Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0328
Vulnerability from certfr_avis - Published: 2026-03-20 - Updated: 2026-03-20
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian LTS. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian LTS bullseye versions ant\u00e9rieures \u00e0 6.1.164-1~deb11u1",
"product": {
"name": "Debian",
"vendor": {
"name": "Debian",
"scada": false
}
}
},
{
"description": "Debian LTS bullseye versions ant\u00e9rieures \u00e0 5.10.251-1",
"product": {
"name": "Debian",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-23198",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23198"
},
{
"name": "CVE-2026-23202",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23202"
},
{
"name": "CVE-2025-22026",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22026"
},
{
"name": "CVE-2025-38201",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38201"
},
{
"name": "CVE-2025-23155",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23155"
},
{
"name": "CVE-2026-23220",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23220"
},
{
"name": "CVE-2026-23187",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23187"
},
{
"name": "CVE-2025-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37920"
},
{
"name": "CVE-2025-40251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40251"
},
{
"name": "CVE-2026-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23222"
},
{
"name": "CVE-2026-23229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23229"
},
{
"name": "CVE-2026-23209",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23209"
},
{
"name": "CVE-2025-40082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40082"
},
{
"name": "CVE-2026-23236",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23236"
},
{
"name": "CVE-2025-71235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71235"
},
{
"name": "CVE-2025-39763",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39763"
},
{
"name": "CVE-2025-71144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71144"
},
{
"name": "CVE-2025-37822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37822"
},
{
"name": "CVE-2023-53424",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53424"
},
{
"name": "CVE-2026-23234",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23234"
},
{
"name": "CVE-2026-23230",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23230"
},
{
"name": "CVE-2026-23178",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23178"
},
{
"name": "CVE-2026-23228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23228"
},
{
"name": "CVE-2026-23169",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23169"
},
{
"name": "CVE-2025-71220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71220"
},
{
"name": "CVE-2025-68358",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68358"
},
{
"name": "CVE-2026-23180",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23180"
},
{
"name": "CVE-2026-23216",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23216"
},
{
"name": "CVE-2026-23238",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23238"
},
{
"name": "CVE-2026-23176",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23176"
},
{
"name": "CVE-2025-71089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71089"
},
{
"name": "CVE-2025-71224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71224"
},
{
"name": "CVE-2026-23193",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23193"
},
{
"name": "CVE-2025-71237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71237"
},
{
"name": "CVE-2026-23221",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23221"
},
{
"name": "CVE-2026-23205",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23205"
},
{
"name": "CVE-2025-71222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71222"
},
{
"name": "CVE-2026-23237",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23237"
},
{
"name": "CVE-2025-71236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71236"
},
{
"name": "CVE-2026-23235",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23235"
},
{
"name": "CVE-2024-26822",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26822"
},
{
"name": "CVE-2025-71232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71232"
},
{
"name": "CVE-2026-23182",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23182"
},
{
"name": "CVE-2026-23206",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23206"
},
{
"name": "CVE-2024-57895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57895"
},
{
"name": "CVE-2026-23112",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23112"
},
{
"name": "CVE-2026-23190",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23190"
},
{
"name": "CVE-2022-50516",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50516"
},
{
"name": "CVE-2025-71233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71233"
},
{
"name": "CVE-2025-37786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37786"
},
{
"name": "CVE-2026-23111",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23111"
},
{
"name": "CVE-2025-38643",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38643"
},
{
"name": "CVE-2025-71238",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71238"
}
],
"initial_release_date": "2026-03-20T00:00:00",
"last_revision_date": "2026-03-20T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0328",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian LTS. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian LTS",
"vendor_advisories": [
{
"published_at": "2026-03-13",
"title": "Bulletin de s\u00e9curit\u00e9 Debian LTS DLA-4499-1",
"url": "https://lists.debian.org/debian-lts-announce/2026/03/msg00003.html"
},
{
"published_at": "2026-03-13",
"title": "Bulletin de s\u00e9curit\u00e9 Debian LTS DLA-4498-1",
"url": "https://lists.debian.org/debian-lts-announce/2026/03/msg00002.html"
}
]
}
CVE-2022-50516 (GCVE-0-2022-50516)
Vulnerability from cvelistv5 – Published: 2025-10-07 15:19 – Updated: 2026-05-11 19:20
VLAI
EPSS
Title
fs: dlm: fix invalid derefence of sb_lvbptr
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs: dlm: fix invalid derefence of sb_lvbptr
I experience issues when putting a lkbsb on the stack and have sb_lvbptr
field to a dangled pointer while not using DLM_LKF_VALBLK. It will crash
with the following kernel message, the dangled pointer is here
0xdeadbeef as example:
[ 102.749317] BUG: unable to handle page fault for address: 00000000deadbeef
[ 102.749320] #PF: supervisor read access in kernel mode
[ 102.749323] #PF: error_code(0x0000) - not-present page
[ 102.749325] PGD 0 P4D 0
[ 102.749332] Oops: 0000 [#1] PREEMPT SMP PTI
[ 102.749336] CPU: 0 PID: 1567 Comm: lock_torture_wr Tainted: G W 5.19.0-rc3+ #1565
[ 102.749343] Hardware name: Red Hat KVM/RHEL-AV, BIOS 1.16.0-2.module+el8.7.0+15506+033991b0 04/01/2014
[ 102.749344] RIP: 0010:memcpy_erms+0x6/0x10
[ 102.749353] Code: cc cc cc cc eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe
[ 102.749355] RSP: 0018:ffff97a58145fd08 EFLAGS: 00010202
[ 102.749358] RAX: ffff901778b77070 RBX: 0000000000000000 RCX: 0000000000000040
[ 102.749360] RDX: 0000000000000040 RSI: 00000000deadbeef RDI: ffff901778b77070
[ 102.749362] RBP: ffff97a58145fd10 R08: ffff901760b67a70 R09: 0000000000000001
[ 102.749364] R10: ffff9017008e2cb8 R11: 0000000000000001 R12: ffff901760b67a70
[ 102.749366] R13: ffff901760b78f00 R14: 0000000000000003 R15: 0000000000000001
[ 102.749368] FS: 0000000000000000(0000) GS:ffff901876e00000(0000) knlGS:0000000000000000
[ 102.749372] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 102.749374] CR2: 00000000deadbeef CR3: 000000017c49a004 CR4: 0000000000770ef0
[ 102.749376] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 102.749378] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 102.749379] PKRU: 55555554
[ 102.749381] Call Trace:
[ 102.749382] <TASK>
[ 102.749383] ? send_args+0xb2/0xd0
[ 102.749389] send_common+0xb7/0xd0
[ 102.749395] _unlock_lock+0x2c/0x90
[ 102.749400] unlock_lock.isra.56+0x62/0xa0
[ 102.749405] dlm_unlock+0x21e/0x330
[ 102.749411] ? lock_torture_stats+0x80/0x80 [dlm_locktorture]
[ 102.749416] torture_unlock+0x5a/0x90 [dlm_locktorture]
[ 102.749419] ? preempt_count_sub+0xba/0x100
[ 102.749427] lock_torture_writer+0xbd/0x150 [dlm_locktorture]
[ 102.786186] kthread+0x10a/0x130
[ 102.786581] ? kthread_complete_and_exit+0x20/0x20
[ 102.787156] ret_from_fork+0x22/0x30
[ 102.787588] </TASK>
[ 102.787855] Modules linked in: dlm_locktorture torture rpcsec_gss_krb5 intel_rapl_msr intel_rapl_common kvm_intel iTCO_wdt iTCO_vendor_support kvm vmw_vsock_virtio_transport qxl irqbypass vmw_vsock_virtio_transport_common drm_ttm_helper crc32_pclmul joydev crc32c_intel ttm vsock virtio_scsi virtio_balloon snd_pcm drm_kms_helper virtio_console snd_timer snd drm soundcore syscopyarea i2c_i801 sysfillrect sysimgblt i2c_smbus pcspkr fb_sys_fops lpc_ich serio_raw
[ 102.792536] CR2: 00000000deadbeef
[ 102.792930] ---[ end trace 0000000000000000 ]---
This patch fixes the issue by checking also on DLM_LKF_VALBLK on exflags
is set when copying the lvbptr array instead of if it's just null which
fixes for me the issue.
