   97.810212]  ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[   97.810242]  ? up_write (./arch/x86/include/asm/atomic64_64.h:87 (discriminator 5) ./include/linux/atomic/atomic-arch-fallback.h:2852 (discriminator 5) ./include/linux/atomic/atomic-long.h:268 (discriminator 5) ./include/linux/atomic/atomic-instrumented.h:3391 (discriminator 5) kernel/locking/rwsem.c:1385 (discriminator 5) kernel/locking/rwsem.c:1643 (discriminator 5))\n[   97.810267]  ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[   97.810290]  ? rcu_is_watching (./arch/x86/include/asm/atomic.h:23 ./include/linux/atomic/atomic-arch-fallback.h:457 ./include/linux/context_tracking.h:128 kernel/rcu/tree.c:752)\n[   97.810320]  hci_unregister_dev (net/bluetooth/hci_core.c:504 net/bluetooth/hci_core.c:2716)\n[   97.810346]  vhci_release (drivers/bluetooth/hci_vhci.c:691)\n[   97.810375]  ? __pfx_vhci_release (drivers/bluetooth/hci_vhci.c:678)\n[   97.810404]  __fput (fs/file_table.c:470)\n[   97.810430]  task_work_run (kernel/task_work.c:235)\n[   97.810451]  ? __pfx_task_work_run (kernel/task_work.c:201)\n[   97.810472]  ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[   97.810495]  ? do_raw_spin_unlock (./include/asm-generic/qspinlock.h:128 (discriminator 5) kernel/locking/spinlock_debug.c:142 (discriminator 5))\n[   97.810527]  do_exit (kernel/exit.c:972)\n[   97.810547]  ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[   97.810574]  ? __pfx_do_exit (kernel/exit.c:897)\n[   97.810594]  ? lock_acquire (kernel/locking/lockdep.c:470 (discriminator 6) kernel/locking/lockdep.c:5870 (discriminator 6) kernel/locking/lockdep.c:5825 (discriminator 6))\n[   97.810616]  ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[   97.810639]  ? do_raw_spin_lock (kernel/locking/spinlock_debug.c:95 (discriminator 4) kernel/locking/spinlock_debug.c:118 (discriminator 4))\n[   97.810664]  ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[   97.810688]  ? find_held_lock (kernel/locking/lockdep.c:5350 (discriminator 1))\n[   97.810721]  do_group_exit (kernel/exit.c:1093)\n[   97.810745]  get_signal (kernel/signal.c:3007 (discriminator 1))\n[   97.810772]  ? security_file_permission (./arch/x86/include/asm/jump_label.h:37 security/security.c:2366)\n[   97.810803]  ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[   97.810826]  ? vfs_read (fs/read_write.c:555)\n[   97.810854]  ? __pfx_get_signal (kernel/signal.c:2800)\n[   97.810880]  ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[   97.810905]  ? __pfx_vfs_read (fs/read_write.c:555)\n[   97.810932]  ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[   97.810960]  arch_do_signal_or_restart (arch/\n---truncated---"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:07:27.500Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d955ccbf91ab74d76fe9e4eab2846a7d8a173075"
        },
        {
          "url": "https://git.kernel.org/stable/c/18b1263ece6431bd78fa6b61faaef5281203741c"
        },
        {
          "url": "https://git.kernel.org/stable/c/21a47a119f33df9bb157326846390d7e8e1b45ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/45ebe5b900200ac3e01f3470506a44a447825721"
        },
        {
          "url": "https://git.kernel.org/stable/c/7c805b7d1e580eececcc92470292e3dbc42bc3f5"
        },
        {
          "url": "https://git.kernel.org/stable/c/f8b6ed2f06d3baa44f347a0fa2af52433f386463"
        },
        {
          "url": "https://git.kernel.org/stable/c/4d37fa7582aa960ba23e10a7a2596a29f37ad281"
        },
        {
          "url": "https://git.kernel.org/stable/c/dbf666e4fc9bdd975a61bf682b3f75cb0145eedd"
        }
      ],
      "title": "Bluetooth: HIDP: Fix possible UAF",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-23462",
    "datePublished": "2026-04-03T15:15:41.718Z",
    "dateReserved": "2026-01-13T15:37:46.021Z",
    "dateUpdated": "2026-05-11T22:07:27.500Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/iommu/intel/pasid.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "581ce094d9eafb78ec4f9de77bd24b780c151236",
              "status": "affected",
              "version": "f873b85ec762c5a6abe94a7ddb31df5d3ba07d85",
              "versionType": "git"
            },
            {
              "lessThan": "e2c78c69f8faf2885ea4ceee08c71ac738f401a0",
              "status": "affected",
              "version": "d70f1c85113cd8c2aa8373f491ca5d1b22ec0554",
              "versionType": "git"
            },
            {
              "lessThan": "ead67d0378e90f419e385a43af29435242d80c12",
              "status": "affected",
              "version": "34a7b30f56d30114bf4d436e4dc793afe326fbcf",
              "versionType": "git"
            },
            {
              "lessThan": "01aed2f1d7cb8fdf4c60c5bb4727608cb82b401d",
              "status": "affected",
              "version": "2b74b2a92e524d7c8dec8e02e95ecf18b667c062",
              "versionType": "git"
            },
            {
              "lessThan": "9813306610d0d718c863aaa70928bf57d7570ec0",
              "status": "affected",
              "version": "4fc82cd907ac075648789cc3a00877778aa1838b",
              "versionType": "git"
            },
            {
              "lessThan": "9deaacc8dcaddb6ddc5b52e1e63b457450ec0f94",
              "status": "affected",
              "version": "4fc82cd907ac075648789cc3a00877778aa1838b",
              "versionType": "git"
            },
            {
              "lessThan": "0da6697e577023d8867c7beb2d16a22510e4eea9",
              "status": "affected",
              "version": "4fc82cd907ac075648789cc3a00877778aa1838b",
              "versionType": "git"
            },
            {
              "lessThan": "10e60d87813989e20eac1f3eda30b3bae461e7f9",
              "status": "affected",
              "version": "4fc82cd907ac075648789cc3a00877778aa1838b",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "c04f2780919f20e2cc4846764221f5e802555868",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "025bc6b41e020aeb1e71f84ae3ffce945026de05",
              "versionType": "git"
            },
            {
              "lessThan": "5.10.252",
              "status": "affected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThan": "5.15.202",
              "status": "affected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThan": "6.1.165",
              "status": "affected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThan": "6.6.128",
              "status": "affected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThan": "6.8",
              "status": "affected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThan": "6.9",
              "status": "affected",
              "version": "6.8.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/iommu/intel/pasid.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.9"
            },
            {
              "lessThan": "6.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.252",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.202",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.128",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.252",
                  "versionStartIncluding": "5.10.214",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.202",
                  "versionStartIncluding": "5.15.153",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.165",
                  "versionStartIncluding": "6.1.83",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.128",
                  "versionStartIncluding": "6.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.75",
                  "versionStartIncluding": "6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.16",
                  "versionStartIncluding": "6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.6",
                  "versionStartIncluding": "6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.7.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.8.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in scalable mode\n\nCommit 4fc82cd907ac (\"iommu/vt-d: Don\u0027t issue ATS Invalidation\nrequest when device is disconnected\") relies on\npci_dev_is_disconnected() to skip ATS invalidation for\nsafely-removed devices, but it does not cover link-down caused\nby faults, which can still hard-lock the system.\n\nFor example, if a VM fails to connect to the PCIe device,\n\"virsh destroy\" is executed to release resources and isolate\nthe fault, but a hard-lockup occurs while releasing the group fd.\n\nCall Trace:\n qi_submit_sync\n qi_flush_dev_iotlb\n intel_pasid_tear_down_entry\n device_block_translation\n blocking_domain_attach_dev\n __iommu_attach_device\n __iommu_device_set_domain\n __iommu_group_set_domain_internal\n iommu_detach_group\n vfio_iommu_type1_detach_group\n vfio_group_detach_container\n vfio_group_fops_release\n __fput\n\nAlthough pci_device_is_present() is slower than\npci_dev_is_disconnected(), it still takes only ~70 \u00b5s on a\nConnectX-5 (8 GT/s, x2) and becomes even faster as PCIe speed\nand width increase.\n\nBesides, devtlb_invalidation_with_pasid() is called only in the\npaths below, which are far less frequent than memory map/unmap.\n\n1. mm-struct release\n2. {attach,release}_dev\n3. set/remove PASID\n4. dirty-tracking setup\n\nThe gain in system stability far outweighs the negligible cost\nof using pci_device_is_present() instead of pci_dev_is_disconnected()\nto decide when to skip ATS invalidation, especially under GDR\nhigh-load conditions."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T16:06:22.409Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/581ce094d9eafb78ec4f9de77bd24b780c151236"
        },
        {
          "url": "https://git.kernel.org/stable/c/e2c78c69f8faf2885ea4ceee08c71ac738f401a0"
        },
        {
          "url": "https://git.kernel.org/stable/c/ead67d0378e90f419e385a43af29435242d80c12"
        },
        {
          "url": "https://git.kernel.org/stable/c/01aed2f1d7cb8fdf4c60c5bb4727608cb82b401d"
        },
        {
          "url": "https://git.kernel.org/stable/c/9813306610d0d718c863aaa70928bf57d7570ec0"
        },
        {
          "url": "https://git.kernel.org/stable/c/9deaacc8dcaddb6ddc5b52e1e63b457450ec0f94"
        },
        {
          "url": "https://git.kernel.org/stable/c/0da6697e577023d8867c7beb2d16a22510e4eea9"
        },
        {
          "url": "https://git.kernel.org/stable/c/10e60d87813989e20eac1f3eda30b3bae461e7f9"
        }
      ],
      "title": "iommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in scalable mode",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-43130",
    "datePublished": "2026-05-06T11:27:18.825Z",
    "dateReserved": "2026-05-01T14:12:55.988Z",
    "dateUpdated": "2026-05-23T16:06:22.409Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6d4e91ab97fda64e8cf9c8881cc3b4da026bd849",
              "status": "affected",
              "version": "2389fc1305fc1e2cf8b310a75463fefd3058bf48",
              "versionType": "git"
            },
            {
              "lessThan": "5718d98976ad6b9700e5a6afec67fc47a8a92580",
              "status": "affected",
              "version": "2389fc1305fc1e2cf8b310a75463fefd3058bf48",
              "versionType": "git"
            },
            {
              "lessThan": "57fa3487acfa3467405f8506b94682abd96e7393",
              "status": "affected",
              "version": "2389fc1305fc1e2cf8b310a75463fefd3058bf48",
              "versionType": "git"
            },
            {
              "lessThan": "ec40702029b08ee8d5f5b03303d64a10e74a957b",
              "status": "affected",
              "version": "2389fc1305fc1e2cf8b310a75463fefd3058bf48",
              "versionType": "git"
            },
            {
              "lessThan": "25e832a7830740e72103eb0b527680a4b64bbcb3",
              "status": "affected",
              "version": "2389fc1305fc1e2cf8b310a75463fefd3058bf48",
              "versionType": "git"
            },
            {
              "lessThan": "082271e364a3205598c2e4e6233a9f49ce7941cf",
              "status": "affected",
              "version": "2389fc1305fc1e2cf8b310a75463fefd3058bf48",
              "versionType": "git"
            },
            {
              "lessThan": "3e64e78f4a70e3f6ac8fe5a7071f08ffd25a2489",
              "status": "affected",
              "version": "2389fc1305fc1e2cf8b310a75463fefd3058bf48",
              "versionType": "git"
            },
            {
              "lessThan": "f12352471061df83a36edf54bbb16284793284e4",
              "status": "affected",
              "version": "2389fc1305fc1e2cf8b310a75463fefd3058bf48",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "lessThan": "4.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.252",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.202",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.128",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.252",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.202",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.165",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.128",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.75",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.16",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.6",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback\n\nAfter several commits, the slab memory increases. Some drm_crtc_commit\nobjects are not freed. The atomic_destroy_state callback only put the\nframebuffer. Use the __drm_atomic_helper_plane_destroy_state() function\nto put all the objects that are no longer needed.\n\nIt has been seen after hours of usage of a graphics application or using\nkmemleak:\n\nunreferenced object 0xc63a6580 (size 64):\n  comm \"egt_basic\", pid 171, jiffies 4294940784\n  hex dump (first 32 bytes):\n    40 50 34 c5 01 00 00 00 ff ff ff ff 8c 65 3a c6  @P4..........e:.\n    8c 65 3a c6 ff ff ff ff 98 65 3a c6 98 65 3a c6  .e:......e:..e:.\n  backtrace (crc c25aa925):\n    kmemleak_alloc+0x34/0x3c\n    __kmalloc_cache_noprof+0x150/0x1a4\n    drm_atomic_helper_setup_commit+0x1e8/0x7bc\n    drm_atomic_helper_commit+0x3c/0x15c\n    drm_atomic_commit+0xc0/0xf4\n    drm_atomic_helper_set_config+0x84/0xb8\n    drm_mode_setcrtc+0x32c/0x810\n    drm_ioctl+0x20c/0x488\n    sys_ioctl+0x14c/0xc20\n    ret_fast_syscall+0x0/0x54"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:21:17.527Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6d4e91ab97fda64e8cf9c8881cc3b4da026bd849"
        },
        {
          "url": "https://git.kernel.org/stable/c/5718d98976ad6b9700e5a6afec67fc47a8a92580"
        },
        {
          "url": "https://git.kernel.org/stable/c/57fa3487acfa3467405f8506b94682abd96e7393"
        },
        {
          "url": "https://git.kernel.org/stable/c/ec40702029b08ee8d5f5b03303d64a10e74a957b"
        },
        {
          "url": "https://git.kernel.org/stable/c/25e832a7830740e72103eb0b527680a4b64bbcb3"
        },
        {
          "url": "https://git.kernel.org/stable/c/082271e364a3205598c2e4e6233a9f49ce7941cf"
        },
        {
          "url": "https://git.kernel.org/stable/c/3e64e78f4a70e3f6ac8fe5a7071f08ffd25a2489"
        },
        {
          "url": "https://git.kernel.org/stable/c/f12352471061df83a36edf54bbb16284793284e4"
        }
      ],
      "title": "drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-43269",
    "datePublished": "2026-05-06T11:28:54.178Z",
    "dateReserved": "2026-05-01T14:12:55.997Z",
    "dateUpdated": "2026-05-11T22:21:17.527Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/x25/x25_in.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5d0aa038a90b30c9bedde0c41c1fdcd98ecb16e9",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "3f5e3005984645bf5bd129c6b13149879580b1fb",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f782dd382203b2a8c4552a628431b7de65a19a7b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "143d4fa68ae9efb83b0c55b12cc7f0d03732a2b1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "524371398d8463ea7e101fce2cbf3915645d1730",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "fa1dbc93530b34fab0da9862426fe9c918c74dc0",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c87dd137c0dad07cc55f98181ff380b0c23d2878",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "d10a26aa4d072320530e6968ef945c8c575edf61",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/x25/x25_in.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.203",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.134",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.22",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.253",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.203",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.168",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.134",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.81",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.22",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.12",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/x25: Fix potential double free of skb\n\nWhen alloc_skb fails in x25_queue_rx_frame it calls kfree_skb(skb) at\nline 48 and returns 1 (error).\nThis error propagates back through the call chain:\n\nx25_queue_rx_frame returns 1\n    |\n    v\nx25_state3_machine receives the return value 1 and takes the else\nbranch at line 278, setting queued=0 and returning 0\n    |\n    v\nx25_process_rx_frame returns queued=0\n    |\n    v\nx25_backlog_rcv at line 452 sees queued=0 and calls kfree_skb(skb)\nagain\n\nThis would free the same skb twice. Looking at x25_backlog_rcv:\n\nnet/x25/x25_in.c:x25_backlog_rcv() {\n    ...\n    queued = x25_process_rx_frame(sk, skb);\n    ...\n    if (!queued)\n        kfree_skb(skb);\n}"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:15:58.666Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5d0aa038a90b30c9bedde0c41c1fdcd98ecb16e9"
        },
        {
          "url": "https://git.kernel.org/stable/c/3f5e3005984645bf5bd129c6b13149879580b1fb"
        },
        {
          "url": "https://git.kernel.org/stable/c/f782dd382203b2a8c4552a628431b7de65a19a7b"
        },
        {
          "url": "https://git.kernel.org/stable/c/143d4fa68ae9efb83b0c55b12cc7f0d03732a2b1"
        },
        {
          "url": "https://git.kernel.org/stable/c/524371398d8463ea7e101fce2cbf3915645d1730"
        },
        {
          "url": "https://git.kernel.org/stable/c/fa1dbc93530b34fab0da9862426fe9c918c74dc0"
        },
        {
          "url": "https://git.kernel.org/stable/c/c87dd137c0dad07cc55f98181ff380b0c23d2878"
        },
        {
          "url": "https://git.kernel.org/stable/c/d10a26aa4d072320530e6968ef945c8c575edf61"
        }
      ],
      "title": "net/x25: Fix potential double free of skb",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-43011",
    "datePublished": "2026-05-01T14:15:17.597Z",
    "dateReserved": "2026-05-01T14:12:55.974Z",
    "dateUpdated": "2026-05-11T22:15:58.666Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_conntrack_netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b05500444b8eb97644efdd180839a04a706be97c",
              "status": "affected",
              "version": "cf6994c2b9812a9f02b99e89df411ffc5db9c779",
              "versionType": "git"
            },
            {
              "lessThan": "bada48ad5b0590e318d0f79636ff62a2ef9f4955",
              "status": "affected",
              "version": "cf6994c2b9812a9f02b99e89df411ffc5db9c779",
              "versionType": "git"
            },
            {
              "lessThan": "64b7684042246e3238464c66894e30ba30c7e851",
              "status": "affected",
              "version": "cf6994c2b9812a9f02b99e89df411ffc5db9c779",
              "versionType": "git"
            },
            {
              "lessThan": "9e5021a906532ca16e2aac69c0607711e1c70b1f",
              "status": "affected",
              "version": "cf6994c2b9812a9f02b99e89df411ffc5db9c779",
              "versionType": "git"
            },
            {
              "lessThan": "078d33c95bf534d37aa04269d1ae6158e20082d5",
              "status": "affected",
              "version": "cf6994c2b9812a9f02b99e89df411ffc5db9c779",
              "versionType": "git"
            },
            {
              "lessThan": "a4d634ded4d3d400f115d84f654f316f249531c9",
