{"resultsPerPage":22,"startIndex":0,"totalResults":22,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-13T10:06:37.677","vulnerabilities":[{"cve":{"id":"CVE-2026-53045","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:16.290","lastModified":"2026-06-28T08:16:31.127","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: tegra124-emc: Fix dll_change check\n\nThe code checking whether the specified memory timing enables DLL\nin the EMRS register was reversed. DLL is enabled if bit A0 is low.\nFix the check."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/memory/tegra/tegra124-emc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"73a7f0a90641b09300d47308682b674c570dd6a2","lessThan":"a85967331144fde9300be38bb44d2558eb6b742e","versionType":"git","status":"affected"},{"version":"73a7f0a90641b09300d47308682b674c570dd6a2","lessThan":"db0ae80865b515cc0b705c85877ec00f7eebe9fe","versionType":"git","status":"affected"},{"version":"73a7f0a90641b09300d47308682b674c570dd6a2","lessThan":"2369b1831161356e1bcb51385d3e532dc4fe2771","versionType":"git","status":"affected"},{"version":"73a7f0a90641b09300d47308682b674c570dd6a2","lessThan":"7e19e72f306484996c52ff96cc92f69b78ed5435","versionType":"git","status":"affected"},{"version":"73a7f0a90641b09300d47308682b674c570dd6a2","lessThan":"05f138fc7e27ee8e7a83ccf966c3fa26cda44dda","versionType":"git","status":"affected"},{"version":"73a7f0a90641b09300d47308682b674c570dd6a2","lessThan":"1793249c067a4b28e1aba0ad0e4d73aa9f9e165a","versionType":"git","status":"affected"},{"version":"73a7f0a90641b09300d47308682b674c570dd6a2","lessThan":"1ebbbef47d11cc90219c081492ccf995aaa3e9b3","versionType":"git","status":"affected"},{"version":"73a7f0a90641b09300d47308682b674c570dd6a2","lessThan":"9597ab9a8296ab337e6820f8a717ff621078b632","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/memory/tegra/tegra124-emc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.2","status":"affected"},{"version":"0","lessThan":"4.2","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"references":[{"url":"https://git.kernel.org/stable/c/05f138fc7e27ee8e7a83ccf966c3fa26cda44dda","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/1793249c067a4b28e1aba0ad0e4d73aa9f9e165a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/1ebbbef47d11cc90219c081492ccf995aaa3e9b3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/2369b1831161356e1bcb51385d3e532dc4fe2771","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7e19e72f306484996c52ff96cc92f69b78ed5435","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9597ab9a8296ab337e6820f8a717ff621078b632","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a85967331144fde9300be38bb44d2558eb6b742e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/db0ae80865b515cc0b705c85877ec00f7eebe9fe","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53046","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:16.420","lastModified":"2026-06-28T08:16:31.240","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free from async crypto on Qualcomm crypto engine\n\nksmbd_crypt_message() sets a NULL completion callback on AEAD requests\nand does not handle the -EINPROGRESS return code from async hardware\ncrypto engines like the Qualcomm Crypto Engine (QCE). When QCE returns\n-EINPROGRESS, ksmbd treats it as an error and immediately frees the\nrequest while the hardware DMA operation is still in flight. The DMA\ncompletion callback then dereferences freed memory, causing a NULL\npointer crash:\n\n  pc : qce_skcipher_done+0x24/0x174\n  lr : vchan_complete+0x230/0x27c\n  ...\n  el1h_64_irq+0x68/0x6c\n  ksmbd_free_work_struct+0x20/0x118 [ksmbd]\n  ksmbd_exit_file_cache+0x694/0xa4c [ksmbd]\n\nUse the standard crypto_wait_req() pattern with crypto_req_done() as\nthe completion callback, matching the approach used by the SMB client\nin fs/smb/client/smb2ops.c. This properly handles both synchronous\nengines (immediate return) and async engines (-EINPROGRESS followed\nby callback notification)."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/smb/server/auth.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9","lessThan":"57b47231055b431ed0a1a55f33cac32981564405","versionType":"git","status":"affected"},{"version":"e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9","lessThan":"cc2da381875d4a67026e4c8feb3dba51a2a2d1bc","versionType":"git","status":"affected"},{"version":"e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9","lessThan":"8fcefe840fa8c14ce667768e5b043286ac3bbcbe","versionType":"git","status":"affected"},{"version":"e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9","lessThan":"8ef183216feaa24b66b940510d8b68f680eb56e9","versionType":"git","status":"affected"},{"version":"e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9","lessThan":"7164b3953cefd540e7ebca828c793bc6869cfbc4","versionType":"git","status":"affected"},{"version":"e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9","lessThan":"b46aa129fa2807bfe1545fe74d9295d53c51520b","versionType":"git","status":"affected"},{"version":"e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9","lessThan":"3e298897f41c61450c2e7a4f457e8b2485eb35b3","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/smb/server/auth.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"references":[{"url":"https://git.kernel.org/stable/c/3e298897f41c61450c2e7a4f457e8b2485eb35b3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/57b47231055b431ed0a1a55f33cac32981564405","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7164b3953cefd540e7ebca828c793bc6869cfbc4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/8ef183216feaa24b66b940510d8b68f680eb56e9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/8fcefe840fa8c14ce667768e5b043286ac3bbcbe","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b46aa129fa2807bfe1545fe74d9295d53c51520b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/cc2da381875d4a67026e4c8feb3dba51a2a2d1bc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53049","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:16.777","lastModified":"2026-06-28T08:16:31.350","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: add some missing log locking\n\nFunction gfs2_logd() calls the log flushing functions gfs2_ail1_start(),\ngfs2_ail1_wait(), and gfs2_ail1_empty() without holding sdp->sd_log_flush_lock,\nbut these functions require exclusion against concurrent transactions.\n\nTo fix that, add a non-locking __gfs2_log_flush() function.  Then, in\ngfs2_logd(), take sdp->sd_log_flush_lock before calling the above mentioned log\nflushing functions and __gfs2_log_flush()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/gfs2/log.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5e4c7632aae1cce137792647f4fb6f599d1da893","lessThan":"3b28eb75afe520972bacc833850c2b30aa0824cd","versionType":"git","status":"affected"},{"version":"5e4c7632aae1cce137792647f4fb6f599d1da893","lessThan":"ca95342cb1b39062a03c115830286f0a426053d5","versionType":"git","status":"affected"},{"version":"5e4c7632aae1cce137792647f4fb6f599d1da893","lessThan":"bf5fcd9c37c2546beaf7b401d31aefd89017dc3d","versionType":"git","status":"affected"},{"version":"5e4c7632aae1cce137792647f4fb6f599d1da893","lessThan":"f2f225cf505ac016132ded21690f3ba0a080a4e8","versionType":"git","status":"affected"},{"version":"5e4c7632aae1cce137792647f4fb6f599d1da893","lessThan":"49d9be0722da3a4a893ba905720cba1921834ec3","versionType":"git","status":"affected"},{"version":"5e4c7632aae1cce137792647f4fb6f599d1da893","lessThan":"98e8bf249c790d56de1abc4a5f8bd68035a00921","versionType":"git","status":"affected"},{"version":"5e4c7632aae1cce137792647f4fb6f599d1da893","lessThan":"fe2c8d051150b90b3ccb85f89e3b1d636cb88ec8","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/gfs2/log.