I think this patch can fix other dlm users as well, depending how they
handle the init, freeing memory handling of sb_lvbptr and don't set
DLM_LKF_VALBLK for some dlm_lock() calls. It might a there could be a
hidden issue all the time. However with checking on DLM_LKF_VALBLK the
user always need to provide a sb_lvbptr non-null value. There might be
more intelligent handling between per ls lvblen, DLM_LKF_VALBLK and
non-null to report the user the way how DLM API is used is wrong but can
be added for later, this will only fix the current behaviour.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
e7fd41792fc0ee52a05fcaac87511f118328d147 , < ef3033b435a6bac547166b793025578fab2f9df3
(git)
Affected: e7fd41792fc0ee52a05fcaac87511f118328d147 , < ea7be82fd7e1f5de72208bce93fbbe6de6c13dec (git) Affected: e7fd41792fc0ee52a05fcaac87511f118328d147 , < 1ab6d3030652b5de0015176a5b0ad9df9b847514 (git) Affected: e7fd41792fc0ee52a05fcaac87511f118328d147 , < 57c1cfb5781068e5d3632bc6e5f74a8fcc4f1a30 (git) Affected: e7fd41792fc0ee52a05fcaac87511f118328d147 , < 7175e131ebba47afef47e6ac4d5bab474d1e6e49 (git) |
|
| Linux | Linux |
Affected:
2.6.19
Unaffected: 0 , < 2.6.19 (semver) Unaffected: 5.10.251 , ≤ 5.10.* (semver) Unaffected: 5.15.76 , ≤ 5.15.* (semver) Unaffected: 5.19.17 , ≤ 5.19.* (semver) Unaffected: 6.0.3 , ≤ 6.0.* (semver) Unaffected: 6.1 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/dlm/lock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ef3033b435a6bac547166b793025578fab2f9df3",
"status": "affected",
"version": "e7fd41792fc0ee52a05fcaac87511f118328d147",
"versionType": "git"
},
{
"lessThan": "ea7be82fd7e1f5de72208bce93fbbe6de6c13dec",
"status": "affected",
"version": "e7fd41792fc0ee52a05fcaac87511f118328d147",
"versionType": "git"
},
{
"lessThan": "1ab6d3030652b5de0015176a5b0ad9df9b847514",
"status": "affected",
"version": "e7fd41792fc0ee52a05fcaac87511f118328d147",
"versionType": "git"
},
{
"lessThan": "57c1cfb5781068e5d3632bc6e5f74a8fcc4f1a30",
"status": "affected",
"version": "e7fd41792fc0ee52a05fcaac87511f118328d147",
"versionType": "git"
},
{
"lessThan": "7175e131ebba47afef47e6ac4d5bab474d1e6e49",
"status": "affected",
"version": "e7fd41792fc0ee52a05fcaac87511f118328d147",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/dlm/lock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.19"
},
{
"lessThan": "2.6.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.251",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.251",
"versionStartIncluding": "2.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.76",
"versionStartIncluding": "2.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19.17",
"versionStartIncluding": "2.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.3",
"versionStartIncluding": "2.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "2.6.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: dlm: fix invalid derefence of sb_lvbptr\n\nI experience issues when putting a lkbsb on the stack and have sb_lvbptr\nfield to a dangled pointer while not using DLM_LKF_VALBLK. It will crash\nwith the following kernel message, the dangled pointer is here\n0xdeadbeef as example:\n\n[ 102.749317] BUG: unable to handle page fault for address: 00000000deadbeef\n[ 102.749320] #PF: supervisor read access in kernel mode\n[ 102.749323] #PF: error_code(0x0000) - not-present page\n[ 102.749325] PGD 0 P4D 0\n[ 102.749332] Oops: 0000 [#1] PREEMPT SMP PTI\n[ 102.749336] CPU: 0 PID: 1567 Comm: lock_torture_wr Tainted: G W 5.19.0-rc3+ #1565\n[ 102.749343] Hardware name: Red Hat KVM/RHEL-AV, BIOS 1.16.0-2.module+el8.7.0+15506+033991b0 04/01/2014\n[ 102.749344] RIP: 0010:memcpy_erms+0x6/0x10\n[ 102.749353] Code: cc cc cc cc eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 \u003cf3\u003e a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe\n[ 102.749355] RSP: 0018:ffff97a58145fd08 EFLAGS: 00010202\n[ 102.749358] RAX: ffff901778b77070 RBX: 0000000000000000 RCX: 0000000000000040\n[ 102.749360] RDX: 0000000000000040 RSI: 00000000deadbeef RDI: ffff901778b77070\n[ 102.749362] RBP: ffff97a58145fd10 R08: ffff901760b67a70 R09: 0000000000000001\n[ 102.749364] R10: ffff9017008e2cb8 R11: 0000000000000001 R12: ffff901760b67a70\n[ 102.749366] R13: ffff901760b78f00 R14: 0000000000000003 R15: 0000000000000001\n[ 102.749368] FS: 0000000000000000(0000) GS:ffff901876e00000(0000) knlGS:0000000000000000\n[ 102.749372] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 102.749374] CR2: 00000000deadbeef CR3: 000000017c49a004 CR4: 0000000000770ef0\n[ 102.749376] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 102.749378] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 102.749379] PKRU: 55555554\n[ 102.749381] Call Trace:\n[ 102.749382] \u003cTASK\u003e\n[ 102.749383] ? send_args+0xb2/0xd0\n[ 102.749389] send_common+0xb7/0xd0\n[ 102.749395] _unlock_lock+0x2c/0x90\n[ 102.749400] unlock_lock.isra.56+0x62/0xa0\n[ 102.749405] dlm_unlock+0x21e/0x330\n[ 102.749411] ? lock_torture_stats+0x80/0x80 [dlm_locktorture]\n[ 102.749416] torture_unlock+0x5a/0x90 [dlm_locktorture]\n[ 102.749419] ? preempt_count_sub+0xba/0x100\n[ 102.749427] lock_torture_writer+0xbd/0x150 [dlm_locktorture]\n[ 102.786186] kthread+0x10a/0x130\n[ 102.786581] ? kthread_complete_and_exit+0x20/0x20\n[ 102.787156] ret_from_fork+0x22/0x30\n[ 102.787588] \u003c/TASK\u003e\n[ 102.787855] Modules linked in: dlm_locktorture torture rpcsec_gss_krb5 intel_rapl_msr intel_rapl_common kvm_intel iTCO_wdt iTCO_vendor_support kvm vmw_vsock_virtio_transport qxl irqbypass vmw_vsock_virtio_transport_common drm_ttm_helper crc32_pclmul joydev crc32c_intel ttm vsock virtio_scsi virtio_balloon snd_pcm drm_kms_helper virtio_console snd_timer snd drm soundcore syscopyarea i2c_i801 sysfillrect sysimgblt i2c_smbus pcspkr fb_sys_fops lpc_ich serio_raw\n[ 102.792536] CR2: 00000000deadbeef\n[ 102.792930] ---[ end trace 0000000000000000 ]---\n\nThis patch fixes the issue by checking also on DLM_LKF_VALBLK on exflags\nis set when copying the lvbptr array instead of if it\u0027s just null which\nfixes for me the issue.\n\nI think this patch can fix other dlm users as well, depending how they\nhandle the init, freeing memory handling of sb_lvbptr and don\u0027t set\nDLM_LKF_VALBLK for some dlm_lock() calls. It might a there could be a\nhidden issue all the time. However with checking on DLM_LKF_VALBLK the\nuser always need to provide a sb_lvbptr non-null value. There might be\nmore intelligent handling between per ls lvblen, DLM_LKF_VALBLK and\nnon-null to report the user the way how DLM API is used is wrong but can\nbe added for later, this will only fix the current behaviour."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T19:20:56.486Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ef3033b435a6bac547166b793025578fab2f9df3"
},
{
"url": "https://git.kernel.org/stable/c/ea7be82fd7e1f5de72208bce93fbbe6de6c13dec"
},
{
"url": "https://git.kernel.org/stable/c/1ab6d3030652b5de0015176a5b0ad9df9b847514"
},
{
"url": "https://git.kernel.org/stable/c/57c1cfb5781068e5d3632bc6e5f74a8fcc4f1a30"
},
{
"url": "https://git.kernel.org/stable/c/7175e131ebba47afef47e6ac4d5bab474d1e6e49"
}
],
"title": "fs: dlm: fix invalid derefence of sb_lvbptr",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50516",
"datePublished": "2025-10-07T15:19:11.657Z",
"dateReserved": "2025-10-07T15:15:38.662Z",
"dateUpdated": "2026-05-11T19:20:56.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-53424 (GCVE-0-2023-53424)
Vulnerability from cvelistv5 – Published: 2025-09-18 16:04 – Updated: 2026-05-11 19:44
VLAI
EPSS
Title
clk: mediatek: fix of_iomap memory leak
Summary
In the Linux kernel, the following vulnerability has been resolved:
clk: mediatek: fix of_iomap memory leak
Smatch reports:
drivers/clk/mediatek/clk-mtk.c:583 mtk_clk_simple_probe() warn:
'base' from of_iomap() not released on lines: 496.
This problem was also found in linux-next. In mtk_clk_simple_probe(),
base is not released when handling errors
if clk_data is not existed, which may cause a leak.
So free_base should be added here to release base.
