Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0898
Vulnerability from certfr_avis - Published: 2026-07-17 - Updated: 2026-07-17
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 24.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 25.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-46325",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46325"
},
{
"name": "CVE-2026-23198",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23198"
},
{
"name": "CVE-2026-23202",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23202"
},
{
"name": "CVE-2026-46119",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46119"
},
{
"name": "CVE-2026-43414",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43414"
},
{
"name": "CVE-2025-38201",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38201"
},
{
"name": "CVE-2023-52646",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52646"
},
{
"name": "CVE-2021-47202",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47202"
},
{
"name": "CVE-2026-31402",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31402"
},
{
"name": "CVE-2026-23450",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23450"
},
{
"name": "CVE-2025-37778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37778"
},
{
"name": "CVE-2026-31685",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31685"
},
{
"name": "CVE-2026-46185",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46185"
},
{
"name": "CVE-2026-45988",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45988"
},
{
"name": "CVE-2021-47117",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47117"
},
{
"name": "CVE-2026-31448",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31448"
},
{
"name": "CVE-2026-43011",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43011"
},
{
"name": "CVE-2026-23258",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23258"
},
{
"name": "CVE-2026-46195",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46195"
},
{
"name": "CVE-2024-56643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56643"
},
{
"name": "CVE-2025-37924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37924"
},
{
"name": "CVE-2026-31668",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31668"
},
{
"name": "CVE-2026-31478",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31478"
},
{
"name": "CVE-2025-40082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40082"
},
{
"name": "CVE-2026-31635",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31635"
},
{
"name": "CVE-2026-43503",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43503"
},
{
"name": "CVE-2025-37822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37822"
},
{
"name": "CVE-2026-43376",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43376"
},
{
"name": "CVE-2026-23256",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23256"
},
{
"name": "CVE-2026-31659",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31659"
},
{
"name": "CVE-2026-43117",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43117"
},
{
"name": "CVE-2026-43493",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43493"
},
{
"name": "CVE-2026-43383",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43383"
},
{
"name": "CVE-2026-31718",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31718"
},
{
"name": "CVE-2023-53673",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53673"
},
{
"name": "CVE-2026-46043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46043"
},
{
"name": "CVE-2026-31418",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31418"
},
{
"name": "CVE-2026-43197",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43197"
},
{
"name": "CVE-2025-71220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71220"
},
{
"name": "CVE-2026-23180",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23180"
},
{
"name": "CVE-2026-46243",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46243"
},
{
"name": "CVE-2026-23262",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23262"
},
{
"name": "CVE-2026-31669",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31669"
},
{
"name": "CVE-2026-23216",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23216"
},
{
"name": "CVE-2026-46289",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46289"
},
{
"name": "CVE-2026-43407",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43407"
},
{
"name": "CVE-2026-23427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23427"
},
{
"name": "CVE-2026-43402",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43402"
},
{
"name": "CVE-2026-23176",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23176"
},
{
"name": "CVE-2025-71089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71089"
},
{
"name": "CVE-2026-43304",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43304"
},
{
"name": "CVE-2026-43185",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43185"
},
{
"name": "CVE-2026-43378",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43378"
},
{
"name": "CVE-2026-43384",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43384"
},
{
"name": "CVE-2026-43501",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43501"
},
{
"name": "CVE-2026-46266",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46266"
},
{
"name": "CVE-2025-71224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71224"
},
{
"name": "CVE-2026-23193",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23193"
},
{
"name": "CVE-2026-23392",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23392"
},
{
"name": "CVE-2026-46135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46135"
},
{
"name": "CVE-2025-71222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71222"
},
{
"name": "CVE-2026-31607",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31607"
},
{
"name": "CVE-2026-31637",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31637"
},
{
"name": "CVE-2026-23428",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23428"
},
{
"name": "CVE-2026-46244",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46244"
},
{
"name": "CVE-2026-23278",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23278"
},
{
"name": "CVE-2026-23257",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23257"
},
{
"name": "CVE-2026-46115",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46115"
},
{
"name": "CVE-2026-46316",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46316"
},
{
"name": "CVE-2026-31682",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31682"
},
{
"name": "CVE-2026-43406",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43406"
},
{
"name": "CVE-2025-68214",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68214"
},
{
"name": "CVE-2026-23182",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23182"
},
{
"name": "CVE-2026-23455",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23455"
},
{
"name": "CVE-2026-43341",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43341"
},
{
"name": "CVE-2026-43071",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43071"
},
{
"name": "CVE-2026-22984",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22984"
},
{
"name": "CVE-2026-45898",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45898"
},
{
"name": "CVE-2026-23206",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23206"
},
{
"name": "CVE-2026-43037",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43037"
},
{
"name": "CVE-2026-43186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43186"
},
{
"name": "CVE-2026-43083",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43083"
},
{
"name": "CVE-2026-31649",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31649"
},
{
"name": "CVE-2026-23272",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23272"
},
{
"name": "CVE-2026-23190",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23190"
},
{
"name": "CVE-2026-43114",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43114"
},
{
"name": "CVE-2022-48816",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48816"
},
{
"name": "CVE-2026-31657",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31657"
},
{
"name": "CVE-2026-43125",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43125"
},
{
"name": "CVE-2026-31436",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31436"
},
{
"name": "CVE-2026-43038",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43038"
},
{
"name": "CVE-2025-68263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68263"
},
{
"name": "CVE-2026-46039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46039"
}
],
"initial_release_date": "2026-07-17T00:00:00",
"last_revision_date": "2026-07-17T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0898",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-07-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2026-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-8545-1",
"url": "https://ubuntu.com/security/notices/USN-8545-1"
},
{
"published_at": "2026-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-8546-1",
"url": "https://ubuntu.com/security/notices/USN-8546-1"
},
{
"published_at": "2026-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-8548-1",
"url": "https://ubuntu.com/security/notices/USN-8548-1"
},
{
"published_at": "2026-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-8547-1",
"url": "https://ubuntu.com/security/notices/USN-8547-1"
}
]
}
CVE-2021-47117 (GCVE-0-2021-47117)
Vulnerability from cvelistv5 – Published: 2024-03-15 20:14 – Updated: 2026-05-11 13:48
VLAI
EPSS
VEX
Title
ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
We got follow bug_on when run fsstress with injecting IO fault:
[130747.323114] kernel BUG at fs/ext4/extents_status.c:762!
[130747.323117] Internal error: Oops - BUG: 0 [#1] SMP
......
[130747.334329] Call trace:
[130747.334553] ext4_es_cache_extent+0x150/0x168 [ext4]
[130747.334975] ext4_cache_extents+0x64/0xe8 [ext4]
[130747.335368] ext4_find_extent+0x300/0x330 [ext4]
[130747.335759] ext4_ext_map_blocks+0x74/0x1178 [ext4]
[130747.336179] ext4_map_blocks+0x2f4/0x5f0 [ext4]
[130747.336567] ext4_mpage_readpages+0x4a8/0x7a8 [ext4]
[130747.336995] ext4_readpage+0x54/0x100 [ext4]
[130747.337359] generic_file_buffered_read+0x410/0xae8
[130747.337767] generic_file_read_iter+0x114/0x190
[130747.338152] ext4_file_read_iter+0x5c/0x140 [ext4]
[130747.338556] __vfs_read+0x11c/0x188
[130747.338851] vfs_read+0x94/0x150
[130747.339110] ksys_read+0x74/0xf0
This patch's modification is according to Jan Kara's suggestion in:
https://patchwork.ozlabs.org/project/linux-ext4/patch/20210428085158.3728201-1-yebin10@huawei.com/
"I see. Now I understand your patch. Honestly, seeing how fragile is trying
to fix extent tree after split has failed in the middle, I would probably
go even further and make sure we fix the tree properly in case of ENOSPC
and EDQUOT (those are easily user triggerable). Anything else indicates a
HW problem or fs corruption so I'd rather leave the extent tree as is and
don't try to fix it (which also means we will not create overlapping
extents)."