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.7","status":"affected"},{"version":"0","lessThan":"5.7","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"references":[{"url":"https://git.kernel.org/stable/c/3b28eb75afe520972bacc833850c2b30aa0824cd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/49d9be0722da3a4a893ba905720cba1921834ec3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/98e8bf249c790d56de1abc4a5f8bd68035a00921","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/bf5fcd9c37c2546beaf7b401d31aefd89017dc3d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ca95342cb1b39062a03c115830286f0a426053d5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/f2f225cf505ac016132ded21690f3ba0a080a4e8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/fe2c8d051150b90b3ccb85f89e3b1d636cb88ec8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53050","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:16.887","lastModified":"2026-06-28T08:16:31.460","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nquota: Fix race of dquot_scan_active() with quota deactivation\n\ndquot_scan_active() can race with quota deactivation in\nquota_release_workfn() like:\n\n  CPU0 (quota_release_workfn)         CPU1 (dquot_scan_active)\n  ==============================      ==============================\n  spin_lock(&dq_list_lock);\n  list_replace_init(\n    &releasing_dquots, &rls_head);\n    /* dquot X on rls_head,\n       dq_count == 0,\n       DQ_ACTIVE_B still set */\n  spin_unlock(&dq_list_lock);\n  synchronize_srcu(&dquot_srcu);\n                                      spin_lock(&dq_list_lock);\n                                      list_for_each_entry(dquot,\n                                          &inuse_list, dq_inuse) {\n                                        /* finds dquot X */\n                                        dquot_active(X) -> true\n                                        atomic_inc(&X->dq_count);\n                                      }\n                                      spin_unlock(&dq_list_lock);\n  spin_lock(&dq_list_lock);\n  dquot = list_first_entry(&rls_head);\n  WARN_ON_ONCE(atomic_read(&dquot->dq_count));\n\nThe problem is not only a cosmetic one as under memory pressure the\ncaller of dquot_scan_active() can end up working on freed dquot.\n\nFix the problem by making sure the dquot is removed from releasing list\nwhen we acquire a reference to it."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/quota/dquot.c","include/linux/quotaops.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"22c06bf1f99ec3ec16b1a81342becba4c59a1f16","lessThan":"2bdc80f4619411e5bd4a3ef23f51e14021ed457c","versionType":"git","status":"affected"},{"version":"56e96b38d2f7cd95b3c30eb70decac7233915e0a","lessThan":"f9438cb8c8ec3adc84b2b450a3aab0123d074c3b","versionType":"git","status":"affected"},{"version":"12a820a9923c11e8e898da9f82c8aded70cdcd16","lessThan":"ac8a2e0d287ebf35e5d7e51e260b4e146648ba4a","versionType":"git","status":"affected"},{"version":"869b6ea1609f655a43251bf41757aa44e5350a8f","lessThan":"6678dde265708003c2b42551af4a2e3cb05decd5","versionType":"git","status":"affected"},{"version":"869b6ea1609f655a43251bf41757aa44e5350a8f","lessThan":"61e25f664dc2a08299e07d84c85776abc2350f75","versionType":"git","status":"affected"},{"version":"869b6ea1609f655a43251bf41757aa44e5350a8f","lessThan":"fdd424d7c35633ac577fd87d1b043d1b8a6cd350","versionType":"git","status":"affected"},{"version":"869b6ea1609f655a43251bf41757aa44e5350a8f","lessThan":"82cbdb4c1ebb5ea7d7bd45c18d3483b5bd32ebc1","versionType":"git","status":"affected"},{"version":"869b6ea1609f655a43251bf41757aa44e5350a8f","lessThan":"e93ab401da4b2e2c1b8ef2424de2f238d51c8b2d","versionType":"git","status":"affected"},{"version":"bb7e3a019b52d829949d02b64ebab37838148fbf","versionType":"git","status":"affected"},{"version":"061a18239ced5eb086967a2b4451cb1cc5ce0702","versionType":"git","status":"affected"},{"version":"2a1ddddba6541143c8f73962f3021f1789114284","versionType":"git","status":"affected"},{"version":"5.10.199","lessThan":"5.10.258","versionType":"semver","status":"affected"},{"version":"5.15.136","lessThan":"5.15.209","versionType":"semver","status":"affected"},{"version":"6.1.59","lessThan":"6.1.175","versionType":"semver","status":"affected"},{"version":"4.19.297","lessThan":"4.20","versionType":"semver","status":"affected"},{"version":"5.4.259","lessThan":"5.5","versionType":"semver","status":"affected"},{"version":"6.5.8","lessThan":"6.6","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/quota/dquot.c","include/linux/quotaops.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.6","status":"affected"},{"version":"0","lessThan":"6.6","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"references":[{"url":"https://git.kernel.org/stable/c/2bdc80f4619411e5bd4a3ef23f51e14021ed457c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/61e25f664dc2a08299e07d84c85776abc2350f75","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6678dde265708003c2b42551af4a2e3cb05decd5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/82cbdb4c1ebb5ea7d7bd45c18d3483b5bd32ebc1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ac8a2e0d287ebf35e5d7e51e260b4e146648ba4a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e93ab401da4b2e2c1b8ef2424de2f238d51c8b2d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/f9438cb8c8ec3adc84b2b450a3aab0123d074c3b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/fdd424d7c35633ac577fd87d1b043d1b8a6cd350","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53053","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:17.327","lastModified":"2026-06-28T08:16:31.593","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\niommu/amd: Fix clone_alias() to use the original device's devid\n\nCurrently clone_alias() assumes first argument (pdev) is always the\noriginal device pointer. This function is called by\npci_for_each_dma_alias() which based on topology decides to send\noriginal or alias device details in first argument.\n\nThis meant that the source devid used to look up and copy the DTE\nmay be incorrect, leading to wrong or stale DTE entries being\npropagated to alias device.\n\nFix this by passing the original pdev as the opaque data argument to\nboth the direct clone_alias() call and pci_for_each_dma_alias(). Inside\nclone_alias(), retrieve the original device from data and compute devid\nfrom it."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/iommu/amd/iommu.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3332364e4ebc0581d133a334645a20fd13b580f1","lessThan":"dbd76a537d8cb814e7f5b795ab21ecb7949c821d","versionType":"git","status":"affected"},{"version":"3332364e4ebc0581d133a334645a20fd13b580f1","lessThan":"20b3c566e2702e5d4d0545be8a97029a2eebcc0e","versionType":"git","status":"affected"},{"version":"3332364e4ebc0581d133a334645a20fd13b580f1","lessThan":"dae251ff11d2d2208a029f98923756831cefec46","versionType":"git","status":"affected"},{"version":"3332364e4ebc0581d133a334645a20fd13b580f1","lessThan":"faad224fe0f0857a04ff2eb3c90f0de57f47d0f3","versionType":"git","status":"affected"},{"version":"1f03a258f20f1699ede29bb40804074db9398a0d","versionType":"git","status":"affected"},{"version":"5.4.17","lessThan":"5.5","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/iommu/amd/iommu.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.5","status":"affected"},{"version":"0","lessThan":"5.5","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}]},"references":[{"url":"https://git.kernel.org/stable/c/20b3c566e2702e5d4d0545be8a97029a2eebcc0e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/dae251ff11d2d2208a029f98923756831cefec46","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/dbd76a537d8cb814e7f5b795ab21ecb7949c821d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/faad224fe0f0857a04ff2eb3c90f0de57f47d0f3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53054","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:17.430","lastModified":"2026-06-28T08:16:31.700","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix VM_BIND UNMAP locking\n\nWrong argument meant that the objs involved in UNMAP ops were not always\ngetting locked.