Severity
5.5 (Medium)
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
c58cd0e40ffac67961b945793876b973728f9b80 , < 847d5dd788ce05f0aaaa36ea174f7f0b9cf86f7d
(git)
Affected: c58cd0e40ffac67961b945793876b973728f9b80 , < 2cae6a28d8c12c597e8656962271520434c61c48 (git) Affected: c58cd0e40ffac67961b945793876b973728f9b80 , < 47234e19b00816a8a7b278c7173f6d4e928c43c7 (git) Affected: c58cd0e40ffac67961b945793876b973728f9b80 , < 3db7285e044144fd88a356f5b641b9cd4b231a77 (git) |
|
| Linux | Linux |
Affected:
5.15
Unaffected: 0 , < 5.15 (semver) Unaffected: 6.1.164 , ≤ 6.1.* (semver) Unaffected: 6.3.13 , ≤ 6.3.* (semver) Unaffected: 6.4.4 , ≤ 6.4.* (semver) Unaffected: 6.5 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-53424",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T19:13:05.386130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T19:23:08.456Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/clk/mediatek/clk-mtk.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "847d5dd788ce05f0aaaa36ea174f7f0b9cf86f7d",
"status": "affected",
"version": "c58cd0e40ffac67961b945793876b973728f9b80",
"versionType": "git"
},
{
"lessThan": "2cae6a28d8c12c597e8656962271520434c61c48",
"status": "affected",
"version": "c58cd0e40ffac67961b945793876b973728f9b80",
"versionType": "git"
},
{
"lessThan": "47234e19b00816a8a7b278c7173f6d4e928c43c7",
"status": "affected",
"version": "c58cd0e40ffac67961b945793876b973728f9b80",
"versionType": "git"
},
{
"lessThan": "3db7285e044144fd88a356f5b641b9cd4b231a77",
"status": "affected",
"version": "c58cd0e40ffac67961b945793876b973728f9b80",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/clk/mediatek/clk-mtk.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.*",
"status": "unaffected",
"version": "6.3.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.*",
"status": "unaffected",
"version": "6.4.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.5",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.164",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.13",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.4",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: fix of_iomap memory leak\n\nSmatch reports:\ndrivers/clk/mediatek/clk-mtk.c:583 mtk_clk_simple_probe() warn:\n \u0027base\u0027 from of_iomap() not released on lines: 496.\n\nThis problem was also found in linux-next. In mtk_clk_simple_probe(),\nbase is not released when handling errors\nif clk_data is not existed, which may cause a leak.\nSo free_base should be added here to release base."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T19:44:42.697Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/847d5dd788ce05f0aaaa36ea174f7f0b9cf86f7d"
},
{
"url": "https://git.kernel.org/stable/c/2cae6a28d8c12c597e8656962271520434c61c48"
},
{
"url": "https://git.kernel.org/stable/c/47234e19b00816a8a7b278c7173f6d4e928c43c7"
},
{
"url": "https://git.kernel.org/stable/c/3db7285e044144fd88a356f5b641b9cd4b231a77"
}
],
"title": "clk: mediatek: fix of_iomap memory leak",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53424",
"datePublished": "2025-09-18T16:04:06.635Z",
"dateReserved": "2025-09-17T14:54:09.742Z",
"dateUpdated": "2026-05-11T19:44:42.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26822 (GCVE-0-2024-26822)
Vulnerability from cvelistv5 – Published: 2024-04-17 09:43 – Updated: 2026-05-23 15:38
VLAI
EPSS
Title
smb: client: set correct id, uid and cruid for multiuser automounts
Summary
In the Linux kernel, the following vulnerability has been resolved:
smb: client: set correct id, uid and cruid for multiuser automounts
When uid, gid and cruid are not specified, we need to dynamically
set them into the filesystem context used for automounting otherwise
they'll end up reusing the values from the parent mount.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
c8117ac42303f7ae99bbe53e4952f7d147cca1fb , < 4a6e4c56721a3e6e2550b72ec56aab306c4607a7
(git)
Affected: 60e3318e3e900ba1ddfead937012b3432dfccc92 , < 2ceba8ae1bd1f5589548cb722a5c583ca3a2dede (git) Affected: 9fd29a5bae6e8f94b410374099a6fddb253d2d5f , < c2aa2718cda2d56b4a551cb40043e9abc9684626 (git) Affected: 9fd29a5bae6e8f94b410374099a6fddb253d2d5f , < 7590ba9057c6d74c66f3b909a383ec47cd2f27fb (git) Affected: 9fd29a5bae6e8f94b410374099a6fddb253d2d5f , < 4508ec17357094e2075f334948393ddedbb75157 (git) Affected: 5.15.124 , < 5.15.201 (semver) Affected: 6.1.54 , < 6.1.164 (semver) |
|
| Linux | Linux |
Affected:
6.2
Unaffected: 0 , < 6.2 (semver) Unaffected: 5.15.201 , ≤ 5.15.* (semver) Unaffected: 6.1.164 , ≤ 6.1.* (semver) Unaffected: 6.6.18 , ≤ 6.6.* (semver) Unaffected: 6.7.6 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26822",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T18:40:21.396618Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:41.629Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c2aa2718cda2d56b4a551cb40043e9abc9684626"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7590ba9057c6d74c66f3b909a383ec47cd2f27fb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4508ec17357094e2075f334948393ddedbb75157"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/smb/client/namespace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4a6e4c56721a3e6e2550b72ec56aab306c4607a7",
"status": "affected",
"version": "c8117ac42303f7ae99bbe53e4952f7d147cca1fb",
"versionType": "git"
},
{
"lessThan": "2ceba8ae1bd1f5589548cb722a5c583ca3a2dede",
"status": "affected",
"version": "60e3318e3e900ba1ddfead937012b3432dfccc92",
"versionType": "git"
},
{
"lessThan": "c2aa2718cda2d56b4a551cb40043e9abc9684626",
"status": "affected",
"version": "9fd29a5bae6e8f94b410374099a6fddb253d2d5f",
"versionType": "git"
},
{
"lessThan": "7590ba9057c6d74c66f3b909a383ec47cd2f27fb",
"status": "affected",
"version": "9fd29a5bae6e8f94b410374099a6fddb253d2d5f",
"versionType": "git"
},
{
"lessThan": "4508ec17357094e2075f334948393ddedbb75157",
"status": "affected",
"version": "9fd29a5bae6e8f94b410374099a6fddb253d2d5f",
"versionType": "git"
},
{
"lessThan": "5.15.201",
"status": "affected",
"version": "5.15.124",
"versionType": "semver"
},
{
"lessThan": "6.1.164",
"status": "affected",
"version": "6.1.54",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/smb/client/namespace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.201",
"versionStartIncluding": "5.15.124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.164",
"versionStartIncluding": "6.1.54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: set correct id, uid and cruid for multiuser automounts\n\nWhen uid, gid and cruid are not specified, we need to dynamically\nset them into the filesystem context used for automounting otherwise\nthey\u0027ll end up reusing the values from the parent mount."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:38:33.399Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4a6e4c56721a3e6e2550b72ec56aab306c4607a7"
},
{
"url": "https://git.kernel.org/stable/c/2ceba8ae1bd1f5589548cb722a5c583ca3a2dede"
},
{
"url": "https://git.kernel.org/stable/c/c2aa2718cda2d56b4a551cb40043e9abc9684626"
},
{
"url": "https://git.kernel.org/stable/c/7590ba9057c6d74c66f3b909a383ec47cd2f27fb"
},
{
"url": "https://git.kernel.org/stable/c/4508ec17357094e2075f334948393ddedbb75157"
}
],
"title": "smb: client: set correct id, uid and cruid for multiuser automounts",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26822",
"datePublished": "2024-04-17T09:43:49.221Z",
"dateReserved": "2024-02-19T14:20:24.180Z",
"dateUpdated": "2026-05-23T15:38:33.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-57895 (GCVE-0-2024-57895)
Vulnerability from cvelistv5 – Published: 2025-01-15 13:05 – Updated: 2026-05-11 20:59
VLAI
EPSS
Title
ksmbd: set ATTR_CTIME flags when setting mtime
Summary
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: set ATTR_CTIME flags when setting mtime
David reported that the new warning from setattr_copy_mgtime is coming
like the following.
[ 113.215316] ------------[ cut here ]------------
[ 113.215974] WARNING: CPU: 1 PID: 31 at fs/attr.c:300 setattr_copy+0x1ee/0x200
[ 113.219192] CPU: 1 UID: 0 PID: 31 Comm: kworker/1:1 Not tainted 6.13.0-rc1+ #234
[ 113.220127] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014
[ 113.221530] Workqueue: ksmbd-io handle_ksmbd_work [ksmbd]
[ 113.222220] RIP: 0010:setattr_copy+0x1ee/0x200
[ 113.222833] Code: 24 28 49 8b 44 24 30 48 89 53 58 89 43 6c 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 48 89 df e8 77 d6 ff ff e9 cd fe ff ff <0f> 0b e9 be fe ff ff 66 0
[ 113.225110] RSP: 0018:ffffaf218010fb68 EFLAGS: 00010202
[ 113.225765] RAX: 0000000000000120 RBX: ffffa446815f8568 RCX: 0000000000000003
[ 113.226667] RDX: ffffaf218010fd38 RSI: ffffa446815f8568 RDI: ffffffff94eb03a0
[ 113.227531] RBP: ffffaf218010fb90 R08: 0000001a251e217d R09: 00000000675259fa
[ 113.228426] R10: 0000000002ba8a6d R11: ffffa4468196c7a8 R12: ffffaf218010fd38
[ 113.229304] R13: 0000000000000120 R14: ffffffff94eb03a0 R15: 0000000000000000
[ 113.230210] FS: 0000000000000000(0000) GS:ffffa44739d00000(0000) knlGS:0000000000000000
[ 113.231215] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 113.232055] CR2: 00007efe0053d27e CR3: 000000000331a000 CR4: 00000000000006b0
[ 113.232926] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 113.233812] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 113.234797] Call Trace:
[ 113.235116] <TASK>
[ 113.235393] ? __warn+0x73/0xd0
[ 113.235802] ? setattr_copy+0x1ee/0x200
[ 113.236299] ? report_bug+0xf3/0x1e0
[ 113.236757] ? handle_bug+0x4d/0x90
[ 113.237202] ? exc_invalid_op+0x13/0x60
[ 113.237689] ? asm_exc_invalid_op+0x16/0x20
[ 113.238185] ? setattr_copy+0x1ee/0x200
[ 113.238692] btrfs_setattr+0x80/0x820 [btrfs]
[ 113.239285] ? get_stack_info_noinstr+0x12/0xf0
[ 113.239857] ? __module_address+0x22/0xa0
[ 113.240368] ? handle_ksmbd_work+0x6e/0x460 [ksmbd]
[ 113.240993] ? __module_text_address+0x9/0x50
[ 113.241545] ? __module_address+0x22/0xa0
[ 113.242033] ? unwind_next_frame+0x10e/0x920
[ 113.242600] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 113.243268] notify_change+0x2c2/0x4e0
[ 113.243746] ? stack_depot_save_flags+0x27/0x730
[ 113.244339] ? set_file_basic_info+0x130/0x2b0 [ksmbd]
[ 113.244993] set_file_basic_info+0x130/0x2b0 [ksmbd]
[ 113.245613] ? process_scheduled_works+0xbe/0x310
[ 113.246181] ? worker_thread+0x100/0x240
[ 113.246696] ? kthread+0xc8/0x100
[ 113.247126] ? ret_from_fork+0x2b/0x40
[ 113.247606] ? ret_from_fork_asm+0x1a/0x30
[ 113.248132] smb2_set_info+0x63f/0xa70 [ksmbd]
ksmbd is trying to set the atime and mtime via notify_change without also
setting the ctime. so This patch add ATTR_CTIME flags when setting mtime
to avoid a warning.