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
adb2355104b2109e06ba5276485d187d023b2fd2 , < e33bafad30d34cfa5e9787cb099cab05e2677fcb
(git)
Affected: adb2355104b2109e06ba5276485d187d023b2fd2 , < 5b3a9a2be59478b013a430ac57b0f3d65471b071 (git) Affected: adb2355104b2109e06ba5276485d187d023b2fd2 , < d8116743ef5432336289256b2f7c117299213eb9 (git) Affected: adb2355104b2109e06ba5276485d187d023b2fd2 , < 569496aa3776eea1ff0d49d0174ac1b7e861e107 (git) Affected: adb2355104b2109e06ba5276485d187d023b2fd2 , < 920697b004e49cb026e2e15fe91be065bf0741b7 (git) Affected: adb2355104b2109e06ba5276485d187d023b2fd2 , < d3b668b96ad3192c0581a248ae2f596cd054792a (git) Affected: adb2355104b2109e06ba5276485d187d023b2fd2 , < 48105dc98c9ca35af418746277b087cb2bc6df7c (git) Affected: adb2355104b2109e06ba5276485d187d023b2fd2 , < 082cd4ec240b8734a82a89ffb890216ac98fec68 (git) |
|
| Linux | Linux |
Affected:
3.9
Unaffected: 0 , < 3.9 (semver) Unaffected: 4.4.272 , ≤ 4.4.* (semver) Unaffected: 4.9.272 , ≤ 4.9.* (semver) Unaffected: 4.14.236 , ≤ 4.14.* (semver) Unaffected: 4.19.194 , ≤ 4.19.* (semver) Unaffected: 5.4.125 , ≤ 5.4.* (semver) Unaffected: 5.10.43 , ≤ 5.10.* (semver) Unaffected: 5.12.10 , ≤ 5.12.* (semver) Unaffected: 5.13 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47117",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T14:32:59.932623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:13:39.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e33bafad30d34cfa5e9787cb099cab05e2677fcb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5b3a9a2be59478b013a430ac57b0f3d65471b071"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d8116743ef5432336289256b2f7c117299213eb9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/569496aa3776eea1ff0d49d0174ac1b7e861e107"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/920697b004e49cb026e2e15fe91be065bf0741b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d3b668b96ad3192c0581a248ae2f596cd054792a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/48105dc98c9ca35af418746277b087cb2bc6df7c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/082cd4ec240b8734a82a89ffb890216ac98fec68"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/extents.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e33bafad30d34cfa5e9787cb099cab05e2677fcb",
"status": "affected",
"version": "adb2355104b2109e06ba5276485d187d023b2fd2",
"versionType": "git"
},
{
"lessThan": "5b3a9a2be59478b013a430ac57b0f3d65471b071",
"status": "affected",
"version": "adb2355104b2109e06ba5276485d187d023b2fd2",
"versionType": "git"
},
{
"lessThan": "d8116743ef5432336289256b2f7c117299213eb9",
"status": "affected",
"version": "adb2355104b2109e06ba5276485d187d023b2fd2",
"versionType": "git"
},
{
"lessThan": "569496aa3776eea1ff0d49d0174ac1b7e861e107",
"status": "affected",
"version": "adb2355104b2109e06ba5276485d187d023b2fd2",
"versionType": "git"
},
{
"lessThan": "920697b004e49cb026e2e15fe91be065bf0741b7",
"status": "affected",
"version": "adb2355104b2109e06ba5276485d187d023b2fd2",
"versionType": "git"
},
{
"lessThan": "d3b668b96ad3192c0581a248ae2f596cd054792a",
"status": "affected",
"version": "adb2355104b2109e06ba5276485d187d023b2fd2",
"versionType": "git"
},
{
"lessThan": "48105dc98c9ca35af418746277b087cb2bc6df7c",
"status": "affected",
"version": "adb2355104b2109e06ba5276485d187d023b2fd2",
"versionType": "git"
},
{
"lessThan": "082cd4ec240b8734a82a89ffb890216ac98fec68",
"status": "affected",
"version": "adb2355104b2109e06ba5276485d187d023b2fd2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/extents.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.9"
},
{
"lessThan": "3.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.272",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.272",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.236",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.194",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.125",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.43",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.272",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.272",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.236",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.194",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.125",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.43",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.10",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "3.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed\n\nWe got follow bug_on when run fsstress with injecting IO fault:\n[130747.323114] kernel BUG at fs/ext4/extents_status.c:762!\n[130747.323117] Internal error: Oops - BUG: 0 [#1] SMP\n......\n[130747.334329] Call trace:\n[130747.334553] ext4_es_cache_extent+0x150/0x168 [ext4]\n[130747.334975] ext4_cache_extents+0x64/0xe8 [ext4]\n[130747.335368] ext4_find_extent+0x300/0x330 [ext4]\n[130747.335759] ext4_ext_map_blocks+0x74/0x1178 [ext4]\n[130747.336179] ext4_map_blocks+0x2f4/0x5f0 [ext4]\n[130747.336567] ext4_mpage_readpages+0x4a8/0x7a8 [ext4]\n[130747.336995] ext4_readpage+0x54/0x100 [ext4]\n[130747.337359] generic_file_buffered_read+0x410/0xae8\n[130747.337767] generic_file_read_iter+0x114/0x190\n[130747.338152] ext4_file_read_iter+0x5c/0x140 [ext4]\n[130747.338556] __vfs_read+0x11c/0x188\n[130747.338851] vfs_read+0x94/0x150\n[130747.339110] ksys_read+0x74/0xf0\n\nThis patch\u0027s modification is according to Jan Kara\u0027s suggestion in:\nhttps://patchwork.ozlabs.org/project/linux-ext4/patch/20210428085158.3728201-1-yebin10@huawei.com/\n\"I see. Now I understand your patch. Honestly, seeing how fragile is trying\nto fix extent tree after split has failed in the middle, I would probably\ngo even further and make sure we fix the tree properly in case of ENOSPC\nand EDQUOT (those are easily user triggerable). Anything else indicates a\nHW problem or fs corruption so I\u0027d rather leave the extent tree as is and\ndon\u0027t try to fix it (which also means we will not create overlapping\nextents).\""
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T13:48:22.727Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e33bafad30d34cfa5e9787cb099cab05e2677fcb"
},
{
"url": "https://git.kernel.org/stable/c/5b3a9a2be59478b013a430ac57b0f3d65471b071"
},
{
"url": "https://git.kernel.org/stable/c/d8116743ef5432336289256b2f7c117299213eb9"
},
{
"url": "https://git.kernel.org/stable/c/569496aa3776eea1ff0d49d0174ac1b7e861e107"
},
{
"url": "https://git.kernel.org/stable/c/920697b004e49cb026e2e15fe91be065bf0741b7"
},
{
"url": "https://git.kernel.org/stable/c/d3b668b96ad3192c0581a248ae2f596cd054792a"
},
{
"url": "https://git.kernel.org/stable/c/48105dc98c9ca35af418746277b087cb2bc6df7c"
},
{
"url": "https://git.kernel.org/stable/c/082cd4ec240b8734a82a89ffb890216ac98fec68"
}
],
"title": "ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47117",
"datePublished": "2024-03-15T20:14:24.291Z",
"dateReserved": "2024-03-04T18:12:48.838Z",
"dateUpdated": "2026-05-11T13:48:22.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47202 (GCVE-0-2021-47202)
Vulnerability from cvelistv5 – Published: 2024-04-10 18:56 – Updated: 2026-05-11 13:49
VLAI
EPSS
VEX
Title
thermal: Fix NULL pointer dereferences in of_thermal_ functions
Summary
In the Linux kernel, the following vulnerability has been resolved:
thermal: Fix NULL pointer dereferences in of_thermal_ functions
of_parse_thermal_zones() parses the thermal-zones node and registers a
thermal_zone device for each subnode. However, if a thermal zone is
consuming a thermal sensor and that thermal sensor device hasn't probed
yet, an attempt to set trip_point_*_temp for that thermal zone device
can cause a NULL pointer dereference. Fix it.
console:/sys/class/thermal/thermal_zone87 # echo 120000 > trip_point_0_temp
...
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020
...
Call trace:
of_thermal_set_trip_temp+0x40/0xc4
trip_point_temp_store+0xc0/0x1dc
dev_attr_store+0x38/0x88
sysfs_kf_write+0x64/0xc0
kernfs_fop_write_iter+0x108/0x1d0
vfs_write+0x2f4/0x368
ksys_write+0x7c/0xec
__arm64_sys_write+0x20/0x30
el0_svc_common.llvm.7279915941325364641+0xbc/0x1bc
do_el0_svc+0x28/0xa0
el0_svc+0x14/0x24
el0_sync_handler+0x88/0xec
el0_sync+0x1c0/0x200
While at it, fix the possible NULL pointer dereference in other
functions as well: of_thermal_get_temp(), of_thermal_set_emul_temp(),
of_thermal_get_trend().