\n\nSince _NO_SHARE objs share a common resv with the VM (which is always\nlocked) this would only show up with non-_NO_SHARE BOs.\n\nPatchwork: https://patchwork.freedesktop.org/patch/713898/"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/msm/msm_gem_vma.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2e6a8a1fe2b262a6dfd0a65041fcd830ee1e7143","lessThan":"206f812ef140727b75697111391ae320fd8aa652","versionType":"git","status":"affected"},{"version":"2e6a8a1fe2b262a6dfd0a65041fcd830ee1e7143","lessThan":"d9ecf758270501b2e7a0bc1dd69a6f28f1ae3cae","versionType":"git","status":"affected"},{"version":"2e6a8a1fe2b262a6dfd0a65041fcd830ee1e7143","lessThan":"85042c2cd970a6b0e686329387096fe19989ae62","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/msm/msm_gem_vma.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.17","status":"affected"},{"version":"0","lessThan":"6.17","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"references":[{"url":"https://git.kernel.org/stable/c/206f812ef140727b75697111391ae320fd8aa652","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/85042c2cd970a6b0e686329387096fe19989ae62","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d9ecf758270501b2e7a0bc1dd69a6f28f1ae3cae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53055","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:17.527","lastModified":"2026-06-28T08:16:31.797","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/sec2 - prevent req used-after-free for sec\n\nDuring packet transmission, if the system is under heavy load,\nthe hardware might complete processing the packet and free the\nrequest memory (req) before the transmission function finishes.\nIf the software subsequently accesses this req, a use-after-free\nerror will occur. The qp_ctx memory exists throughout the packet\nsending process, so replace the req with the qp_ctx."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/crypto/hisilicon/sec2/sec_crypto.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"f0ae287c50455f7be0d8dd45a803d403c7aa4d2e","lessThan":"b375c3c7209cc59e40e97998aa9bc768369cca0e","versionType":"git","status":"affected"},{"version":"f0ae287c50455f7be0d8dd45a803d403c7aa4d2e","lessThan":"ad73563f3a1edbfddf2724136c6a15826b354e18","versionType":"git","status":"affected"},{"version":"f0ae287c50455f7be0d8dd45a803d403c7aa4d2e","lessThan":"67b53a660e6bf0da2fa8d8872e897a14d8059eaf","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/crypto/hisilicon/sec2/sec_crypto.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.17","status":"affected"},{"version":"0","lessThan":"6.17","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"references":[{"url":"https://git.kernel.org/stable/c/67b53a660e6bf0da2fa8d8872e897a14d8059eaf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ad73563f3a1edbfddf2724136c6a15826b354e18","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b375c3c7209cc59e40e97998aa9bc768369cca0e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53057","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:17.960","lastModified":"2026-06-28T08:16:31.890","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\niommu/riscv: Add IOTINVAL after updating DDT/PDT entries\n\nAdd riscv_iommu_iodir_iotinval() to perform required TLB and context cache\ninvalidations after updating DDT or PDT entries, as mandated by the RISC-V\nIOMMU specification (Section 6.3.1 and 6.3.2)."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/iommu/riscv/iommu.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"488ffbf181718b9ad8c1838cb249d60973e78eda","lessThan":"3f917d9bff68600f77561900f3145bd4706dc840","versionType":"git","status":"affected"},{"version":"488ffbf181718b9ad8c1838cb249d60973e78eda","lessThan":"d99d1c13faa793ff1abab0d20ab6473c838081b3","versionType":"git","status":"affected"},{"version":"488ffbf181718b9ad8c1838cb249d60973e78eda","lessThan":"f5c262b544975e067ea265fc7403aefbbea8563e","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/iommu/riscv/iommu.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.13","status":"affected"},{"version":"0","lessThan":"6.13","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}]},"references":[{"url":"https://git.kernel.org/stable/c/3f917d9bff68600f77561900f3145bd4706dc840","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d99d1c13faa793ff1abab0d20ab6473c838081b3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/f5c262b544975e067ea265fc7403aefbbea8563e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53062","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:19.030","lastModified":"2026-06-28T08:16:31.983","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache policy smq: fix missing locks in invalidating cache blocks\n\nIn passthrough mode, the policy invalidate_mapping operation is called\nsimultaneously from multiple workers, thus it should be protected by a\nlock. Otherwise, we might end up with data races on the allocated blocks\ncounter, or even use-after-free issues with internal data structures\nwhen doing concurrent writes.\n\nNote that the existing FIXME in smq_invalidate_mapping() doesn't affect\npassthrough mode since migration tasks don't exist there, but would need\nattention if supporting fast device shrinking via suspend/resume without\ntarget reloading.\n\nReproduce steps:\n\n1. Create a cache device consisting of 1024 cache entries\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 131072 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 262144 linear /dev/sdc 262144\"\ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\ndmsetup create cache --table \"0 262144 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\n\n2. Populate the cache, and record the number of cached blocks\n\nfio --name=populate --filename=/dev/mapper/cache --rw=randwrite --bs=4k \\\n--size=64m --direct=1\nnr_cached=$(dmsetup status cache | awk '{split($7, a, \"/\"); print a[1]}')\n\n3. Reload the cache into passthrough mode\n\ndmsetup suspend cache\ndmsetup reload cache --table \"0 262144 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 passthrough smq 0\"\ndmsetup resume cache\n\n4. Write to the passthrough cache. By setting multiple jobs with I/O\n   size equal to the cache block size, cache blocks are invalidated\n   concurrently from different workers.\n\nfio --filename=/dev/mapper/cache --name=test --rw=randwrite --bs=64k \\\n--direct=1 --numjobs=2 --randrepeat=0 --size=64m\n\n5. Check if demoted matches cached block count. These numbers should\n   match but may differ due to the data race.\n\nnr_demoted=$(dmsetup status cache | awk '{print $12}')\necho \"$nr_cached, $nr_demoted\""}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/md/dm-cache-policy-smq.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"b29d4986d0da1a27cd35917cdb433672f5c95d7f","lessThan":"4991b5a08751e2e82488fb93ae08849b6aea10d9","versionType":"git","status":"affected"},{"version":"b29d4986d0da1a27cd35917cdb433672f5c95d7f","lessThan":"1b2bec4a7dcf5f00b7a1cbeeec8997841d783513","versionType":"git","status":"affected"},{"version":"b29d4986d0da1a27cd35917cdb433672f5c95d7f","lessThan":"9a5fdfb9e57ec3a8ad2b8fce5e5ffa42d53b130e","versionType":"git","status":"affected"},{"version":"b29d4986d0da1a27cd35917cdb433672f5c95d7f","lessThan":"ac5ee99443891bdb161f5539606a66a1b5e72542","versionType":"git","status":"affected"},{"version":"b29d4986d0da1a27cd35917cdb433672f5c95d7f","lessThan":"93627a29d4b66d4a2def938dfb8610cc80ae454b","versionType":"git","status":"affected"},{"version":"b29d4986d0da1a27cd35917cdb433672f5c95d7f","lessThan":"c348ae47d8e65f06429fa41adce9ad986b696766","versionType":"git","status":"affected"},{"version":"b29d4986d0da1a27cd35917cdb433672f5c95d7f","lessThan":"2b62d0611c9af14a16bddf22df2612b4f40eb5a1","versionType":"git","status":"affected"},{"version":"b29d4986d0da1a27cd35917cdb433672f5c95d7f","lessThan":"2d1f7b65f5deedd2e6b09fdc6ea27f8375f24b45","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/md/dm-cache-policy-smq.