              "status": "affected",
              "version": "cf6994c2b9812a9f02b99e89df411ffc5db9c779",
              "versionType": "git"
            },
            {
              "lessThan": "1492e3dcb2be3aa46d1963da96aa9593e4e4db5a",
              "status": "affected",
              "version": "cf6994c2b9812a9f02b99e89df411ffc5db9c779",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_conntrack_netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.23"
            },
            {
              "lessThan": "2.6.23",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.203",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.130",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.78",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.253",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.203",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.167",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.130",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.78",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.2",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: remove refcounting in expectation dumpers\n\nSame pattern as previous patch: do not keep the expectation object\nalive via refcount, only store a cookie value and then use that\nas the skip hint for dump resumption.\n\nAFAICS this has the same issue as the one resolved in the conntrack\ndumper, when we do\n  if (!refcount_inc_not_zero(\u0026exp-\u003euse))\n\nto increment the refcount, there is a chance that exp == last, which\ncauses a double-increment of the refcount and subsequent memory leak."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T21:35:48.352Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b05500444b8eb97644efdd180839a04a706be97c"
        },
        {
          "url": "https://git.kernel.org/stable/c/bada48ad5b0590e318d0f79636ff62a2ef9f4955"
        },
        {
          "url": "https://git.kernel.org/stable/c/64b7684042246e3238464c66894e30ba30c7e851"
        },
        {
          "url": "https://git.kernel.org/stable/c/9e5021a906532ca16e2aac69c0607711e1c70b1f"
        },
        {
          "url": "https://git.kernel.org/stable/c/078d33c95bf534d37aa04269d1ae6158e20082d5"
        },
        {
          "url": "https://git.kernel.org/stable/c/a4d634ded4d3d400f115d84f654f316f249531c9"
        },
        {
          "url": "https://git.kernel.org/stable/c/1492e3dcb2be3aa46d1963da96aa9593e4e4db5a"
        }
      ],
      "title": "netfilter: ctnetlink: remove refcounting in expectation dumpers",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-39764",
    "datePublished": "2025-09-11T16:52:32.060Z",
    "dateReserved": "2025-04-16T07:20:57.126Z",
    "dateUpdated": "2026-05-11T21:35:48.352Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/function/f_rndis.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0a75d97c53477a59c0aa1c65f69038c719f9c5b8",
              "status": "affected",
              "version": "73517cf49bd449122b615d2b7a6bb835f02252e5",
              "versionType": "git"
            },
            {
              "lessThan": "c1b3d5b0acb194efe20fc5864ee03439fa7bd45c",
              "status": "affected",
              "version": "73517cf49bd449122b615d2b7a6bb835f02252e5",
              "versionType": "git"
            },
            {
              "lessThan": "65b7dbf80a1627667c241fff7c1c224f3118014f",
              "status": "affected",
              "version": "73517cf49bd449122b615d2b7a6bb835f02252e5",
              "versionType": "git"
            },
            {
              "lessThan": "cb5316b37288ab8791584e32f114c4f41ad45b67",
              "status": "affected",
              "version": "73517cf49bd449122b615d2b7a6bb835f02252e5",
              "versionType": "git"
            },
            {
              "lessThan": "7d8fa3b8783ab95a46e20d97fbeeede719b2efda",
              "status": "affected",
              "version": "73517cf49bd449122b615d2b7a6bb835f02252e5",
              "versionType": "git"
            },
            {
              "lessThan": "446f1842cda929c40d4697722bfdcfb334bc9692",
              "status": "affected",
              "version": "73517cf49bd449122b615d2b7a6bb835f02252e5",
              "versionType": "git"
            },
            {
              "lessThan": "209decd3f7901df9842b83f2540dc8685e344a07",
              "status": "affected",
              "version": "73517cf49bd449122b615d2b7a6bb835f02252e5",
              "versionType": "git"
            },
            {
              "lessThan": "8d8c68b1fc06ece60cf43e1306ff0f4ac121547e",
              "status": "affected",
              "version": "73517cf49bd449122b615d2b7a6bb835f02252e5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/function/f_rndis.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "lessThan": "4.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.203",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.134",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.22",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.253",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.203",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.168",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.134",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.81",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.22",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.12",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_rndis: Protect RNDIS options with mutex\n\nThe class/subclass/protocol options are suspectible to race conditions\nas they can be accessed concurrently through configfs.\n\nUse existing mutex to protect these options. This issue was identified\nduring code inspection."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:22:43.032Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0a75d97c53477a59c0aa1c65f69038c719f9c5b8"
        },
        {
          "url": "https://git.kernel.org/stable/c/c1b3d5b0acb194efe20fc5864ee03439fa7bd45c"
        },
        {
          "url": "https://git.kernel.org/stable/c/65b7dbf80a1627667c241fff7c1c224f3118014f"
        },
        {
          "url": "https://git.kernel.org/stable/c/cb5316b37288ab8791584e32f114c4f41ad45b67"
        },
        {
          "url": "https://git.kernel.org/stable/c/7d8fa3b8783ab95a46e20d97fbeeede719b2efda"
        },
        {
          "url": "https://git.kernel.org/stable/c/446f1842cda929c40d4697722bfdcfb334bc9692"
        },
        {
          "url": "https://git.kernel.org/stable/c/209decd3f7901df9842b83f2540dc8685e344a07"
        },
        {
          "url": "https://git.kernel.org/stable/c/8d8c68b1fc06ece60cf43e1306ff0f4ac121547e"
        }
      ],
      "title": "usb: gadget: f_rndis: Protect RNDIS options with mutex",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-43342",
    "datePublished": "2026-05-08T13:37:19.920Z",
    "dateReserved": "2026-05-01T14:12:56.003Z",
    "dateUpdated": "2026-05-11T22:22:43.032Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/ec_bhf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0f589ee54fd6d76d3f75e745f7f12c64cbd749e5",
              "status": "affected",
              "version": "6af55ff52b02d492d45db88df3e461fa51a6f753",
              "versionType": "git"
            },
            {
              "lessThan": "accd0599bc8e73b962247c6c6c70ca7aa1f8e8d0",
              "status": "affected",
              "version": "6af55ff52b02d492d45db88df3e461fa51a6f753",
              "versionType": "git"
            },
            {
              "lessThan": "8320727be7ff704e07c87624efc2a4a75f54b3ce",
              "status": "affected",
              "version": "6af55ff52b02d492d45db88df3e461fa51a6f753",
              "versionType": "git"
            },
            {
              "lessThan": "1e300c33ef3cc544c2b9c693778fe9490cfe9184",
              "status": "affected",
              "version": "6af55ff52b02d492d45db88df3e461fa51a6f753",
              "versionType": "git"
            },
            {
              "lessThan": "1b1371cd4032ae859838ebc74215f569987bb197",
              "status": "affected",
              "version": "6af55ff52b02d492d45db88df3e461fa51a6f753",
              "versionType": "git"
            },
            {
              "lessThan": "1b1d3c5d58a80a19d017a409aa2308162bab5bbf",
              "status": "affected",
              "version": "6af55ff52b02d492d45db88df3e461fa51a6f753",
              "versionType": "git"
            },
            {
              "lessThan": "7e54ff938bebb173822b4c38b33fc164c1cabf92",
              "status": "affected",
              "version": "6af55ff52b02d492d45db88df3e461fa51a6f753",
              "versionType": "git"
            },
            {
              "lessThan": "ffe68c3766997d82e9ccaf1cdbd47eba269c4aa2",
              "status": "affected",
              "version": "6af55ff52b02d492d45db88df3e461fa51a6f753",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/ec_bhf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.15"
            },
            {
              "lessThan": "3.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.252",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.202",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.128",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.252",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.202",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.165",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.128",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.75",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.16",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.6",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ec_bhf: Fix dma_free_coherent() dma handle\n\ndma_free_coherent() in error path takes priv-\u003erx_buf.alloc_len as\nthe dma handle. This would lead to improper unmapping of the buffer.\n\nChange the dma handle to priv-\u003erx_buf.alloc_phys."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:21:33.771Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0f589ee54fd6d76d3f75e745f7f12c64cbd749e5"
        },
        {
          "url": "https://git.kernel.org/stable/c/accd0599bc8e73b962247c6c6c70ca7aa1f8e8d0"
        },
        {
          "url": "https://git.kernel.org/stable/c/8320727be7ff704e07c87624efc2a4a75f54b3ce"
        },
        {
          "url": "https://git.kernel.org/stable/c/1e300c33ef3cc544c2b9c693778fe9490cfe9184"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b1371cd4032ae859838ebc74215f569987bb197"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b1d3c5d58a80a19d017a409aa2308162bab5bbf"
        },
        {
          "url": "https://git.kernel.org/stable/c/7e54ff938bebb173822b4c38b33fc164c1cabf92"
        },
        {
          "url": "https://git.kernel.org/stable/c/ffe68c3766997d82e9ccaf1cdbd47eba269c4aa2"
        }
      ],
      "title": "net: ethernet: ec_bhf: Fix dma_free_coherent() dma handle",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-43283",
    "datePublished": "2026-05-06T11:29:03.726Z",
    "dateReserved": "2026-05-01T14:12:55.998Z",
    "dateUpdated": "2026-05-11T22:21:33.771Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/drm_ioc32.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "46a60ee8956ef1975f00455f614761c7ecedc09d",
              "status": "affected",
              "version": "505b5240329b922f21f91d5b5d1e535c805eca6d",
              "versionType": "git"
            },
            {
              "lessThan": "5bb398991f378ef74d90b14a6ea8b61ff96cc03a",
              "status": "affected",
              "version": "505b5240329b922f21f91d5b5d1e535c805eca6d",
              "versionType": "git"
            },
            {
              "lessThan": "d59c5d8539662d95887b4564f3f72ad38076a2d5",
              "status": "affected",
              "version": "505b5240329b922f21f91d5b5d1e535c805eca6d",
              "versionType": "git"
            },
            {
              "lessThan": "489f2ef2b908898d01df697dc4fe1476674be640",
              "status": "affected",
              "version": "505b5240329b922f21f91d5b5d1e535c805eca6d",
              "versionType": "git"
            },
            {
              "lessThan": "4a41c2b18fc05d30b718d2602cac339eae710b34",
              "status": "affected",
              "version": "505b5240329b922f21f91d5b5d1e535c805eca6d",
              "versionType": "git"
            },
            {
              "lessThan": "f0e441be08a2eab10b2d06fccfa267ee599dd6b3",
              "status": "affected",
              "version": "505b5240329b922f21f91d5b5d1e535c805eca6d",
              "versionType": "git"
            },
            {
              "lessThan": "27ef84bba9b9d7b03418c60fbc6069ea0e87b13c",
              "status": "affected",
              "version": "505b5240329b922f21f91d5b5d1e535c805eca6d",
              "versionType": "git"
            },
            {
              "lessThan": "f8995c2df519f382525ca4bc90553ad2ec611067",
              "status": "affected",
              "version": "505b5240329b922f21f91d5b5d1e535c805eca6d",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "abc60edcfc87771ff244763d4d19c67766f5dd0f",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "a2a840d6dcae960c2dfdf3fcb1b759e1b7d90663",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "00279b505289f7529d9be2e78915d0483ffbd314",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "d04e6ea0cec9e7d6cba806508f657d2d0dc6cacf",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "7f3ebea19795eb38438cd3709fabf2afd53cf447",
              "versionType": "git"
            },
            {
              "lessThan": "3.17",
              "status": "affected",
              "version": "3.16.63",
              "versionType": "semver"
            },
            {
              "lessThan": "4.5",
              "status": "affected",
              "version": "4.4.170",
              "versionType": "semver"
            },
            {
              "lessThan": "4.10",
              "status": "affected",
              "version": "4.9.148",
              "versionType": "semver"
            },
            {
              "lessThan": "4.15",
              "status": "affected",
              "version": "4.14.91",
              "versionType": "semver"
            },
            {
              "lessThan": "4.20",
              "status": "affected",
              "version": "4.19.13",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/drm_ioc32.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.203",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.134",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.22",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.253",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.203",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.168",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.134",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.81",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.22",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.12",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.16.63",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.4.170",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.9.148",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.91",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.19.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/ioc32: stop speculation on the drm_compat_ioctl path\n\nThe drm compat ioctl path takes a user controlled pointer, and then\ndereferences it into a table of function pointers, the signature method\nof spectre problems.  Fix this up by calling array_index_nospec() on the\nindex to the function pointer list."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T16:05:56.217Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/46a60ee8956ef1975f00455f614761c7ecedc09d"
        },
        {
          "url": "https://git.kernel.org/stable/c/5bb398991f378ef74d90b14a6ea8b61ff96cc03a"
        },
        {
          "url": "https://git.kernel.org/stable/c/d59c5d8539662d95887b4564f3f72ad38076a2d5"
        },
        {
          "url": "https://git.kernel.org/stable/c/489f2ef2b908898d01df697dc4fe1476674be640"
        },
        {
          "url": "https://git.kernel.org/stable/c/4a41c2b18fc05d30b718d2602cac339eae710b34"
        },
        {
          "url": "https://git.kernel.org/stable/c/f0e441be08a2eab10b2d06fccfa267ee599dd6b3"
        },
        {
          "url": "https://git.kernel.org/stable/c/27ef84bba9b9d7b03418c60fbc6069ea0e87b13c"
        },
        {
          "url": "https://git.kernel.org/stable/c/f8995c2df519f382525ca4bc90553ad2ec611067"
        }
      ],
      "title": "drm/ioc32: stop speculation on the drm_compat_ioctl path",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-31781",
    "datePublished": "2026-05-01T14:15:07.933Z",
    "dateReserved": "2026-03-09T15:48:24.141Z",
    "dateUpdated": "2026-05-23T16:05:56.217Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/nvme/host/pci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2b9d605c3f0d3262142f196249cd3bd58c857c71",
              "status": "affected",
              "version": "0f0d2c876c96d4908a9ef40959a44bec21bdd6cf",
              "versionType": "git"
            },
            {
              "lessThan": "86183d550559e45e07059bbdf17331fea469e38c",
              "status": "affected",
              "version": "0f0d2c876c96d4908a9ef40959a44bec21bdd6cf",
              "versionType": "git"
            },
            {
              "lessThan": "d7990c936e25f484b61a5adeeadc1d290a9fd16e",
              "status": "affected",
              "version": "0f0d2c876c96d4908a9ef40959a44bec21bdd6cf",
              "versionType": "git"
            },
            {
              "lessThan": "83e6edd6358326c9c2de31a54bb4a1ec50703f1f",
              "status": "affected",
              "version": "0f0d2c876c96d4908a9ef40959a44bec21bdd6cf",
              "versionType": "git"
            },
            {
              "lessThan": "50bad78f03a02d3c0f228edf9912b494d3e7acb9",
              "status": "affected",
              "version": "0f0d2c876c96d4908a9ef40959a44bec21bdd6cf",
              "versionType": "git"
            },
            {
              "lessThan": "328c551f0cc81ee776b186b86cc6e5253bb6fda7",
              "status": "affected",
              "version": "0f0d2c876c96d4908a9ef40959a44bec21bdd6cf",
              "versionType": "git"
            },
            {
              "lessThan": "78279d2d74c58a0ed64e43cf601a02649771182e",
              "status": "affected",
              "version": "0f0d2c876c96d4908a9ef40959a44bec21bdd6cf",
              "versionType": "git"
            },
            {
              "lessThan": "b4e78f1427c7d6859229ae9616df54e1fc05a516",
              "status": "affected",
              "version": "0f0d2c876c96d4908a9ef40959a44bec21bdd6cf",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "930bb3092fe606baa23d57ae59b70b291d67a8af",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "fd1c1de8c4589fdd528733bfd01ed0c5f3f69204",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "4940816604e3ce7e05e8df297773ee86c0476d48",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "55a3b1ad694631cc2698b5500ac5865d7d0f064e",
              "versionType": "git"
            },
            {
              "lessThan": "4.15",
              "status": "affected",
              "version": "4.14.210",
              "versionType": "semver"
            },
            {
              "lessThan": "4.20",
              "status": "affected",
              "version": "4.19.161",
              "versionType": "semver"
            },
            {
              "lessThan": "5.5",
              "status": "affected",
              "version": "5.4.81",
              "versionType": "semver"
            },
            {
              "lessThan": "5.10",
              "status": "affected",