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
2251aef64a38db60f4ae7a4a83f9203c6791f196 , < 828f4c31684da94ecf0b44a2cbd35bbede04f0bd
(git)
Affected: 2251aef64a38db60f4ae7a4a83f9203c6791f196 , < 6a315471cb6a07f651e1d3adc8962730f4fcccac (git) Affected: 2251aef64a38db60f4ae7a4a83f9203c6791f196 , < 0750f769b95841b34a9fe8c418dd792ff526bf86 (git) Affected: 2251aef64a38db60f4ae7a4a83f9203c6791f196 , < ef2590a5305e0b8e9342f84c2214aa478ee7f28e (git) Affected: 2251aef64a38db60f4ae7a4a83f9203c6791f196 , < 96cfe05051fd8543cdedd6807ec59a0e6c409195 (git) |
|
| Linux | Linux |
Affected:
3.19
Unaffected: 0 , < 3.19 (semver) Unaffected: 5.4.210 , ≤ 5.4.* (semver) Unaffected: 5.10.81 , ≤ 5.10.* (semver) Unaffected: 5.14.21 , ≤ 5.14.* (semver) Unaffected: 5.15.4 , ≤ 5.15.* (semver) Unaffected: 5.16 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:32:07.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/828f4c31684da94ecf0b44a2cbd35bbede04f0bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6a315471cb6a07f651e1d3adc8962730f4fcccac"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0750f769b95841b34a9fe8c418dd792ff526bf86"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ef2590a5305e0b8e9342f84c2214aa478ee7f28e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/96cfe05051fd8543cdedd6807ec59a0e6c409195"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47202",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:49:58.504831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:37.039Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/thermal/thermal_of.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "828f4c31684da94ecf0b44a2cbd35bbede04f0bd",
"status": "affected",
"version": "2251aef64a38db60f4ae7a4a83f9203c6791f196",
"versionType": "git"
},
{
"lessThan": "6a315471cb6a07f651e1d3adc8962730f4fcccac",
"status": "affected",
"version": "2251aef64a38db60f4ae7a4a83f9203c6791f196",
"versionType": "git"
},
{
"lessThan": "0750f769b95841b34a9fe8c418dd792ff526bf86",
"status": "affected",
"version": "2251aef64a38db60f4ae7a4a83f9203c6791f196",
"versionType": "git"
},
{
"lessThan": "ef2590a5305e0b8e9342f84c2214aa478ee7f28e",
"status": "affected",
"version": "2251aef64a38db60f4ae7a4a83f9203c6791f196",
"versionType": "git"
},
{
"lessThan": "96cfe05051fd8543cdedd6807ec59a0e6c409195",
"status": "affected",
"version": "2251aef64a38db60f4ae7a4a83f9203c6791f196",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/thermal/thermal_of.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.19"
},
{
"lessThan": "3.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.14.*",
"status": "unaffected",
"version": "5.14.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.16",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.210",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.81",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.14.21",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.4",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16",
"versionStartIncluding": "3.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: Fix NULL pointer dereferences in of_thermal_ functions\n\nof_parse_thermal_zones() parses the thermal-zones node and registers a\nthermal_zone device for each subnode. However, if a thermal zone is\nconsuming a thermal sensor and that thermal sensor device hasn\u0027t probed\nyet, an attempt to set trip_point_*_temp for that thermal zone device\ncan cause a NULL pointer dereference. Fix it.\n\n console:/sys/class/thermal/thermal_zone87 # echo 120000 \u003e trip_point_0_temp\n ...\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020\n ...\n Call trace:\n of_thermal_set_trip_temp+0x40/0xc4\n trip_point_temp_store+0xc0/0x1dc\n dev_attr_store+0x38/0x88\n sysfs_kf_write+0x64/0xc0\n kernfs_fop_write_iter+0x108/0x1d0\n vfs_write+0x2f4/0x368\n ksys_write+0x7c/0xec\n __arm64_sys_write+0x20/0x30\n el0_svc_common.llvm.7279915941325364641+0xbc/0x1bc\n do_el0_svc+0x28/0xa0\n el0_svc+0x14/0x24\n el0_sync_handler+0x88/0xec\n el0_sync+0x1c0/0x200\n\nWhile at it, fix the possible NULL pointer dereference in other\nfunctions as well: of_thermal_get_temp(), of_thermal_set_emul_temp(),\nof_thermal_get_trend()."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T13:49:57.314Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/828f4c31684da94ecf0b44a2cbd35bbede04f0bd"
},
{
"url": "https://git.kernel.org/stable/c/6a315471cb6a07f651e1d3adc8962730f4fcccac"
},
{
"url": "https://git.kernel.org/stable/c/0750f769b95841b34a9fe8c418dd792ff526bf86"
},
{
"url": "https://git.kernel.org/stable/c/ef2590a5305e0b8e9342f84c2214aa478ee7f28e"
},
{
"url": "https://git.kernel.org/stable/c/96cfe05051fd8543cdedd6807ec59a0e6c409195"
}
],
"title": "thermal: Fix NULL pointer dereferences in of_thermal_ functions",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47202",
"datePublished": "2024-04-10T18:56:36.408Z",
"dateReserved": "2024-03-25T09:12:14.117Z",
"dateUpdated": "2026-05-11T13:49:57.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48816 (GCVE-0-2022-48816)
Vulnerability from cvelistv5 – Published: 2024-07-16 11:44 – Updated: 2026-06-01 16:03
VLAI
EPSS
VEX
Title
SUNRPC: lock against ->sock changing during sysfs read
Summary
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: lock against ->sock changing during sysfs read
->sock can be set to NULL asynchronously unless ->recv_mutex is held.
So it is important to hold that mutex. Otherwise a sysfs read can
trigger an oops.
Commit 17f09d3f619a ("SUNRPC: Check if the xprt is connected before
handling sysfs reads") appears to attempt to fix this problem, but it
only narrows the race window.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
a8482488a7d6d320f63a9ee1912dbb5ae5b80a61 , < fdc42287ae3f8a35cc2098307f52d7864b4bc8ed
(git)
Affected: a8482488a7d6d320f63a9ee1912dbb5ae5b80a61 , < 9482ab4540f5bcc869b44c067ae99b5fca16bd07 (git) Affected: a8482488a7d6d320f63a9ee1912dbb5ae5b80a61 , < b49ea673e119f59c71645e2f65b3ccad857c90ee (git) Affected: 21a2be1a5145d072deedc7cdc5b2d17380abea75 (git) Affected: 77876473912d1bf1ed16bffa1674e5ff0f499f25 (git) Affected: 5.10.67 , < 5.11 (semver) Affected: 5.13.19 , < 5.14 (semver) |
|
| Linux | Linux |
Affected:
5.14
Unaffected: 0 , < 5.14 (semver) Unaffected: 5.15.209 , ≤ 5.15.* (semver) Unaffected: 5.16.10 , ≤ 5.16.* (semver) Unaffected: 5.17 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:25:01.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9482ab4540f5bcc869b44c067ae99b5fca16bd07"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b49ea673e119f59c71645e2f65b3ccad857c90ee"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48816",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:58:15.719556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:00.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sunrpc/sysfs.c",
"net/sunrpc/xprtsock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fdc42287ae3f8a35cc2098307f52d7864b4bc8ed",
"status": "affected",
"version": "a8482488a7d6d320f63a9ee1912dbb5ae5b80a61",
"versionType": "git"
},
{
"lessThan": "9482ab4540f5bcc869b44c067ae99b5fca16bd07",
"status": "affected",
"version": "a8482488a7d6d320f63a9ee1912dbb5ae5b80a61",
"versionType": "git"
},
{
"lessThan": "b49ea673e119f59c71645e2f65b3ccad857c90ee",
"status": "affected",
"version": "a8482488a7d6d320f63a9ee1912dbb5ae5b80a61",
"versionType": "git"
},
{
"status": "affected",
"version": "21a2be1a5145d072deedc7cdc5b2d17380abea75",
"versionType": "git"
},
{
"status": "affected",
"version": "77876473912d1bf1ed16bffa1674e5ff0f499f25",
"versionType": "git"
},
{
"lessThan": "5.11",
"status": "affected",
"version": "5.10.67",
"versionType": "semver"
},
{
"lessThan": "5.14",
"status": "affected",
"version": "5.13.19",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sunrpc/sysfs.c",
"net/sunrpc/xprtsock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.209",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.10",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.13.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: lock against -\u003esock changing during sysfs read\n\n-\u003esock can be set to NULL asynchronously unless -\u003erecv_mutex is held.\nSo it is important to hold that mutex. Otherwise a sysfs read can\ntrigger an oops.\nCommit 17f09d3f619a (\"SUNRPC: Check if the xprt is connected before\nhandling sysfs reads\") appears to attempt to fix this problem, but it\nonly narrows the race window."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T16:03:44.238Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fdc42287ae3f8a35cc2098307f52d7864b4bc8ed"
},
{
"url": "https://git.kernel.org/stable/c/9482ab4540f5bcc869b44c067ae99b5fca16bd07"
},
{
"url": "https://git.kernel.org/stable/c/b49ea673e119f59c71645e2f65b3ccad857c90ee"
}
],
"title": "SUNRPC: lock against -\u003esock changing during sysfs read",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48816",
"datePublished": "2024-07-16T11:44:04.654Z",
"dateReserved": "2024-07-16T11:38:08.900Z",
"dateUpdated": "2026-06-01T16:03:44.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52646 (GCVE-0-2023-52646)
Vulnerability from cvelistv5 – Published: 2024-04-26 12:19 – Updated: 2026-05-11 19:30
VLAI
EPSS
VEX
Title
aio: fix mremap after fork null-deref
Summary
In the Linux kernel, the following vulnerability has been resolved:
aio: fix mremap after fork null-deref
Commit e4a0d3e720e7 ("aio: Make it possible to remap aio ring") introduced
a null-deref if mremap is called on an old aio mapping after fork as
mm->ioctx_table will be set to NULL.