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.12","status":"affected"},{"version":"0","lessThan":"4.12","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"references":[{"url":"https://git.kernel.org/stable/c/1b2bec4a7dcf5f00b7a1cbeeec8997841d783513","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/2b62d0611c9af14a16bddf22df2612b4f40eb5a1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/2d1f7b65f5deedd2e6b09fdc6ea27f8375f24b45","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/4991b5a08751e2e82488fb93ae08849b6aea10d9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/93627a29d4b66d4a2def938dfb8610cc80ae454b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9a5fdfb9e57ec3a8ad2b8fce5e5ffa42d53b130e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ac5ee99443891bdb161f5539606a66a1b5e72542","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c348ae47d8e65f06429fa41adce9ad986b696766","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53068","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:19.900","lastModified":"2026-06-28T08:16:32.120","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/komeda: fix integer overflow in AFBC framebuffer size check\n\nThe AFBC framebuffer size validation calculates the minimum required\nbuffer size by adding the AFBC payload size to the framebuffer offset.\nThis addition is performed without checking for integer overflow.\n\nIf the addition oveflows, the size check may incorrectly succed and\nallow userspace to provide an undersized drm_gem_object, potentially\nleading to out-of-bounds memory access.\n\nAdd usage of check_add_overflow() to safely compute the minimum\nrequired size and reject the framebuffer if an overflow is detected.\nThis makes the AFBC size validation more robust against malformed.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/arm/display/komeda/komeda_framebuffer.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"65ad2392dd6d1691db93e82b08d3311298b9d64a","lessThan":"a3a2a9bdc0f9c2d863a5a290cb2d4a565f7268e7","versionType":"git","status":"affected"},{"version":"65ad2392dd6d1691db93e82b08d3311298b9d64a","lessThan":"e27b58095d7d3ac72f230e318838dee956258460","versionType":"git","status":"affected"},{"version":"65ad2392dd6d1691db93e82b08d3311298b9d64a","lessThan":"02ff8a7d3d0eecc546b9ab4c07b3d7c65d485583","versionType":"git","status":"affected"},{"version":"65ad2392dd6d1691db93e82b08d3311298b9d64a","lessThan":"d8a541906860aa3519b1874780d933c766918a7c","versionType":"git","status":"affected"},{"version":"65ad2392dd6d1691db93e82b08d3311298b9d64a","lessThan":"8165e8b28fdf392c2c7412518d602b4f193812a8","versionType":"git","status":"affected"},{"version":"65ad2392dd6d1691db93e82b08d3311298b9d64a","lessThan":"fe1f80f8f6e8611ac6349b9d464e8750443390cf","versionType":"git","status":"affected"},{"version":"65ad2392dd6d1691db93e82b08d3311298b9d64a","lessThan":"872d923b852705054bc099af663da862fdc1097d","versionType":"git","status":"affected"},{"version":"65ad2392dd6d1691db93e82b08d3311298b9d64a","lessThan":"779ec12c85c9e4547519e3903a371a3b26a289de","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/arm/display/komeda/komeda_framebuffer.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.3","status":"affected"},{"version":"0","lessThan":"5.3","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"references":[{"url":"https://git.kernel.org/stable/c/02ff8a7d3d0eecc546b9ab4c07b3d7c65d485583","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/779ec12c85c9e4547519e3903a371a3b26a289de","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/8165e8b28fdf392c2c7412518d602b4f193812a8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/872d923b852705054bc099af663da862fdc1097d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a3a2a9bdc0f9c2d863a5a290cb2d4a565f7268e7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d8a541906860aa3519b1874780d933c766918a7c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e27b58095d7d3ac72f230e318838dee956258460","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/fe1f80f8f6e8611ac6349b9d464e8750443390cf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53069","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:20.280","lastModified":"2026-06-28T08:16:32.263","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet, bpf: fix null-ptr-deref in xdp_master_redirect() for down master\n\nsyzkaller reported a kernel panic in bond_rr_gen_slave_id() reached via\nxdp_master_redirect(). Full decoded trace:\n\n  https://syzkaller.appspot.com/bug?extid=80e046b8da2820b6ba73\n\nbond_rr_gen_slave_id() dereferences bond->rr_tx_counter, a per-CPU\ncounter that bonding only allocates in bond_open() when the mode is\nround-robin. If the bond device was never brought up, rr_tx_counter\nstays NULL.\n\nThe XDP redirect path can still reach that code on a bond that was\nnever opened: bpf_master_redirect_enabled_key is a global static key,\nso as soon as any bond device has native XDP attached, the\nXDP_TX -> xdp_master_redirect() interception is enabled for every\nslave system-wide. The path xdp_master_redirect() ->\nbond_xdp_get_xmit_slave() -> bond_xdp_xmit_roundrobin_slave_get() ->\nbond_rr_gen_slave_id() then runs against a bond that has no\nrr_tx_counter and crashes.\n\nFix this in the generic xdp_master_redirect() by refusing to call into\nthe master's ->ndo_xdp_get_xmit_slave() when the master device is not\nup. IFF_UP is only set after ->ndo_open() has successfully returned,\nso this reliably excludes masters whose XDP state has not been fully\ninitialized. Drop the frame with XDP_ABORTED so the exception is\nvisible via trace_xdp_exception() rather than silently falling through.\nThis is not specific to bonding: any current or future master that\ndefers XDP state allocation to ->ndo_open() is protected."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/core/filter.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"879af96ffd72706c6e3278ea6b45b0b0e37ec5d7","lessThan":"3128b294b426533c8d9162187446d93a8a160359","versionType":"git","status":"affected"},{"version":"879af96ffd72706c6e3278ea6b45b0b0e37ec5d7","lessThan":"acbf45bd584d924b320bee2a7fe2a26f64904d95","versionType":"git","status":"affected"},{"version":"879af96ffd72706c6e3278ea6b45b0b0e37ec5d7","lessThan":"866d3d9b87751b1944168fd82615505e0c0fd6cf","versionType":"git","status":"affected"},{"version":"879af96ffd72706c6e3278ea6b45b0b0e37ec5d7","lessThan":"183128da0406b1c10e6f60b7b9fe70788b9c8c1d","versionType":"git","status":"affected"},{"version":"879af96ffd72706c6e3278ea6b45b0b0e37ec5d7","lessThan":"7bad93e99737e4a5c0c14ac50c05152cf4e28022","versionType":"git","status":"affected"},{"version":"879af96ffd72706c6e3278ea6b45b0b0e37ec5d7","lessThan":"ea690b3b6e58ae00979af8195b4cc24df466b65e","versionType":"git","status":"affected"},{"version":"879af96ffd72706c6e3278ea6b45b0b0e37ec5d7","lessThan":"1921f91298d1388a0bb9db8f83800c998b649cb3","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/core/filter.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"references":[{"url":"https://git.kernel.org/stable/c/183128da0406b1c10e6f60b7b9fe70788b9c8c1d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/1921f91298d1388a0bb9db8f83800c998b649cb3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/3128b294b426533c8d9162187446d93a8a160359","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7bad93e99737e4a5c0c14ac50c05152cf4e28022","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/866d3d9b87751b1944168fd82615505e0c0fd6cf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/acbf45bd584d924b320bee2a7fe2a26f64904d95","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ea690b3b6e58ae00979af8195b4cc24df466b65e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53072","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:21.017","lastModified":"2026-06-28T08:16:32.620","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER\n\nWhen protocol sets HCI_PROTO_DEFER, hci_conn_request_evt() calls\nhci_connect_cfm(conn) without hdev->lock. Generally hci_connect_cfm()\nassumes it is held, and if conn is deleted concurrently -> UAF.