Linux kernel CVEs

Three-year CVE watchlist for Linux kernel vulnerabilities relevant to virtualized, dedicated and colocated server environments.

Dedicated CVE watchlist

Linux kernel CVEs

Three-year CVE watchlist for Linux kernel vulnerabilities relevant to virtualized, dedicated and colocated server environments.

Server administration
CategorySwitch between product-focused CVE watchlists.
Showsorted by operational relevance for DataHouse infrastructure
CVE-2024-1086CVSS 7.8CISA KEVLinux

CVE-2024-1086: Linux Kernel Use-After-Free Vulnerability

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_...

Updated: 2026-06-17
CVE-2024-53197CVSS 7.8CISA KEVLinux

CVE-2024-53197: Linux Kernel Out-of-Bounds Access Vulnerability

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_confi...

Updated: 2026-06-17
CVE-2024-53104CVSS 7.8CISA KEVLinux

CVE-2024-53104: Linux Kernel Out-of-Bounds Write Vulnerability

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculat...

Updated: 2026-06-17
CVE-2024-36971CVSS 7.8CISA KEVLinux

CVE-2024-36971: Android Kernel Remote Code Execution Vulnerability

In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must fi...

Updated: 2026-06-17
CVE-2024-53150CVSS 7.1CISA KEVLinux

CVE-2024-53150: Linux Kernel Out-of-Bounds Read Vulnerability

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That i...

Updated: 2026-06-17
CVE-2024-50302CVSS 5.5CISA KEVLinux

CVE-2024-50302: Linux Kernel Use of Uninitialized Resource Vulnerability

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't...

Updated: 2026-06-17
CVE-2026-43500CVSS 7.8Linux

CVE-2026-43500: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE handler in rxrpc_verify_response() copy the skb...

Updated: 2026-06-30
CVE-2026-43284CVSS 8.8Linux

CVE-2026-43284: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_it...

Updated: 2026-07-01
CVE-2023-52440CVSS 7.8Mail

CVE-2023-52440: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() If authblob->SessionKey.Length is bigger than session key size(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes....

Updated: 2026-06-17
CVE-2023-2163CVSS 10.0Linux

CVE-2023-2163: linux kernel vulnerability

Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape.

Updated: 2026-06-17
CVE-2024-26594CVSS 7.1Linux

CVE-2024-26594: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid.

Updated: 2026-06-17
CVE-2023-44466CVSS 8.8Linux

CVE-2023-44466: linux kernel vulnerability

An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length...

Updated: 2026-06-17
CVE-2023-52755CVSS 8.4Linux

CVE-2023-52755: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab out of bounds write in smb_inherit_dacl() slab out-of-bounds write is caused by that offsets is bigger than pntsd allocation size. This patch add the check to validate 3 o...

Updated: 2026-06-17
CVE-2024-0582CVSS 7.8Linux

CVE-2024-0582: linux kernel vulnerability

A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on ...

Updated: 2026-06-17
CVE-2025-37924CVSS 9.8Linux

CVE-2025-37924: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in kerberos authentication Setting sess->user = NULL was introduced to fix the dangling pointer created by ksmbd_free_user. However, it is possible another threa...

Updated: 2026-06-17
CVE-2025-39946CVSS 9.8Linux

CVE-2025-39946: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the stream if headers are bogus Normally we wait for the socket to buffer up the whole record before we service it. If the socket has a tiny buffer, however, we re...

Updated: 2026-06-17
CVE-2023-38428CVSS 9.1Linux

CVE-2023-38428: linux kernel vulnerability

An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read.

Updated: 2026-06-17
CVE-2023-32254CVSS 9.8Linux

CVE-2023-32254: linux kernel vulnerability

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object...

Updated: 2026-06-17
CVE-2023-32250CVSS 9.0Linux

CVE-2023-32250: linux kernel vulnerability

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP commands. The issue results from the lack of proper locking when performing operations on an object. ...

Updated: 2026-06-17
CVE-2023-38426CVSS 9.1Linux

CVE-2023-38426: linux kernel vulnerability

An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger than the tag length.

Updated: 2026-06-17
CVE-2023-38432CVSS 9.1Linux

CVE-2023-38432: linux kernel vulnerability

An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, leading to an out-of-bounds read.

Updated: 2026-06-17
CVE-2026-53224CVSS 9.1Linux

CVE-2026-53224: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: sctp: validate embedded INIT chunk and address list lengths in cookie sctp_unpack_cookie() only checked that the embedded INIT chunk length did not exceed the remaining cookie payload, bu...

Updated: 2026-07-02
CVE-2026-43407CVSS 9.1Linux

CVE-2026-43407: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply() This patch fixes an out-of-bounds access in ceph_handle_auth_reply() that can be triggered by a message of type CEP...

