linux kernel

A one-line mistake in XFS scrub code has produced a classic memory-safety problem with outsized operational impact: a use-after-free (UAF) in the XFS filesystem’s B-tree checking path, tracked as CVE-2026-23223, has been fixed upstream and is now being rolled into stable kernels and Linux...

EROFS in the Linux kernel has been patched for a race-condition use‑after‑free that can trigger kernel panics when a file‑backed mount is used together with the directio option — tracked as CVE-2026-23224 — and the fix replaces an unsafe free path with a simple reference‑counting discipline that...

A dodgy race in the Linux kernel’s virtio crypto path has been fixed by adding spinlock protection around virtqueue notification handling — a surgical change that closes a denial‑of‑service and hang condition seen when the virtio‑crypto device and the AF_ALG backend are exercised concurrently...

Enterprise storage is quietly rewriting its rules: Linux — in both pure open-source form and as the hidden kernel of proprietary NAS platforms — now sits at the heart of most file-server deployments, and the size of the NAS market is ballooning into the tens of billions as organizations and...

A race in the Linux kernel’s Direct Rendering Manager (DRM) stack — tracked as CVE‑2023‑51043 — can let a nonblocking atomic modeset commit touch freed kernel memory when it races with a driver unload, producing a use‑after‑free that can crash or destabilize systems and has been fixed upstream...

A straightforward NULL-pointer bug in the Linux NFC stack — fixed upstream in the 6.5.9 stable release — created a local denial‑of‑service risk that could crash kernels handling Near‑Field Communication traffic; the defect was tracked as CVE‑2023‑46343 and closed by a one‑line defensive check in...

The Linux kernel received a targeted robustness fix for a device‑mapper ioctl bug tracked as CVE‑2024‑23851: a missing check in copy_params (drivers/md/dm-ioctl.c) could let an ioctl request lead the kernel to try to allocate more than INT_MAX bytes and crash, producing a local denial‑of‑service...

The Linux kernel’s md/raid5 code contained a subtle but dangerous integer‑overflow bug in the function raid5_cache_count() that was tracked as CVE‑2024‑23307 — a defect that can be forced by concurrent modifications of RAID stripe‑count variables and that may lead to a sustained or persistent...

A subtle parse-time error in the Linux in‑kernel SMB server (ksmbd) can let a malformed SMB2 Create request provoke an out‑of‑bounds memory access in kernel space — a defect tracked as CVE‑2024‑22705 that was fixed upstream in the 6.6.10 stable release and that carries real, immediate...

A subtle pointer‑math mistake in the Linux kernel’s Netfilter nf_tables code — tracked as CVE‑2024‑0607 — lets a local actor corrupt internal data by writing eight bytes into a four‑byte slot inside nft_byteorder_eval(), producing memory corruption that leads to kernel instability and reliable...

A subtle memory-management bug deep inside the ext4 remount path—tracked as CVE-2024-0775—can turn routine mount option changes into a kernel-level use-after-free, enabling a local attacker to crash systems or leak kernel memory if left unpatched. Background ext4 is the default filesystem for...

A critical Linux-kernel flaw tracked as CVE-2024-0646 allows the kernel’s kTLS path to write past intended memory bounds when a user calls splice() with a kTLS socket as the destination, producing out‑of‑bounds writes that can crash the system or — in the worst case — be weaponized for local...

A subtle race in the Linux kernel’s Unix-domain socket garbage collector can let the kernel free socket buffers (skbs) while another path still holds a pointer to them, producing a classic use‑after‑free (UAF) that can crash or destabilize systems and — in theory — open the door to more serious...

CVE-2023-7192 is a memory-management bug in the Linux kernel’s netfilter conntrack netlink path that can leak references and eventually cause a denial-of-service (DoS) condition; the flaw lives in ctnetlink_create_conntrack (net/netfilter/nf_conntrack_netlink.c) and can be triggered by a local...

A recently disclosed Linux-kernel vulnerability, tracked as CVE-2023-51042, exposes a fence-related use‑after‑free in the AMD GPU driver (amdgpu) that was fixed upstream in the 6.4.12 stable release; the bug can crash affected kernels or otherwise deny availability to systems that accept...

A subtle bug in the Linux kernel’s TIPC subsystem — a double-locking condition in tipc_crypto_key_revoke() — can be driven into a kernel‑level deadlock that lets a local, authenticated user hang or crash a machine. The issue, tracked as CVE‑2024‑0641, is an availability‑only failure (denial of...

The Linux kernel received a low‑to‑medium severity vulnerability report identified as CVE-2024-0639, a subtle locking bug in the SCTP subsystem that can trigger a kernel deadlock on the per‑net workqueue lock net->sctp.addr_wq_lock, allowing a local attacker to cause a denial‑of‑service (DoS) by...

A critical robustness bug in the Linux kernel’s SMB/CIFS client—tracked as CVE-2024-0565—creates an integer-underflow condition in the function receive_encrypted_standard that can lead to out‑of‑bounds memory reads, denial-of-service, and in some vendor assessments the potential for remote code...

A subtle timing bug deep in the Linux writeback code — a use‑after‑free in wb_inode_writeback_end() — can let an attacker trigger a kernel panic or sustained denial‑of‑service by removing a disk while writeback bookkeeping is still racing to schedule bandwidth‑estimation work; the flaw is...

The Linux kernel vulnerability tracked as CVE-2023-52340 exposes a subtle but powerful availability risk: a flaw in the IPv6 route-caching logic can be driven into a denial-of-service condition by repeated IPv6 traffic patterns (for example, packets sent in a loop from a raw socket or floods of...