[jmoyer@redhat.com: fix 80 column issue]
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
e4a0d3e720e7e508749c1439b5ba3aff56c92976 , < 808f1e4b5723ae4eda724d2ad6f6638905eefd95
(git)
Affected: e4a0d3e720e7e508749c1439b5ba3aff56c92976 , < d8dca1bfe9adcae38b35add64977818c0c13dd22 (git) Affected: e4a0d3e720e7e508749c1439b5ba3aff56c92976 , < 4326d0080f7e84fba775da41d158f46cf9d3f1c2 (git) Affected: e4a0d3e720e7e508749c1439b5ba3aff56c92976 , < c261f798f7baa8080cf0214081d43d5f86bb073f (git) Affected: e4a0d3e720e7e508749c1439b5ba3aff56c92976 , < 178993157e8c50aef7f35d7d6d3b44bb428199e1 (git) Affected: e4a0d3e720e7e508749c1439b5ba3aff56c92976 , < af126acf01a12bdb04986fd26fc2eb3b40249e0d (git) Affected: e4a0d3e720e7e508749c1439b5ba3aff56c92976 , < 81e9d6f8647650a7bead74c5f926e29970e834d1 (git) |
|
| Linux | Linux |
Affected:
3.19
Unaffected: 0 , < 3.19 (semver) Unaffected: 4.14.306 , ≤ 4.14.* (semver) Unaffected: 4.19.273 , ≤ 4.19.* (semver) Unaffected: 5.4.232 , ≤ 5.4.* (semver) Unaffected: 5.10.169 , ≤ 5.10.* (semver) Unaffected: 5.15.95 , ≤ 5.15.* (semver) Unaffected: 6.1.13 , ≤ 6.1.* (semver) Unaffected: 6.2 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T14:11:42.942960Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T14:11:56.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/808f1e4b5723ae4eda724d2ad6f6638905eefd95"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d8dca1bfe9adcae38b35add64977818c0c13dd22"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4326d0080f7e84fba775da41d158f46cf9d3f1c2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c261f798f7baa8080cf0214081d43d5f86bb073f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/178993157e8c50aef7f35d7d6d3b44bb428199e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/af126acf01a12bdb04986fd26fc2eb3b40249e0d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/81e9d6f8647650a7bead74c5f926e29970e834d1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/aio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "808f1e4b5723ae4eda724d2ad6f6638905eefd95",
"status": "affected",
"version": "e4a0d3e720e7e508749c1439b5ba3aff56c92976",
"versionType": "git"
},
{
"lessThan": "d8dca1bfe9adcae38b35add64977818c0c13dd22",
"status": "affected",
"version": "e4a0d3e720e7e508749c1439b5ba3aff56c92976",
"versionType": "git"
},
{
"lessThan": "4326d0080f7e84fba775da41d158f46cf9d3f1c2",
"status": "affected",
"version": "e4a0d3e720e7e508749c1439b5ba3aff56c92976",
"versionType": "git"
},
{
"lessThan": "c261f798f7baa8080cf0214081d43d5f86bb073f",
"status": "affected",
"version": "e4a0d3e720e7e508749c1439b5ba3aff56c92976",
"versionType": "git"
},
{
"lessThan": "178993157e8c50aef7f35d7d6d3b44bb428199e1",
"status": "affected",
"version": "e4a0d3e720e7e508749c1439b5ba3aff56c92976",
"versionType": "git"
},
{
"lessThan": "af126acf01a12bdb04986fd26fc2eb3b40249e0d",
"status": "affected",
"version": "e4a0d3e720e7e508749c1439b5ba3aff56c92976",
"versionType": "git"
},
{
"lessThan": "81e9d6f8647650a7bead74c5f926e29970e834d1",
"status": "affected",
"version": "e4a0d3e720e7e508749c1439b5ba3aff56c92976",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/aio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.19"
},
{
"lessThan": "3.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.306",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.232",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.169",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.95",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.306",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.273",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.232",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.169",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.95",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.13",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"versionStartIncluding": "3.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\naio: fix mremap after fork null-deref\n\nCommit e4a0d3e720e7 (\"aio: Make it possible to remap aio ring\") introduced\na null-deref if mremap is called on an old aio mapping after fork as\nmm-\u003eioctx_table will be set to NULL.\n\n[jmoyer@redhat.com: fix 80 column issue]"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T19:30:59.571Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/808f1e4b5723ae4eda724d2ad6f6638905eefd95"
},
{
"url": "https://git.kernel.org/stable/c/d8dca1bfe9adcae38b35add64977818c0c13dd22"
},
{
"url": "https://git.kernel.org/stable/c/4326d0080f7e84fba775da41d158f46cf9d3f1c2"
},
{
"url": "https://git.kernel.org/stable/c/c261f798f7baa8080cf0214081d43d5f86bb073f"
},
{
"url": "https://git.kernel.org/stable/c/178993157e8c50aef7f35d7d6d3b44bb428199e1"
},
{
"url": "https://git.kernel.org/stable/c/af126acf01a12bdb04986fd26fc2eb3b40249e0d"
},
{
"url": "https://git.kernel.org/stable/c/81e9d6f8647650a7bead74c5f926e29970e834d1"
}
],
"title": "aio: fix mremap after fork null-deref",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52646",
"datePublished": "2024-04-26T12:19:32.167Z",
"dateReserved": "2024-03-06T09:52:12.094Z",
"dateUpdated": "2026-05-11T19:30:59.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-53673 (GCVE-0-2023-53673)
Vulnerability from cvelistv5 – Published: 2025-10-07 15:21 – Updated: 2026-06-11 18:44
VLAI
EPSS
VEX
Title
Bluetooth: hci_event: call disconnect callback before deleting conn
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_event: call disconnect callback before deleting conn
In hci_cs_disconnect, we do hci_conn_del even if disconnection failed.
ISO, L2CAP and SCO connections refer to the hci_conn without
hci_conn_get, so disconn_cfm must be called so they can clean up their
conn, otherwise use-after-free occurs.
ISO:
==========================================================
iso_sock_connect:880: sk 00000000eabd6557
iso_connect_cis:356: 70:1a:b8:98:ff:a2 -> 28:3d:c2:4a:7e:da
...
iso_conn_add:140: hcon 000000001696f1fd conn 00000000b6251073
hci_dev_put:1487: hci0 orig refcnt 17
__iso_chan_add:214: conn 00000000b6251073
iso_sock_clear_timer:117: sock 00000000eabd6557 state 3
...
hci_rx_work:4085: hci0 Event packet
hci_event_packet:7601: hci0: event 0x0f
hci_cmd_status_evt:4346: hci0: opcode 0x0406
hci_cs_disconnect:2760: hci0: status 0x0c
hci_sent_cmd_data:3107: hci0 opcode 0x0406
hci_conn_del:1151: hci0 hcon 000000001696f1fd handle 2560
hci_conn_unlink:1102: hci0: hcon 000000001696f1fd
hci_conn_drop:1451: hcon 00000000d8521aaf orig refcnt 2
hci_chan_list_flush:2780: hcon 000000001696f1fd
hci_dev_put:1487: hci0 orig refcnt 21
hci_dev_put:1487: hci0 orig refcnt 20
hci_req_cmd_complete:3978: opcode 0x0406 status 0x0c
... <no iso_* activity on sk/conn> ...
iso_sock_sendmsg:1098: sock 00000000dea5e2e0, sk 00000000eabd6557
BUG: kernel NULL pointer dereference, address: 0000000000000668
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP PTI
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014
RIP: 0010:iso_sock_sendmsg (net/bluetooth/iso.c:1112) bluetooth
==========================================================
L2CAP:
==================================================================
hci_cmd_status_evt:4359: hci0: opcode 0x0406
hci_cs_disconnect:2760: hci0: status 0x0c
hci_sent_cmd_data:3085: hci0 opcode 0x0406
hci_conn_del:1151: hci0 hcon ffff88800c999000 handle 3585
hci_conn_unlink:1102: hci0: hcon ffff88800c999000
hci_chan_list_flush:2780: hcon ffff88800c999000
hci_chan_del:2761: hci0 hcon ffff88800c999000 chan ffff888018ddd280
...