              "version": "5.9.12",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/nvme/host/pci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.203",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.130",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.78",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.253",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.203",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.167",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.130",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.78",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.19",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.9",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.210",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.19.161",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.4.81",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.9.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set\n\ndev-\u003eonline_queues is a count incremented in nvme_init_queue. Thus,\nvalid indices are 0 through dev-\u003eonline_queues \u2212 1.\n\nThis patch fixes the loop condition to ensure the index stays within the\nvalid range. Index 0 is excluded because it is the admin queue.\n\nKASAN splat:\n\n==================================================================\nBUG: KASAN: slab-out-of-bounds in nvme_dbbuf_free drivers/nvme/host/pci.c:377 [inline]\nBUG: KASAN: slab-out-of-bounds in nvme_dbbuf_set+0x39c/0x400 drivers/nvme/host/pci.c:404\nRead of size 2 at addr ffff88800592a574 by task kworker/u8:5/74\n\nCPU: 0 UID: 0 PID: 74 Comm: kworker/u8:5 Not tainted 6.19.0-dirty #10 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nWorkqueue: nvme-reset-wq nvme_reset_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xea/0x150 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xce/0x5d0 mm/kasan/report.c:482\n kasan_report+0xdc/0x110 mm/kasan/report.c:595\n __asan_report_load2_noabort+0x18/0x20 mm/kasan/report_generic.c:379\n nvme_dbbuf_free drivers/nvme/host/pci.c:377 [inline]\n nvme_dbbuf_set+0x39c/0x400 drivers/nvme/host/pci.c:404\n nvme_reset_work+0x36b/0x8c0 drivers/nvme/host/pci.c:3252\n process_one_work+0x956/0x1aa0 kernel/workqueue.c:3257\n process_scheduled_works kernel/workqueue.c:3340 [inline]\n worker_thread+0x65c/0xe60 kernel/workqueue.c:3421\n kthread+0x41a/0x930 kernel/kthread.c:463\n ret_from_fork+0x6f8/0x8c0 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246\n \u003c/TASK\u003e\n\nAllocated by task 34 on cpu 1 at 4.241550s:\n kasan_save_stack+0x2c/0x60 mm/kasan/common.c:57\n kasan_save_track+0x1c/0x70 mm/kasan/common.c:78\n kasan_save_alloc_info+0x3c/0x50 mm/kasan/generic.c:570\n poison_kmalloc_redzone mm/kasan/common.c:398 [inline]\n __kasan_kmalloc+0xb5/0xc0 mm/kasan/common.c:415\n kasan_kmalloc include/linux/kasan.h:263 [inline]\n __do_kmalloc_node mm/slub.c:5657 [inline]\n __kmalloc_node_noprof+0x2bf/0x8d0 mm/slub.c:5663\n kmalloc_array_node_noprof include/linux/slab.h:1075 [inline]\n nvme_pci_alloc_dev drivers/nvme/host/pci.c:3479 [inline]\n nvme_probe+0x2f1/0x1820 drivers/nvme/host/pci.c:3534\n local_pci_probe+0xef/0x1c0 drivers/pci/pci-driver.c:324\n pci_call_probe drivers/pci/pci-driver.c:392 [inline]\n __pci_device_probe drivers/pci/pci-driver.c:417 [inline]\n pci_device_probe+0x743/0x920 drivers/pci/pci-driver.c:451\n call_driver_probe drivers/base/dd.c:583 [inline]\n really_probe+0x29b/0xb70 drivers/base/dd.c:661\n __driver_probe_device+0x3b0/0x4a0 drivers/base/dd.c:803\n driver_probe_device+0x56/0x1f0 drivers/base/dd.c:833\n __driver_attach_async_helper+0x155/0x340 drivers/base/dd.c:1159\n async_run_entry_fn+0xa6/0x4b0 kernel/async.c:129\n process_one_work+0x956/0x1aa0 kernel/workqueue.c:3257\n process_scheduled_works kernel/workqueue.c:3340 [inline]\n worker_thread+0x65c/0xe60 kernel/workqueue.c:3421\n kthread+0x41a/0x930 kernel/kthread.c:463\n ret_from_fork+0x6f8/0x8c0 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246\n\nThe buggy address belongs to the object at ffff88800592a000\n which belongs to the cache kmalloc-2k of size 2048\nThe buggy address is located 244 bytes to the right of\n allocated 1152-byte region [ffff88800592a000, ffff88800592a480)\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5928\nhead: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0\nanon flags: 0xfffffc0000040(head|node=0|zone=1|lastcpupid=0x1fffff)\npage_type: f5(slab)\nraw: 000fffffc0000040 ffff888001042000 0000000000000000 dead000000000001\nraw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000\nhead: 000fffffc0000040 ffff888001042000 00000\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T16:07:01.436Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2b9d605c3f0d3262142f196249cd3bd58c857c71"
        },
        {
          "url": "https://git.kernel.org/stable/c/86183d550559e45e07059bbdf17331fea469e38c"
        },
        {
          "url": "https://git.kernel.org/stable/c/d7990c936e25f484b61a5adeeadc1d290a9fd16e"
        },
        {
          "url": "https://git.kernel.org/stable/c/83e6edd6358326c9c2de31a54bb4a1ec50703f1f"
        },
        {
          "url": "https://git.kernel.org/stable/c/50bad78f03a02d3c0f228edf9912b494d3e7acb9"
        },
        {
          "url": "https://git.kernel.org/stable/c/328c551f0cc81ee776b186b86cc6e5253bb6fda7"
        },
        {
          "url": "https://git.kernel.org/stable/c/78279d2d74c58a0ed64e43cf601a02649771182e"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4e78f1427c7d6859229ae9616df54e1fc05a516"
        }
      ],
      "title": "nvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-43449",
    "datePublished": "2026-05-08T14:22:15.276Z",
    "dateReserved": "2026-05-01T14:12:56.010Z",
    "dateUpdated": "2026-05-23T16:07:01.436Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/icmp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c438ba010171b70bad22fc18b1d5bdc3627476e8",
              "status": "affected",
              "version": "ca15a078bd907df5fc1c009477869c5cbde3b753",
              "versionType": "git"
            },
            {
              "lessThan": "0452b6526b2f54b2413b9cb4ff1ea2ac542c99c7",
              "status": "affected",
              "version": "ca15a078bd907df5fc1c009477869c5cbde3b753",
              "versionType": "git"
            },
            {
              "lessThan": "a4437faf135da293d16fcc4cc607316742bd0ebb",
              "status": "affected",
              "version": "ca15a078bd907df5fc1c009477869c5cbde3b753",
              "versionType": "git"
            },
            {
              "lessThan": "3d5127d998de617b130aae96b138dba22ac6a8a7",
              "status": "affected",
              "version": "ca15a078bd907df5fc1c009477869c5cbde3b753",
              "versionType": "git"
            },
            {
              "lessThan": "e41953e7d118e2702bcb217879c173d9d1d3cd4e",
              "status": "affected",
              "version": "ca15a078bd907df5fc1c009477869c5cbde3b753",
              "versionType": "git"
            },
            {
              "lessThan": "a2edbb6393972a02114b6003953a5cef3104fada",
              "status": "affected",
              "version": "ca15a078bd907df5fc1c009477869c5cbde3b753",
              "versionType": "git"
            },
            {
              "lessThan": "1ceeebd5bd6d855b17a5df625109bfe29129d7cf",
              "status": "affected",
              "version": "ca15a078bd907df5fc1c009477869c5cbde3b753",
              "versionType": "git"
            },
            {
              "lessThan": "86ab3e55673a7a49a841838776f1ab18d23a67b5",
              "status": "affected",
              "version": "ca15a078bd907df5fc1c009477869c5cbde3b753",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/icmp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.13"
            },
            {
              "lessThan": "3.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.203",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.134",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.22",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.253",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.203",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.168",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.134",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.81",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.22",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.12",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: icmp: clear skb2-\u003ecb[] in ip6_err_gen_icmpv6_unreach()\n\nSashiko AI-review observed:\n\n  In ip6_err_gen_icmpv6_unreach(), the skb is an outer IPv4 ICMP error packet\n  where its cb contains an IPv4 inet_skb_parm. When skb is cloned into skb2\n  and passed to icmp6_send(), it uses IP6CB(skb2).\n\n  IP6CB interprets the IPv4 inet_skb_parm as an inet6_skb_parm. The cipso\n  offset in inet_skb_parm.opt directly overlaps with dsthao in inet6_skb_parm\n  at offset 18.\n\n  If an attacker sends a forged ICMPv4 error with a CIPSO IP option, dsthao\n  would be a non-zero offset. Inside icmp6_send(), mip6_addr_swap() is called\n  and uses ipv6_find_tlv(skb, opt-\u003edsthao, IPV6_TLV_HAO).\n\n  This would scan the inner, attacker-controlled IPv6 packet starting at that\n  offset, potentially returning a fake TLV without checking if the remaining\n  packet length can hold the full 18-byte struct ipv6_destopt_hao.\n\n  Could mip6_addr_swap() then perform a 16-byte swap that extends past the end\n  of the packet data into skb_shared_info?\n\n  Should the cb array also be cleared in ip6_err_gen_icmpv6_unreach() and\n  ip6ip6_err() to prevent this?\n\nThis patch implements the first suggestion.\n\nI am not sure if ip6ip6_err() needs to be changed.\nA separate patch would be better anyway."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:16:31.106Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c438ba010171b70bad22fc18b1d5bdc3627476e8"
        },
        {
          "url": "https://git.kernel.org/stable/c/0452b6526b2f54b2413b9cb4ff1ea2ac542c99c7"
        },
        {
          "url": "https://git.kernel.org/stable/c/a4437faf135da293d16fcc4cc607316742bd0ebb"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d5127d998de617b130aae96b138dba22ac6a8a7"
        },
        {
          "url": "https://git.kernel.org/stable/c/e41953e7d118e2702bcb217879c173d9d1d3cd4e"
        },
        {
          "url": "https://git.kernel.org/stable/c/a2edbb6393972a02114b6003953a5cef3104fada"
        },
        {
          "url": "https://git.kernel.org/stable/c/1ceeebd5bd6d855b17a5df625109bfe29129d7cf"
        },
        {
          "url": "https://git.kernel.org/stable/c/86ab3e55673a7a49a841838776f1ab18d23a67b5"
        }
      ],
      "title": "ipv6: icmp: clear skb2-\u003ecb[] in ip6_err_gen_icmpv6_unreach()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-43038",
    "datePublished": "2026-05-01T14:15:35.986Z",
    "dateReserved": "2026-05-01T14:12:55.978Z",
    "dateUpdated": "2026-05-11T22:16:31.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "crypto/af_alg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fa48d3ea9cdbfb28c1fd6756c6c5cd01351aa51e",
              "status": "affected",
              "version": "e870456d8e7c8d57c059ea479b5aadbb55ff4c3a",
              "versionType": "git"
            },
            {
              "lessThan": "2b781d1d4f933990318bcc5c68fb75a717379e42",
              "status": "affected",
              "version": "e870456d8e7c8d57c059ea479b5aadbb55ff4c3a",
              "versionType": "git"
            },
            {
              "lessThan": "f7826bc0b39928a4a22f6b815dd9940b22a63503",
              "status": "affected",
              "version": "e870456d8e7c8d57c059ea479b5aadbb55ff4c3a",
              "versionType": "git"
            },
            {
              "lessThan": "710a4ce5d7afd9fe082c75dec282ab4a11c0fe71",
              "status": "affected",
              "version": "e870456d8e7c8d57c059ea479b5aadbb55ff4c3a",
              "versionType": "git"
            },
            {
              "lessThan": "c8369a6d62f5abde9cbd4b62c45bf4b996be2468",
              "status": "affected",
              "version": "e870456d8e7c8d57c059ea479b5aadbb55ff4c3a",
              "versionType": "git"
            },
            {
              "lessThan": "dea5fcf085f977b6c2de1b2d4ec4767b6c840d1f",
              "status": "affected",
              "version": "e870456d8e7c8d57c059ea479b5aadbb55ff4c3a",
              "versionType": "git"
            },
            {
              "lessThan": "9532501e0f1b200ea80baa0e33e0b06da10bb271",
              "status": "affected",
              "version": "e870456d8e7c8d57c059ea479b5aadbb55ff4c3a",
              "versionType": "git"
            },
            {
              "lessThan": "31d00156e50ecad37f2cb6cbf04aaa9a260505ef",
              "status": "affected",
              "version": "e870456d8e7c8d57c059ea479b5aadbb55ff4c3a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "crypto/af_alg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "lessThan": "4.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.254",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.204",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.170",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.137",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.254",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.204",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.170",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.137",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.85",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.24",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.14",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl\n\nWhen page reassignment was added to af_alg_pull_tsgl the original\nloop wasn\u0027t updated so it may try to reassign one more page than\nnecessary.\n\nAdd the check to the reassignment so that this does not happen.\n\nAlso update the comment which still refers to the obsolete offset\nargument."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:17:17.911Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fa48d3ea9cdbfb28c1fd6756c6c5cd01351aa51e"
        },
        {
          "url": "https://git.kernel.org/stable/c/2b781d1d4f933990318bcc5c68fb75a717379e42"
        },
        {
          "url": "https://git.kernel.org/stable/c/f7826bc0b39928a4a22f6b815dd9940b22a63503"
        },
        {
          "url": "https://git.kernel.org/stable/c/710a4ce5d7afd9fe082c75dec282ab4a11c0fe71"
        },
        {
          "url": "https://git.kernel.org/stable/c/c8369a6d62f5abde9cbd4b62c45bf4b996be2468"
        },
        {
          "url": "https://git.kernel.org/stable/c/dea5fcf085f977b6c2de1b2d4ec4767b6c840d1f"
        },
        {
          "url": "https://git.kernel.org/stable/c/9532501e0f1b200ea80baa0e33e0b06da10bb271"
        },
        {
          "url": "https://git.kernel.org/stable/c/31d00156e50ecad37f2cb6cbf04aaa9a260505ef"
        }
      ],
      "title": "crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-43078",
    "datePublished": "2026-05-06T07:40:15.092Z",
    "dateReserved": "2026-05-01T14:12:55.983Z",
    "dateUpdated": "2026-05-11T22:17:17.911Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/tipc/socket.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "600feb0a66a98c6b7f6f02b5f3612e75f9b8540f",
              "status": "affected",
              "version": "6787927475e52f6933e3affce365dabb2aa2fadf",
              "versionType": "git"
            },
            {
              "lessThan": "3bc9998041076ee05d3f312a22cee6b2ca35527f",
              "status": "affected",
              "version": "6787927475e52f6933e3affce365dabb2aa2fadf",
              "versionType": "git"
            },
            {
              "lessThan": "579956f9f297eb1b6a5d24de313f3acccee1f9d5",
              "status": "affected",
              "version": "6787927475e52f6933e3affce365dabb2aa2fadf",
              "versionType": "git"
            },
            {
              "lessThan": "a360d3815aae1f00dd71b7714a846482e85cc1f7",
              "status": "affected",
              "version": "6787927475e52f6933e3affce365dabb2aa2fadf",
              "versionType": "git"
            },
            {
              "lessThan": "c2ebfbe63deb7bfd4dc2532bae62a7ed67713272",
              "status": "affected",
              "version": "6787927475e52f6933e3affce365dabb2aa2fadf",
              "versionType": "git"
            },
            {
              "lessThan": "2754e7b3d64748643df867d1ea6fec522914b635",
              "status": "affected",
              "version": "6787927475e52f6933e3affce365dabb2aa2fadf",
              "versionType": "git"
            },
            {
              "lessThan": "338c5edeb6ae3f12a4b84dff9d71f6f7f8c202c3",
              "status": "affected",
              "version": "6787927475e52f6933e3affce365dabb2aa2fadf",
              "versionType": "git"
            },
            {
              "lessThan": "6c5a9baa15de240e747263aba435a0951da8d8d2",
              "status": "affected",
              "version": "6787927475e52f6933e3affce365dabb2aa2fadf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/tipc/socket.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.203",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.130",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.78",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.253",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.203",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.167",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.130",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.78",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.19",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.9",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix divide-by-zero in tipc_sk_filter_connect()\n\nA user can set conn_timeout to any value via\nsetsockopt(TIPC_CONN_TIMEOUT), including values less than 4.  When a\nSYN is rejected with TIPC_ERR_OVERLOAD and the retry path in\ntipc_sk_filter_connect() executes:\n\n    delay %= (tsk-\u003econn_timeout / 4);\n\nIf conn_timeout is in the range [0, 3], the integer division yields 0,\nand the modulo operation triggers a divide-by-zero exception, causing a\nkernel oops/panic.\n\nFix this by clamping conn_timeout to a minimum of 4 at the point of use\nin tipc_sk_filter_connect().\n\nOops: divide error: 0000 [#1] SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 119 Comm: poc-F144 Not tainted 7.0.0-rc2+\nRIP: 0010:tipc_sk_filter_rcv (net/tipc/socket.c:2236 net/tipc/socket.c:2362)\nCall Trace:\n tipc_sk_backlog_rcv (include/linux/instrumented.h:82 include/linux/atomic/atomic-instrumented.h:32 include/net/sock.h:2357 net/tipc/socket.c:2406)\n __release_sock (include/net/sock.h:1185 net/core/sock.c:3213)\n release_sock (net/core/sock.c:3797)\n tipc_connect (net/tipc/socket.c:2570)\n __sys_connect (include/linux/file.h:62 include/linux/file.h:83 net/socket.c:2098)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:24:04.295Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/600feb0a66a98c6b7f6f02b5f3612e75f9b8540f"
        },
        {
          "url": "https://git.kernel.org/stable/c/3bc9998041076ee05d3f312a22cee6b2ca35527f"
        },
        {
          "url": "https://git.kernel.org/stable/c/579956f9f297eb1b6a5d24de313f3acccee1f9d5"
        },
        {
          "url": "https://git.kernel.org/stable/c/a360d3815aae1f00dd71b7714a846482e85cc1f7"
        },
        {
          "url": "https://git.kernel.org/stable/c/c2ebfbe63deb7bfd4dc2532bae62a7ed67713272"
        },
        {
          "url": "https://git.kernel.org/stable/c/2754e7b3d64748643df867d1ea6fec522914b635"
        },
        {
          "url": "https://git.kernel.org/stable/c/338c5edeb6ae3f12a4b84dff9d71f6f7f8c202c3"
        },
        {
          "url": "https://git.kernel.org/stable/c/6c5a9baa15de240e747263aba435a0951da8d8d2"
        }
      ],
      "title": "tipc: fix divide-by-zero in tipc_sk_filter_connect()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-43411",
    "datePublished": "2026-05-08T14:21:49.543Z",
    "dateReserved": "2026-05-01T14:12:56.008Z",
    "dateUpdated": "2026-05-11T22:24:04.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/wireless/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "82a35356b5c1f75fe6a8a561db44e8d0e49da8f9",
              "status": "affected",
              "version": "1f87f7d3a3b42b20f34cb03f0fd1a41c3d0e27f3",
              "versionType": "git"
            },
            {