\n\nOnly SCO and ISO set HCI_PROTO_DEFER and only for defer setup listen,\nand HCI_EV_CONN_REQUEST is not generated for ISO.  In the non-deferred\nlistening socket code paths, hci_connect_cfm(conn) is called with\nhdev->lock held.\n\nFix by holding the lock."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/bluetooth/hci_event.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"70c464256310e1c3716099b9d02ece4169272f73","lessThan":"60e3f4ff02d1f2d55bfbf2ca32a97285a9771ee4","versionType":"git","status":"affected"},{"version":"70c464256310e1c3716099b9d02ece4169272f73","lessThan":"9d4a6c0f43fc5e4d4f062e8e450e5483eb74176e","versionType":"git","status":"affected"},{"version":"70c464256310e1c3716099b9d02ece4169272f73","lessThan":"c7777f534a8018ae4bb1c80d8925af4df588a314","versionType":"git","status":"affected"},{"version":"70c464256310e1c3716099b9d02ece4169272f73","lessThan":"6b4d226d01ab7da0d2027a2a1e3a6079152e5065","versionType":"git","status":"affected"},{"version":"70c464256310e1c3716099b9d02ece4169272f73","lessThan":"541d5bf9b5afaf41090b2a3aa7b47f2db2ff801f","versionType":"git","status":"affected"},{"version":"70c464256310e1c3716099b9d02ece4169272f73","lessThan":"385b2d0468a0871fc716c549fa3b0c257c7dbcb3","versionType":"git","status":"affected"},{"version":"70c464256310e1c3716099b9d02ece4169272f73","lessThan":"c27224daf0b08efbb2b24ed64b6139b294f5473a","versionType":"git","status":"affected"},{"version":"70c464256310e1c3716099b9d02ece4169272f73","lessThan":"5c7209a341ff2ac338b2b0375c34a307b37c9ac2","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/bluetooth/hci_event.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.17","status":"affected"},{"version":"0","lessThan":"3.17","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"references":[{"url":"https://git.kernel.org/stable/c/385b2d0468a0871fc716c549fa3b0c257c7dbcb3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/541d5bf9b5afaf41090b2a3aa7b47f2db2ff801f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/5c7209a341ff2ac338b2b0375c34a307b37c9ac2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/60e3f4ff02d1f2d55bfbf2ca32a97285a9771ee4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6b4d226d01ab7da0d2027a2a1e3a6079152e5065","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9d4a6c0f43fc5e4d4f062e8e450e5483eb74176e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c27224daf0b08efbb2b24ed64b6139b294f5473a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c7777f534a8018ae4bb1c80d8925af4df588a314","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53075","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:21.450","lastModified":"2026-06-28T08:16:32.747","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nppp: require CAP_NET_ADMIN in target netns for unattached ioctls\n\n/dev/ppp open is currently authorized against file->f_cred->user_ns,\nwhile unattached administrative ioctls operate on current->nsproxy->net_ns.\n\nAs a result, a local unprivileged user can create a new user namespace\nwith CLONE_NEWUSER, gain CAP_NET_ADMIN only in that new user namespace,\nand still issue PPPIOCNEWUNIT, PPPIOCATTACH, or PPPIOCATTCHAN against\nan inherited network namespace.\n\nRequire CAP_NET_ADMIN in the user namespace that owns the target network\nnamespace before handling unattached PPP administrative ioctls.\n\nThis preserves normal pppd operation in the network namespace it is\nactually privileged in, while rejecting the userns-only inherited-netns\ncase."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/ppp/ppp_generic.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"273ec51dd7ceaa76e038875d85061ec856d8905e","lessThan":"c9edd90c57ae23692fff6b049fdfa4572a9fd532","versionType":"git","status":"affected"},{"version":"273ec51dd7ceaa76e038875d85061ec856d8905e","lessThan":"5080e188c914110034bbc569d5cfa2f06204681d","versionType":"git","status":"affected"},{"version":"273ec51dd7ceaa76e038875d85061ec856d8905e","lessThan":"67e901e28d177ac9a9bed76d69ce3471e704a89e","versionType":"git","status":"affected"},{"version":"273ec51dd7ceaa76e038875d85061ec856d8905e","lessThan":"954745d0223e7caec917c0b2d1a889ff56fa6e54","versionType":"git","status":"affected"},{"version":"273ec51dd7ceaa76e038875d85061ec856d8905e","lessThan":"3b2c2157dc2afc5c17cd7238afefca92f1ef330e","versionType":"git","status":"affected"},{"version":"273ec51dd7ceaa76e038875d85061ec856d8905e","lessThan":"5013be175c7ffd8b39efbc3c9c4db5b10b85fea8","versionType":"git","status":"affected"},{"version":"273ec51dd7ceaa76e038875d85061ec856d8905e","lessThan":"1a8a51ce85075a56a743b6f142606dd2696a391c","versionType":"git","status":"affected"},{"version":"273ec51dd7ceaa76e038875d85061ec856d8905e","lessThan":"2bb6379416fd19f44c3423a00bfd8626259f6067","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/ppp/ppp_generic.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.30","status":"affected"},{"version":"0","lessThan":"2.6.30","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}]},"references":[{"url":"https://git.kernel.org/stable/c/1a8a51ce85075a56a743b6f142606dd2696a391c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/2bb6379416fd19f44c3423a00bfd8626259f6067","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/3b2c2157dc2afc5c17cd7238afefca92f1ef330e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/5013be175c7ffd8b39efbc3c9c4db5b10b85fea8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/5080e188c914110034bbc569d5cfa2f06204681d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/67e901e28d177ac9a9bed76d69ce3471e704a89e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/954745d0223e7caec917c0b2d1a889ff56fa6e54","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c9edd90c57ae23692fff6b049fdfa4572a9fd532","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53076","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:21.623","lastModified":"2026-06-28T08:16:32.863","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix OOB in pcpu_init_value\n\nAn out-of-bounds read occurs when copying element from a\nBPF_MAP_TYPE_CGROUP_STORAGE map to another pcpu map with the\nsame value_size that is not rounded up to 8 bytes.\n\nThe issue happens when:\n1. A CGROUP_STORAGE map is created with value_size not aligned to\n   8 bytes (e.g., 4 bytes)\n2. A pcpu map is created with the same value_size (e.g., 4 bytes)\n3. Update element in 2 with data in 1\n\npcpu_init_value assumes that all sources are rounded up to 8 bytes,\nand invokes copy_map_value_long to make a data copy, However, the\nassumption doesn't stand since there are some cases where the source\nmay not be rounded up to 8 bytes, e.g., CGROUP_STORAGE, skb->data.\nthe verifier verifies exactly the size that the source claims, not\nthe size rounded up to 8 bytes by kernel, an OOB happens when the\nsource has only 4 bytes while the copy size(4) is rounded up to 8."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["kernel/bpf/hashtab.