BUG: KASAN: slab-use-after-free in hci_send_acl+0x2d/0x540 [bluetooth]
Read of size 8 at addr ffff888018ddd298 by task bluetoothd/1175
CPU: 0 PID: 1175 Comm: bluetoothd Tainted: G E 6.4.0-rc4+ #2
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x5b/0x90
print_report+0xcf/0x670
? __virt_addr_valid+0xf8/0x180
? hci_send_acl+0x2d/0x540 [bluetooth]
kasan_report+0xa8/0xe0
? hci_send_acl+0x2d/0x540 [bluetooth]
hci_send_acl+0x2d/0x540 [bluetooth]
? __pfx___lock_acquire+0x10/0x10
l2cap_chan_send+0x1fd/0x1300 [bluetooth]
? l2cap_sock_sendmsg+0xf2/0x170 [bluetooth]
? __pfx_l2cap_chan_send+0x10/0x10 [bluetooth]
? lock_release+0x1d5/0x3c0
? mark_held_locks+0x1a/0x90
l2cap_sock_sendmsg+0x100/0x170 [bluetooth]
sock_write_iter+0x275/0x280
? __pfx_sock_write_iter+0x10/0x10
? __pfx___lock_acquire+0x10/0x10
do_iter_readv_writev+0x176/0x220
? __pfx_do_iter_readv_writev+0x10/0x10
? find_held_lock+0x83/0xa0
? selinux_file_permission+0x13e/0x210
do_iter_write+0xda/0x340
vfs_writev+0x1b4/0x400
? __pfx_vfs_writev+0x10/0x10
? __seccomp_filter+0x112/0x750
? populate_seccomp_data+0x182/0x220
? __fget_light+0xdf/0x100
? do_writev+0x19d/0x210
do_writev+0x19d/0x210
? __pfx_do_writev+0x10/0x10
? mark_held_locks+0x1a/0x90
do_syscall_64+0x60/0x90
? lockdep_hardirqs_on_prepare+0x149/0x210
? do_syscall_64+0x6c/0x90
? lockdep_hardirqs_on_prepare+0x149/0x210
entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7ff45cb23e64
Code: 15 d1 1f 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 80 3d 9d a7 0d 00 00 74 13 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89
RSP: 002b:00007fff21ae09b8 EFLAGS: 00000202 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX:
---truncated---
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
b8d290525e3972b5e876b2649a42bf4081d753fe , < 1ecf6dc2676ead4b927c50b1be0851fa4d756574
(git)
Affected: b8d290525e3972b5e876b2649a42bf4081d753fe , < 59bd1e476bbc7bc6dff3c61bba787095a4839796 (git) Affected: b8d290525e3972b5e876b2649a42bf4081d753fe , < 093a07052406b363b1b2ab489e17dbadaf3e509b (git) Affected: b8d290525e3972b5e876b2649a42bf4081d753fe , < 7f7cfcb6f0825652973b780f248603e23f16ee90 (git) |
|
| Linux | Linux |
Affected:
5.7
Unaffected: 0 , < 5.7 (semver) Unaffected: 5.15.200 , ≤ 5.15.* (semver) Unaffected: 6.1.42 , ≤ 6.1.* (semver) Unaffected: 6.4.7 , ≤ 6.4.* (semver) Unaffected: 6.5 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-53673",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T20:41:12.221027Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T18:44:09.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_event.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1ecf6dc2676ead4b927c50b1be0851fa4d756574",
"status": "affected",
"version": "b8d290525e3972b5e876b2649a42bf4081d753fe",
"versionType": "git"
},
{
"lessThan": "59bd1e476bbc7bc6dff3c61bba787095a4839796",
"status": "affected",
"version": "b8d290525e3972b5e876b2649a42bf4081d753fe",
"versionType": "git"
},
{
"lessThan": "093a07052406b363b1b2ab489e17dbadaf3e509b",
"status": "affected",
"version": "b8d290525e3972b5e876b2649a42bf4081d753fe",
"versionType": "git"
},
{
"lessThan": "7f7cfcb6f0825652973b780f248603e23f16ee90",
"status": "affected",
"version": "b8d290525e3972b5e876b2649a42bf4081d753fe",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_event.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.200",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.*",
"status": "unaffected",
"version": "6.4.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.5",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.200",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.42",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.7",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: call disconnect callback before deleting conn\n\nIn hci_cs_disconnect, we do hci_conn_del even if disconnection failed.\n\nISO, L2CAP and SCO connections refer to the hci_conn without\nhci_conn_get, so disconn_cfm must be called so they can clean up their\nconn, otherwise use-after-free occurs.\n\nISO:\n==========================================================\niso_sock_connect:880: sk 00000000eabd6557\niso_connect_cis:356: 70:1a:b8:98:ff:a2 -\u003e 28:3d:c2:4a:7e:da\n...\niso_conn_add:140: hcon 000000001696f1fd conn 00000000b6251073\nhci_dev_put:1487: hci0 orig refcnt 17\n__iso_chan_add:214: conn 00000000b6251073\niso_sock_clear_timer:117: sock 00000000eabd6557 state 3\n...\nhci_rx_work:4085: hci0 Event packet\nhci_event_packet:7601: hci0: event 0x0f\nhci_cmd_status_evt:4346: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3107: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon 000000001696f1fd handle 2560\nhci_conn_unlink:1102: hci0: hcon 000000001696f1fd\nhci_conn_drop:1451: hcon 00000000d8521aaf orig refcnt 2\nhci_chan_list_flush:2780: hcon 000000001696f1fd\nhci_dev_put:1487: hci0 orig refcnt 21\nhci_dev_put:1487: hci0 orig refcnt 20\nhci_req_cmd_complete:3978: opcode 0x0406 status 0x0c\n... \u003cno iso_* activity on sk/conn\u003e ...\niso_sock_sendmsg:1098: sock 00000000dea5e2e0, sk 00000000eabd6557\nBUG: kernel NULL pointer dereference, address: 0000000000000668\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nRIP: 0010:iso_sock_sendmsg (net/bluetooth/iso.c:1112) bluetooth\n==========================================================\n\nL2CAP:\n==================================================================\nhci_cmd_status_evt:4359: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3085: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon ffff88800c999000 handle 3585\nhci_conn_unlink:1102: hci0: hcon ffff88800c999000\nhci_chan_list_flush:2780: hcon ffff88800c999000\nhci_chan_del:2761: hci0 hcon ffff88800c999000 chan ffff888018ddd280\n...\nBUG: KASAN: slab-use-after-free in hci_send_acl+0x2d/0x540 [bluetooth]\nRead of size 8 at addr ffff888018ddd298 by task bluetoothd/1175\n\nCPU: 0 PID: 1175 Comm: bluetoothd Tainted: G E 6.4.0-rc4+ #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5b/0x90\n print_report+0xcf/0x670\n ? __virt_addr_valid+0xf8/0x180\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n kasan_report+0xa8/0xe0\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n hci_send_acl+0x2d/0x540 [bluetooth]\n ? __pfx___lock_acquire+0x10/0x10\n l2cap_chan_send+0x1fd/0x1300 [bluetooth]\n ? l2cap_sock_sendmsg+0xf2/0x170 [bluetooth]\n ? __pfx_l2cap_chan_send+0x10/0x10 [bluetooth]\n ? lock_release+0x1d5/0x3c0\n ? mark_held_locks+0x1a/0x90\n l2cap_sock_sendmsg+0x100/0x170 [bluetooth]\n sock_write_iter+0x275/0x280\n ? __pfx_sock_write_iter+0x10/0x10\n ? __pfx___lock_acquire+0x10/0x10\n do_iter_readv_writev+0x176/0x220\n ? __pfx_do_iter_readv_writev+0x10/0x10\n ? find_held_lock+0x83/0xa0\n ? selinux_file_permission+0x13e/0x210\n do_iter_write+0xda/0x340\n vfs_writev+0x1b4/0x400\n ? __pfx_vfs_writev+0x10/0x10\n ? __seccomp_filter+0x112/0x750\n ? populate_seccomp_data+0x182/0x220\n ? __fget_light+0xdf/0x100\n ? do_writev+0x19d/0x210\n do_writev+0x19d/0x210\n ? __pfx_do_writev+0x10/0x10\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0x60/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n ? do_syscall_64+0x6c/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7ff45cb23e64\nCode: 15 d1 1f 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 80 3d 9d a7 0d 00 00 74 13 b8 14 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89\nRSP: 002b:00007fff21ae09b8 EFLAGS: 00000202 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: \n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T19:49:42.170Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1ecf6dc2676ead4b927c50b1be0851fa4d756574"
},
{
"url": "https://git.kernel.org/stable/c/59bd1e476bbc7bc6dff3c61bba787095a4839796"
},
{
"url": "https://git.kernel.org/stable/c/093a07052406b363b1b2ab489e17dbadaf3e509b"
},
{
"url": "https://git.kernel.org/stable/c/7f7cfcb6f0825652973b780f248603e23f16ee90"
}
],
"title": "Bluetooth: hci_event: call disconnect callback before deleting conn",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53673",
"datePublished": "2025-10-07T15:21:29.632Z",
"dateReserved": "2025-10-07T15:16:59.663Z",
"dateUpdated": "2026-06-11T18:44:09.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-56643 (GCVE-0-2024-56643)
Vulnerability from cvelistv5 – Published: 2024-12-27 15:02 – Updated: 2026-05-11 20:56
VLAI
EPSS
VEX
Title
dccp: Fix memory leak in dccp_feat_change_recv
Summary
In the Linux kernel, the following vulnerability has been resolved:
dccp: Fix memory leak in dccp_feat_change_recv
If dccp_feat_push_confirm() fails after new value for SP feature was accepted
without reconciliation ('entry == NULL' branch), memory allocated for that value
with dccp_feat_clone_sp_val() is never freed.