              "lessThan": "b2e9626a9d16b9bbbd06498c9e73c93be354dc7a",
              "status": "affected",
              "version": "1f87f7d3a3b42b20f34cb03f0fd1a41c3d0e27f3",
              "versionType": "git"
            },
            {
              "lessThan": "eeea8da43ab86ac0a6b9cec225eec91564346940",
              "status": "affected",
              "version": "1f87f7d3a3b42b20f34cb03f0fd1a41c3d0e27f3",
              "versionType": "git"
            },
            {
              "lessThan": "fa18639deab4a3662d543200c5bfc29bf4e23173",
              "status": "affected",
              "version": "1f87f7d3a3b42b20f34cb03f0fd1a41c3d0e27f3",
              "versionType": "git"
            },
            {
              "lessThan": "57e39fe8da573435fa35975f414f4dc17d9f8449",
              "status": "affected",
              "version": "1f87f7d3a3b42b20f34cb03f0fd1a41c3d0e27f3",
              "versionType": "git"
            },
            {
              "lessThan": "584279ad9ff1e8e7c5494b9fce286201f7d1f9e2",
              "status": "affected",
              "version": "1f87f7d3a3b42b20f34cb03f0fd1a41c3d0e27f3",
              "versionType": "git"
            },
            {
              "lessThan": "cd2f52944c7b95dcdfe0d87f385a2d96458a3ae5",
              "status": "affected",
              "version": "1f87f7d3a3b42b20f34cb03f0fd1a41c3d0e27f3",
              "versionType": "git"
            },
            {
              "lessThan": "767d23ade706d5fa51c36168e92a9c5533c351a1",
              "status": "affected",
              "version": "1f87f7d3a3b42b20f34cb03f0fd1a41c3d0e27f3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/wireless/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.31"
            },
            {
              "lessThan": "2.6.31",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.203",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.130",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.253",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.203",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.167",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.130",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.77",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.17",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.7",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: cancel rfkill_block work in wiphy_unregister()\n\nThere is a use-after-free error in cfg80211_shutdown_all_interfaces found\nby syzkaller:\n\nBUG: KASAN: use-after-free in cfg80211_shutdown_all_interfaces+0x213/0x220\nRead of size 8 at addr ffff888112a78d98 by task kworker/0:5/5326\nCPU: 0 UID: 0 PID: 5326 Comm: kworker/0:5 Not tainted 6.19.0-rc2 #2 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: events cfg80211_rfkill_block_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x116/0x1f0\n print_report+0xcd/0x630\n kasan_report+0xe0/0x110\n cfg80211_shutdown_all_interfaces+0x213/0x220\n cfg80211_rfkill_block_work+0x1e/0x30\n process_one_work+0x9cf/0x1b70\n worker_thread+0x6c8/0xf10\n kthread+0x3c5/0x780\n ret_from_fork+0x56d/0x700\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nThe problem arises due to the rfkill_block work is not cancelled when wiphy\nis being unregistered. In order to fix the issue cancel the corresponding\nwork in wiphy_unregister().\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:04:52.288Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/82a35356b5c1f75fe6a8a561db44e8d0e49da8f9"
        },
        {
          "url": "https://git.kernel.org/stable/c/b2e9626a9d16b9bbbd06498c9e73c93be354dc7a"
        },
        {
          "url": "https://git.kernel.org/stable/c/eeea8da43ab86ac0a6b9cec225eec91564346940"
        },
        {
          "url": "https://git.kernel.org/stable/c/fa18639deab4a3662d543200c5bfc29bf4e23173"
        },
        {
          "url": "https://git.kernel.org/stable/c/57e39fe8da573435fa35975f414f4dc17d9f8449"
        },
        {
          "url": "https://git.kernel.org/stable/c/584279ad9ff1e8e7c5494b9fce286201f7d1f9e2"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd2f52944c7b95dcdfe0d87f385a2d96458a3ae5"
        },
        {
          "url": "https://git.kernel.org/stable/c/767d23ade706d5fa51c36168e92a9c5533c351a1"
        }
      ],
      "title": "wifi: cfg80211: cancel rfkill_block work in wiphy_unregister()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-23336",
    "datePublished": "2026-03-25T10:27:26.061Z",
    "dateReserved": "2026-01-13T15:37:45.997Z",
    "dateUpdated": "2026-05-11T22:04:52.288Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/pci/cx88/cx88-alsa.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f0d7f735eba963742009b0706e19dd0bed91537a",
              "status": "affected",
              "version": "b2c75abde0debfb824f72845c3ed77d4b66798a0",
              "versionType": "git"
            },
            {
              "lessThan": "dc911fccc6e08ef46a66b2a42a764252b001ee3c",
              "status": "affected",
              "version": "b2c75abde0debfb824f72845c3ed77d4b66798a0",
              "versionType": "git"
            },
            {
              "lessThan": "24f3dabeb97bd0bec8c1c926c97e3eb6a8129225",
              "status": "affected",
              "version": "b2c75abde0debfb824f72845c3ed77d4b66798a0",
              "versionType": "git"
            },
            {
              "lessThan": "10ab64f8efc2f479293dce929fde326c285fc96f",
              "status": "affected",
              "version": "b2c75abde0debfb824f72845c3ed77d4b66798a0",
              "versionType": "git"
            },
            {
              "lessThan": "e3fb15aadfc8643203bbdf97ace0396e4586fa64",
              "status": "affected",
              "version": "b2c75abde0debfb824f72845c3ed77d4b66798a0",
              "versionType": "git"
            },
            {
              "lessThan": "1ce8c2a8f050a23240553c8bae628ac623f9dbc1",
              "status": "affected",
              "version": "b2c75abde0debfb824f72845c3ed77d4b66798a0",
              "versionType": "git"
            },
            {
              "lessThan": "3baefeeb7b85e1e34eebef399ffa312be7179e30",
              "status": "affected",
              "version": "b2c75abde0debfb824f72845c3ed77d4b66798a0",
              "versionType": "git"
            },
            {
              "lessThan": "dbc527d980f7ba8559de38f8c1e4158c71a78915",
              "status": "affected",
              "version": "b2c75abde0debfb824f72845c3ed77d4b66798a0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/pci/cx88/cx88-alsa.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.19"
            },
            {
              "lessThan": "3.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.252",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.202",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.128",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.252",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.202",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.165",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.128",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.75",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.16",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.6",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx88: Add missing unmap in snd_cx88_hw_params()\n\nIn error path, add cx88_alsa_dma_unmap() to release\nresource acquired by cx88_alsa_dma_map()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:21:03.247Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f0d7f735eba963742009b0706e19dd0bed91537a"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc911fccc6e08ef46a66b2a42a764252b001ee3c"
        },
        {
          "url": "https://git.kernel.org/stable/c/24f3dabeb97bd0bec8c1c926c97e3eb6a8129225"
        },
        {
          "url": "https://git.kernel.org/stable/c/10ab64f8efc2f479293dce929fde326c285fc96f"
        },
        {
          "url": "https://git.kernel.org/stable/c/e3fb15aadfc8643203bbdf97ace0396e4586fa64"
        },
        {
          "url": "https://git.kernel.org/stable/c/1ce8c2a8f050a23240553c8bae628ac623f9dbc1"
        },
        {
          "url": "https://git.kernel.org/stable/c/3baefeeb7b85e1e34eebef399ffa312be7179e30"
        },
        {
          "url": "https://git.kernel.org/stable/c/dbc527d980f7ba8559de38f8c1e4158c71a78915"
        }
      ],
      "title": "media: cx88: Add missing unmap in snd_cx88_hw_params()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-43257",
    "datePublished": "2026-05-06T11:28:45.872Z",
    "dateReserved": "2026-05-01T14:12:55.996Z",
    "dateUpdated": "2026-05-11T22:21:03.247Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sched/cls_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "903c3405cfcc7700260e456ab66a5867586c9e69",
              "status": "affected",
              "version": "32a4f5ecd7381f30ae3bb36dea77a150ba68af2e",
              "versionType": "git"
            },
            {
              "lessThan": "71a3eda7e850ae844cb8993065f4e410c11a46ce",
              "status": "affected",
              "version": "32a4f5ecd7381f30ae3bb36dea77a150ba68af2e",
              "versionType": "git"
            },
            {
              "lessThan": "4ae5d23f51fb91d7d1140c6f1ba77ab0756054c3",
              "status": "affected",
              "version": "32a4f5ecd7381f30ae3bb36dea77a150ba68af2e",
              "versionType": "git"
            },
            {
              "lessThan": "e35f5195cd44ff4053fbc5d71ea97681728a0099",
              "status": "affected",
              "version": "32a4f5ecd7381f30ae3bb36dea77a150ba68af2e",
              "versionType": "git"
            },
            {
              "lessThan": "d6db08484c6cb3d4ad696246f9d288eceba2a078",
              "status": "affected",
              "version": "32a4f5ecd7381f30ae3bb36dea77a150ba68af2e",
              "versionType": "git"
            },
            {
              "lessThan": "906997ea3766c24fbbf9cc4bf17c047315bbd138",
              "status": "affected",
              "version": "32a4f5ecd7381f30ae3bb36dea77a150ba68af2e",
              "versionType": "git"
            },
            {
              "lessThan": "1091b3c174441a52fdbb92e2fe00338f9371a91c",
              "status": "affected",
              "version": "32a4f5ecd7381f30ae3bb36dea77a150ba68af2e",
              "versionType": "git"
            },
            {
              "lessThan": "e6e3eb5ee89ac4c163d46429391c889a1bb5e404",
              "status": "affected",
              "version": "32a4f5ecd7381f30ae3bb36dea77a150ba68af2e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sched/cls_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.19"
            },
            {
              "lessThan": "4.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.203",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.134",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.22",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.253",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.203",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.168",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.134",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.81",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.22",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.12",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak\n\nWhen building netlink messages, tc_chain_fill_node() never initializes\nthe tcm_info field of struct tcmsg. Since the allocation is not zeroed,\nkernel heap memory is leaked to userspace through this 4-byte field.\n\nThe fix simply zeroes tcm_info alongside the other fields that are\nalready initialized."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:16:27.484Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/903c3405cfcc7700260e456ab66a5867586c9e69"
        },
        {
          "url": "https://git.kernel.org/stable/c/71a3eda7e850ae844cb8993065f4e410c11a46ce"
        },
        {
          "url": "https://git.kernel.org/stable/c/4ae5d23f51fb91d7d1140c6f1ba77ab0756054c3"
        },
        {
          "url": "https://git.kernel.org/stable/c/e35f5195cd44ff4053fbc5d71ea97681728a0099"
        },
        {
          "url": "https://git.kernel.org/stable/c/d6db08484c6cb3d4ad696246f9d288eceba2a078"
        },
        {
          "url": "https://git.kernel.org/stable/c/906997ea3766c24fbbf9cc4bf17c047315bbd138"
        },
        {
          "url": "https://git.kernel.org/stable/c/1091b3c174441a52fdbb92e2fe00338f9371a91c"
        },
        {
          "url": "https://git.kernel.org/stable/c/e6e3eb5ee89ac4c163d46429391c889a1bb5e404"
        }
      ],
      "title": "net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-43035",
    "datePublished": "2026-05-01T14:15:33.922Z",
    "dateReserved": "2026-05-01T14:12:55.977Z",
    "dateUpdated": "2026-05-11T22:16:27.484Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/can/usb/ucan.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ca07d3c6eef14d34e6fdeefe55058db045be29dc",
              "status": "affected",
              "version": "9f2d3eae88d26c29d96e42983b755940d9169cd9",
              "versionType": "git"
            },
            {
              "lessThan": "e7bb6e0606b5f233531aaaad9542d69fbb792115",
              "status": "affected",
              "version": "9f2d3eae88d26c29d96e42983b755940d9169cd9",
              "versionType": "git"
            },
            {
              "lessThan": "ab6f075492d37368b4c7b0df7f7fdc2b666887fc",
              "status": "affected",
              "version": "9f2d3eae88d26c29d96e42983b755940d9169cd9",
              "versionType": "git"
            },
            {
              "lessThan": "13b646eec3ba1131180803f5aaf1fee23540ad8f",
              "status": "affected",
              "version": "9f2d3eae88d26c29d96e42983b755940d9169cd9",
              "versionType": "git"
            },
            {
              "lessThan": "bd85f21a6219aeae4389d700c54f1799f4b814e0",
              "status": "affected",
              "version": "9f2d3eae88d26c29d96e42983b755940d9169cd9",
              "versionType": "git"
            },
            {
              "lessThan": "aa9e0a7fe5efc2f74327fd37d828e9a51d9ff588",
              "status": "affected",
              "version": "9f2d3eae88d26c29d96e42983b755940d9169cd9",
              "versionType": "git"
            },
            {
              "lessThan": "c7bc62be6c1a60bb21301692009590b1ffda91d9",
              "status": "affected",
              "version": "9f2d3eae88d26c29d96e42983b755940d9169cd9",
              "versionType": "git"
            },
            {
              "lessThan": "1e446fd0582ad8be9f6dafb115fc2e7245f9bea7",
              "status": "affected",
              "version": "9f2d3eae88d26c29d96e42983b755940d9169cd9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/can/usb/ucan.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.19"
            },
            {
              "lessThan": "4.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.203",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.130",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.253",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.203",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.167",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.130",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.77",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.17",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.7",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: ucan: Fix infinite loop from zero-length messages\n\nIf a broken ucan device gets a message with the message length field set\nto 0, then the driver will loop for forever in\nucan_read_bulk_callback(), hanging the system.  If the length is 0, just\nskip the message and go on to the next one.\n\nThis has been fixed in the kvaser_usb driver in the past in commit\n0c73772cd2b8 (\"can: kvaser_usb: leaf: Fix potential infinite loop in\ncommand parsers\"), so there must be some broken devices out there like\nthis somewhere."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:04:10.668Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ca07d3c6eef14d34e6fdeefe55058db045be29dc"
        },
        {
          "url": "https://git.kernel.org/stable/c/e7bb6e0606b5f233531aaaad9542d69fbb792115"
        },
        {
          "url": "https://git.kernel.org/stable/c/ab6f075492d37368b4c7b0df7f7fdc2b666887fc"
        },
        {
          "url": "https://git.kernel.org/stable/c/13b646eec3ba1131180803f5aaf1fee23540ad8f"
        },
        {
          "url": "https://git.kernel.org/stable/c/bd85f21a6219aeae4389d700c54f1799f4b814e0"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa9e0a7fe5efc2f74327fd37d828e9a51d9ff588"
        },
        {
          "url": "https://git.kernel.org/stable/c/c7bc62be6c1a60bb21301692009590b1ffda91d9"
        },
        {
          "url": "https://git.kernel.org/stable/c/1e446fd0582ad8be9f6dafb115fc2e7245f9bea7"
        }
      ],
      "title": "can: ucan: Fix infinite loop from zero-length messages",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-23298",
    "datePublished": "2026-03-25T10:26:54.830Z",
    "dateReserved": "2026-01-13T15:37:45.993Z",
    "dateUpdated": "2026-05-11T22:04:10.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "security/apparmor/apparmorfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e6b2fc7e34d4e7ca6b8598c33a3d45d59e455d8d",
              "status": "affected",
              "version": "1180b4c757aab5506f1be367000364dd5cf5cd02",
              "versionType": "git"
            },
            {
              "lessThan": "6d8c180c825cbc73eeffaa79591f8e142dacae70",
              "status": "affected",
              "version": "1180b4c757aab5506f1be367000364dd5cf5cd02",
              "versionType": "git"
            },
            {
              "lessThan": "3c36b87fc2a4cf88eadea8cf13923bd2b4f9a3fa",
              "status": "affected",
              "version": "1180b4c757aab5506f1be367000364dd5cf5cd02",
              "versionType": "git"
            },
            {
              "lessThan": "b25298e89a297c42eb4c4d6f081d60375b820abb",
              "status": "affected",
              "version": "1180b4c757aab5506f1be367000364dd5cf5cd02",
              "versionType": "git"
            },
            {
              "lessThan": "19f2e4055626a58842ddec3282ad4465a80c6625",
              "status": "affected",
              "version": "1180b4c757aab5506f1be367000364dd5cf5cd02",
              "versionType": "git"
            },
            {
              "lessThan": "1d2b2b58fde9059a488bc25399e6c3d74e9b5548",
              "status": "affected",
              "version": "1180b4c757aab5506f1be367000364dd5cf5cd02",
              "versionType": "git"
            },
            {
              "lessThan": "1432ab0774cba43e8111be39989ff226531a9bac",
              "status": "affected",
              "version": "1180b4c757aab5506f1be367000364dd5cf5cd02",
              "versionType": "git"
            },
            {
              "lessThan": "df9ac55abd18628bd8cff687ea043660532a3654",
              "status": "affected",
              "version": "1180b4c757aab5506f1be367000364dd5cf5cd02",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "security/apparmor/apparmorfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.17"
            },
            {