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"d3bec0138bfbe58606fc1d6f57a4cdc1a20218db","lessThan":"e19c5ed9f1922a6854073f8651a63fa7be26e9e9","versionType":"git","status":"affected"},{"version":"d3bec0138bfbe58606fc1d6f57a4cdc1a20218db","lessThan":"e0378419b0e20178b5d100b27c9cc7e51064202e","versionType":"git","status":"affected"},{"version":"d3bec0138bfbe58606fc1d6f57a4cdc1a20218db","lessThan":"6086079e6d1c32ba4c4b422612b8aebb1129a96c","versionType":"git","status":"affected"},{"version":"d3bec0138bfbe58606fc1d6f57a4cdc1a20218db","lessThan":"634a793d0e1c822412095d25a1338f8831ad894c","versionType":"git","status":"affected"},{"version":"d3bec0138bfbe58606fc1d6f57a4cdc1a20218db","lessThan":"576afddfee8d1108ee299bf10f581593540d1a36","versionType":"git","status":"affected"},{"version":"c602ad2b52dcbca5af08e5137bd5575c039b52e3","versionType":"git","status":"affected"},{"version":"ab68b940dd6f7b5f8e2557937162dcb8a0583a05","versionType":"git","status":"affected"},{"version":"5.4.78","lessThan":"5.5","versionType":"semver","status":"affected"},{"version":"5.9.9","lessThan":"5.10","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["kernel/bpf/hashtab.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.10","status":"affected"},{"version":"0","lessThan":"5.10","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"references":[{"url":"https://git.kernel.org/stable/c/576afddfee8d1108ee299bf10f581593540d1a36","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6086079e6d1c32ba4c4b422612b8aebb1129a96c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/634a793d0e1c822412095d25a1338f8831ad894c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e0378419b0e20178b5d100b27c9cc7e51064202e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e19c5ed9f1922a6854073f8651a63fa7be26e9e9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53077","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:21.730","lastModified":"2026-06-28T08:16:32.973","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: Restrict use of RDS/IB to the initial network namespace\n\nPrevent using RDS/IB in network namespaces other than the initial one.\nThe existing RDS/IB code will not work properly in non-initial network\nnamespaces."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/rds/af_rds.c","net/rds/ib.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"d5a8ac28a7ff2f250d1bedbb6008dd2f6f6f1638","lessThan":"3e7f14cd5a51533404e1ae4809caab46073fb5c7","versionType":"git","status":"affected"},{"version":"d5a8ac28a7ff2f250d1bedbb6008dd2f6f6f1638","lessThan":"3174fc703d081d2ca538b22fba734e3ad5b52322","versionType":"git","status":"affected"},{"version":"d5a8ac28a7ff2f250d1bedbb6008dd2f6f6f1638","lessThan":"c244b79adffad89a5173cf8bfaa06a6b40bbd09b","versionType":"git","status":"affected"},{"version":"d5a8ac28a7ff2f250d1bedbb6008dd2f6f6f1638","lessThan":"07035306bf722f4676a1aee35cbeb3732c76194e","versionType":"git","status":"affected"},{"version":"d5a8ac28a7ff2f250d1bedbb6008dd2f6f6f1638","lessThan":"fb407343c0c16e94584707b2dfdd350a5f81b000","versionType":"git","status":"affected"},{"version":"d5a8ac28a7ff2f250d1bedbb6008dd2f6f6f1638","lessThan":"a7494479757d60d2413bfaa087f8431a26eea032","versionType":"git","status":"affected"},{"version":"d5a8ac28a7ff2f250d1bedbb6008dd2f6f6f1638","lessThan":"b6a54f5e9ce9b97ae641855378d71c5154a085c0","versionType":"git","status":"affected"},{"version":"d5a8ac28a7ff2f250d1bedbb6008dd2f6f6f1638","lessThan":"ebf71dd4aff46e8e421d455db3e231ba43d2fa8a","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/rds/af_rds.c","net/rds/ib.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.3","status":"affected"},{"version":"0","lessThan":"4.3","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"references":[{"url":"https://git.kernel.org/stable/c/07035306bf722f4676a1aee35cbeb3732c76194e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/3174fc703d081d2ca538b22fba734e3ad5b52322","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/3e7f14cd5a51533404e1ae4809caab46073fb5c7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a7494479757d60d2413bfaa087f8431a26eea032","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b6a54f5e9ce9b97ae641855378d71c5154a085c0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c244b79adffad89a5173cf8bfaa06a6b40bbd09b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ebf71dd4aff46e8e421d455db3e231ba43d2fa8a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/fb407343c0c16e94584707b2dfdd350a5f81b000","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53078","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:21.850","lastModified":"2026-06-28T08:16:33.087","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix same-register dst/src OOB read and pointer leak in sock_ops\n\nWhen a BPF sock_ops program accesses ctx fields with dst_reg == src_reg,\nthe SOCK_OPS_GET_SK() and SOCK_OPS_GET_FIELD() macros fail to zero the\ndestination register in the !fullsock / !locked_tcp_sock path.\n\nBoth macros borrow a temporary register to check is_fullsock /\nis_locked_tcp_sock when dst_reg == src_reg, because dst_reg holds the\nctx pointer. When the check is false (e.g., TCP_NEW_SYN_RECV state with\na request_sock), dst_reg should be zeroed but is not, leaving the stale\nctx pointer:\n\n - SOCK_OPS_GET_SK: dst_reg retains the ctx pointer, passes NULL checks\n   as PTR_TO_SOCKET_OR_NULL, and can be used as a bogus socket pointer,\n   leading to stack-out-of-bounds access in helpers like\n   bpf_skc_to_tcp6_sock().\n\n - SOCK_OPS_GET_FIELD: dst_reg retains the ctx pointer which the\n   verifier believes is a SCALAR_VALUE, leaking a kernel pointer.\n\nFix both macros by:\n - Changing JMP_A(1) to JMP_A(2) in the fullsock path to skip the\n   added instruction.\n - Adding BPF_MOV64_IMM(si->dst_reg, 0) after the temp register\n   restore in the !fullsock path, placed after the restore because\n   dst_reg == src_reg means we need src_reg intact to read ctx->temp."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/core/filter.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"fd09af010788a884de1c39537c288830c3d305db","lessThan":"18e3ffde1822f0b48b1753bf34aa97ce839df1d8","versionType":"git","status":"affected"},{"version":"fd09af010788a884de1c39537c288830c3d305db","lessThan":"10f86a2a5c91fc4c4d001960f1c21abe52545ef6","versionType":"git","status":"affected"},{"version":"48be3df15aa19c04eadf156c9129293c9a10389f","versionType":"git","status":"affected"},{"version":"cd4644d904e1d153d516e73e2e127e7a2fe687e1","versionType":"git","status":"affected"},{"version":"6e0bc946cbeec538322820786b5fb5200a2216ab","versionType":"git","status":"affected"},{"version":"a7e52f7f675046d9ffc5692d815fa67c82fcdbf5","versionType":"git","status":"affected"},{"version":"db7f8c57dbdd31f7e59f8dc8d1e1b38607a320ef","versionType":"git","status":"affected"},{"version":"5.7.18","lessThan":"5.8","versionType":"semver","status":"affected"},{"version":"5.8.4","lessThan":"5.9","versionType":"semver","status":"affected"},{"version":"5.4.61","lessThan":"5.5","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/core/filter.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.9","status":"affected"},{"version":"0","lessThan":"5.9","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"references":[{"url":"https://git.kernel.org/stable/c/10f86a2a5c91fc4c4d001960f1c21abe52545ef6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/18e3ffde1822f0b48b1753bf34aa97ce839df1d8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53086","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:22.777","lastModified":"2026-06-28T08:16:33.387","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bcmgenet: fix racing timeout handler\n\nThe bcmgenet_timeout handler tries to take down all tx queues when\na single queue times out. This is over zealous and causes many race\nconditions with queues that are still chugging along. Instead lets\nonly restart the timed out queue."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/ethernet/broadcom/genet/bcmgenet.