Severity
5.5 (Medium)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
0626e6641f6b467447c81dd7678a69c66f7746cf , < c7ab587bd33ce45e2aa6b6d2d36be7ef0bd16614
(git)
Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < 1d7ee876b8b96efc14e177a7fe8d45ac25d68849 (git) Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < 52cefcff6a4a814f4f8e357422fcfb71fd2ebf75 (git) Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < 21e46a79bbe6c4e1aa73b3ed998130f2ff07b128 (git) |
|
| Linux | Linux |
Affected:
5.15
Unaffected: 0 , < 5.15 (semver) Unaffected: 6.1.164 , ≤ 6.1.* (semver) Unaffected: 6.6.70 , ≤ 6.6.* (semver) Unaffected: 6.12.9 , ≤ 6.12.* (semver) Unaffected: 6.13 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-57895",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:54:39.889229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:19.246Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/smb/server/smb2pdu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c7ab587bd33ce45e2aa6b6d2d36be7ef0bd16614",
"status": "affected",
"version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
"versionType": "git"
},
{
"lessThan": "1d7ee876b8b96efc14e177a7fe8d45ac25d68849",
"status": "affected",
"version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
"versionType": "git"
},
{
"lessThan": "52cefcff6a4a814f4f8e357422fcfb71fd2ebf75",
"status": "affected",
"version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
"versionType": "git"
},
{
"lessThan": "21e46a79bbe6c4e1aa73b3ed998130f2ff07b128",
"status": "affected",
"version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/smb/server/smb2pdu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.70",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.164",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.70",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.9",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: set ATTR_CTIME flags when setting mtime\n\nDavid reported that the new warning from setattr_copy_mgtime is coming\nlike the following.\n\n[ 113.215316] ------------[ cut here ]------------\n[ 113.215974] WARNING: CPU: 1 PID: 31 at fs/attr.c:300 setattr_copy+0x1ee/0x200\n[ 113.219192] CPU: 1 UID: 0 PID: 31 Comm: kworker/1:1 Not tainted 6.13.0-rc1+ #234\n[ 113.220127] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n[ 113.221530] Workqueue: ksmbd-io handle_ksmbd_work [ksmbd]\n[ 113.222220] RIP: 0010:setattr_copy+0x1ee/0x200\n[ 113.222833] Code: 24 28 49 8b 44 24 30 48 89 53 58 89 43 6c 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 48 89 df e8 77 d6 ff ff e9 cd fe ff ff \u003c0f\u003e 0b e9 be fe ff ff 66 0\n[ 113.225110] RSP: 0018:ffffaf218010fb68 EFLAGS: 00010202\n[ 113.225765] RAX: 0000000000000120 RBX: ffffa446815f8568 RCX: 0000000000000003\n[ 113.226667] RDX: ffffaf218010fd38 RSI: ffffa446815f8568 RDI: ffffffff94eb03a0\n[ 113.227531] RBP: ffffaf218010fb90 R08: 0000001a251e217d R09: 00000000675259fa\n[ 113.228426] R10: 0000000002ba8a6d R11: ffffa4468196c7a8 R12: ffffaf218010fd38\n[ 113.229304] R13: 0000000000000120 R14: ffffffff94eb03a0 R15: 0000000000000000\n[ 113.230210] FS: 0000000000000000(0000) GS:ffffa44739d00000(0000) knlGS:0000000000000000\n[ 113.231215] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 113.232055] CR2: 00007efe0053d27e CR3: 000000000331a000 CR4: 00000000000006b0\n[ 113.232926] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 113.233812] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 113.234797] Call Trace:\n[ 113.235116] \u003cTASK\u003e\n[ 113.235393] ? __warn+0x73/0xd0\n[ 113.235802] ? setattr_copy+0x1ee/0x200\n[ 113.236299] ? report_bug+0xf3/0x1e0\n[ 113.236757] ? handle_bug+0x4d/0x90\n[ 113.237202] ? exc_invalid_op+0x13/0x60\n[ 113.237689] ? asm_exc_invalid_op+0x16/0x20\n[ 113.238185] ? setattr_copy+0x1ee/0x200\n[ 113.238692] btrfs_setattr+0x80/0x820 [btrfs]\n[ 113.239285] ? get_stack_info_noinstr+0x12/0xf0\n[ 113.239857] ? __module_address+0x22/0xa0\n[ 113.240368] ? handle_ksmbd_work+0x6e/0x460 [ksmbd]\n[ 113.240993] ? __module_text_address+0x9/0x50\n[ 113.241545] ? __module_address+0x22/0xa0\n[ 113.242033] ? unwind_next_frame+0x10e/0x920\n[ 113.242600] ? __pfx_stack_trace_consume_entry+0x10/0x10\n[ 113.243268] notify_change+0x2c2/0x4e0\n[ 113.243746] ? stack_depot_save_flags+0x27/0x730\n[ 113.244339] ? set_file_basic_info+0x130/0x2b0 [ksmbd]\n[ 113.244993] set_file_basic_info+0x130/0x2b0 [ksmbd]\n[ 113.245613] ? process_scheduled_works+0xbe/0x310\n[ 113.246181] ? worker_thread+0x100/0x240\n[ 113.246696] ? kthread+0xc8/0x100\n[ 113.247126] ? ret_from_fork+0x2b/0x40\n[ 113.247606] ? ret_from_fork_asm+0x1a/0x30\n[ 113.248132] smb2_set_info+0x63f/0xa70 [ksmbd]\n\nksmbd is trying to set the atime and mtime via notify_change without also\nsetting the ctime. so This patch add ATTR_CTIME flags when setting mtime\nto avoid a warning."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:59:57.373Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c7ab587bd33ce45e2aa6b6d2d36be7ef0bd16614"
},
{
"url": "https://git.kernel.org/stable/c/1d7ee876b8b96efc14e177a7fe8d45ac25d68849"
},
{
"url": "https://git.kernel.org/stable/c/52cefcff6a4a814f4f8e357422fcfb71fd2ebf75"
},
{
"url": "https://git.kernel.org/stable/c/21e46a79bbe6c4e1aa73b3ed998130f2ff07b128"
}
],
"title": "ksmbd: set ATTR_CTIME flags when setting mtime",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-57895",
"datePublished": "2025-01-15T13:05:47.632Z",
"dateReserved": "2025-01-11T14:45:42.029Z",
"dateUpdated": "2026-05-11T20:59:57.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-22026 (GCVE-0-2025-22026)
Vulnerability from cvelistv5 – Published: 2025-04-16 14:11 – Updated: 2026-05-23 15:57
VLAI
EPSS
Title
nfsd: don't ignore the return code of svc_proc_register()
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfsd: don't ignore the return code of svc_proc_register()
Currently, nfsd_proc_stat_init() ignores the return value of
svc_proc_register(). If the procfile creation fails, then the kernel
will WARN when it tries to remove the entry later.
Fix nfsd_proc_stat_init() to return the same type of pointer as
svc_proc_register(), and fix up nfsd_net_init() to check that and fail
the nfsd_net construction if it occurs.
svc_proc_register() can fail if the dentry can't be allocated, or if an
identical dentry already exists. The second case is pretty unlikely in
the nfsd_net construction codepath, so if this happens, return -ENOMEM.
Severity
No CVSS data available.