Updated: 2026-06-17
CVE-2026-45898CVSS 9.8Linux

CVE-2026-45898: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removing work_list The commit e1168f0 ("RDMA/iwcm: Simplify cm_event_handler()") changed the work submission logic to unconditionally call queu...

Updated: 2026-06-30
CVE-2026-43465CVSS 9.8Linux

CVE-2026-43465: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ XDP multi-buf programs can modify the layout of the XDP buffer when the program calls bpf_xdp_pull_data() or bpf_xdp_adjust_...

Updated: 2026-06-17
CVE-2026-31705CVSS 9.8Linux

CVE-2026-31705: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment smb2_get_ea() applies 4-byte alignment padding via memset() after writing each EA entry. The bounds check on buf_free_len is p...

Updated: 2026-06-17
CVE-2026-23428CVSS 9.8Linux

CVE-2026-23428: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of share_conf in compound request smb2_get_ksmbd_tcon() reuses work->tcon in compound requests without validating tcon->t_state. ksmbd_tree_conn_lookup() checks ...

Updated: 2026-06-17
CVE-2026-46244CVSS 9.1Linux

CVE-2026-46244: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: Fix IPv6 inner_thoff desync In nft_inner_parse_l2l3(), when processing inner IPv6 packets, ipv6_find_hdr() correctly computes the transport header offset traversing ...

Updated: 2026-07-07
CVE-2026-23427CVSS 9.8Linux

CVE-2026-23427: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in durable v2 replay of active file handles parse_durable_handle_context() unconditionally assigns dh_info->fp->conn to the current connection when handling a DU...

Updated: 2026-06-17
CVE-2026-46316CVSS 9.3Linux

CVE-2026-46316

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgic_its_invalidate_cache() walks the per-ITS translation cache with xa_for_each() and drops the cache...

Updated: 2026-07-07
CVE-2026-46300CVSS 7.8Linux

CVE-2026-46300: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from has SKBFL_SHARED_FRAG set, the resulting @to skb can cont...

Updated: 2026-07-02
CVE-2021-47274CVSS 9.8Linux

CVE-2021-47274: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: tracing: Correct the length check which causes memory corruption We've suffered from severe kernel crashes due to memory corruption on our production environment, like, Call Trace: [1640...

Updated: 2026-06-17
CVE-2024-36031CVSS 9.8Linux

CVE-2024-36031: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is unconditionally overwritten during instantiation, defaulting to turn it permanent. This causes a problem...

Updated: 2026-06-17
CVE-2026-53176CVSS 9.8Linux

CVE-2026-53176: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN In drivers/infiniband/ulp/isert/ib_isert.c, isert_login_recv_done() computes the login request payload length as wc->byte_len min...

Updated: 2026-07-06
CVE-2026-46195CVSS 9.8Linux

CVE-2026-46195: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: smb: client: validate dacloffset before building DACL pointers parse_sec_desc(), build_sec_desc(), and the chown path in id_mode_to_cifs_acl() all add the server-supplied dacloffset to pn...

Updated: 2026-06-30
CVE-2026-43186CVSS 9.8Linux

CVE-2026-43186: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data() On the receive path, __ioam6_fill_trace_data() uses trace->nodelen to decide how much data to write for each node. It tru...

Updated: 2026-06-17
CVE-2026-43185CVSS 9.8Linux

CVE-2026-43185: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix signededness bug in smb_direct_prepare_negotiation() smb_direct_prepare_negotiation() casts an unsigned __u32 value from sp->max_recv_size and req->preferred_send_size to a sig...

Updated: 2026-06-17
CVE-2026-46133CVSS 7.5Linux

CVE-2026-46133: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Reject unknown opcodes before ICRC processing Even after applying commit 7244491dab34 ("RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv"), a single unauthentica...

Updated: 2026-06-24
CVE-2026-43037CVSS 9.8Linux

CVE-2026-43037: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() Oskar Kjos reported the following problem. ip4ip6_err() calls icmp_send() on a cloned skb whose cb[] was written by the IPv6 receive path as ...

Updated: 2026-07-07
CVE-2026-53221CVSS 9.8Linux

CVE-2026-53221: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup() In vti6_tnl_lookup(), when an exact match for a tunnel fails, the code falls back to searching for wildcard tunnels: - Tunnels...

Updated: 2026-07-02
CVE-2026-52986CVSS 9.8Linux

CVE-2026-52986

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_sip: don't use simple_strtoul Replace unsafe port parsing in epaddr_len(), ct_sip_parse_header_uri(), and ct_sip_parse_request() with a new sip_parse_port() helper...

Updated: 2026-06-28
CVE-2026-53228CVSS 9.8Linux

CVE-2026-53228: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: ipv6: sit: reload inner IPv6 header after GSO offloads ipip6_tunnel_xmit() caches the inner IPv6 header pointer at function entry and continues using it after iptunnel_handle_offloads(). ...