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"13ea657806cf73b379a0109f7042182f47c351a7","lessThan":"e85b0c0a12e967930044608311471b665baa315c","versionType":"git","status":"affected"},{"version":"13ea657806cf73b379a0109f7042182f47c351a7","lessThan":"e8206538cbaf4f4068e99a4cb1138690a1e00499","versionType":"git","status":"affected"},{"version":"13ea657806cf73b379a0109f7042182f47c351a7","lessThan":"681fdfe823b4f1036ed50b58b8838c7917ea389c","versionType":"git","status":"affected"},{"version":"13ea657806cf73b379a0109f7042182f47c351a7","lessThan":"c270e2bec3e55a716d25c35341091339457ac883","versionType":"git","status":"affected"},{"version":"13ea657806cf73b379a0109f7042182f47c351a7","lessThan":"7ce1c26aac3b318886a57425f64b522da7389153","versionType":"git","status":"affected"},{"version":"13ea657806cf73b379a0109f7042182f47c351a7","lessThan":"5393b2b5bee2ac51a0043dc7f4ac3475f053d08d","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/ethernet/broadcom/genet/bcmgenet.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.2","status":"affected"},{"version":"0","lessThan":"4.2","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"references":[{"url":"https://git.kernel.org/stable/c/5393b2b5bee2ac51a0043dc7f4ac3475f053d08d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/681fdfe823b4f1036ed50b58b8838c7917ea389c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7ce1c26aac3b318886a57425f64b522da7389153","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c270e2bec3e55a716d25c35341091339457ac883","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e8206538cbaf4f4068e99a4cb1138690a1e00499","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e85b0c0a12e967930044608311471b665baa315c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53087","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:22.880","lastModified":"2026-06-28T08:16:33.487","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bcmgenet: fix leaking free_bds\n\nWhile reclaiming the tx queue we fast forward the write pointer to\ndrop any data in flight. These dropped frames are not added back\nto the pool of free bds. We also need to tell the netdev that we\nare dropping said data."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/ethernet/broadcom/genet/bcmgenet.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6a84791b63044cdee3ab55eb350e6352b751f584","lessThan":"150d06aae1839a6564ab200ef0e7291c3528bbb0","versionType":"git","status":"affected"},{"version":"991cd78f95f2a1d6097669afaff66aeeba35f5fd","lessThan":"52b9f80993698138b90e5ca3a72550a2501f2a96","versionType":"git","status":"affected"},{"version":"3877efc13053408f4cf2e821006d6ddd1929200f","lessThan":"3c3abbcfa05bad17965498ff7cc94c2418fa94b3","versionType":"git","status":"affected"},{"version":"f1bacae8b655163dcbc3c54b9e714ef1a8986d7b","lessThan":"25ff3a3e47ea635ec08dc93e84dd2bfe15abfebb","versionType":"git","status":"affected"},{"version":"f1bacae8b655163dcbc3c54b9e714ef1a8986d7b","lessThan":"ac4a29c331ecb5b10240c44247a8e010c95bc15b","versionType":"git","status":"affected"},{"version":"f1bacae8b655163dcbc3c54b9e714ef1a8986d7b","lessThan":"3f3168300efb839028328d720ab3962f91d6a0d0","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/ethernet/broadcom/genet/bcmgenet.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.15","status":"affected"},{"version":"0","lessThan":"6.15","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"references":[{"url":"https://git.kernel.org/stable/c/150d06aae1839a6564ab200ef0e7291c3528bbb0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/25ff3a3e47ea635ec08dc93e84dd2bfe15abfebb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/3c3abbcfa05bad17965498ff7cc94c2418fa94b3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/3f3168300efb839028328d720ab3962f91d6a0d0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/52b9f80993698138b90e5ca3a72550a2501f2a96","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ac4a29c331ecb5b10240c44247a8e010c95bc15b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53088","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:22.980","lastModified":"2026-06-28T08:16:33.580","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bcmgenet: fix off-by-one in bcmgenet_put_txcb\n\nThe write_ptr points to the next open tx_cb. We want to return the\ntx_cb that gets rewinded, so we must rewind the pointer first then\nreturn the tx_cb that it points to. That way the txcb can be correctly\ncleaned up."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/ethernet/broadcom/genet/bcmgenet.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"876dbadd53a7102e2a84afc84ea2bd3ee6dc5636","lessThan":"14e9f86564fff7bcf7f45c1b69080e837b31d185","versionType":"git","status":"affected"},{"version":"876dbadd53a7102e2a84afc84ea2bd3ee6dc5636","lessThan":"fb9a3c1f547d0ff024dbfe7b6f327626ddf0a3de","versionType":"git","status":"affected"},{"version":"876dbadd53a7102e2a84afc84ea2bd3ee6dc5636","lessThan":"85f34ec320d3881badfd4edc5fee5cd5012bb54d","versionType":"git","status":"affected"},{"version":"876dbadd53a7102e2a84afc84ea2bd3ee6dc5636","lessThan":"2a74590170427a3ca7cc4bb8690cdd559129c29c","versionType":"git","status":"affected"},{"version":"876dbadd53a7102e2a84afc84ea2bd3ee6dc5636","lessThan":"29394f722f620281f2ee9a47f947734e53d72c90","versionType":"git","status":"affected"},{"version":"876dbadd53a7102e2a84afc84ea2bd3ee6dc5636","lessThan":"4cab761fc51c65aef741fcece4a18f3554edbc09","versionType":"git","status":"affected"},{"version":"876dbadd53a7102e2a84afc84ea2bd3ee6dc5636","lessThan":"72df896e31ddd06fcc5a789f025ad7a62a18bc9b","versionType":"git","status":"affected"},{"version":"876dbadd53a7102e2a84afc84ea2bd3ee6dc5636","lessThan":"57f3f53d2c9c5a9e133596e2f7bc1c50688a6d38","versionType":"git","status":"affected"},{"version":"3bdf77194ea822390b405639b77659071fd2c2e9","versionType":"git","status":"affected"},{"version":"3.16.50","lessThan":"3.17","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/ethernet/broadcom/genet/bcmgenet.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.13","status":"affected"},{"version":"0","lessThan":"4.13","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"references":[{"url":"https://git.kernel.org/stable/c/14e9f86564fff7bcf7f45c1b69080e837b31d185","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/29394f722f620281f2ee9a47f947734e53d72c90","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/2a74590170427a3ca7cc4bb8690cdd559129c29c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/4cab761fc51c65aef741fcece4a18f3554edbc09","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/57f3f53d2c9c5a9e133596e2f7bc1c50688a6d38","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/72df896e31ddd06fcc5a789f025ad7a62a18bc9b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/85f34ec320d3881badfd4edc5fee5cd5012bb54d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/fb9a3c1f547d0ff024dbfe7b6f327626ddf0a3de","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53094","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:23.580","lastModified":"2026-06-28T08:16:33.983","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix stale offload->prog pointer after constant blinding\n\nWhen a dev-bound-only BPF program (BPF_F_XDP_DEV_BOUND_ONLY) undergoes\nJIT compilation with constant blinding enabled (bpf_jit_harden >= 2),\nbpf_jit_blind_constants() clones the program. The original prog is then\nfreed in bpf_jit_prog_release_other(), which updates aux->prog to point\nto the surviving clone, but fails to update offload->prog.\n\nThis leaves offload->prog pointing to the freed original program. When\nthe network namespace is subsequently destroyed, cleanup_net() triggers\nbpf_dev_bound_netdev_unregister(), which iterates ondev->progs and calls\n__bpf_prog_offload_destroy(offload->prog). Accessing the freed prog\ncauses a page fault:\n\nBUG: unable to handle page fault for address: ffffc900085f1038\nWorkqueue: netns cleanup_net\nRIP: 0010:__bpf_prog_offload_destroy+0xc/0x80\nCall Trace:\n__bpf_offload_dev_netdev_unregister+0x257/0x350\nbpf_dev_bound_netdev_unregister+0x4a/0x90\nunregister_netdevice_many_notify+0x2a2/0x660\n...