Here is the kmemleak stack for this:
unreferenced object 0xffff88801d4ab488 (size 8):
comm "syz-executor310", pid 1127, jiffies 4295085598 (age 41.666s)
hex dump (first 8 bytes):
01 b4 4a 1d 80 88 ff ff ..J.....
backtrace:
[<00000000db7cabfe>] kmemdup+0x23/0x50 mm/util.c:128
[<0000000019b38405>] kmemdup include/linux/string.h:465 [inline]
[<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:371 [inline]
[<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:367 [inline]
[<0000000019b38405>] dccp_feat_change_recv net/dccp/feat.c:1145 [inline]
[<0000000019b38405>] dccp_feat_parse_options+0x1196/0x2180 net/dccp/feat.c:1416
[<00000000b1f6d94a>] dccp_parse_options+0xa2a/0x1260 net/dccp/options.c:125
[<0000000030d7b621>] dccp_rcv_state_process+0x197/0x13d0 net/dccp/input.c:650
[<000000001f74c72e>] dccp_v4_do_rcv+0xf9/0x1a0 net/dccp/ipv4.c:688
[<00000000a6c24128>] sk_backlog_rcv include/net/sock.h:1041 [inline]
[<00000000a6c24128>] __release_sock+0x139/0x3b0 net/core/sock.c:2570
[<00000000cf1f3a53>] release_sock+0x54/0x1b0 net/core/sock.c:3111
[<000000008422fa23>] inet_wait_for_connect net/ipv4/af_inet.c:603 [inline]
[<000000008422fa23>] __inet_stream_connect+0x5d0/0xf70 net/ipv4/af_inet.c:696
[<0000000015b6f64d>] inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:735
[<0000000010122488>] __sys_connect_file+0x15c/0x1a0 net/socket.c:1865
[<00000000b4b70023>] __sys_connect+0x165/0x1a0 net/socket.c:1882
[<00000000f4cb3815>] __do_sys_connect net/socket.c:1892 [inline]
[<00000000f4cb3815>] __se_sys_connect net/socket.c:1889 [inline]
[<00000000f4cb3815>] __x64_sys_connect+0x6e/0xb0 net/socket.c:1889
[<00000000e7b1e839>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46
[<0000000055e91434>] entry_SYSCALL_64_after_hwframe+0x67/0xd1
Clean up the allocated memory in case of dccp_feat_push_confirm() failure
and bail out with an error reset code.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
e77b8363b2ea7c0d89919547c1a8b0562f298b57 , < 623be080ab3c13d71570bd32f7202a8efa8e2252
(git)
Affected: e77b8363b2ea7c0d89919547c1a8b0562f298b57 , < c99507fff94b926fc92279c92d80f229c91cb85d (git) Affected: e77b8363b2ea7c0d89919547c1a8b0562f298b57 , < bc3d4423def1a9412a0ae454cb4477089ab79276 (git) Affected: e77b8363b2ea7c0d89919547c1a8b0562f298b57 , < 6ff67909ee2ffad911e3122616df41dee23ff4f6 (git) Affected: e77b8363b2ea7c0d89919547c1a8b0562f298b57 , < d3ec686a369fae5034303061f003cd3f94ddfd23 (git) Affected: e77b8363b2ea7c0d89919547c1a8b0562f298b57 , < 9ee68b0f23706a77f53c832457b9384178b76421 (git) Affected: e77b8363b2ea7c0d89919547c1a8b0562f298b57 , < 22be4727a8f898442066bcac34f8a1ad0bc72e14 (git) |
|
| Linux | Linux |
Affected:
2.6.29
Unaffected: 0 , < 2.6.29 (semver) Unaffected: 5.4.287 , ≤ 5.4.* (semver) Unaffected: 5.10.231 , ≤ 5.10.* (semver) Unaffected: 5.15.174 , ≤ 5.15.* (semver) Unaffected: 6.1.120 , ≤ 6.1.* (semver) Unaffected: 6.6.66 , ≤ 6.6.* (semver) Unaffected: 6.12.5 , ≤ 6.12.* (semver) Unaffected: 6.13 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-56643",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T20:10:38.316606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T20:15:52.853Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:51:45.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/dccp/feat.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "623be080ab3c13d71570bd32f7202a8efa8e2252",
"status": "affected",
"version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57",
"versionType": "git"
},
{
"lessThan": "c99507fff94b926fc92279c92d80f229c91cb85d",
"status": "affected",
"version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57",
"versionType": "git"
},
{
"lessThan": "bc3d4423def1a9412a0ae454cb4477089ab79276",
"status": "affected",
"version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57",
"versionType": "git"
},
{
"lessThan": "6ff67909ee2ffad911e3122616df41dee23ff4f6",
"status": "affected",
"version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57",
"versionType": "git"
},
{
"lessThan": "d3ec686a369fae5034303061f003cd3f94ddfd23",
"status": "affected",
"version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57",
"versionType": "git"
},
{
"lessThan": "9ee68b0f23706a77f53c832457b9384178b76421",
"status": "affected",
"version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57",
"versionType": "git"
},
{
"lessThan": "22be4727a8f898442066bcac34f8a1ad0bc72e14",
"status": "affected",
"version": "e77b8363b2ea7c0d89919547c1a8b0562f298b57",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/dccp/feat.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.29"
},
{
"lessThan": "2.6.29",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.287",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.231",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.174",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.66",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.287",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.231",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.174",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.66",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.5",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "2.6.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndccp: Fix memory leak in dccp_feat_change_recv\n\nIf dccp_feat_push_confirm() fails after new value for SP feature was accepted\nwithout reconciliation (\u0027entry == NULL\u0027 branch), memory allocated for that value\nwith dccp_feat_clone_sp_val() is never freed.\n\nHere is the kmemleak stack for this:\n\nunreferenced object 0xffff88801d4ab488 (size 8):\n comm \"syz-executor310\", pid 1127, jiffies 4295085598 (age 41.666s)\n hex dump (first 8 bytes):\n 01 b4 4a 1d 80 88 ff ff ..J.....\n backtrace:\n [\u003c00000000db7cabfe\u003e] kmemdup+0x23/0x50 mm/util.c:128\n [\u003c0000000019b38405\u003e] kmemdup include/linux/string.h:465 [inline]\n [\u003c0000000019b38405\u003e] dccp_feat_clone_sp_val net/dccp/feat.c:371 [inline]\n [\u003c0000000019b38405\u003e] dccp_feat_clone_sp_val net/dccp/feat.c:367 [inline]\n [\u003c0000000019b38405\u003e] dccp_feat_change_recv net/dccp/feat.c:1145 [inline]\n [\u003c0000000019b38405\u003e] dccp_feat_parse_options+0x1196/0x2180 net/dccp/feat.c:1416\n [\u003c00000000b1f6d94a\u003e] dccp_parse_options+0xa2a/0x1260 net/dccp/options.c:125\n [\u003c0000000030d7b621\u003e] dccp_rcv_state_process+0x197/0x13d0 net/dccp/input.c:650\n [\u003c000000001f74c72e\u003e] dccp_v4_do_rcv+0xf9/0x1a0 net/dccp/ipv4.c:688\n [\u003c00000000a6c24128\u003e] sk_backlog_rcv include/net/sock.h:1041 [inline]\n [\u003c00000000a6c24128\u003e] __release_sock+0x139/0x3b0 net/core/sock.c:2570\n [\u003c00000000cf1f3a53\u003e] release_sock+0x54/0x1b0 net/core/sock.c:3111\n [\u003c000000008422fa23\u003e] inet_wait_for_connect net/ipv4/af_inet.c:603 [inline]\n [\u003c000000008422fa23\u003e] __inet_stream_connect+0x5d0/0xf70 net/ipv4/af_inet.c:696\n [\u003c0000000015b6f64d\u003e] inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:735\n [\u003c0000000010122488\u003e] __sys_connect_file+0x15c/0x1a0 net/socket.c:1865\n [\u003c00000000b4b70023\u003e] __sys_connect+0x165/0x1a0 net/socket.c:1882\n [\u003c00000000f4cb3815\u003e] __do_sys_connect net/socket.c:1892 [inline]\n [\u003c00000000f4cb3815\u003e] __se_sys_connect net/socket.c:1889 [inline]\n [\u003c00000000f4cb3815\u003e] __x64_sys_connect+0x6e/0xb0 net/socket.c:1889\n [\u003c00000000e7b1e839\u003e] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n [\u003c0000000055e91434\u003e] entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nClean up the allocated memory in case of dccp_feat_push_confirm() failure\nand bail out with an error reset code.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:56:27.433Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/623be080ab3c13d71570bd32f7202a8efa8e2252"
},
{
"url": "https://git.kernel.org/stable/c/c99507fff94b926fc92279c92d80f229c91cb85d"
},
{
"url": "https://git.kernel.org/stable/c/bc3d4423def1a9412a0ae454cb4477089ab79276"
},
{
"url": "https://git.kernel.org/stable/c/6ff67909ee2ffad911e3122616df41dee23ff4f6"
},
{
"url": "https://git.kernel.org/stable/c/d3ec686a369fae5034303061f003cd3f94ddfd23"
},
{
"url": "https://git.kernel.org/stable/c/9ee68b0f23706a77f53c832457b9384178b76421"
},
{
"url": "https://git.kernel.org/stable/c/22be4727a8f898442066bcac34f8a1ad0bc72e14"
}
],
"title": "dccp: Fix memory leak in dccp_feat_change_recv",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-56643",
"datePublished": "2024-12-27T15:02:44.492Z",
"dateReserved": "2024-12-27T15:00:39.840Z",
"dateUpdated": "2026-05-11T20:56:27.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37778 (GCVE-0-2025-37778)
Vulnerability from cvelistv5 – Published: 2025-05-01 13:07 – Updated: 2026-05-11 21:14
VLAI
EPSS
VEX
Title
ksmbd: Fix dangling pointer in krb_authenticate
Summary
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: Fix dangling pointer in krb_authenticate
krb_authenticate frees sess->user and does not set the pointer
to NULL. It calls ksmbd_krb5_authenticate to reinitialise
sess->user but that function may return without doing so. If
that happens then smb2_sess_setup, which calls krb_authenticate,
will be accessing free'd memory when it later uses sess->user.