              "lessThan": "4.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.252",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.202",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.128",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.252",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.202",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.165",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.128",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.75",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.14",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.4",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix invalid deref of rawdata when export_binary is unset\n\nIf the export_binary parameter is disabled on runtime, profiles that\nwere loaded before that will still have their rawdata stored in\napparmorfs, with a symbolic link to the rawdata on the policy\ndirectory. When one of those profiles are replaced, the rawdata is set\nto NULL, but when trying to resolve the symbolic links to rawdata for\nthat profile, it will try to dereference profile-\u003erawdata-\u003ename when\nprofile-\u003erawdata is now NULL causing an oops. Fix it by checking if\nrawdata is set.\n\n[  168.653080] BUG: kernel NULL pointer dereference, address: 0000000000000088\n[  168.657420] #PF: supervisor read access in kernel mode\n[  168.660619] #PF: error_code(0x0000) - not-present page\n[  168.663613] PGD 0 P4D 0\n[  168.665450] Oops: Oops: 0000 [#1] SMP NOPTI\n[  168.667836] CPU: 1 UID: 0 PID: 1729 Comm: ls Not tainted 6.19.0-rc7+ #3 PREEMPT(voluntary)\n[  168.672308] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[  168.679327] RIP: 0010:rawdata_get_link_base.isra.0+0x23/0x330\n[  168.682768] Code: 90 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 18 48 89 55 d0 48 85 ff 0f 84 e3 01 00 00 \u003c48\u003e 83 3c 25 88 00 00 00 00 0f 84 d4 01 00 00 49 89 f6 49 89 cc e8\n[  168.689818] RSP: 0018:ffffcdcb8200fb80 EFLAGS: 00010282\n[  168.690871] RAX: ffffffffaee74ec0 RBX: 0000000000000000 RCX: ffffffffb0120158\n[  168.692251] RDX: ffffcdcb8200fbe0 RSI: ffff88c187c9fa80 RDI: ffff88c186c98a80\n[  168.693593] RBP: ffffcdcb8200fbc0 R08: 0000000000000000 R09: 0000000000000000\n[  168.694941] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88c186c98a80\n[  168.696289] R13: 00007fff005aaa20 R14: 0000000000000080 R15: ffff88c188f4fce0\n[  168.697637] FS:  0000790e81c58280(0000) GS:ffff88c20a957000(0000) knlGS:0000000000000000\n[  168.699227] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  168.700349] CR2: 0000000000000088 CR3: 000000012fd3e000 CR4: 0000000000350ef0\n[  168.701696] Call Trace:\n[  168.702325]  \u003cTASK\u003e\n[  168.702995]  rawdata_get_link_data+0x1c/0x30\n[  168.704145]  vfs_readlink+0xd4/0x160\n[  168.705152]  do_readlinkat+0x114/0x180\n[  168.706214]  __x64_sys_readlink+0x1e/0x30\n[  168.708653]  x64_sys_call+0x1d77/0x26b0\n[  168.709525]  do_syscall_64+0x81/0x500\n[  168.710348]  ? do_statx+0x72/0xb0\n[  168.711109]  ? putname+0x3e/0x80\n[  168.711845]  ? __x64_sys_statx+0xb7/0x100\n[  168.712711]  ? x64_sys_call+0x10fc/0x26b0\n[  168.713577]  ? do_syscall_64+0xbf/0x500\n[  168.714412]  ? do_user_addr_fault+0x1d2/0x8d0\n[  168.715404]  ? irqentry_exit+0xb2/0x740\n[  168.716359]  ? exc_page_fault+0x90/0x1b0\n[  168.717307]  entry_SYSCALL_64_after_hwframe+0x76/0x7e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-27T12:18:23.170Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e6b2fc7e34d4e7ca6b8598c33a3d45d59e455d8d"
        },
        {
          "url": "https://git.kernel.org/stable/c/6d8c180c825cbc73eeffaa79591f8e142dacae70"
        },
        {
          "url": "https://git.kernel.org/stable/c/3c36b87fc2a4cf88eadea8cf13923bd2b4f9a3fa"
        },
        {
          "url": "https://git.kernel.org/stable/c/b25298e89a297c42eb4c4d6f081d60375b820abb"
        },
        {
          "url": "https://git.kernel.org/stable/c/19f2e4055626a58842ddec3282ad4465a80c6625"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d2b2b58fde9059a488bc25399e6c3d74e9b5548"
        },
        {
          "url": "https://git.kernel.org/stable/c/1432ab0774cba43e8111be39989ff226531a9bac"
        },
        {
          "url": "https://git.kernel.org/stable/c/df9ac55abd18628bd8cff687ea043660532a3654"
        }
      ],
      "title": "apparmor: fix invalid deref of rawdata when export_binary is unset",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-45965",
    "datePublished": "2026-05-27T12:18:23.170Z",
    "dateReserved": "2026-05-13T15:03:33.089Z",
    "dateUpdated": "2026-05-27T12:18:23.170Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fd4a4d0711f48a99b25bcd45e00eef8339eff82d",
              "status": "affected",
              "version": "2389fc1305fc1e2cf8b310a75463fefd3058bf48",
              "versionType": "git"
            },
            {
              "lessThan": "6404898af86d986db1dbbe06177c143e40652e49",
              "status": "affected",
              "version": "2389fc1305fc1e2cf8b310a75463fefd3058bf48",
              "versionType": "git"
            },
            {
              "lessThan": "796e77c14c4c1e2cd36473760fb6cc66c695eb47",
              "status": "affected",
              "version": "2389fc1305fc1e2cf8b310a75463fefd3058bf48",
              "versionType": "git"
            },
            {
              "lessThan": "ac2d898da5095d46bd1ff8585fdd753d58ad91e7",
              "status": "affected",
              "version": "2389fc1305fc1e2cf8b310a75463fefd3058bf48",
              "versionType": "git"
            },
            {
              "lessThan": "a205740a7231e967ac77cb731171642901c327af",
              "status": "affected",
              "version": "2389fc1305fc1e2cf8b310a75463fefd3058bf48",
              "versionType": "git"
            },
            {
              "lessThan": "7b4d0fab3ff2c00c6d34e1952c9df5129a826aee",
              "status": "affected",
              "version": "2389fc1305fc1e2cf8b310a75463fefd3058bf48",
              "versionType": "git"
            },
            {
              "lessThan": "549c6db503dbb85dbff4840830971853feac6625",
              "status": "affected",
              "version": "2389fc1305fc1e2cf8b310a75463fefd3058bf48",
              "versionType": "git"
            },
            {
              "lessThan": "bc847787233277a337788568e90a6ee1557595eb",
              "status": "affected",
              "version": "2389fc1305fc1e2cf8b310a75463fefd3058bf48",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "lessThan": "4.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.252",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.202",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.128",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.252",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.202",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.165",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.128",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.75",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.16",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.6",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release\n\nThe atmel_hlcdc_plane_atomic_duplicate_state() callback was copying\nthe atmel_hlcdc_plane state structure without properly duplicating the\ndrm_plane_state. In particular, state-\u003ecommit remained set to the old\nstate commit, which can lead to a use-after-free in the next\ndrm_atomic_commit() call.\n\nFix this by calling\n__drm_atomic_helper_duplicate_plane_state(), which correctly clones\nthe base drm_plane_state (including the -\u003ecommit pointer).\n\nIt has been seen when closing and re-opening the device node while\nanother DRM client (e.g. fbdev) is still attached:\n\n=============================================================================\nBUG kmalloc-64 (Not tainted): Poison overwritten\n-----------------------------------------------------------------------------\n\n0xc611b344-0xc611b344 @offset=836. First byte 0x6a instead of 0x6b\nFIX kmalloc-64: Restoring Poison 0xc611b344-0xc611b344=0x6b\nAllocated in drm_atomic_helper_setup_commit+0x1e8/0x7bc age=178 cpu=0\npid=29\n drm_atomic_helper_setup_commit+0x1e8/0x7bc\n drm_atomic_helper_commit+0x3c/0x15c\n drm_atomic_commit+0xc0/0xf4\n drm_framebuffer_remove+0x4cc/0x5a8\n drm_mode_rmfb_work_fn+0x6c/0x80\n process_one_work+0x12c/0x2cc\n worker_thread+0x2a8/0x400\n kthread+0xc0/0xdc\n ret_from_fork+0x14/0x28\nFreed in drm_atomic_helper_commit_hw_done+0x100/0x150 age=8 cpu=0\npid=169\n drm_atomic_helper_commit_hw_done+0x100/0x150\n drm_atomic_helper_commit_tail+0x64/0x8c\n commit_tail+0x168/0x18c\n drm_atomic_helper_commit+0x138/0x15c\n drm_atomic_commit+0xc0/0xf4\n drm_atomic_helper_set_config+0x84/0xb8\n drm_mode_setcrtc+0x32c/0x810\n drm_ioctl+0x20c/0x488\n sys_ioctl+0x14c/0xc20\n ret_fast_syscall+0x0/0x54\nSlab 0xef8bc360 objects=21 used=16 fp=0xc611b7c0\nflags=0x200(workingset|zone=0)\nObject 0xc611b340 @offset=832 fp=0xc611b7c0"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:20:38.244Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fd4a4d0711f48a99b25bcd45e00eef8339eff82d"
        },
        {
          "url": "https://git.kernel.org/stable/c/6404898af86d986db1dbbe06177c143e40652e49"
        },
        {
          "url": "https://git.kernel.org/stable/c/796e77c14c4c1e2cd36473760fb6cc66c695eb47"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac2d898da5095d46bd1ff8585fdd753d58ad91e7"
        },
        {
          "url": "https://git.kernel.org/stable/c/a205740a7231e967ac77cb731171642901c327af"
        },
        {
          "url": "https://git.kernel.org/stable/c/7b4d0fab3ff2c00c6d34e1952c9df5129a826aee"
        },
        {
          "url": "https://git.kernel.org/stable/c/549c6db503dbb85dbff4840830971853feac6625"
        },
        {
          "url": "https://git.kernel.org/stable/c/bc847787233277a337788568e90a6ee1557595eb"
        }
      ],
      "title": "drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-43236",
    "datePublished": "2026-05-06T11:28:31.543Z",
    "dateReserved": "2026-05-01T14:12:55.995Z",
    "dateUpdated": "2026-05-11T22:20:38.244Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ceph/file.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "36673344b41c31fb502dd0d0113cec1aa96f581e",
              "status": "affected",
              "version": "ad7a60de882aca31afb58721db166f7e77afcd92",
              "versionType": "git"
            },
            {
              "lessThan": "5788b742007f53406049bef917833a71ddd43f60",
              "status": "affected",
              "version": "ad7a60de882aca31afb58721db166f7e77afcd92",
              "versionType": "git"
            },
            {
              "lessThan": "757873abfc8ea38592582180aed0f57f0f0cb07a",
              "status": "affected",
              "version": "ad7a60de882aca31afb58721db166f7e77afcd92",
              "versionType": "git"
            },
            {
              "lessThan": "9efa154609cdb658f51c7d76b30a09f7e6485250",
              "status": "affected",
              "version": "ad7a60de882aca31afb58721db166f7e77afcd92",
              "versionType": "git"
            },
            {
              "lessThan": "531a76c5a2e44264cee8a70121e63eb28c1ba728",
              "status": "affected",
              "version": "ad7a60de882aca31afb58721db166f7e77afcd92",
              "versionType": "git"
            },
            {
              "lessThan": "69e59a87bab0ea31ab2a584fc65e12dafacf8953",
              "status": "affected",
              "version": "ad7a60de882aca31afb58721db166f7e77afcd92",
              "versionType": "git"
            },
            {
              "lessThan": "4097e70fc543cca72982854108a32f6ae924e727",
              "status": "affected",
              "version": "ad7a60de882aca31afb58721db166f7e77afcd92",
              "versionType": "git"
            },
            {
              "lessThan": "f16bd3fa74a2084ee7e16a8a2be7e7399b970907",
              "status": "affected",
              "version": "ad7a60de882aca31afb58721db166f7e77afcd92",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ceph/file.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.12"
            },
            {
              "lessThan": "3.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.252",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.202",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.128",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.252",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.202",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.165",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.128",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.75",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.16",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.6",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: supply snapshot context in ceph_zero_partial_object()\n\nThe ceph_zero_partial_object function was missing proper snapshot\ncontext for its OSD write operations, which could lead to data\ninconsistencies in snapshots.\n\nReproducer:\n../src/vstart.sh --new -x --localhost --bluestore\n./bin/ceph auth caps client.fs_a mds \u0027allow rwps fsname=a\u0027 mon \u0027allow r fsname=a\u0027 osd \u0027allow rw tag cephfs data=a\u0027\nmount -t ceph fs_a@.a=/ /mnt/mycephfs/ -o conf=./ceph.conf\ndd if=/dev/urandom of=/mnt/mycephfs/foo bs=64K count=1\nmkdir /mnt/mycephfs/.snap/snap1\nmd5sum /mnt/mycephfs/.snap/snap1/foo\nfallocate -p -o 0 -l 4096 /mnt/mycephfs/foo\necho 3 \u003e /proc/sys/vm/drop/caches\nmd5sum /mnt/mycephfs/.snap/snap1/foo # get different md5sum!!"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:21:22.184Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/36673344b41c31fb502dd0d0113cec1aa96f581e"
        },
        {
          "url": "https://git.kernel.org/stable/c/5788b742007f53406049bef917833a71ddd43f60"
        },
        {
          "url": "https://git.kernel.org/stable/c/757873abfc8ea38592582180aed0f57f0f0cb07a"
        },
        {
          "url": "https://git.kernel.org/stable/c/9efa154609cdb658f51c7d76b30a09f7e6485250"
        },
        {
          "url": "https://git.kernel.org/stable/c/531a76c5a2e44264cee8a70121e63eb28c1ba728"
        },
        {
          "url": "https://git.kernel.org/stable/c/69e59a87bab0ea31ab2a584fc65e12dafacf8953"
        },
        {
          "url": "https://git.kernel.org/stable/c/4097e70fc543cca72982854108a32f6ae924e727"
        },
        {
          "url": "https://git.kernel.org/stable/c/f16bd3fa74a2084ee7e16a8a2be7e7399b970907"
        }
      ],
      "title": "ceph: supply snapshot context in ceph_zero_partial_object()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-43273",
    "datePublished": "2026-05-06T11:28:56.851Z",
    "dateReserved": "2026-05-01T14:12:55.998Z",
    "dateUpdated": "2026-05-11T22:21:22.184Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/squashfs/cache.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "60f679f643f3f36a8571ea585e4ce5d93ef952b5",
              "status": "affected",
              "version": "f400e12656ab518be107febfe2315fb1eab5a342",
              "versionType": "git"
            },
            {
              "lessThan": "3f68a9457a6190814377577374da75f872e0a013",
              "status": "affected",
              "version": "f400e12656ab518be107febfe2315fb1eab5a342",
              "versionType": "git"
            },
            {
              "lessThan": "0c8ab092aec3ac4294940054772d30b511b16713",
              "status": "affected",
              "version": "f400e12656ab518be107febfe2315fb1eab5a342",
              "versionType": "git"
            },
            {
              "lessThan": "6b847d65f5b0065e02080c61fad93d57d6686383",
              "status": "affected",
              "version": "f400e12656ab518be107febfe2315fb1eab5a342",
              "versionType": "git"
            },
            {
              "lessThan": "9e9fa5ad37c9cbad73c165c7ff1e76e650825e7c",
              "status": "affected",
              "version": "f400e12656ab518be107febfe2315fb1eab5a342",
              "versionType": "git"
            },
            {
              "lessThan": "01ee0bcc29864b78249308e8b35042b09bbf5fe3",
              "status": "affected",
              "version": "f400e12656ab518be107febfe2315fb1eab5a342",
              "versionType": "git"
            },
            {
              "lessThan": "3b9499e7d677dd4366239a292238489a804936b2",
              "status": "affected",
              "version": "f400e12656ab518be107febfe2315fb1eab5a342",
              "versionType": "git"
            },
            {
              "lessThan": "fdb24a820a5832ec4532273282cbd4f22c291a0d",
              "status": "affected",
              "version": "f400e12656ab518be107febfe2315fb1eab5a342",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/squashfs/cache.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.29"
            },
            {
              "lessThan": "2.6.29",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.203",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.130",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.253",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.203",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.167",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.130",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.77",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.17",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.7",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: check metadata block offset is within range\n\nSyzkaller reports a \"general protection fault in squashfs_copy_data\"\n\nThis is ultimately caused by a corrupted index look-up table, which\nproduces a negative metadata block offset.\n\nThis is subsequently passed to squashfs_copy_data (via\nsquashfs_read_metadata) where the negative offset causes an out of bounds\naccess.\n\nThe fix is to check that the offset is within range in\nsquashfs_read_metadata.  This will trap this and other cases."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:05:54.748Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/60f679f643f3f36a8571ea585e4ce5d93ef952b5"
        },
        {
          "url": "https://git.kernel.org/stable/c/3f68a9457a6190814377577374da75f872e0a013"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c8ab092aec3ac4294940054772d30b511b16713"
        },
        {
          "url": "https://git.kernel.org/stable/c/6b847d65f5b0065e02080c61fad93d57d6686383"
        },
        {
          "url": "https://git.kernel.org/stable/c/9e9fa5ad37c9cbad73c165c7ff1e76e650825e7c"
        },
        {
          "url": "https://git.kernel.org/stable/c/01ee0bcc29864b78249308e8b35042b09bbf5fe3"
        },
        {
          "url": "https://git.kernel.org/stable/c/3b9499e7d677dd4366239a292238489a804936b2"
        },
        {
          "url": "https://git.kernel.org/stable/c/fdb24a820a5832ec4532273282cbd4f22c291a0d"
        }
      ],
      "title": "Squashfs: check metadata block offset is within range",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-23388",
    "datePublished": "2026-03-25T10:28:06.224Z",
    "dateReserved": "2026-01-13T15:37:46.008Z",
    "dateUpdated": "2026-05-11T22:05:54.748Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/l2cap_sock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d34776c7fa1f2c510f1cdd14823aba701babb4ad",
              "status": "affected",
              "version": "54a59aa2b562872781d6a8fc89f300d360941691",
              "versionType": "git"
            },
            {
              "lessThan": "03d4eafb0f3788239df63575951f6b4c97bbfda4",
              "status": "affected",
              "version": "54a59aa2b562872781d6a8fc89f300d360941691",
              "versionType": "git"
            },
            {
              "lessThan": "3c821bc0fbeaa27910a20d0b43c6008d099792af",
              "status": "affected",
              "version": "54a59aa2b562872781d6a8fc89f300d360941691",
              "versionType": "git"
            },
            {
              "lessThan": "a04a760c06bb591989db659439efdf106f0bae76",
              "status": "affected",
              "version": "54a59aa2b562872781d6a8fc89f300d360941691",
              "versionType": "git"
            },
            {
              "lessThan": "0780f9333852971ca77d110019e3a66ce5a7b100",
              "status": "affected",
              "version": "54a59aa2b562872781d6a8fc89f300d360941691",
              "versionType": "git"
            },
            {
              "lessThan": "1dc6db047919ecd59493cd51248b37381bbabcbb",
              "status": "affected",
              "version": "54a59aa2b562872781d6a8fc89f300d360941691",
              "versionType": "git"
            },
            {
              "lessThan": "898b89c90ff9496e64b9331040778cc4e1b28c9d",
              "status": "affected",
              "version": "54a59aa2b562872781d6a8fc89f300d360941691",
              "versionType": "git"
            },
            {