\ncleanup_net+0x21a/0x320\n\nThe test sequence that triggers this reliably is:\n\n1. Set net.core.bpf_jit_harden=2 (echo 2 > /proc/sys/net/core/bpf_jit_harden)\n2. Run xdp_metadata selftest, which creates a dev-bound-only XDP\n   program on a veth inside a netns (./test_progs -t xdp_metadata)\n3. cleanup_net -> page fault in __bpf_prog_offload_destroy\n\nDev-bound-only programs are unique in that they have an offload structure\nbut go through the normal JIT path instead of bpf_prog_offload_compile().\nThis means they are subject to constant blinding's prog clone-and-replace,\nwhile also having offload->prog that must stay in sync.\n\nFix this by updating offload->prog in bpf_jit_prog_release_other(),\nalongside the existing aux->prog update. Both are back-pointers to\nthe prog that must be kept in sync when the prog is replaced."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["kernel/bpf/core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2b3486bc2d237ec345b3942b7be5deabf8c8fed1","lessThan":"a713b72ff88cdab4d5d692908ab1259ada511f4d","versionType":"git","status":"affected"},{"version":"2b3486bc2d237ec345b3942b7be5deabf8c8fed1","lessThan":"25484c39d1ec82a0368798d956da3de5039b3fe8","versionType":"git","status":"affected"},{"version":"2b3486bc2d237ec345b3942b7be5deabf8c8fed1","lessThan":"059525cf18e69a9313baf947d8898c6ee7ca6b65","versionType":"git","status":"affected"},{"version":"2b3486bc2d237ec345b3942b7be5deabf8c8fed1","lessThan":"c79f8503d83d4665be461fb9e45e215d0380c67b","versionType":"git","status":"affected"},{"version":"2b3486bc2d237ec345b3942b7be5deabf8c8fed1","lessThan":"a1aa9ef47c299c5bbc30594d3c2f0589edf908e6","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["kernel/bpf/core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.3","status":"affected"},{"version":"0","lessThan":"6.3","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"references":[{"url":"https://git.kernel.org/stable/c/059525cf18e69a9313baf947d8898c6ee7ca6b65","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/25484c39d1ec82a0368798d956da3de5039b3fe8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a1aa9ef47c299c5bbc30594d3c2f0589edf908e6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a713b72ff88cdab4d5d692908ab1259ada511f4d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c79f8503d83d4665be461fb9e45e215d0380c67b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53096","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:23.800","lastModified":"2026-06-28T08:16:34.097","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Use RCU-safe iteration in dev_map_redirect_multi() SKB path\n\nThe DEVMAP_HASH branch in dev_map_redirect_multi() uses\nhlist_for_each_entry_safe() to iterate hash buckets, but this function\nruns under RCU protection (called from xdp_do_generic_redirect_map()\nin softirq context). Concurrent writers (__dev_map_hash_update_elem,\ndev_map_hash_delete_elem) modify the list using RCU primitives\n(hlist_add_head_rcu, hlist_del_rcu).\n\nhlist_for_each_entry_safe() performs plain pointer dereferences without\nrcu_dereference(), missing the acquire barrier needed to pair with\nwriters' rcu_assign_pointer(). On weakly-ordered architectures (ARM64,\nPOWER), a reader can observe a partially-constructed node. It also\ndefeats CONFIG_PROVE_RCU lockdep validation and KCSAN data-race\ndetection.\n\nReplace with hlist_for_each_entry_rcu() using rcu_read_lock_bh_held()\nas the lockdep condition, consistent with the rcu_dereference_check()\nused in the DEVMAP (non-hash) branch of the same functions. Also fix\nthe same incorrect lockdep_is_held(&dtab->index_lock) condition in\ndev_map_enqueue_multi(), where the lock is not held either."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["kernel/bpf/devmap.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"e624d4ed4aa8cc3c69d1359b0aaea539203ed266","lessThan":"4a3d0fe30b907ff324b1b49756f7e713d67f3645","versionType":"git","status":"affected"},{"version":"e624d4ed4aa8cc3c69d1359b0aaea539203ed266","lessThan":"b089aa6e94d7a08e74d076a0fe274842dc9feccc","versionType":"git","status":"affected"},{"version":"e624d4ed4aa8cc3c69d1359b0aaea539203ed266","lessThan":"571a05ea1baaccc0dc1e0d227b2cbc978b96d392","versionType":"git","status":"affected"},{"version":"e624d4ed4aa8cc3c69d1359b0aaea539203ed266","lessThan":"cb2c1f3cf65b855548e1b8d55a08bfbaa5a0901a","versionType":"git","status":"affected"},{"version":"e624d4ed4aa8cc3c69d1359b0aaea539203ed266","lessThan":"d4c4bd231ebad70e6f30db429e9640bf378b2f52","versionType":"git","status":"affected"},{"version":"e624d4ed4aa8cc3c69d1359b0aaea539203ed266","lessThan":"7027e705062482a8cea43a1c13ede3c35653966f","versionType":"git","status":"affected"},{"version":"e624d4ed4aa8cc3c69d1359b0aaea539203ed266","lessThan":"8ed82f807bb09d2c8455aaa665f2c6cb17bc6a19","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["kernel/bpf/devmap.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.14","status":"affected"},{"version":"0","lessThan":"5.14","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"references":[{"url":"https://git.kernel.org/stable/c/4a3d0fe30b907ff324b1b49756f7e713d67f3645","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/571a05ea1baaccc0dc1e0d227b2cbc978b96d392","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7027e705062482a8cea43a1c13ede3c35653966f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/8ed82f807bb09d2c8455aaa665f2c6cb17bc6a19","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b089aa6e94d7a08e74d076a0fe274842dc9feccc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/cb2c1f3cf65b855548e1b8d55a08bfbaa5a0901a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d4c4bd231ebad70e6f30db429e9640bf378b2f52","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53110","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:25.357","lastModified":"2026-06-28T08:16:34.213","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ns390/bpf: Zero-extend bpf prog return values and kfunc arguments\n\ns390x ABI requires callers to zero-extend unsigned arguments and\nsign-extend signed arguments, and callees to zero-extend unsigned\nreturn values and sign-extend signed return values.\n\ns390 BPF JIT currently implements only sign extension. Fix this\nomission and implement zero extension too."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/s390/net/bpf_jit_comp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"528eb2cb87bc1353235a6384696b4849bde8b0ba","lessThan":"edc90a12073b9a530064a99945c183dde120cb99","versionType":"git","status":"affected"},{"version":"528eb2cb87bc1353235a6384696b4849bde8b0ba","lessThan":"44c4f999b03f55debb1a0c5ab5c1796895a1adf8","versionType":"git","status":"affected"},{"version":"528eb2cb87bc1353235a6384696b4849bde8b0ba","lessThan":"366b0e05ee24f5ba62bdc7ec1346038258b9a797","versionType":"git","status":"affected"},{"version":"528eb2cb87bc1353235a6384696b4849bde8b0ba","lessThan":"834918a77be51419383bf1dda9f02b81ecf26b34","versionType":"git","status":"affected"},{"version":"528eb2cb87bc1353235a6384696b4849bde8b0ba","lessThan":"202e42e4aa890172366354b233c42c73107a3f59","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/s390/net/bpf_jit_comp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.3","status":"affected"},{"version":"0","lessThan":"6.3","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"references":[{"url":"https://git.kernel.org/stable/c/202e42e4aa890172366354b233c42c73107a3f59","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/366b0e05ee24f5ba62bdc7ec1346038258b9a797","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/44c4f999b03f55debb1a0c5ab5c1796895a1adf8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/834918a77be51419383bf1dda9f02b81ecf26b34","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/edc90a12073b9a530064a99945c183dde120cb99","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}}]}