Updated: 2026-07-02
CVE-2026-43493CVSS 9.8Linux

CVE-2026-43493: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix handling of MAY_BACKLOG requests MAY_BACKLOG requests can return EBUSY. Handle them by checking for that value and filtering out EINPROGRESS notifications.

Updated: 2026-06-26
CVE-2026-31405CVSS 9.8Linux

CVE-2026-31405: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ule_mandatory_ext_handlers[] and ule_optional_ext_handlers[] tables in handle_one_ule_extension() are declared with 255 e...

Updated: 2026-06-17
CVE-2026-53215CVSS 9.8Linux

CVE-2026-53215: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: refill RX buffers before XDP or skb use The RX error path returns the current descriptor buffer to the hardware BM pool. That is only valid while the driver still owns the buf...

Updated: 2026-07-02
CVE-2026-53216CVSS 9.8Linux

CVE-2026-53216: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: limit XDP frame size to the RX buffer mvpp2 has short and long BM pools, and short pool buffers can be smaller than PAGE_SIZE. The XDP path nevertheless initializes every xdp_...

Updated: 2026-07-02
CVE-2026-52958CVSS 9.1Linux

CVE-2026-52958

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in osdmap_decode() When decoding osd_state and osd_weight from an incoming osdmap in osdmap_decode(), both are decoded for each osd, i.e., map-...

Updated: 2026-06-28
CVE-2026-53225CVSS 9.1Linux

CVE-2026-53225: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: sctp: fix uninit-value in __sctp_rcv_asconf_lookup() __sctp_rcv_asconf_lookup() in net/sctp/input.c only checks that the ASCONF chunk can hold the ADDIP header and a parameter header, the...

Updated: 2026-07-02
CVE-2026-53186CVSS 9.1Linux

CVE-2026-53186: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: bound SRP_RSP sense copy by the received length srp_process_rsp() copies sense data from rsp->data + resp_data_len, where resp_data_len is the full 32-bit value supplied by the ...

Updated: 2026-07-06
CVE-2026-52982CVSS 9.8Linux

CVE-2026-52982

In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix use-after-free in rtl8150_start_xmit() syzbot reported a KASAN slab-use-after-free read in rtl8150_start_xmit() when accessing skb->len for tx statistics after usb_...

Updated: 2026-06-28
CVE-2026-53046CVSS 9.8Linux

CVE-2026-53046

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free from async crypto on Qualcomm crypto engine ksmbd_crypt_message() sets a NULL completion callback on AEAD requests and does not handle the -EINPROGRESS return co...

Updated: 2026-06-28
CVE-2026-46119CVSS 9.1Linux

CVE-2026-46119: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix slab-out-of-bounds access in auth message processing If a (potentially corrupted) message of type CEPH_MSG_AUTH_REPLY contains a positive value in its result field, it is tre...

Updated: 2026-06-24
CVE-2026-53045CVSS 9.8Linux

CVE-2026-53045

In the Linux kernel, the following vulnerability has been resolved: memory: tegra124-emc: Fix dll_change check The code checking whether the specified memory timing enables DLL in the EMRS register was reversed. DLL is enabled if bit A0 is low. Fix the ch...

Updated: 2026-06-28
CVE-2026-53043CVSS 9.1Linux

CVE-2026-53043

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: validate qr_numregions in dlm_match_regions() Patch series "ocfs2/dlm: fix two bugs in dlm_match_regions()". In dlm_match_regions(), the qr_numregions field from a DLM_QUERY_R...

Updated: 2026-06-28
CVE-2026-52999CVSS 9.1Linux

CVE-2026-52999

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_osf: fix out-of-bounds read on option matching In nf_osf_match(), the nf_osf_hdr_ctx structure is initialized once and passed by reference to nf_osf_match_one() for e...

Updated: 2026-06-28
CVE-2026-52914CVSS 9.8Linux

CVE-2026-52914

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix fragment reassembly length accounting batman-adv keeps a running payload length for queued fragments and uses it to validate a fragment chain before reassembly. That acco...

Updated: 2026-07-07
CVE-2026-43011CVSS 9.8Linux

CVE-2026-43011: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix potential double free of skb When alloc_skb fails in x25_queue_rx_frame it calls kfree_skb(skb) at line 48 and returns 1 (error). This error propagates back through the call ...

Updated: 2026-06-17
CVE-2026-46043CVSS 9.1Linux

CVE-2026-46043: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv rxe_rcv() currently checks only that the incoming packet is at least header_size(pkt) bytes long before payload_size() is ...

Updated: 2026-06-17

Security newsletter

Get new CVE alerts before they become an incident

We send selected infrastructure threats in English, with practical notes for DataHouse environments.

  • DataHouse: server administration and secure cloud
  • Hostilla.pl: hosting and mail services
  • SecDNS.pl: free DNS security layer