              "lessThan": "b6552e0503973daf6f23bd6ed9273ef131ee364f",
              "status": "affected",
              "version": "54a59aa2b562872781d6a8fc89f300d360941691",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/l2cap_sock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.6"
            },
            {
              "lessThan": "3.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.203",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.131",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.21",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.253",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.203",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.168",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.131",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.80",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.21",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.11",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb\n\nBefore using sk pointer, check if it is null.\n\nFix the following:\n\n KASAN: null-ptr-deref in range [0x0000000000000260-0x0000000000000267]\n CPU: 0 UID: 0 PID: 5985 Comm: kworker/0:5 Not tainted 7.0.0-rc4-00029-ga989fde763f4 #1 PREEMPT(full)\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-9.fc43 06/10/2025\n Workqueue: events l2cap_info_timeout\n RIP: 0010:kasan_byte_accessible+0x12/0x30\n Code: 79 ff ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df \u003c0f\u003e b6 04 07 3c 08 0f 92 c0 c3 cc cce\n veth0_macvtap: entered promiscuous mode\n RSP: 0018:ffffc90006e0f808 EFLAGS: 00010202\n RAX: dffffc0000000000 RBX: ffffffff89746018 RCX: 0000000080000001\n RDX: 0000000000000000 RSI: ffffffff89746018 RDI: 000000000000004c\n RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n R10: dffffc0000000000 R11: ffffffff8aae3e70 R12: 0000000000000000\n R13: 0000000000000260 R14: 0000000000000260 R15: 0000000000000001\n FS:  0000000000000000(0000) GS:ffff8880983c2000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00005582615a5008 CR3: 000000007007e000 CR4: 0000000000752ef0\n PKRU: 55555554\n Call Trace:\n  \u003cTASK\u003e\n  __kasan_check_byte+0x12/0x40\n  lock_acquire+0x79/0x2e0\n  lock_sock_nested+0x48/0x100\n  ? l2cap_sock_ready_cb+0x46/0x160\n  l2cap_sock_ready_cb+0x46/0x160\n  l2cap_conn_start+0x779/0xff0\n  ? __pfx_l2cap_conn_start+0x10/0x10\n  ? l2cap_info_timeout+0x60/0xa0\n  ? __pfx___mutex_lock+0x10/0x10\n  l2cap_info_timeout+0x68/0xa0\n  ? process_scheduled_works+0xa8d/0x18c0\n  process_scheduled_works+0xb6e/0x18c0\n  ? __pfx_process_scheduled_works+0x10/0x10\n  ? assign_work+0x3d5/0x5e0\n  worker_thread+0xa53/0xfc0\n  kthread+0x388/0x470\n  ? __pfx_worker_thread+0x10/0x10\n  ? __pfx_kthread+0x10/0x10\n  ret_from_fork+0x51e/0xb90\n  ? __pfx_ret_from_fork+0x10/0x10\n veth1_macvtap: entered promiscuous mode\n  ? __switch_to+0xc7d/0x1450\n  ? __pfx_kthread+0x10/0x10\n  ret_from_fork_asm+0x1a/0x30\n  \u003c/TASK\u003e\n Modules linked in:\n ---[ end trace 0000000000000000 ]---\n batman_adv: batadv0: Interface activated: batadv_slave_0\n batman_adv: batadv0: Interface activated: batadv_slave_1\n netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0\n netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0\n netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0\n netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0\n RIP: 0010:kasan_byte_accessible+0x12/0x30\n Code: 79 ff ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df \u003c0f\u003e b6 04 07 3c 08 0f 92 c0 c3 cc cce\n ieee80211 phy39: Selected rate control algorithm \u0027minstrel_ht\u0027\n RSP: 0018:ffffc90006e0f808 EFLAGS: 00010202\n RAX: dffffc0000000000 RBX: ffffffff89746018 RCX: 0000000080000001\n RDX: 0000000000000000 RSI: ffffffff89746018 RDI: 000000000000004c\n RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n R10: dffffc0000000000 R11: ffffffff8aae3e70 R12: 0000000000000000\n R13: 0000000000000260 R14: 0000000000000260 R15: 0000000000000001\n FS:  0000000000000000(0000) GS:ffff8880983c2000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f7e16139e9c CR3: 000000000e74e000 CR4: 0000000000752ef0\n PKRU: 55555554\n Kernel panic - not syncing: Fatal exception"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:10:11.263Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d34776c7fa1f2c510f1cdd14823aba701babb4ad"
        },
        {
          "url": "https://git.kernel.org/stable/c/03d4eafb0f3788239df63575951f6b4c97bbfda4"
        },
        {
          "url": "https://git.kernel.org/stable/c/3c821bc0fbeaa27910a20d0b43c6008d099792af"
        },
        {
          "url": "https://git.kernel.org/stable/c/a04a760c06bb591989db659439efdf106f0bae76"
        },
        {
          "url": "https://git.kernel.org/stable/c/0780f9333852971ca77d110019e3a66ce5a7b100"
        },
        {
          "url": "https://git.kernel.org/stable/c/1dc6db047919ecd59493cd51248b37381bbabcbb"
        },
        {
          "url": "https://git.kernel.org/stable/c/898b89c90ff9496e64b9331040778cc4e1b28c9d"
        },
        {
          "url": "https://git.kernel.org/stable/c/b6552e0503973daf6f23bd6ed9273ef131ee364f"
        }
      ],
      "title": "Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-31510",
    "datePublished": "2026-04-22T13:54:28.712Z",
    "dateReserved": "2026-03-09T15:48:24.106Z",
    "dateUpdated": "2026-05-11T22:10:11.263Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/pci/cx25821/cx25821-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9f1c926248bde95a77ca104ab525467470607836",
              "status": "affected",
              "version": "02b20b0b4cde011f7ad6b5363fb88b93f7ad4e5b",
              "versionType": "git"
            },
            {
              "lessThan": "071bfc6e723aabbbf08f0d439fb913cd01eb8de2",
              "status": "affected",
              "version": "02b20b0b4cde011f7ad6b5363fb88b93f7ad4e5b",
              "versionType": "git"
            },
            {
              "lessThan": "f7759eb6738ee9fc296f6ab1705c6809947976f3",
              "status": "affected",
              "version": "02b20b0b4cde011f7ad6b5363fb88b93f7ad4e5b",
              "versionType": "git"
            },
            {
              "lessThan": "4010e596d23cda6de65acb14f7fd4ce8289f1d49",
              "status": "affected",
              "version": "02b20b0b4cde011f7ad6b5363fb88b93f7ad4e5b",
              "versionType": "git"
            },
            {
              "lessThan": "e220ec4c4596d634685b8a08d79ad876a720b466",
              "status": "affected",
              "version": "02b20b0b4cde011f7ad6b5363fb88b93f7ad4e5b",
              "versionType": "git"
            },
            {
              "lessThan": "b7210170b10e2d17f7a4f6b9d39cc092442db860",
              "status": "affected",
              "version": "02b20b0b4cde011f7ad6b5363fb88b93f7ad4e5b",
              "versionType": "git"
            },
            {
              "lessThan": "80ce3797dc99dae4ce8b939626b891c9eb85139f",
              "status": "affected",
              "version": "02b20b0b4cde011f7ad6b5363fb88b93f7ad4e5b",
              "versionType": "git"
            },
            {
              "lessThan": "68cd8ac994cac38a305200f638b30e13c690753b",
              "status": "affected",
              "version": "02b20b0b4cde011f7ad6b5363fb88b93f7ad4e5b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/pci/cx25821/cx25821-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.32"
            },
            {
              "lessThan": "2.6.32",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.252",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.202",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.128",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.252",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.202",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.165",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.128",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.75",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.16",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.6",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "2.6.32",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx25821: Fix a resource leak in cx25821_dev_setup()\n\nAdd release_mem_region() if ioremap() fails to release the memory\nregion obtained by cx25821_get_resources()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:19:27.248Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9f1c926248bde95a77ca104ab525467470607836"
        },
        {
          "url": "https://git.kernel.org/stable/c/071bfc6e723aabbbf08f0d439fb913cd01eb8de2"
        },
        {
          "url": "https://git.kernel.org/stable/c/f7759eb6738ee9fc296f6ab1705c6809947976f3"
        },
        {
          "url": "https://git.kernel.org/stable/c/4010e596d23cda6de65acb14f7fd4ce8289f1d49"
        },
        {
          "url": "https://git.kernel.org/stable/c/e220ec4c4596d634685b8a08d79ad876a720b466"
        },
        {
          "url": "https://git.kernel.org/stable/c/b7210170b10e2d17f7a4f6b9d39cc092442db860"
        },
        {
          "url": "https://git.kernel.org/stable/c/80ce3797dc99dae4ce8b939626b891c9eb85139f"
        },
        {
          "url": "https://git.kernel.org/stable/c/68cd8ac994cac38a305200f638b30e13c690753b"
        }
      ],
      "title": "media: cx25821: Fix a resource leak in cx25821_dev_setup()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-43183",
    "datePublished": "2026-05-06T11:27:54.977Z",
    "dateReserved": "2026-05-01T14:12:55.991Z",
    "dateUpdated": "2026-05-11T22:19:27.248Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/nvme/host/pci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "965e2c943f065122f14282a88d70a8a92e12a4da",
              "status": "affected",
              "version": "4b04cc6a8f86c4842314def22332de1f15de8523",
              "versionType": "git"
            },
            {
              "lessThan": "ba167d5982e2eb6ff9356d409eca592ce99555da",
              "status": "affected",
              "version": "4b04cc6a8f86c4842314def22332de1f15de8523",
              "versionType": "git"
            },
            {
              "lessThan": "0685dd9cb855ab77fcf3577b4702ba1d6df1c98d",
              "status": "affected",
              "version": "4b04cc6a8f86c4842314def22332de1f15de8523",
              "versionType": "git"
            },
            {
              "lessThan": "6f12734c4b619f923a4df0b1a46b8098b187d324",
              "status": "affected",
              "version": "4b04cc6a8f86c4842314def22332de1f15de8523",
              "versionType": "git"
            },
            {
              "lessThan": "acbc72dd1a09df53cafcf577259f4678be6afd6d",
              "status": "affected",
              "version": "4b04cc6a8f86c4842314def22332de1f15de8523",
              "versionType": "git"
            },
            {
              "lessThan": "b96c7b25eb1b748f3e3b1832ebf028b0b223d7e3",
              "status": "affected",
              "version": "4b04cc6a8f86c4842314def22332de1f15de8523",
              "versionType": "git"
            },
            {
              "lessThan": "b222680ba55e018426c4535067a008f1d81a5d21",
              "status": "affected",
              "version": "4b04cc6a8f86c4842314def22332de1f15de8523",
              "versionType": "git"
            },
            {
              "lessThan": "166e31d7dbf6aa44829b98aa446bda5c9580f12a",
              "status": "affected",
              "version": "4b04cc6a8f86c4842314def22332de1f15de8523",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/nvme/host/pci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "lessThan": "5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.203",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.131",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.21",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.253",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.203",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.168",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.131",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.80",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.21",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.11",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: ensure we\u0027re polling a polled queue\n\nA user can change the polled queue count at run time. There\u0027s a brief\nwindow during a reset where a hipri task may try to poll that queue\nbefore the block layer has updated the queue maps, which would race with\nthe now interrupt driven queue and may cause double completions."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:10:26.646Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/965e2c943f065122f14282a88d70a8a92e12a4da"
        },
        {
          "url": "https://git.kernel.org/stable/c/ba167d5982e2eb6ff9356d409eca592ce99555da"
        },
        {
          "url": "https://git.kernel.org/stable/c/0685dd9cb855ab77fcf3577b4702ba1d6df1c98d"
        },
        {
          "url": "https://git.kernel.org/stable/c/6f12734c4b619f923a4df0b1a46b8098b187d324"
        },
        {
          "url": "https://git.kernel.org/stable/c/acbc72dd1a09df53cafcf577259f4678be6afd6d"
        },
        {
          "url": "https://git.kernel.org/stable/c/b96c7b25eb1b748f3e3b1832ebf028b0b223d7e3"
        },
        {
          "url": "https://git.kernel.org/stable/c/b222680ba55e018426c4535067a008f1d81a5d21"
        },
        {
          "url": "https://git.kernel.org/stable/c/166e31d7dbf6aa44829b98aa446bda5c9580f12a"
        }
      ],
      "title": "nvme-pci: ensure we\u0027re polling a polled queue",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-31523",
    "datePublished": "2026-04-22T13:54:37.568Z",
    "dateReserved": "2026-03-09T15:48:24.110Z",
    "dateUpdated": "2026-05-11T22:10:26.646Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/seg6_iptunnel.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1dec91d3b1cefb82635761b7812154af3ef46449",
              "status": "affected",
              "version": "6c8702c60b88651072460f3f4026c7dfe2521d12",
              "versionType": "git"
            },
            {
              "lessThan": "750569d6987a0ff46317a4b86eb3907e296287bf",
              "status": "affected",
              "version": "6c8702c60b88651072460f3f4026c7dfe2521d12",
              "versionType": "git"
            },
            {
              "lessThan": "57d0374d14fa667dec6952173b93e7e84486d5c9",
              "status": "affected",
              "version": "6c8702c60b88651072460f3f4026c7dfe2521d12",
              "versionType": "git"
            },
            {
              "lessThan": "84d458018b147176b259347103fccb7e93abd2b1",
              "status": "affected",
              "version": "6c8702c60b88651072460f3f4026c7dfe2521d12",
              "versionType": "git"
            },
            {
              "lessThan": "6305ad032b03d2ea4181b953a66e19a9a6ed053c",
              "status": "affected",
              "version": "6c8702c60b88651072460f3f4026c7dfe2521d12",
              "versionType": "git"
            },
            {
              "lessThan": "fb56de5d99218de49d5d43ef3a99e062ecd0f9a1",
              "status": "affected",
              "version": "6c8702c60b88651072460f3f4026c7dfe2521d12",
              "versionType": "git"
            },
            {
              "lessThan": "17d87d42874f5d6c1a0ccc6d9190dfe82a9a7a6a",
              "status": "affected",
              "version": "6c8702c60b88651072460f3f4026c7dfe2521d12",
              "versionType": "git"
            },
            {
              "lessThan": "c3812651b522fe8437ebb7063b75ddb95b571643",
              "status": "affected",
              "version": "6c8702c60b88651072460f3f4026c7dfe2521d12",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/seg6_iptunnel.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.10"
            },
            {
              "lessThan": "4.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.203",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.169",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.135",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.82",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.253",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.203",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.169",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.135",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.82",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.23",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.13",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nseg6: separate dst_cache for input and output paths in seg6 lwtunnel\n\nThe seg6 lwtunnel uses a single dst_cache per encap route, shared\nbetween seg6_input_core() and seg6_output_core(). These two paths\ncan perform the post-encap SID lookup in different routing contexts\n(e.g., ip rules matching on the ingress interface, or VRF table\nseparation). Whichever path runs first populates the cache, and the\nother reuses it blindly, bypassing its own lookup.\n\nFix this by splitting the cache into cache_input and cache_output,\nso each path maintains its own cached dst independently."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:13:19.910Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1dec91d3b1cefb82635761b7812154af3ef46449"
        },
        {
          "url": "https://git.kernel.org/stable/c/750569d6987a0ff46317a4b86eb3907e296287bf"
        },
        {
          "url": "https://git.kernel.org/stable/c/57d0374d14fa667dec6952173b93e7e84486d5c9"
        },
        {
          "url": "https://git.kernel.org/stable/c/84d458018b147176b259347103fccb7e93abd2b1"
        },
        {
          "url": "https://git.kernel.org/stable/c/6305ad032b03d2ea4181b953a66e19a9a6ed053c"
        },
        {
          "url": "https://git.kernel.org/stable/c/fb56de5d99218de49d5d43ef3a99e062ecd0f9a1"
        },
        {
          "url": "https://git.kernel.org/stable/c/17d87d42874f5d6c1a0ccc6d9190dfe82a9a7a6a"
        },
        {
          "url": "https://git.kernel.org/stable/c/c3812651b522fe8437ebb7063b75ddb95b571643"
        }
      ],
      "title": "seg6: separate dst_cache for input and output paths in seg6 lwtunnel",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-31668",
    "datePublished": "2026-04-24T14:45:16.630Z",
    "dateReserved": "2026-03-09T15:48:24.129Z",
    "dateUpdated": "2026-05-11T22:13:19.910Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/route.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d542e2ac7f9e288d49735be0775611547ca4e0ee",
              "status": "affected",
              "version": "4832c30d5458387ff2533ff66fbde26ad8bb5a2d",
              "versionType": "git"
            },
            {
              "lessThan": "a73fe9f4ae84a239d5b2686f47a58c158aee2eb4",
              "status": "affected",
              "version": "4832c30d5458387ff2533ff66fbde26ad8bb5a2d",
              "versionType": "git"
            },
            {
              "lessThan": "4a48fe59f29f673a3d042d679f26629a9c3e29d4",
              "status": "affected",
              "version": "4832c30d5458387ff2533ff66fbde26ad8bb5a2d",
              "versionType": "git"
            },
            {
              "lessThan": "581800298313c9fd75e94985e6d37d21b7e35d34",
              "status": "affected",
              "version": "4832c30d5458387ff2533ff66fbde26ad8bb5a2d",
              "versionType": "git"
            },
            {
              "lessThan": "3310fc11fc47387d1dd4759b0bc961643ea11c7f",
              "status": "affected",
              "version": "4832c30d5458387ff2533ff66fbde26ad8bb5a2d",
              "versionType": "git"
            },
            {
              "lessThan": "0b5a7826020706057cc5a9d9009e667027f221ee",
              "status": "affected",
              "version": "4832c30d5458387ff2533ff66fbde26ad8bb5a2d",
              "versionType": "git"
            },
            {
              "lessThan": "ae88c8256547b63980770a9ea7be73a15900d27e",
              "status": "affected",
              "version": "4832c30d5458387ff2533ff66fbde26ad8bb5a2d",
              "versionType": "git"
            },
            {