Severity
No CVSS data available.
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
0626e6641f6b467447c81dd7678a69c66f7746cf , < b61f04d5d73c53d183019bafe22fb700a739bac5
(git)
Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < d5b554bc8d554ed6ddf443d3db2fad9f665cec10 (git) Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < 1db2451de23e98bc864c6a6e52aa0d82c91cb325 (git) Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < 6e30c0e10210c714f3d4453dc258d4abcc70364e (git) Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < e83e39a5f6a01a81411a4558a59a10f87aa88dd6 (git) Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < 1e440d5b25b7efccb3defe542a73c51005799a5f (git) |
|
| Linux | Linux |
Affected:
5.15
Unaffected: 0 , < 5.15 (semver) Unaffected: 5.15.203 , ≤ 5.15.* (semver) Unaffected: 6.1.135 , ≤ 6.1.* (semver) Unaffected: 6.6.88 , ≤ 6.6.* (semver) Unaffected: 6.12.25 , ≤ 6.12.* (semver) Unaffected: 6.14.4 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:54:55.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/smb/server/smb2pdu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b61f04d5d73c53d183019bafe22fb700a739bac5",
"status": "affected",
"version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
"versionType": "git"
},
{
"lessThan": "d5b554bc8d554ed6ddf443d3db2fad9f665cec10",
"status": "affected",
"version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
"versionType": "git"
},
{
"lessThan": "1db2451de23e98bc864c6a6e52aa0d82c91cb325",
"status": "affected",
"version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
"versionType": "git"
},
{
"lessThan": "6e30c0e10210c714f3d4453dc258d4abcc70364e",
"status": "affected",
"version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
"versionType": "git"
},
{
"lessThan": "e83e39a5f6a01a81411a4558a59a10f87aa88dd6",
"status": "affected",
"version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
"versionType": "git"
},
{
"lessThan": "1e440d5b25b7efccb3defe542a73c51005799a5f",
"status": "affected",
"version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/smb/server/smb2pdu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.203",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.135",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.25",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.203",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.135",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.88",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.25",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.4",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: Fix dangling pointer in krb_authenticate\n\nkrb_authenticate frees sess-\u003euser and does not set the pointer\nto NULL. It calls ksmbd_krb5_authenticate to reinitialise\nsess-\u003euser but that function may return without doing so. If\nthat happens then smb2_sess_setup, which calls krb_authenticate,\nwill be accessing free\u0027d memory when it later uses sess-\u003euser."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:14:58.124Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b61f04d5d73c53d183019bafe22fb700a739bac5"
},
{
"url": "https://git.kernel.org/stable/c/d5b554bc8d554ed6ddf443d3db2fad9f665cec10"
},
{
"url": "https://git.kernel.org/stable/c/1db2451de23e98bc864c6a6e52aa0d82c91cb325"
},
{
"url": "https://git.kernel.org/stable/c/6e30c0e10210c714f3d4453dc258d4abcc70364e"
},
{
"url": "https://git.kernel.org/stable/c/e83e39a5f6a01a81411a4558a59a10f87aa88dd6"
},
{
"url": "https://git.kernel.org/stable/c/1e440d5b25b7efccb3defe542a73c51005799a5f"
}
],
"title": "ksmbd: Fix dangling pointer in krb_authenticate",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-37778",
"datePublished": "2025-05-01T13:07:16.472Z",
"dateReserved": "2025-04-16T04:51:23.940Z",
"dateUpdated": "2026-05-11T21:14:58.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37822 (GCVE-0-2025-37822)
Vulnerability from cvelistv5 – Published: 2025-05-08 06:26 – Updated: 2026-05-11 21:15
VLAI
EPSS
VEX
Title
riscv: uprobes: Add missing fence.i after building the XOL buffer
Summary
In the Linux kernel, the following vulnerability has been resolved:
riscv: uprobes: Add missing fence.i after building the XOL buffer
The XOL (execute out-of-line) buffer is used to single-step the
replaced instruction(s) for uprobes. The RISC-V port was missing a
proper fence.i (i$ flushing) after constructing the XOL buffer, which
can result in incorrect execution of stale/broken instructions.
This was found running the BPF selftests "test_progs:
uprobe_autoattach, attach_probe" on the Spacemit K1/X60, where the
uprobes tests randomly blew up.
Severity
No CVSS data available.
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
74784081aac8a0f3636965fc230e2d3b7cc123c6 , < be6d98766ac952d38241d5a5b213f363afa421c3
(git)
Affected: 74784081aac8a0f3636965fc230e2d3b7cc123c6 , < b6d8d4d01ca8514fa89b05355f296758a91e2297 (git) Affected: 74784081aac8a0f3636965fc230e2d3b7cc123c6 , < 77c956152a3a7c7a18b68f3654f70565b2181d03 (git) Affected: 74784081aac8a0f3636965fc230e2d3b7cc123c6 , < bcf6d3158c5902d92b6d62335af4422b7bf7c4e2 (git) Affected: 74784081aac8a0f3636965fc230e2d3b7cc123c6 , < 1dbb95a36499374c51b47ee8ae258a8862c20978 (git) Affected: 74784081aac8a0f3636965fc230e2d3b7cc123c6 , < 7d1d19a11cfbfd8bae1d89cc010b2cc397cd0c48 (git) |
|
| Linux | Linux |
Affected:
5.12
Unaffected: 0 , < 5.12 (semver) Unaffected: 5.15.200 , ≤ 5.15.* (semver) Unaffected: 6.1.163 , ≤ 6.1.* (semver) Unaffected: 6.6.121 , ≤ 6.6.* (semver) Unaffected: 6.12.26 , ≤ 6.12.* (semver) Unaffected: 6.14.5 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/riscv/kernel/probes/uprobes.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "be6d98766ac952d38241d5a5b213f363afa421c3",
"status": "affected",
"version": "74784081aac8a0f3636965fc230e2d3b7cc123c6",
"versionType": "git"
},
{
"lessThan": "b6d8d4d01ca8514fa89b05355f296758a91e2297",
"status": "affected",
"version": "74784081aac8a0f3636965fc230e2d3b7cc123c6",
"versionType": "git"
},
{
"lessThan": "77c956152a3a7c7a18b68f3654f70565b2181d03",
"status": "affected",
"version": "74784081aac8a0f3636965fc230e2d3b7cc123c6",
"versionType": "git"
},
{
"lessThan": "bcf6d3158c5902d92b6d62335af4422b7bf7c4e2",
"status": "affected",
"version": "74784081aac8a0f3636965fc230e2d3b7cc123c6",
"versionType": "git"
},
{
"lessThan": "1dbb95a36499374c51b47ee8ae258a8862c20978",
"status": "affected",
"version": "74784081aac8a0f3636965fc230e2d3b7cc123c6",
"versionType": "git"
},
{
"lessThan": "7d1d19a11cfbfd8bae1d89cc010b2cc397cd0c48",
"status": "affected",
"version": "74784081aac8a0f3636965fc230e2d3b7cc123c6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/riscv/kernel/probes/uprobes.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.200",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.200",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.163",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.121",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.26",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.5",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: uprobes: Add missing fence.i after building the XOL buffer\n\nThe XOL (execute out-of-line) buffer is used to single-step the\nreplaced instruction(s) for uprobes. The RISC-V port was missing a\nproper fence.i (i$ flushing) after constructing the XOL buffer, which\ncan result in incorrect execution of stale/broken instructions.\n\nThis was found running the BPF selftests \"test_progs:\nuprobe_autoattach, attach_probe\" on the Spacemit K1/X60, where the\nuprobes tests randomly blew up."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:15:48.833Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/be6d98766ac952d38241d5a5b213f363afa421c3"
},
{
"url": "https://git.kernel.org/stable/c/b6d8d4d01ca8514fa89b05355f296758a91e2297"
},
{
"url": "https://git.kernel.org/stable/c/77c956152a3a7c7a18b68f3654f70565b2181d03"
},
{
"url": "https://git.kernel.org/stable/c/bcf6d3158c5902d92b6d62335af4422b7bf7c4e2"
},
{
"url": "https://git.kernel.org/stable/c/1dbb95a36499374c51b47ee8ae258a8862c20978"
},
{
"url": "https://git.kernel.org/stable/c/7d1d19a11cfbfd8bae1d89cc010b2cc397cd0c48"
}
],
"title": "riscv: uprobes: Add missing fence.i after building the XOL buffer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-37822",
"datePublished": "2025-05-08T06:26:16.209Z",
"dateReserved": "2025-04-16T04:51:23.947Z",
"dateUpdated": "2026-05-11T21:15:48.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37924 (GCVE-0-2025-37924)
Vulnerability from cvelistv5 – Published: 2025-05-20 15:21 – Updated: 2026-05-11 21:17
VLAI
EPSS
VEX
Title
ksmbd: fix use-after-free in kerberos authentication
Summary
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix use-after-free in kerberos authentication
Setting sess->user = NULL was introduced to fix the dangling pointer
created by ksmbd_free_user. However, it is possible another thread could
be operating on the session and make use of sess->user after it has been
passed to ksmbd_free_user but before sess->user is set to NULL.