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
10ece754df9a799131a1cf3197e9d26c04ddec22 , < 51da899c209a9624e48be416bd30e7ed5cd6c3d8
(git)
Affected: 6f8d6ed3426a17f77628cebfb6a6e2c6f2b2496c , < 30405b23b4d5e2a596fb756d48119d7293194e75 (git) Affected: 93483ac5fec62cc1de166051b219d953bb5e4ef4 , < 6a59b70fe71ec66c0dd19e2c279c71846a3fb2f0 (git) Affected: 93483ac5fec62cc1de166051b219d953bb5e4ef4 , < e31957a819e60cf0bc9a49408765e6095fd3d046 (git) Affected: 93483ac5fec62cc1de166051b219d953bb5e4ef4 , < 9d9456185fd5f1891c74354ee297f19538141ead (git) Affected: 93483ac5fec62cc1de166051b219d953bb5e4ef4 , < 930b64ca0c511521f0abdd1d57ce52b2a6e3476b (git) Affected: 5545496966631cd40ad3aa6450be56d0e5773d10 (git) Affected: 73c43bccf25cec9cdec62fc22a513c28a4b28390 (git) Affected: b7b05f98f3f06fea3986b46e5c7fe2928676b02d (git) Affected: 6.1.106 , < 6.1.164 (semver) Affected: 6.6.47 , < 6.6.125 (semver) Affected: 5.10.226 , < 5.11 (semver) Affected: 5.15.166 , < 5.16 (semver) Affected: 6.8.10 , < 6.9 (semver) |
|
| Linux | Linux |
Affected:
6.9
Unaffected: 0 , < 6.9 (semver) Unaffected: 6.1.164 , ≤ 6.1.* (semver) Unaffected: 6.6.125 , ≤ 6.6.* (semver) Unaffected: 6.12.24 , ≤ 6.12.* (semver) Unaffected: 6.13.12 , ≤ 6.13.* (semver) Unaffected: 6.14.2 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfsd/nfsctl.c",
"fs/nfsd/stats.c",
"fs/nfsd/stats.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "51da899c209a9624e48be416bd30e7ed5cd6c3d8",
"status": "affected",
"version": "10ece754df9a799131a1cf3197e9d26c04ddec22",
"versionType": "git"
},
{
"lessThan": "30405b23b4d5e2a596fb756d48119d7293194e75",
"status": "affected",
"version": "6f8d6ed3426a17f77628cebfb6a6e2c6f2b2496c",
"versionType": "git"
},
{
"lessThan": "6a59b70fe71ec66c0dd19e2c279c71846a3fb2f0",
"status": "affected",
"version": "93483ac5fec62cc1de166051b219d953bb5e4ef4",
"versionType": "git"
},
{
"lessThan": "e31957a819e60cf0bc9a49408765e6095fd3d046",
"status": "affected",
"version": "93483ac5fec62cc1de166051b219d953bb5e4ef4",
"versionType": "git"
},
{
"lessThan": "9d9456185fd5f1891c74354ee297f19538141ead",
"status": "affected",
"version": "93483ac5fec62cc1de166051b219d953bb5e4ef4",
"versionType": "git"
},
{
"lessThan": "930b64ca0c511521f0abdd1d57ce52b2a6e3476b",
"status": "affected",
"version": "93483ac5fec62cc1de166051b219d953bb5e4ef4",
"versionType": "git"
},
{
"status": "affected",
"version": "5545496966631cd40ad3aa6450be56d0e5773d10",
"versionType": "git"
},
{
"status": "affected",
"version": "73c43bccf25cec9cdec62fc22a513c28a4b28390",
"versionType": "git"
},
{
"status": "affected",
"version": "b7b05f98f3f06fea3986b46e5c7fe2928676b02d",
"versionType": "git"
},
{
"lessThan": "6.1.164",
"status": "affected",
"version": "6.1.106",
"versionType": "semver"
},
{
"lessThan": "6.6.125",
"status": "affected",
"version": "6.6.47",
"versionType": "semver"
},
{
"lessThan": "5.11",
"status": "affected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThan": "5.16",
"status": "affected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThan": "6.9",
"status": "affected",
"version": "6.8.10",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfsd/nfsctl.c",
"fs/nfsd/stats.c",
"fs/nfsd/stats.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.9"
},
{
"lessThan": "6.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.125",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.164",
"versionStartIncluding": "6.1.106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.125",
"versionStartIncluding": "6.6.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.24",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.12",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.2",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: don\u0027t ignore the return code of svc_proc_register()\n\nCurrently, nfsd_proc_stat_init() ignores the return value of\nsvc_proc_register(). If the procfile creation fails, then the kernel\nwill WARN when it tries to remove the entry later.\n\nFix nfsd_proc_stat_init() to return the same type of pointer as\nsvc_proc_register(), and fix up nfsd_net_init() to check that and fail\nthe nfsd_net construction if it occurs.\n\nsvc_proc_register() can fail if the dentry can\u0027t be allocated, or if an\nidentical dentry already exists. The second case is pretty unlikely in\nthe nfsd_net construction codepath, so if this happens, return -ENOMEM."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:57:38.007Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/51da899c209a9624e48be416bd30e7ed5cd6c3d8"
},
{
"url": "https://git.kernel.org/stable/c/30405b23b4d5e2a596fb756d48119d7293194e75"
},
{
"url": "https://git.kernel.org/stable/c/6a59b70fe71ec66c0dd19e2c279c71846a3fb2f0"
},
{
"url": "https://git.kernel.org/stable/c/e31957a819e60cf0bc9a49408765e6095fd3d046"
},
{
"url": "https://git.kernel.org/stable/c/9d9456185fd5f1891c74354ee297f19538141ead"
},
{
"url": "https://git.kernel.org/stable/c/930b64ca0c511521f0abdd1d57ce52b2a6e3476b"
}
],
"title": "nfsd: don\u0027t ignore the return code of svc_proc_register()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-22026",
"datePublished": "2025-04-16T14:11:47.243Z",
"dateReserved": "2024-12-29T08:45:45.807Z",
"dateUpdated": "2026-05-23T15:57:38.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-23155 (GCVE-0-2025-23155)
Vulnerability from cvelistv5 – Published: 2025-05-01 12:55 – Updated: 2026-05-11 21:14
VLAI
EPSS
Title
net: stmmac: Fix accessing freed irq affinity_hint
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: stmmac: Fix accessing freed irq affinity_hint
In stmmac_request_irq_multi_msi(), a pointer to the stack variable
cpu_mask is passed to irq_set_affinity_hint(). This value is stored in
irq_desc->affinity_hint, but once stmmac_request_irq_multi_msi()
returns, the pointer becomes dangling.
The affinity_hint is exposed via procfs with S_IRUGO permissions,
allowing any unprivileged process to read it. Accessing this stale
pointer can lead to:
- a kernel oops or panic if the referenced memory has been released and
unmapped, or
- leakage of kernel data into userspace if the memory is re-used for
other purposes.
All platforms that use stmmac with PCI MSI (Intel, Loongson, etc) are
affected.
Severity
No CVSS data available.
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
8deec94c6040bb4a767f6e9456a0a44c7f2e713e , < 2fbf67ddb8a0d0efc00d2df496a9843ec318d48b
(git)
Affected: 8deec94c6040bb4a767f6e9456a0a44c7f2e713e , < 960dab23f6d405740c537d095f90a4ee9ddd9285 (git) Affected: 8deec94c6040bb4a767f6e9456a0a44c7f2e713e , < 442312c2a90d60c7a5197246583fa91d9e579985 (git) Affected: 8deec94c6040bb4a767f6e9456a0a44c7f2e713e , < e148266e104fce396ad624079a6812ac3a9982ef (git) Affected: 8deec94c6040bb4a767f6e9456a0a44c7f2e713e , < 9e51a6a44e2c4de780a26e8fe110d708e806a8cd (git) Affected: 8deec94c6040bb4a767f6e9456a0a44c7f2e713e , < c60d101a226f18e9a8f01bb4c6ca2b47dfcb15ef (git) |
|
| Linux | Linux |
Affected:
5.13
Unaffected: 0 , < 5.13 (semver) Unaffected: 6.1.164 , ≤ 6.1.* (semver) Unaffected: 6.6.117 , ≤ 6.6.* (semver) Unaffected: 6.12.36 , ≤ 6.12.* (semver) Unaffected: 6.13.12 , ≤ 6.13.* (semver) Unaffected: 6.14.3 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/stmicro/stmmac/stmmac_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2fbf67ddb8a0d0efc00d2df496a9843ec318d48b",
"status": "affected",
"version": "8deec94c6040bb4a767f6e9456a0a44c7f2e713e",
"versionType": "git"
},
{
"lessThan": "960dab23f6d405740c537d095f90a4ee9ddd9285",
"status": "affected",
"version": "8deec94c6040bb4a767f6e9456a0a44c7f2e713e",
"versionType": "git"
},
{
"lessThan": "442312c2a90d60c7a5197246583fa91d9e579985",
"status": "affected",
"version": "8deec94c6040bb4a767f6e9456a0a44c7f2e713e",
"versionType": "git"
},
{
"lessThan": "e148266e104fce396ad624079a6812ac3a9982ef",
"status": "affected",
"version": "8deec94c6040bb4a767f6e9456a0a44c7f2e713e",
"versionType": "git"
},
{
"lessThan": "9e51a6a44e2c4de780a26e8fe110d708e806a8cd",
"status": "affected",
"version": "8deec94c6040bb4a767f6e9456a0a44c7f2e713e",
"versionType": "git"
},
{
"lessThan": "c60d101a226f18e9a8f01bb4c6ca2b47dfcb15ef",
"status": "affected",
"version": "8deec94c6040bb4a767f6e9456a0a44c7f2e713e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/stmicro/stmmac/stmmac_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.117",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.164",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.117",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.36",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.12",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.3",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: Fix accessing freed irq affinity_hint\n\nIn stmmac_request_irq_multi_msi(), a pointer to the stack variable\ncpu_mask is passed to irq_set_affinity_hint(). This value is stored in\nirq_desc-\u003eaffinity_hint, but once stmmac_request_irq_multi_msi()\nreturns, the pointer becomes dangling.\n\nThe affinity_hint is exposed via procfs with S_IRUGO permissions,\nallowing any unprivileged process to read it. Accessing this stale\npointer can lead to:\n\n- a kernel oops or panic if the referenced memory has been released and\n unmapped, or\n- leakage of kernel data into userspace if the memory is re-used for\n other purposes.\n\nAll platforms that use stmmac with PCI MSI (Intel, Loongson, etc) are\naffected."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:14:00.995Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2fbf67ddb8a0d0efc00d2df496a9843ec318d48b"
},
{
"url": "https://git.kernel.org/stable/c/960dab23f6d405740c537d095f90a4ee9ddd9285"
},
{
"url": "https://git.kernel.org/stable/c/442312c2a90d60c7a5197246583fa91d9e579985"
},
{
"url": "https://git.kernel.org/stable/c/e148266e104fce396ad624079a6812ac3a9982ef"
},
{
"url": "https://git.kernel.org/stable/c/9e51a6a44e2c4de780a26e8fe110d708e806a8cd"
},
{
"url": "https://git.kernel.org/stable/c/c60d101a226f18e9a8f01bb4c6ca2b47dfcb15ef"
}
],
"title": "net: stmmac: Fix accessing freed irq affinity_hint",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-23155",
"datePublished": "2025-05-01T12:55:41.607Z",
"dateReserved": "2025-01-11T14:28:41.514Z",
"dateUpdated": "2026-05-11T21:14:00.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37786 (GCVE-0-2025-37786)
Vulnerability from cvelistv5 – Published: 2025-05-01 13:07 – Updated: 2026-05-11 21:15
VLAI
EPSS
Title
net: dsa: free routing table on probe failure
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: free routing table on probe failure
If complete = true in dsa_tree_setup(), it means that we are the last
switch of the tree which is successfully probing, and we should be
setting up all switches from our probe path.