              "lessThan": "2ffb4f5c2ccb2fa1c049dd11899aee7967deef5a",
              "status": "affected",
              "version": "4832c30d5458387ff2533ff66fbde26ad8bb5a2d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/route.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "lessThan": "4.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.203",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.130",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.253",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.203",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.167",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.130",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.77",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.17",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.7",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu()\n\nl3mdev_master_dev_rcu() can return NULL when the slave device is being\nun-slaved from a VRF. All other callers deal with this, but we lost\nthe fallback to loopback in ip6_rt_pcpu_alloc() -\u003e ip6_rt_get_dev_rcu()\nwith commit 4832c30d5458 (\"net: ipv6: put host and anycast routes on\ndevice with address\").\n\n  KASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f]\n  RIP: 0010:ip6_rt_pcpu_alloc (net/ipv6/route.c:1418)\n  Call Trace:\n   ip6_pol_route (net/ipv6/route.c:2318)\n   fib6_rule_lookup (net/ipv6/fib6_rules.c:115)\n   ip6_route_output_flags (net/ipv6/route.c:2607)\n   vrf_process_v6_outbound (drivers/net/vrf.c:437)\n\nI was tempted to rework the un-slaving code to clear the flag first\nand insert synchronize_rcu() before we remove the upper. But looks like\nthe explicit fallback to loopback_dev is an established pattern.\nAnd I guess avoiding the synchronize_rcu() is nice, too."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:04:17.686Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d542e2ac7f9e288d49735be0775611547ca4e0ee"
        },
        {
          "url": "https://git.kernel.org/stable/c/a73fe9f4ae84a239d5b2686f47a58c158aee2eb4"
        },
        {
          "url": "https://git.kernel.org/stable/c/4a48fe59f29f673a3d042d679f26629a9c3e29d4"
        },
        {
          "url": "https://git.kernel.org/stable/c/581800298313c9fd75e94985e6d37d21b7e35d34"
        },
        {
          "url": "https://git.kernel.org/stable/c/3310fc11fc47387d1dd4759b0bc961643ea11c7f"
        },
        {
          "url": "https://git.kernel.org/stable/c/0b5a7826020706057cc5a9d9009e667027f221ee"
        },
        {
          "url": "https://git.kernel.org/stable/c/ae88c8256547b63980770a9ea7be73a15900d27e"
        },
        {
          "url": "https://git.kernel.org/stable/c/2ffb4f5c2ccb2fa1c049dd11899aee7967deef5a"
        }
      ],
      "title": "ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-23304",
    "datePublished": "2026-03-25T10:26:59.015Z",
    "dateReserved": "2026-01-13T15:37:45.993Z",
    "dateUpdated": "2026-05-11T22:04:17.686Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/key/af_key.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d0c5aa8dd38887714f1aad04236a3620b56a5e4e",
              "status": "affected",
              "version": "08de61beab8a21c8e0b3906a97defda5f1f66ece",
              "versionType": "git"
            },
            {
              "lessThan": "e06b596fc4eb01936a2e5dccad17c946d660bab8",
              "status": "affected",
              "version": "08de61beab8a21c8e0b3906a97defda5f1f66ece",
              "versionType": "git"
            },
            {
              "lessThan": "8ddf8de7e758f6888988467af9ffc8adf589fb16",
              "status": "affected",
              "version": "08de61beab8a21c8e0b3906a97defda5f1f66ece",
              "versionType": "git"
            },
            {
              "lessThan": "d3225e6b9bd51ec177970a628fe4b11237ce87d5",
              "status": "affected",
              "version": "08de61beab8a21c8e0b3906a97defda5f1f66ece",
              "versionType": "git"
            },
            {
              "lessThan": "7b18692c59afb8e5c364c8e3ac01e51dd6b52028",
              "status": "affected",
              "version": "08de61beab8a21c8e0b3906a97defda5f1f66ece",
              "versionType": "git"
            },
            {
              "lessThan": "83f644ea92987c100b82d8481ae2230faeed3d34",
              "status": "affected",
              "version": "08de61beab8a21c8e0b3906a97defda5f1f66ece",
              "versionType": "git"
            },
            {
              "lessThan": "ee836e820a40e2ca4da8af7310bff92d586772d4",
              "status": "affected",
              "version": "08de61beab8a21c8e0b3906a97defda5f1f66ece",
              "versionType": "git"
            },
            {
              "lessThan": "eb2d16a7d599dc9d4df391b5e660df9949963786",
              "status": "affected",
              "version": "08de61beab8a21c8e0b3906a97defda5f1f66ece",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/key/af_key.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.21"
            },
            {
              "lessThan": "2.6.21",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.203",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.131",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.80",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.21",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.253",
                  "versionStartIncluding": "2.6.21",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.203",
                  "versionStartIncluding": "2.6.21",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.168",
                  "versionStartIncluding": "2.6.21",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.131",
                  "versionStartIncluding": "2.6.21",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.80",
                  "versionStartIncluding": "2.6.21",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.21",
                  "versionStartIncluding": "2.6.21",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.11",
                  "versionStartIncluding": "2.6.21",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "2.6.21",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_key: validate families in pfkey_send_migrate()\n\nsyzbot was able to trigger a crash in skb_put() [1]\n\nIssue is that pfkey_send_migrate() does not check old/new families,\nand that set_ipsecrequest() @family argument was truncated,\nthus possibly overfilling the skb.\n\nValidate families early, do not wait set_ipsecrequest().\n\n[1]\n\nskbuff: skb_over_panic: text:ffffffff8a752120 len:392 put:16 head:ffff88802a4ad040 data:ffff88802a4ad040 tail:0x188 end:0x180 dev:\u003cNULL\u003e\n kernel BUG at net/core/skbuff.c:214 !\nCall Trace:\n \u003cTASK\u003e\n  skb_over_panic net/core/skbuff.c:219 [inline]\n  skb_put+0x159/0x210 net/core/skbuff.c:2655\n  skb_put_zero include/linux/skbuff.h:2788 [inline]\n  set_ipsecrequest net/key/af_key.c:3532 [inline]\n  pfkey_send_migrate+0x1270/0x2e50 net/key/af_key.c:3636\n  km_migrate+0x155/0x260 net/xfrm/xfrm_state.c:2848\n  xfrm_migrate+0x2140/0x2450 net/xfrm/xfrm_policy.c:4705\n  xfrm_do_migrate+0x8ff/0xaa0 net/xfrm/xfrm_user.c:3150"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:10:17.324Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d0c5aa8dd38887714f1aad04236a3620b56a5e4e"
        },
        {
          "url": "https://git.kernel.org/stable/c/e06b596fc4eb01936a2e5dccad17c946d660bab8"
        },
        {
          "url": "https://git.kernel.org/stable/c/8ddf8de7e758f6888988467af9ffc8adf589fb16"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3225e6b9bd51ec177970a628fe4b11237ce87d5"
        },
        {
          "url": "https://git.kernel.org/stable/c/7b18692c59afb8e5c364c8e3ac01e51dd6b52028"
        },
        {
          "url": "https://git.kernel.org/stable/c/83f644ea92987c100b82d8481ae2230faeed3d34"
        },
        {
          "url": "https://git.kernel.org/stable/c/ee836e820a40e2ca4da8af7310bff92d586772d4"
        },
        {
          "url": "https://git.kernel.org/stable/c/eb2d16a7d599dc9d4df391b5e660df9949963786"
        }
      ],
      "title": "af_key: validate families in pfkey_send_migrate()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-31515",
    "datePublished": "2026-04-22T13:54:32.194Z",
    "dateReserved": "2026-03-09T15:48:24.107Z",
    "dateUpdated": "2026-05-11T22:10:17.324Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ralink/rt2x00/rt2x00usb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "64a457f6afbf15f984d95201a9a1e71eed3f9dd1",
              "status": "affected",
              "version": "8b4c0009313f3d42e2540e3e1f776097dd0db73d",
              "versionType": "git"
            },
            {
              "lessThan": "65518a6965d527c53013947031f26754f6a4f6af",
              "status": "affected",
              "version": "8b4c0009313f3d42e2540e3e1f776097dd0db73d",
              "versionType": "git"
            },
            {
              "lessThan": "15b233e33b35b927bd8d0044c15325564ea1ba24",
              "status": "affected",
              "version": "8b4c0009313f3d42e2540e3e1f776097dd0db73d",
              "versionType": "git"
            },
            {
              "lessThan": "1de5c76bf40e9cdeebf54662f63011fb10fa452f",
              "status": "affected",
              "version": "8b4c0009313f3d42e2540e3e1f776097dd0db73d",
              "versionType": "git"
            },
            {
              "lessThan": "b245db719bc7e57abf48bd5701662b270c3880f7",
              "status": "affected",
              "version": "8b4c0009313f3d42e2540e3e1f776097dd0db73d",
              "versionType": "git"
            },
            {
              "lessThan": "e360d15fcb1e819eef49e3d4434d8050542eed16",
              "status": "affected",
              "version": "8b4c0009313f3d42e2540e3e1f776097dd0db73d",
              "versionType": "git"
            },
            {
              "lessThan": "c99f198841b41735796e2ddfcd573783fb552eb9",
              "status": "affected",
              "version": "8b4c0009313f3d42e2540e3e1f776097dd0db73d",
              "versionType": "git"
            },
            {
              "lessThan": "25369b22223d1c56e42a0cd4ac9137349d5a898e",
              "status": "affected",
              "version": "8b4c0009313f3d42e2540e3e1f776097dd0db73d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ralink/rt2x00/rt2x00usb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.7"
            },
            {
              "lessThan": "4.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.203",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.169",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.135",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.82",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.253",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.203",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.169",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.135",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.82",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.23",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.13",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rt2x00usb: fix devres lifetime\n\nUSB drivers bind to USB interfaces and any device managed resources\nshould have their lifetime tied to the interface rather than parent USB\ndevice. This avoids issues like memory leaks when drivers are unbound\nwithout their devices being physically disconnected (e.g. on probe\ndeferral or configuration changes).\n\nFix the USB anchor lifetime so that it is released on driver unbind."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:13:24.521Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/64a457f6afbf15f984d95201a9a1e71eed3f9dd1"
        },
        {
          "url": "https://git.kernel.org/stable/c/65518a6965d527c53013947031f26754f6a4f6af"
        },
        {
          "url": "https://git.kernel.org/stable/c/15b233e33b35b927bd8d0044c15325564ea1ba24"
        },
        {
          "url": "https://git.kernel.org/stable/c/1de5c76bf40e9cdeebf54662f63011fb10fa452f"
        },
        {
          "url": "https://git.kernel.org/stable/c/b245db719bc7e57abf48bd5701662b270c3880f7"
        },
        {
          "url": "https://git.kernel.org/stable/c/e360d15fcb1e819eef49e3d4434d8050542eed16"
        },
        {
          "url": "https://git.kernel.org/stable/c/c99f198841b41735796e2ddfcd573783fb552eb9"
        },
        {
          "url": "https://git.kernel.org/stable/c/25369b22223d1c56e42a0cd4ac9137349d5a898e"
        }
      ],
      "title": "wifi: rt2x00usb: fix devres lifetime",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-31672",
    "datePublished": "2026-04-24T14:45:19.725Z",
    "dateReserved": "2026-03-09T15:48:24.130Z",
    "dateUpdated": "2026-05-11T22:13:24.521Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/block/rnbd/rnbd-srv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e4272754063d52c9ad0169865add8816ba696471",
              "status": "affected",
              "version": "2de6c8de192b9341ffa5e84afe1ce6196d4eef41",
              "versionType": "git"
            },
            {
              "lessThan": "e2cacec7d4291300a282feb3af8eba57b93b15aa",
              "status": "affected",
              "version": "2de6c8de192b9341ffa5e84afe1ce6196d4eef41",
              "versionType": "git"
            },
            {
              "lessThan": "b646e54d23b9b592d612a2036aab14e0f6c14206",
              "status": "affected",
              "version": "2de6c8de192b9341ffa5e84afe1ce6196d4eef41",
              "versionType": "git"
            },
            {
              "lessThan": "30868a6a5238849d554295aff3ce61d242d7fad8",
              "status": "affected",
              "version": "2de6c8de192b9341ffa5e84afe1ce6196d4eef41",
              "versionType": "git"
            },
            {
              "lessThan": "7aac0a30dcf41cdb510526740d9a2ab1520c5d98",
              "status": "affected",
              "version": "2de6c8de192b9341ffa5e84afe1ce6196d4eef41",
              "versionType": "git"
            },
            {
              "lessThan": "c94ede3c436dfbd9cedd9cb69f604f6fc901b6a2",
              "status": "affected",
              "version": "2de6c8de192b9341ffa5e84afe1ce6196d4eef41",
              "versionType": "git"
            },
            {
              "lessThan": "852475278ca5e96e0c0275950e1a84203e602b33",
              "status": "affected",
              "version": "2de6c8de192b9341ffa5e84afe1ce6196d4eef41",
              "versionType": "git"
            },
            {
              "lessThan": "69d26698e4fd44935510553809007151b2fe4db5",
              "status": "affected",
              "version": "2de6c8de192b9341ffa5e84afe1ce6196d4eef41",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/block/rnbd/rnbd-srv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            },
            {
              "lessThan": "5.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.252",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.202",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.128",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.252",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.202",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.165",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.128",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.75",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.16",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.6",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrnbd-srv: Zero the rsp buffer before using it\n\nBefore using the data buffer to send back the response message, zero it\ncompletely. This prevents any stray bytes to be picked up by the client\nside when there the message is exchanged between different protocol\nversions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:19:28.375Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e4272754063d52c9ad0169865add8816ba696471"
        },
        {
          "url": "https://git.kernel.org/stable/c/e2cacec7d4291300a282feb3af8eba57b93b15aa"
        },
        {
          "url": "https://git.kernel.org/stable/c/b646e54d23b9b592d612a2036aab14e0f6c14206"
        },
        {
          "url": "https://git.kernel.org/stable/c/30868a6a5238849d554295aff3ce61d242d7fad8"
        },
        {
          "url": "https://git.kernel.org/stable/c/7aac0a30dcf41cdb510526740d9a2ab1520c5d98"
        },
        {
          "url": "https://git.kernel.org/stable/c/c94ede3c436dfbd9cedd9cb69f604f6fc901b6a2"
        },
        {
          "url": "https://git.kernel.org/stable/c/852475278ca5e96e0c0275950e1a84203e602b33"
        },
        {
          "url": "https://git.kernel.org/stable/c/69d26698e4fd44935510553809007151b2fe4db5"
        }
      ],
      "title": "rnbd-srv: Zero the rsp buffer before using it",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-43184",
    "datePublished": "2026-05-06T11:27:55.672Z",
    "dateReserved": "2026-05-01T14:12:55.991Z",
    "dateUpdated": "2026-05-11T22:19:28.375Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/mtd/parsers/redboot.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ca235d11fc2fd8fce1dcd9d732dc780be0cde2de",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "e0065e106f798ce6862251bc4fc030ac5cead940",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "0b08be5aca212a99f8ba786fee4922feac08002c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "d8570211a2b1ec886a462daa0be4e9983ac768bb",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "2025b2d1f9d5cad6ea6fe85654c6c41297c3130b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c4054ad2d8bff4e8e937cd4a1d1a04c1e8f77a2c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "75a4d8cfe7784f909b3bd69325abac8e04ecb385",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "8e2f8020270af7777d49c2e7132260983e4fc566",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/mtd/parsers/redboot.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.203",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.130",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.78",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.20",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.253",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.203",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.167",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.130",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.78",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.20",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.10",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: Avoid boot crash in RedBoot partition table parser\n\nGiven CONFIG_FORTIFY_SOURCE=y and a recent compiler,\ncommit 439a1bcac648 (\"fortify: Use __builtin_dynamic_object_size() when\navailable\") produces the warning below and an oops.\n\n    Searching for RedBoot partition table in 50000000.flash at offset 0x7e0000\n    ------------[ cut here ]------------\n    WARNING: lib/string_helpers.c:1035 at 0xc029e04c, CPU#0: swapper/0/1\n    memcmp: detected buffer overflow: 15 byte read of buffer size 14\n    Modules linked in:\n    CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.19.0 #1 NONE\n\nAs Kees said, \"\u0027names\u0027 is pointing to the final \u0027namelen\u0027 many bytes\nof the allocation ... \u0027namelen\u0027 could be basically any length at all.\nThis fortify warning looks legit to me -- this code used to be reading\nbeyond the end of the allocation.\"\n\nSince the size of the dynamic allocation is calculated with strlen()\nwe can use strcmp() instead of memcmp() and remain within bounds."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:07:42.951Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ca235d11fc2fd8fce1dcd9d732dc780be0cde2de"
        },
        {
          "url": "https://git.kernel.org/stable/c/e0065e106f798ce6862251bc4fc030ac5cead940"
        },
        {
          "url": "https://git.kernel.org/stable/c/0b08be5aca212a99f8ba786fee4922feac08002c"
        },
        {
          "url": "https://git.kernel.org/stable/c/d8570211a2b1ec886a462daa0be4e9983ac768bb"
        },
        {