Severity
9.8 (Critical)
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
0626e6641f6b467447c81dd7678a69c66f7746cf , < e34a33d5d7e87399af0a138bb32f6a3e95dd83d2
(git)
Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < b447463562238428503cfba1c913261047772f90 (git) Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < e18c616718018dfc440e4a2d2b94e28fe91b1861 (git) Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < 28c756738af44a404a91b77830d017bb0c525890 (git) Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < e86e9134e1d1c90a960dd57f59ce574d27b9a124 (git) |
|
| Linux | Linux |
Affected:
5.15
Unaffected: 0 , < 5.15 (semver) Unaffected: 6.1.138 , ≤ 6.1.* (semver) Unaffected: 6.6.90 , ≤ 6.6.* (semver) Unaffected: 6.12.28 , ≤ 6.12.* (semver) Unaffected: 6.14.6 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:57:23.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/smb/server/auth.c",
"fs/smb/server/smb2pdu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e34a33d5d7e87399af0a138bb32f6a3e95dd83d2",
"status": "affected",
"version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
"versionType": "git"
},
{
"lessThan": "b447463562238428503cfba1c913261047772f90",
"status": "affected",
"version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
"versionType": "git"
},
{
"lessThan": "e18c616718018dfc440e4a2d2b94e28fe91b1861",
"status": "affected",
"version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
"versionType": "git"
},
{
"lessThan": "28c756738af44a404a91b77830d017bb0c525890",
"status": "affected",
"version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
"versionType": "git"
},
{
"lessThan": "e86e9134e1d1c90a960dd57f59ce574d27b9a124",
"status": "affected",
"version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/smb/server/auth.c",
"fs/smb/server/smb2pdu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.138",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.138",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.90",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.28",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.6",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free in kerberos authentication\n\nSetting sess-\u003euser = NULL was introduced to fix the dangling pointer\ncreated by ksmbd_free_user. However, it is possible another thread could\nbe operating on the session and make use of sess-\u003euser after it has been\npassed to ksmbd_free_user but before sess-\u003euser is set to NULL."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:17:44.553Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e34a33d5d7e87399af0a138bb32f6a3e95dd83d2"
},
{
"url": "https://git.kernel.org/stable/c/b447463562238428503cfba1c913261047772f90"
},
{
"url": "https://git.kernel.org/stable/c/e18c616718018dfc440e4a2d2b94e28fe91b1861"
},
{
"url": "https://git.kernel.org/stable/c/28c756738af44a404a91b77830d017bb0c525890"
},
{
"url": "https://git.kernel.org/stable/c/e86e9134e1d1c90a960dd57f59ce574d27b9a124"
}
],
"title": "ksmbd: fix use-after-free in kerberos authentication",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-37924",
"datePublished": "2025-05-20T15:21:52.681Z",
"dateReserved": "2025-04-16T04:51:23.969Z",
"dateUpdated": "2026-05-11T21:17:44.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-38201 (GCVE-0-2025-38201)
Vulnerability from cvelistv5 – Published: 2025-07-04 13:37 – Updated: 2026-07-14 12:41
VLAI
EPSS
VEX
Title
netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX
Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof()
when resizing hashtable because __GFP_NOWARN is unset.
Similar to:
b541ba7d1f5a ("netfilter: conntrack: clamp maximum hashtable size to INT_MAX")
Severity
No CVSS data available.
Assigner
References
9 references
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
3c4287f62044a90e73a561aa05fc46e62da173da , < 1fe27f97944017a9d3c5af4d6d95282bff0f1147
(git)
Affected: 3c4287f62044a90e73a561aa05fc46e62da173da , < 4abccfb61f422300be014b8e734c63344306f009 (git) Affected: 3c4287f62044a90e73a561aa05fc46e62da173da , < 80417057ac60dd80f4816eb426e4e4a5bf696534 (git) Affected: 3c4287f62044a90e73a561aa05fc46e62da173da , < df524a68d9021c1401965d610bb6e42ee5d9611e (git) Affected: 3c4287f62044a90e73a561aa05fc46e62da173da , < 0ab3de047808f375a36cd345225572eb3366f3c6 (git) Affected: 3c4287f62044a90e73a561aa05fc46e62da173da , < d2768016f091f8a5264076b433fd7c3fabb6eb97 (git) Affected: 3c4287f62044a90e73a561aa05fc46e62da173da , < b85e3367a5716ed3662a4fe266525190d2af76df (git) |
|
| Linux | Linux |
Affected:
5.6
Unaffected: 0 , < 5.6 (semver) Unaffected: 5.10.250 , ≤ 5.10.* (semver) Unaffected: 5.15.200 , ≤ 5.15.* (semver) Unaffected: 6.1.163 , ≤ 6.1.* (semver) Unaffected: 6.6.124 , ≤ 6.6.* (semver) Unaffected: 6.12.35 , ≤ 6.12.* (semver) Unaffected: 6.15.4 , ≤ 6.15.* (semver) Unaffected: 6.16 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.6 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.6 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.6 , < *
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.6",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.6",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.6",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.6",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.6",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T12:41:39.296Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_set_pipapo.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1fe27f97944017a9d3c5af4d6d95282bff0f1147",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
},
{
"lessThan": "4abccfb61f422300be014b8e734c63344306f009",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
},
{
"lessThan": "80417057ac60dd80f4816eb426e4e4a5bf696534",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
},
{
"lessThan": "df524a68d9021c1401965d610bb6e42ee5d9611e",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
},
{
"lessThan": "0ab3de047808f375a36cd345225572eb3366f3c6",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
},
{
"lessThan": "d2768016f091f8a5264076b433fd7c3fabb6eb97",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
},
{
"lessThan": "b85e3367a5716ed3662a4fe266525190d2af76df",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_set_pipapo.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.250",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.200",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.15.*",
"status": "unaffected",
"version": "6.15.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.16",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.250",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.200",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.163",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.124",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.35",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15.4",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX\n\nOtherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof()\nwhen resizing hashtable because __GFP_NOWARN is unset.\n\nSimilar to:\n\n b541ba7d1f5a (\"netfilter: conntrack: clamp maximum hashtable size to INT_MAX\")"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:23:12.582Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1fe27f97944017a9d3c5af4d6d95282bff0f1147"
},
{
"url": "https://git.kernel.org/stable/c/4abccfb61f422300be014b8e734c63344306f009"
},
{
"url": "https://git.kernel.org/stable/c/80417057ac60dd80f4816eb426e4e4a5bf696534"
},
{
"url": "https://git.kernel.org/stable/c/df524a68d9021c1401965d610bb6e42ee5d9611e"
},
{
"url": "https://git.kernel.org/stable/c/0ab3de047808f375a36cd345225572eb3366f3c6"
},
{
"url": "https://git.kernel.org/stable/c/d2768016f091f8a5264076b433fd7c3fabb6eb97"
},
{
"url": "https://git.kernel.org/stable/c/b85e3367a5716ed3662a4fe266525190d2af76df"
}
],
"title": "netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-38201",
"datePublished": "2025-07-04T13:37:22.732Z",
"dateReserved": "2025-04-16T04:51:23.993Z",
"dateUpdated": "2026-07-14T12:41:39.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…