After "complete" becomes true, dsa_tree_setup_cpu_ports() or any
subsequent function may fail. If that happens, the entire tree setup is
in limbo: the first N-1 switches have successfully finished probing
(doing nothing but having allocated persistent memory in the tree's
dst->ports, and maybe dst->rtable), and switch N failed to probe, ending
the tree setup process before anything is tangible from the user's PoV.
If switch N fails to probe, its memory (ports) will be freed and removed
from dst->ports. However, the dst->rtable elements pointing to its ports,
as created by dsa_link_touch(), will remain there, and will lead to
use-after-free if dereferenced.
If dsa_tree_setup_switches() returns -EPROBE_DEFER, which is entirely
possible because that is where ds->ops->setup() is, we get a kasan
report like this:
==================================================================
BUG: KASAN: slab-use-after-free in mv88e6xxx_setup_upstream_port+0x240/0x568
Read of size 8 at addr ffff000004f56020 by task kworker/u8:3/42
Call trace:
__asan_report_load8_noabort+0x20/0x30
mv88e6xxx_setup_upstream_port+0x240/0x568
mv88e6xxx_setup+0xebc/0x1eb0
dsa_register_switch+0x1af4/0x2ae0
mv88e6xxx_register_switch+0x1b8/0x2a8
mv88e6xxx_probe+0xc4c/0xf60
mdio_probe+0x78/0xb8
really_probe+0x2b8/0x5a8
__driver_probe_device+0x164/0x298
driver_probe_device+0x78/0x258
__device_attach_driver+0x274/0x350
Allocated by task 42:
__kasan_kmalloc+0x84/0xa0
__kmalloc_cache_noprof+0x298/0x490
dsa_switch_touch_ports+0x174/0x3d8
dsa_register_switch+0x800/0x2ae0
mv88e6xxx_register_switch+0x1b8/0x2a8
mv88e6xxx_probe+0xc4c/0xf60
mdio_probe+0x78/0xb8
really_probe+0x2b8/0x5a8
__driver_probe_device+0x164/0x298
driver_probe_device+0x78/0x258
__device_attach_driver+0x274/0x350
Freed by task 42:
__kasan_slab_free+0x48/0x68
kfree+0x138/0x418
dsa_register_switch+0x2694/0x2ae0
mv88e6xxx_register_switch+0x1b8/0x2a8
mv88e6xxx_probe+0xc4c/0xf60
mdio_probe+0x78/0xb8
really_probe+0x2b8/0x5a8
__driver_probe_device+0x164/0x298
driver_probe_device+0x78/0x258
__device_attach_driver+0x274/0x350
The simplest way to fix the bug is to delete the routing table in its
entirety. dsa_tree_setup_routing_table() has no problem in regenerating
it even if we deleted links between ports other than those of switch N,
because dsa_link_touch() first checks whether the port pair already
exists in dst->rtable, allocating if not.
The deletion of the routing table in its entirety already exists in
dsa_tree_teardown(), so refactor that into a function that can also be
called from the tree setup error path.
In my analysis of the commit to blame, it is the one which added
dsa_link elements to dst->rtable. Prior to that, each switch had its own
ds->rtable which is freed when the switch fails to probe. But the tree
is potentially persistent memory.
Severity
No CVSS data available.
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
c5f51765a1f60b701840544faf3ca63204b8dc3c , < 51df5513cca6349d0bea01bab95cd96cf869976e
(git)
Affected: c5f51765a1f60b701840544faf3ca63204b8dc3c , < 6c20894d21600ca1e8549086dfbb986e277bf8a6 (git) Affected: c5f51765a1f60b701840544faf3ca63204b8dc3c , < fb12b460ec46c9efad98de6d9ba349691db51dc7 (git) Affected: c5f51765a1f60b701840544faf3ca63204b8dc3c , < 5c8066fbdb9653c6e9a224bdcd8f9c91a484f0de (git) Affected: c5f51765a1f60b701840544faf3ca63204b8dc3c , < a038f5f15af455dfe35bc68549e02b950978700a (git) Affected: c5f51765a1f60b701840544faf3ca63204b8dc3c , < 8bf108d7161ffc6880ad13a0cc109de3cf631727 (git) |
|
| Linux | Linux |
Affected:
5.5
Unaffected: 0 , < 5.5 (semver) Unaffected: 5.15.201 , ≤ 5.15.* (semver) Unaffected: 6.1.164 , ≤ 6.1.* (semver) Unaffected: 6.6.88 , ≤ 6.6.* (semver) Unaffected: 6.12.25 , ≤ 6.12.* (semver) Unaffected: 6.14.4 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/dsa/dsa.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "51df5513cca6349d0bea01bab95cd96cf869976e",
"status": "affected",
"version": "c5f51765a1f60b701840544faf3ca63204b8dc3c",
"versionType": "git"
},
{
"lessThan": "6c20894d21600ca1e8549086dfbb986e277bf8a6",
"status": "affected",
"version": "c5f51765a1f60b701840544faf3ca63204b8dc3c",
"versionType": "git"
},
{
"lessThan": "fb12b460ec46c9efad98de6d9ba349691db51dc7",
"status": "affected",
"version": "c5f51765a1f60b701840544faf3ca63204b8dc3c",
"versionType": "git"
},
{
"lessThan": "5c8066fbdb9653c6e9a224bdcd8f9c91a484f0de",
"status": "affected",
"version": "c5f51765a1f60b701840544faf3ca63204b8dc3c",
"versionType": "git"
},
{
"lessThan": "a038f5f15af455dfe35bc68549e02b950978700a",
"status": "affected",
"version": "c5f51765a1f60b701840544faf3ca63204b8dc3c",
"versionType": "git"
},
{
"lessThan": "8bf108d7161ffc6880ad13a0cc109de3cf631727",
"status": "affected",
"version": "c5f51765a1f60b701840544faf3ca63204b8dc3c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/dsa/dsa.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.25",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.201",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.164",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.88",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.25",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.4",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: free routing table on probe failure\n\nIf complete = true in dsa_tree_setup(), it means that we are the last\nswitch of the tree which is successfully probing, and we should be\nsetting up all switches from our probe path.\n\nAfter \"complete\" becomes true, dsa_tree_setup_cpu_ports() or any\nsubsequent function may fail. If that happens, the entire tree setup is\nin limbo: the first N-1 switches have successfully finished probing\n(doing nothing but having allocated persistent memory in the tree\u0027s\ndst-\u003eports, and maybe dst-\u003ertable), and switch N failed to probe, ending\nthe tree setup process before anything is tangible from the user\u0027s PoV.\n\nIf switch N fails to probe, its memory (ports) will be freed and removed\nfrom dst-\u003eports. However, the dst-\u003ertable elements pointing to its ports,\nas created by dsa_link_touch(), will remain there, and will lead to\nuse-after-free if dereferenced.\n\nIf dsa_tree_setup_switches() returns -EPROBE_DEFER, which is entirely\npossible because that is where ds-\u003eops-\u003esetup() is, we get a kasan\nreport like this:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in mv88e6xxx_setup_upstream_port+0x240/0x568\nRead of size 8 at addr ffff000004f56020 by task kworker/u8:3/42\n\nCall trace:\n __asan_report_load8_noabort+0x20/0x30\n mv88e6xxx_setup_upstream_port+0x240/0x568\n mv88e6xxx_setup+0xebc/0x1eb0\n dsa_register_switch+0x1af4/0x2ae0\n mv88e6xxx_register_switch+0x1b8/0x2a8\n mv88e6xxx_probe+0xc4c/0xf60\n mdio_probe+0x78/0xb8\n really_probe+0x2b8/0x5a8\n __driver_probe_device+0x164/0x298\n driver_probe_device+0x78/0x258\n __device_attach_driver+0x274/0x350\n\nAllocated by task 42:\n __kasan_kmalloc+0x84/0xa0\n __kmalloc_cache_noprof+0x298/0x490\n dsa_switch_touch_ports+0x174/0x3d8\n dsa_register_switch+0x800/0x2ae0\n mv88e6xxx_register_switch+0x1b8/0x2a8\n mv88e6xxx_probe+0xc4c/0xf60\n mdio_probe+0x78/0xb8\n really_probe+0x2b8/0x5a8\n __driver_probe_device+0x164/0x298\n driver_probe_device+0x78/0x258\n __device_attach_driver+0x274/0x350\n\nFreed by task 42:\n __kasan_slab_free+0x48/0x68\n kfree+0x138/0x418\n dsa_register_switch+0x2694/0x2ae0\n mv88e6xxx_register_switch+0x1b8/0x2a8\n mv88e6xxx_probe+0xc4c/0xf60\n mdio_probe+0x78/0xb8\n really_probe+0x2b8/0x5a8\n __driver_probe_device+0x164/0x298\n driver_probe_device+0x78/0x258\n __device_attach_driver+0x274/0x350\n\nThe simplest way to fix the bug is to delete the routing table in its\nentirety. dsa_tree_setup_routing_table() has no problem in regenerating\nit even if we deleted links between ports other than those of switch N,\nbecause dsa_link_touch() first checks whether the port pair already\nexists in dst-\u003ertable, allocating if not.\n\nThe deletion of the routing table in its entirety already exists in\ndsa_tree_teardown(), so refactor that into a function that can also be\ncalled from the tree setup error path.\n\nIn my analysis of the commit to blame, it is the one which added\ndsa_link elements to dst-\u003ertable. Prior to that, each switch had its own\nds-\u003ertable which is freed when the switch fails to probe. But the tree\nis potentially persistent memory."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:15:09.021Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/51df5513cca6349d0bea01bab95cd96cf869976e"
