Welcome to my Kernel Bug Tracker repository! This repository serves as an open record of the kernel vulnerabilities discovered, analyzed, and reported to the upstream Linux Kernel community.
📄 Academic Artifact: This repository provides supplementary data, complete timelines, and patch histories for the academic paper: [DevGen].
| Symbol | Status | Description |
|---|---|---|
| 🆕 | Bug Reported | Initial bug report sent to the mailing list, awaiting first response. |
| 👀 | Bug Confirmed | Developers have acknowledged the bug or are actively debugging it. |
| 💬 | Needs Reply | Ongoing discussion requiring follow-up or maintainers have asked questions. |
| 🛠️ | Patch Sent | A fix patch has been submitted and is pending review. |
| ✅ | Patch Accepted | The patch is approved by maintainers (e.g., Reviewed-by) and merged or queued upstream. |
| ❌ | WontFix | The bug cannot be fixed (e.g., due to design choices or hardware limits). |
| 🔄 | Indirectly Fixed | Indirectly resolved through upstream codebase refactoring or unrelated patches. |
Click on any vulnerability title to view the dedicated page with patch history and mailing list threads (lore.kernel.org).
| ID | Location | Vulnerability & Details | Status & Notes |
|---|---|---|---|
| #001 | net/ethernet/packetengines/hamachi.c |
net: packetengines: remove obsolete hamachi driver | ✅ Patch Accepted |
| #002 | net/ethernet/packetengines/yellowfin.c |
net: packetengines: remove obsolete yellowfin driver | ✅ Patch Accepted |
| #003 | net/ipv6/udp.c |
Memory leak in udpv6_sendmsg() | 👀Bug Confirmed 🔄 Indirectly Fixed |
| #004 | gpu/drm/drm_gem.c |
Unvalidated negative handle in drm_gem_change_handle_ioctl | 👀Bug Confirmed |
| #005 | fs/hugetlbfs/inode.cmm/vma.c |
resv_map memory leak in __mmap_region() | ✅ Patch Accepted CVE-2026-46318 |
| #006 | i2c/i2c-dev.c |
Integer overflow in I2C_TIMEOUT ioctl | ✅Patch Accepted CVE-2026-52948 Applied to all stable trees(v5.15-v7.0) |
| #007 | char/agp/amd64-agp.c |
NULL ptr deref in amd64_fetch_size() | ✅ Patch Accepted CVE-2026-53325 |
| #008 | x86/kernel/smpboot.c |
WARN_ON in set_cpu_sibling_map via numa=fake | 👀 Bug Confirmed |
| #009 | net/ethernet/packetengines/hamachi.c |
Divide by zero in hamachi_init_one | 👀 Bug Confirmed |
| #010 | crypto/intel/qat/qat_common/adf_dev_mgr.c |
Use-After-Free in adf_devmgr_get_dev_by_id() | ✅ Patch Accepted |
| #011 | crypto/intel/qat/qat_common/adf_ctl_drv.c |
Local DoS via printk storm in QAT ioctls | ✅ Patch Accepted |
| #012 | i2c/busses/i2c-i801.c |
Hardware state machine corruption in i801_access() | ✅ Patch Accepted |
| #013 | watchdog/wdt_pci.c |
Shared IRQ storm in wdtpci_interrupt() | 👀 Bug Confirmed ❌ WontFix |
| #014 | gpu/drm/ast/ast_2500.c |
Soft lockup in ast_2500_patch_ahb() | 👀 Bug Confirmed 🛠️ Patch Sent |
| #015 | bluetooth/hci_ldisc.c |
UAFs and race conditions in hci_uart lifecycle | ✅ Patch Accepted CVE-2026-46275 Applied to all stable trees(v5.10-v7.0) |
| #016 | gpu/drm/vkms/vkms_crtc.c |
ABBA deadlock in vkms vblank timer | ✅ Patch Accepted CVE-2025-71315 |
| #017 | gpu/drm/vmwgfx/vmwgfx_vkms.c |
Hrtimer interrupt storm in vmw_vkms_enable_vblank() | 👀 Bug Confirmed 🛠️ Patch Sent |
| #018 | fs/fcntl.c |
SOFTIRQ-unsafe lock order deadlock in fasync signaling | ✅ Patch Accepted CVE-2026-52946 Applied to all stable trees(v5.10-v7.1) |
| #019 | video/fbdev/core/fbcon.c |
Memory leak in fbcon_do_set_font() | 🆕 Bug Reported 🛠️ Patch Sent |
| #020 | gpu/drm/vkms/vkms_crtc.c |
Hrtimer livelock via unvalidated display mode | 🔄 Indirectly Fixed |
| #021 | gpu/drm/drm_prime.c |
rb_tree corruption in drm_prime_remove_buf_handle() | 👀 Bug Confirmed ❌ WontFix On Hold |
| #022 | net/qrtr/af_qrtr.c |
Refcount saturation and UAF in qrtr_port_remove() | ✅ Patch Accepted CVE-2026-52947 Applied to all stable trees(v5.10-v7.0) |
| #023 | drivers/gpu/drm/drm_gem.c |
WARNING in idr_alloc via drm_gem_change_handle_ioctl | ✅ Patch Accepted CVE-2026-23149 |
| #024 | drivers/crypto/intel/qat/qat_common/adf_init.c |
Use-After-Free in adf_dev_up() | 👀 Bug Confirmed |
| #025 | drivers/net/wireless/mac80211_hwsim.c |
Context-recursion deadlock in mac80211_hwsim | 👀Bug Confirmed 🔄 Indirectly Fixed |
| #026 | drivers/i2c/busses/i2c-i801.c |
Interrupt storm in i801_isr() via invalid block read size | 🆕 Bug Reported |
| #027 | drivers/misc/ibmasm/module.c |
Page fault via undersized PCI BAR 0 in ibmasm | 🆕 Bug Confirmed |
| #028 | drivers/video/fbdev/core/fbcon.c |
Out-of-bounds read in err_out of fbcon_do_set_font() | ✅ Patch Accepted |
| #029 | drivers/i2c/busses/i2c-i801.c |
Stack-out-of-bounds in i801_isr_byte_done() | 🆕 Bug Reported 🛠️ Patch Sent |
For transparency and independent verification of our upstream engagements, you can track the complete public mailing list activity of our research team members directly on the Linux Kernel archive (lore.kernel.org):
- 📧 Mingyu Wang (25181214217@stu.xidian.edu.cn) - Search Results
- 📧 Mingyu Wang (Alternative) - Search Results
- 📧 Zhi Wang - Search Results
Note: These searches aggregate our patch submissions, bug reports, and technical discussions with kernel maintainers across various subsystem mailing lists.