          "url": "https://git.kernel.org/stable/c/2025b2d1f9d5cad6ea6fe85654c6c41297c3130b"
        },
        {
          "url": "https://git.kernel.org/stable/c/c4054ad2d8bff4e8e937cd4a1d1a04c1e8f77a2c"
        },
        {
          "url": "https://git.kernel.org/stable/c/75a4d8cfe7784f909b3bd69325abac8e04ecb385"
        },
        {
          "url": "https://git.kernel.org/stable/c/8e2f8020270af7777d49c2e7132260983e4fc566"
        }
      ],
      "title": "mtd: Avoid boot crash in RedBoot partition table parser",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-23474",
    "datePublished": "2026-04-03T15:15:53.406Z",
    "dateReserved": "2026-01-13T15:37:46.022Z",
    "dateUpdated": "2026-05-11T22:07:42.951Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/crypto/atmel-sha204a.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c2d0c45dbb9eb272385ae919b17eef5a5318d3f8",
              "status": "affected",
              "version": "da001fb651b00e1deeaf24767dd691ae8152a4f5",
              "versionType": "git"
            },
            {
              "lessThan": "66ee9c1c3575b5d6afc340faca00fd40ed5b7ad9",
              "status": "affected",
              "version": "da001fb651b00e1deeaf24767dd691ae8152a4f5",
              "versionType": "git"
            },
            {
              "lessThan": "2bfc83cee05f8b9604502df27d94e8e2b4a3dbf1",
              "status": "affected",
              "version": "da001fb651b00e1deeaf24767dd691ae8152a4f5",
              "versionType": "git"
            },
            {
              "lessThan": "1ab70c260cf16f931a728b2cb63fff5f38c814d8",
              "status": "affected",
              "version": "da001fb651b00e1deeaf24767dd691ae8152a4f5",
              "versionType": "git"
            },
            {
              "lessThan": "6f502049a96b368ea6646c49d9520d6f69a101fa",
              "status": "affected",
              "version": "da001fb651b00e1deeaf24767dd691ae8152a4f5",
              "versionType": "git"
            },
            {
              "lessThan": "fd262dc6d758232511127372eba866b7600739ba",
              "status": "affected",
              "version": "da001fb651b00e1deeaf24767dd691ae8152a4f5",
              "versionType": "git"
            },
            {
              "lessThan": "d240b079a37e90af03fd7dfec94930eb6c83936e",
              "status": "affected",
              "version": "da001fb651b00e1deeaf24767dd691ae8152a4f5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/crypto/atmel-sha204a.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "lessThan": "5.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.130",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.78",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.20",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.253",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.167",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.130",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.78",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.20",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.10",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: atmel-sha204a - Fix OOM -\u003etfm_count leak\n\nIf memory allocation fails, decrement -\u003etfm_count to avoid blocking\nfuture reads."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:07:47.591Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c2d0c45dbb9eb272385ae919b17eef5a5318d3f8"
        },
        {
          "url": "https://git.kernel.org/stable/c/66ee9c1c3575b5d6afc340faca00fd40ed5b7ad9"
        },
        {
          "url": "https://git.kernel.org/stable/c/2bfc83cee05f8b9604502df27d94e8e2b4a3dbf1"
        },
        {
          "url": "https://git.kernel.org/stable/c/1ab70c260cf16f931a728b2cb63fff5f38c814d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/6f502049a96b368ea6646c49d9520d6f69a101fa"
        },
        {
          "url": "https://git.kernel.org/stable/c/fd262dc6d758232511127372eba866b7600739ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/d240b079a37e90af03fd7dfec94930eb6c83936e"
        }
      ],
      "title": "crypto: atmel-sha204a - Fix OOM -\u003etfm_count leak",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-31391",
    "datePublished": "2026-04-03T15:15:56.789Z",
    "dateReserved": "2026-03-09T15:48:24.085Z",
    "dateUpdated": "2026-05-11T22:07:47.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/function/f_uvc.c",
            "drivers/usb/gadget/function/uvc.h",
            "drivers/usb/gadget/function/uvc_v4l2.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0c00ec409d7b2bce3fcac73188b79a141db7cfda",
              "status": "affected",
              "version": "1444e0568bc2c70868e7b8da5b46fc2252acc3f5",
              "versionType": "git"
            },
            {
              "lessThan": "d92d1532e05b1b31d36d48765e43bf73d793d19f",
              "status": "affected",
              "version": "4962e5a2f301d24953f17d6748d986e21566abe1",
              "versionType": "git"
            },
            {
              "lessThan": "0587de744615628c38e33ddc1601160a5ea8c50a",
              "status": "affected",
              "version": "b81ac4395bbeaf36e078dea1a48c02dd97b76235",
              "versionType": "git"
            },
            {
              "lessThan": "c78e463ee134b4669579d453c81ae00795e4c19a",
              "status": "affected",
              "version": "b81ac4395bbeaf36e078dea1a48c02dd97b76235",
              "versionType": "git"
            },
            {
              "lessThan": "8a1128d604c360eca135f15b882b70256a522145",
              "status": "affected",
              "version": "b81ac4395bbeaf36e078dea1a48c02dd97b76235",
              "versionType": "git"
            },
            {
              "lessThan": "1aa9356881ee4ed414bf72d0c56d915492cb5345",
              "status": "affected",
              "version": "b81ac4395bbeaf36e078dea1a48c02dd97b76235",
              "versionType": "git"
            },
            {
              "lessThan": "c038ba56b92e410d1caec22b2dc68780a0b42091",
              "status": "affected",
              "version": "b81ac4395bbeaf36e078dea1a48c02dd97b76235",
              "versionType": "git"
            },
            {
              "lessThan": "eba2936bbe6b752a31725a9eb5c674ecbf21ee7d",
              "status": "affected",
              "version": "b81ac4395bbeaf36e078dea1a48c02dd97b76235",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "e10735ce87502b07e171727e574afdd6c0890a08",
              "versionType": "git"
            },
            {
              "lessThan": "5.10.253",
              "status": "affected",
              "version": "5.10.117",
              "versionType": "semver"
            },
            {
              "lessThan": "5.15.203",
              "status": "affected",
              "version": "5.15.41",
              "versionType": "semver"
            },
            {
              "lessThan": "5.18",
              "status": "affected",
              "version": "5.17.9",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/function/f_uvc.c",
            "drivers/usb/gadget/function/uvc.h",
            "drivers/usb/gadget/function/uvc_v4l2.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.18"
            },
            {
              "lessThan": "5.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.203",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.134",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.22",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.253",
                  "versionStartIncluding": "5.10.117",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.203",
                  "versionStartIncluding": "5.15.41",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.168",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.134",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.81",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.22",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.12",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.17.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: uvc: fix NULL pointer dereference during unbind race\n\nCommit b81ac4395bbe (\"usb: gadget: uvc: allow for application to cleanly\nshutdown\") introduced two stages of synchronization waits totaling 1500ms\nin uvc_function_unbind() to prevent several types of kernel panics.\nHowever, this timing-based approach is insufficient during power\nmanagement (PM) transitions.\n\nWhen the PM subsystem starts freezing user space processes, the\nwait_event_interruptible_timeout() is aborted early, which allows the\nunbind thread to proceed and nullify the gadget pointer\n(cdev-\u003egadget = NULL):\n\n[  814.123447][  T947] configfs-gadget.g1 gadget.0: uvc: uvc_function_unbind()\n[  814.178583][ T3173] PM: suspend entry (deep)\n[  814.192487][ T3173] Freezing user space processes\n[  814.197668][  T947] configfs-gadget.g1 gadget.0: uvc: uvc_function_unbind no clean disconnect, wait for release\n\nWhen the PM subsystem resumes or aborts the suspend and tasks are\nrestarted, the V4L2 release path is executed and attempts to access the\nalready nullified gadget pointer, triggering a kernel panic:\n\n[  814.292597][    C0] PM: pm_system_irq_wakeup: 479 triggered dhdpcie_host_wake\n[  814.386727][ T3173] Restarting tasks ...\n[  814.403522][ T4558] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000030\n[  814.404021][ T4558] pc : usb_gadget_deactivate+0x14/0xf4\n[  814.404031][ T4558] lr : usb_function_deactivate+0x54/0x94\n[  814.404078][ T4558] Call trace:\n[  814.404080][ T4558]  usb_gadget_deactivate+0x14/0xf4\n[  814.404083][ T4558]  usb_function_deactivate+0x54/0x94\n[  814.404087][ T4558]  uvc_function_disconnect+0x1c/0x5c\n[  814.404092][ T4558]  uvc_v4l2_release+0x44/0xac\n[  814.404095][ T4558]  v4l2_release+0xcc/0x130\n\nAddress the race condition and NULL pointer dereference by:\n\n1. State Synchronization (flag + mutex)\nIntroduce a \u0027func_unbound\u0027 flag in struct uvc_device. This allows\nuvc_function_disconnect() to safely skip accessing the nullified\ncdev-\u003egadget pointer. As suggested by Alan Stern, this flag is protected\nby a new mutex (uvc-\u003elock) to ensure proper memory ordering and prevent\ninstruction reordering or speculative loads. This mutex is also used to\nprotect \u0027func_connected\u0027 for consistent state management.\n\n2. Explicit Synchronization (completion)\nUse a completion to synchronize uvc_function_unbind() with the\nuvc_vdev_release() callback. This prevents Use-After-Free (UAF) by\nensuring struct uvc_device is freed after all video device resources\nare released."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T16:05:51.035Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0c00ec409d7b2bce3fcac73188b79a141db7cfda"
        },
        {
          "url": "https://git.kernel.org/stable/c/d92d1532e05b1b31d36d48765e43bf73d793d19f"
        },
        {
          "url": "https://git.kernel.org/stable/c/0587de744615628c38e33ddc1601160a5ea8c50a"
        },
        {
          "url": "https://git.kernel.org/stable/c/c78e463ee134b4669579d453c81ae00795e4c19a"
        },
        {
          "url": "https://git.kernel.org/stable/c/8a1128d604c360eca135f15b882b70256a522145"
        },
        {
          "url": "https://git.kernel.org/stable/c/1aa9356881ee4ed414bf72d0c56d915492cb5345"
        },
        {
          "url": "https://git.kernel.org/stable/c/c038ba56b92e410d1caec22b2dc68780a0b42091"
        },
        {
          "url": "https://git.kernel.org/stable/c/eba2936bbe6b752a31725a9eb5c674ecbf21ee7d"
        }
      ],
      "title": "usb: gadget: uvc: fix NULL pointer dereference during unbind race",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-31726",
    "datePublished": "2026-05-01T14:14:26.882Z",
    "dateReserved": "2026-03-09T15:48:24.134Z",
    "dateUpdated": "2026-05-23T16:05:51.035Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/exynos/exynos_drm_drv.h",
            "drivers/gpu/drm/exynos/exynos_drm_vidi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2987642c5213508c6c9e718324c0d5289a92c474",
              "status": "affected",
              "version": "cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322",
              "versionType": "git"
            },
            {
              "lessThan": "65d1213baffa363f2eb1117b1dc7acc573b890f8",
              "status": "affected",
              "version": "cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322",
              "versionType": "git"
            },
            {
              "lessThan": "875fa28690e93ed5296c31d3344556c6bb867234",
              "status": "affected",
              "version": "cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322",
              "versionType": "git"
            },
            {
              "lessThan": "21ca24ba51a2c28bcc4df9d7e5a40b0eb66ab76d",
              "status": "affected",
              "version": "cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322",
              "versionType": "git"
            },
            {
              "lessThan": "b5fc86d753dd4c281a943b92f0eef02d31af03d7",
              "status": "affected",
              "version": "cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322",
              "versionType": "git"
            },
            {
              "lessThan": "a540f767642f75240a6c35f6a65b69e44cfcea9d",
              "status": "affected",
              "version": "cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322",
              "versionType": "git"
            },
            {
              "lessThan": "d3968a0d85b211e197f2f4f06268a7031079e0d0",
              "status": "affected",
              "version": "cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/exynos/exynos_drm_drv.h",
            "drivers/gpu/drm/exynos/exynos_drm_vidi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.3"
            },
            {
              "lessThan": "4.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.253",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.203",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.130",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.253",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.203",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.167",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.130",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.14",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.4",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos: vidi: use priv-\u003evidi_dev for ctx lookup in vidi_connection_ioctl()\n\nvidi_connection_ioctl() retrieves the driver_data from drm_dev-\u003edev to\nobtain a struct vidi_context pointer. However, drm_dev-\u003edev is the\nexynos-drm master device, and the driver_data contained therein is not\nthe vidi component device, but a completely different device.\n\nThis can lead to various bugs, ranging from null pointer dereferences and\ngarbage value accesses to, in unlucky cases, out-of-bounds errors,\nuse-after-free errors, and more.\n\nTo resolve this issue, we need to store/delete the vidi device pointer in\nexynos_drm_private-\u003evidi_dev during bind/unbind, and then read this\nexynos_drm_private-\u003evidi_dev within ioctl() to obtain the correct\nstruct vidi_context pointer."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T06:06:12.449Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2987642c5213508c6c9e718324c0d5289a92c474"
        },
        {
          "url": "https://git.kernel.org/stable/c/65d1213baffa363f2eb1117b1dc7acc573b890f8"
        },
        {
          "url": "https://git.kernel.org/stable/c/875fa28690e93ed5296c31d3344556c6bb867234"
        },
        {
          "url": "https://git.kernel.org/stable/c/21ca24ba51a2c28bcc4df9d7e5a40b0eb66ab76d"
        },
        {
          "url": "https://git.kernel.org/stable/c/b5fc86d753dd4c281a943b92f0eef02d31af03d7"
        },
        {
          "url": "https://git.kernel.org/stable/c/a540f767642f75240a6c35f6a65b69e44cfcea9d"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3968a0d85b211e197f2f4f06268a7031079e0d0"
        }
      ],
      "title": "drm/exynos: vidi: use priv-\u003evidi_dev for ctx lookup in vidi_connection_ioctl()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-45956",
    "datePublished": "2026-05-27T12:18:11.972Z",
    "dateReserved": "2026-05-13T15:03:33.088Z",
    "dateUpdated": "2026-06-05T06:06:12.449Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/usb/kaweth.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "443a830b1dc4f85c7560da59d4494b629feee215",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "586318c2730433184c6f1d21183e346ddf25e81d",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a2cd4b4db315a845a5603d08c9d03b11ddfc799d",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "ef9b10a020503888eb6c8ed85a3d901a624ede4c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "9c79b839a63980c7da7ec5db895198045e154112",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "fc393af769af845d9985e2845e49553d8f015a64",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "8367c0e90126426e60581e4c07e1ec4411a0f843",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "64868f5ecadeb359a49bc4485bfa7c497047f13a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/usb/kaweth.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.252",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.202",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.128",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.252",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.202",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.165",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.128",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.75",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.16",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.6",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode\n\nkaweth_set_rx_mode(), the ndo_set_rx_mode callback, calls\nnetif_stop_queue() and netif_wake_queue(). These are TX queue flow\ncontrol functions unrelated to RX multicast configuration.\n\nThe premature netif_wake_queue() can re-enable TX while tx_urb is still\nin-flight, leading to a double usb_submit_urb() on the same URB:\n\nkaweth_start_xmit() {\n    netif_stop_queue();\n    usb_submit_urb(kaweth-\u003etx_urb);\n}\n\nkaweth_set_rx_mode() {\n    netif_stop_queue();\n    netif_wake_queue();             // wakes TX queue before URB is done\n}\n\nkaweth_start_xmit() {\n    netif_stop_queue();\n    usb_submit_urb(kaweth-\u003etx_urb); // URB submitted while active\n}\n\nThis triggers the WARN in usb_submit_urb():\n\n  \"URB submitted while active\"\n\nThis is a similar class of bug fixed in rtl8150 by\n\n- commit 958baf5eaee3 (\"net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast\").\n\nAlso kaweth_set_rx_mode() is already functionally broken, the\nreal set_rx_mode action is performed by kaweth_async_set_rx_mode(),\nwhich in turn is not a no-op only at ndo_open() time."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:19:23.602Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/443a830b1dc4f85c7560da59d4494b629feee215"
        },
        {
          "url": "https://git.kernel.org/stable/c/586318c2730433184c6f1d21183e346ddf25e81d"
        },
        {
          "url": "https://git.kernel.org/stable/c/a2cd4b4db315a845a5603d08c9d03b11ddfc799d"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef9b10a020503888eb6c8ed85a3d901a624ede4c"
        },
        {
          "url": "https://git.kernel.org/stable/c/9c79b839a63980c7da7ec5db895198045e154112"
        },
        {
          "url": "https://git.kernel.org/stable/c/fc393af769af845d9985e2845e49553d8f015a64"
        },
        {
          "url": "https://git.kernel.org/stable/c/8367c0e90126426e60581e4c07e1ec4411a0f843"
        },
        {
          "url": "https://git.kernel.org/stable/c/64868f5ecadeb359a49bc4485bfa7c497047f13a"
        }
      ],
      "title": "net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-43180",
    "datePublished": "2026-05-06T11:27:52.983Z",
    "dateReserved": "2026-05-01T14:12:55.991Z",
    "dateUpdated": "2026-05-11T22:19:23.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}