},
{
"url": "https://git.kernel.org/stable/c/6c20894d21600ca1e8549086dfbb986e277bf8a6"
},
{
"url": "https://git.kernel.org/stable/c/fb12b460ec46c9efad98de6d9ba349691db51dc7"
},
{
"url": "https://git.kernel.org/stable/c/5c8066fbdb9653c6e9a224bdcd8f9c91a484f0de"
},
{
"url": "https://git.kernel.org/stable/c/a038f5f15af455dfe35bc68549e02b950978700a"
},
{
"url": "https://git.kernel.org/stable/c/8bf108d7161ffc6880ad13a0cc109de3cf631727"
}
],
"title": "net: dsa: free routing table on probe failure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-37786",
"datePublished": "2025-05-01T13:07:20.980Z",
"dateReserved": "2025-04-16T04:51:23.940Z",
"dateUpdated": "2026-05-11T21:15:09.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37822 (GCVE-0-2025-37822)
Vulnerability from cvelistv5 – Published: 2025-05-08 06:26 – Updated: 2026-05-11 21:15
VLAI
EPSS
Title
riscv: uprobes: Add missing fence.i after building the XOL buffer
Summary
In the Linux kernel, the following vulnerability has been resolved:
riscv: uprobes: Add missing fence.i after building the XOL buffer
The XOL (execute out-of-line) buffer is used to single-step the
replaced instruction(s) for uprobes. The RISC-V port was missing a
proper fence.i (i$ flushing) after constructing the XOL buffer, which
can result in incorrect execution of stale/broken instructions.
This was found running the BPF selftests "test_progs:
uprobe_autoattach, attach_probe" on the Spacemit K1/X60, where the
uprobes tests randomly blew up.
Severity
No CVSS data available.
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
74784081aac8a0f3636965fc230e2d3b7cc123c6 , < be6d98766ac952d38241d5a5b213f363afa421c3
(git)
Affected: 74784081aac8a0f3636965fc230e2d3b7cc123c6 , < b6d8d4d01ca8514fa89b05355f296758a91e2297 (git) Affected: 74784081aac8a0f3636965fc230e2d3b7cc123c6 , < 77c956152a3a7c7a18b68f3654f70565b2181d03 (git) Affected: 74784081aac8a0f3636965fc230e2d3b7cc123c6 , < bcf6d3158c5902d92b6d62335af4422b7bf7c4e2 (git) Affected: 74784081aac8a0f3636965fc230e2d3b7cc123c6 , < 1dbb95a36499374c51b47ee8ae258a8862c20978 (git) Affected: 74784081aac8a0f3636965fc230e2d3b7cc123c6 , < 7d1d19a11cfbfd8bae1d89cc010b2cc397cd0c48 (git) |
|
| Linux | Linux |
Affected:
5.12
Unaffected: 0 , < 5.12 (semver) Unaffected: 5.15.200 , ≤ 5.15.* (semver) Unaffected: 6.1.163 , ≤ 6.1.* (semver) Unaffected: 6.6.121 , ≤ 6.6.* (semver) Unaffected: 6.12.26 , ≤ 6.12.* (semver) Unaffected: 6.14.5 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/riscv/kernel/probes/uprobes.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "be6d98766ac952d38241d5a5b213f363afa421c3",
"status": "affected",
"version": "74784081aac8a0f3636965fc230e2d3b7cc123c6",
"versionType": "git"
},
{
"lessThan": "b6d8d4d01ca8514fa89b05355f296758a91e2297",
"status": "affected",
"version": "74784081aac8a0f3636965fc230e2d3b7cc123c6",
"versionType": "git"
},
{
"lessThan": "77c956152a3a7c7a18b68f3654f70565b2181d03",
"status": "affected",
"version": "74784081aac8a0f3636965fc230e2d3b7cc123c6",
"versionType": "git"
},
{
"lessThan": "bcf6d3158c5902d92b6d62335af4422b7bf7c4e2",
"status": "affected",
"version": "74784081aac8a0f3636965fc230e2d3b7cc123c6",
"versionType": "git"
},
{
"lessThan": "1dbb95a36499374c51b47ee8ae258a8862c20978",
"status": "affected",
"version": "74784081aac8a0f3636965fc230e2d3b7cc123c6",
"versionType": "git"
},
{
"lessThan": "7d1d19a11cfbfd8bae1d89cc010b2cc397cd0c48",
"status": "affected",
"version": "74784081aac8a0f3636965fc230e2d3b7cc123c6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/riscv/kernel/probes/uprobes.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.200",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.200",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.163",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.121",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.26",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.5",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: uprobes: Add missing fence.i after building the XOL buffer\n\nThe XOL (execute out-of-line) buffer is used to single-step the\nreplaced instruction(s) for uprobes. The RISC-V port was missing a\nproper fence.i (i$ flushing) after constructing the XOL buffer, which\ncan result in incorrect execution of stale/broken instructions.\n\nThis was found running the BPF selftests \"test_progs:\nuprobe_autoattach, attach_probe\" on the Spacemit K1/X60, where the\nuprobes tests randomly blew up."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:15:48.833Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/be6d98766ac952d38241d5a5b213f363afa421c3"
},
{
"url": "https://git.kernel.org/stable/c/b6d8d4d01ca8514fa89b05355f296758a91e2297"
},
{
"url": "https://git.kernel.org/stable/c/77c956152a3a7c7a18b68f3654f70565b2181d03"
},
{
"url": "https://git.kernel.org/stable/c/bcf6d3158c5902d92b6d62335af4422b7bf7c4e2"
},
{
"url": "https://git.kernel.org/stable/c/1dbb95a36499374c51b47ee8ae258a8862c20978"
},
{
"url": "https://git.kernel.org/stable/c/7d1d19a11cfbfd8bae1d89cc010b2cc397cd0c48"
}
],
"title": "riscv: uprobes: Add missing fence.i after building the XOL buffer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-37822",
"datePublished": "2025-05-08T06:26:16.209Z",
"dateReserved": "2025-04-16T04:51:23.947Z",
"dateUpdated": "2026-05-11T21:15:48.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37920 (GCVE-0-2025-37920)
Vulnerability from cvelistv5 – Published: 2025-05-20 15:21 – Updated: 2026-05-23 15:58
VLAI
EPSS
Title
xsk: Fix race condition in AF_XDP generic RX path
Summary
In the Linux kernel, the following vulnerability has been resolved:
xsk: Fix race condition in AF_XDP generic RX path
Move rx_lock from xsk_socket to xsk_buff_pool.
Fix synchronization for shared umem mode in
generic RX path where multiple sockets share
single xsk_buff_pool.
RX queue is exclusive to xsk_socket, while FILL
queue can be shared between multiple sockets.
This could result in race condition where two
CPU cores access RX path of two different sockets
sharing the same umem.
Protect both queues by acquiring spinlock in shared
xsk_buff_pool.
Lock contention may be minimized in the future by some
per-thread FQ buffering.
It's safe and necessary to move spin_lock_bh(rx_lock)
after xsk_rcv_check():
* xs->pool and spinlock_init is synchronized by
xsk_bind() -> xsk_is_bound() memory barriers.
* xsk_rcv_check() may return true at the moment
of xsk_release() or xsk_unbind_dev(),
however this will not cause any data races or
race conditions. xsk_unbind_dev() removes xdp
socket from all maps and waits for completion
of all outstanding rx operations. Packets in
RX path will either complete safely or drop.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
bf0bdd1343efbbf65b4d53aef1fce14acbd79d50 , < 975b372313dc018b9bd6cc0d85d188787054b19e
(git)
Affected: bf0bdd1343efbbf65b4d53aef1fce14acbd79d50 , < b6978c565ce33658543c637060852434b4248d30 (git) Affected: bf0bdd1343efbbf65b4d53aef1fce14acbd79d50 , < 65d3c570614b892257dc58a1b202908242ecf8fd (git) Affected: bf0bdd1343efbbf65b4d53aef1fce14acbd79d50 , < 75a240a3e8abf17b9e00b0ef0492b1bbaa932251 (git) Affected: bf0bdd1343efbbf65b4d53aef1fce14acbd79d50 , < a1356ac7749cafc4e27aa62c0c4604b5dca4983e (git) Affected: fd7c22ba7a0ad898b9ecf77dd53f5ccc48492e35 (git) Affected: 8a090e3b73eaffe18e08ccc3fb5abecf6b0a9781 (git) Affected: 5.1.20 , < 5.2 (semver) Affected: 5.2.3 , < 5.3 (semver) |
|
| Linux | Linux |
Affected:
5.3
Unaffected: 0 , < 5.3 (semver) Unaffected: 6.1.164 , ≤ 6.1.* (semver) Unaffected: 6.6.123 , ≤ 6.6.* (semver) Unaffected: 6.12.28 , ≤ 6.12.* (semver) Unaffected: 6.14.6 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/xdp_sock.h",
"include/net/xsk_buff_pool.h",
"net/xdp/xsk.c",
"net/xdp/xsk_buff_pool.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "975b372313dc018b9bd6cc0d85d188787054b19e",
"status": "affected",
"version": "bf0bdd1343efbbf65b4d53aef1fce14acbd79d50",
"versionType": "git"
},
{
"lessThan": "b6978c565ce33658543c637060852434b4248d30",
"status": "affected",
"version": "bf0bdd1343efbbf65b4d53aef1fce14acbd79d50",
"versionType": "git"
},
{
"lessThan": "65d3c570614b892257dc58a1b202908242ecf8fd",
"status": "affected",
"version": "bf0bdd1343efbbf65b4d53aef1fce14acbd79d50",
"versionType": "git"
},
{
"lessThan": "75a240a3e8abf17b9e00b0ef0492b1bbaa932251",
"status": "affected",
"version": "bf0bdd1343efbbf65b4d53aef1fce14acbd79d50",
"versionType": "git"
},
{
"lessThan": "a1356ac7749cafc4e27aa62c0c4604b5dca4983e",
"status": "affected",
"version": "bf0bdd1343efbbf65b4d53aef1fce14acbd79d50",
"versionType": "git"
},
{
"status": "affected",
"version": "fd7c22ba7a0ad898b9ecf77dd53f5ccc48492e35",
"versionType": "git"
},
{
"status": "affected",
"version": "8a090e3b73eaffe18e08ccc3fb5abecf6b0a9781",
"versionType": "git"
},
{
"lessThan": "5.2",
"status": "affected",
"version": "5.1.20",
"versionType": "semver"
},
{
"lessThan": "5.3",
"status": "affected",
"version": "5.2.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/xdp_sock.h",
"include/net/xsk_buff_pool.h",
"net/xdp/xsk.c",
"net/xdp/xsk_buff_pool.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.123",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.164",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.123",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.28",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.6",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Fix race condition in AF_XDP generic RX path\n\nMove rx_lock from xsk_socket to xsk_buff_pool.\nFix synchronization for shared umem mode in\ngeneric RX path where multiple sockets share\nsingle xsk_buff_pool.\n\nRX queue is exclusive to xsk_socket, while FILL\nqueue can be shared between multiple sockets.\nThis could result in race condition where two\nCPU cores access RX path of two different sockets\nsharing the same umem.\n\nProtect both queues by acquiring spinlock in shared\nxsk_buff_pool.\n\nLock contention may be minimized in the future by some\nper-thread FQ buffering.\n\nIt\u0027s safe and necessary to move spin_lock_bh(rx_lock)\nafter xsk_rcv_check():\n* xs-\u003epool and spinlock_init is synchronized by\n xsk_bind() -\u003e xsk_is_bound() memory barriers.\n* xsk_rcv_check() may return true at the moment\n of xsk_release() or xsk_unbind_dev(),\n however this will not cause any data races or\n race conditions. xsk_unbind_dev() removes xdp\n socket from all maps and waits for completion\n of all outstanding rx operations. Packets in\n RX path will either complete safely or drop."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:58:35.615Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/975b372313dc018b9bd6cc0d85d188787054b19e"
},
{
"url": "https://git.kernel.org/stable/c/b6978c565ce33658543c637060852434b4248d30"
},
{
"url": "https://git.kernel.org/stable/c/65d3c570614b892257dc58a1b202908242ecf8fd"
},
{
"url": "https://git.kernel.org/stable/c/75a240a3e8abf17b9e00b0ef0492b1bbaa932251"
},
{
"url": "https://git.kernel.org/stable/c/a1356ac7749cafc4e27aa62c0c4604b5dca4983e"
}
],
"title": "xsk: Fix race condition in AF_XDP generic RX path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-37920",
"datePublished": "2025-05-20T15:21:49.685Z",
"dateReserved": "2025-04-16T04:51:23.968Z",
"dateUpdated": "2026-05-23T15:58:35.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-38201 (GCVE-0-2025-38201)
Vulnerability from cvelistv5 – Published: 2025-07-04 13:37 – Updated: 2026-05-11 21:23
VLAI
EPSS
Title
netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX
Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof()
when resizing hashtable because __GFP_NOWARN is unset.
Similar to:
b541ba7d1f5a ("netfilter: conntrack: clamp maximum hashtable size to INT_MAX")
Severity
No CVSS data available.
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
3c4287f62044a90e73a561aa05fc46e62da173da , < 1fe27f97944017a9d3c5af4d6d95282bff0f1147
(git)
Affected: 3c4287f62044a90e73a561aa05fc46e62da173da , < 4abccfb61f422300be014b8e734c63344306f009 (git) Affected: 3c4287f62044a90e73a561aa05fc46e62da173da , < 80417057ac60dd80f4816eb426e4e4a5bf696534 (git) Affected: 3c4287f62044a90e73a561aa05fc46e62da173da , < df524a68d9021c1401965d610bb6e42ee5d9611e (git) Affected: 3c4287f62044a90e73a561aa05fc46e62da173da , < 0ab3de047808f375a36cd345225572eb3366f3c6 (git) Affected: 3c4287f62044a90e73a561aa05fc46e62da173da , < d2768016f091f8a5264076b433fd7c3fabb6eb97 (git) Affected: 3c4287f62044a90e73a561aa05fc46e62da173da , < b85e3367a5716ed3662a4fe266525190d2af76df (git) |
|
| Linux | Linux |
Affected:
5.6
Unaffected: 0 , < 5.6 (semver) Unaffected: 5.10.250 , ≤ 5.10.* (semver) Unaffected: 5.15.200 , ≤ 5.15.* (semver) Unaffected: 6.1.163 , ≤ 6.1.* (semver) Unaffected: 6.6.124 , ≤ 6.6.* (semver) Unaffected: 6.12.35 , ≤ 6.12.* (semver) Unaffected: 6.15.4 , ≤ 6.15.* (semver) Unaffected: 6.16 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_set_pipapo.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1fe27f97944017a9d3c5af4d6d95282bff0f1147",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
},
{
"lessThan": "4abccfb61f422300be014b8e734c63344306f009",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
},
{
"lessThan": "80417057ac60dd80f4816eb426e4e4a5bf696534",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
},
{
"lessThan": "df524a68d9021c1401965d610bb6e42ee5d9611e",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
},
{
"lessThan": "0ab3de047808f375a36cd345225572eb3366f3c6",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
},
{
"lessThan": "d2768016f091f8a5264076b433fd7c3fabb6eb97",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
},
{
"lessThan": "b85e3367a5716ed3662a4fe266525190d2af76df",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_set_pipapo.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.250",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.200",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.15.*",
"status": "unaffected",
"version": "6.15.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.16",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.250",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.200",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.163",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.124",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.35",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15.4",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX\n\nOtherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof()\nwhen resizing hashtable because __GFP_NOWARN is unset.\n\nSimilar to:\n\n b541ba7d1f5a (\"netfilter: conntrack: clamp maximum hashtable size to INT_MAX\")"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:23:12.582Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1fe27f97944017a9d3c5af4d6d95282bff0f1147"
},
{
"url": "https://git.kernel.org/stable/c/4abccfb61f422300be014b8e734c63344306f009"
},
{
"url": "https://git.kernel.org/stable/c/80417057ac60dd80f4816eb426e4e4a5bf696534"
},
{
"url": "https://git.kernel.org/stable/c/df524a68d9021c1401965d610bb6e42ee5d9611e"
},
{
"url": "https://git.kernel.org/stable/c/0ab3de047808f375a36cd345225572eb3366f3c6"
},
{
"url": "https://git.kernel.org/stable/c/d2768016f091f8a5264076b433fd7c3fabb6eb97"
},
{
"url": "https://git.kernel.org/stable/c/b85e3367a5716ed3662a4fe266525190d2af76df"
}
],
"title": "netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-38201",
"datePublished": "2025-07-04T13:37:22.732Z",
"dateReserved": "2025-04-16T04:51:23.993Z",
"dateUpdated": "2026-05-11T21:23:12.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…