CVE Daily
← All tags

Tag: Yocto Project

All CVEs associated with "Yocto Project". Page 1/1 • 15 CVEs.

About “Yocto Project”

A curated feed of “Yocto Project”-related CVEs appears below. We currently track 15 CVEs for this tag (all time). In the last 365 days, 8 were published. Average CVSS is 6.1 (all time; 5.9 over 365d), and 27% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-476 - NULL Pointer Dereference, CWE-131 - Incorrect Calculation of Buffer Size, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').

In our taxonomy this topic maps to a MODERATE impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: yocto

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestEOLLTS
5.35.3 Soon
5.25.2.4 Expired
5.15.1.4 Expired
5.05.0.18LTS
4.34.3.4 Expired
4.24.2.4 Expired
4.14.1.4 Expired
4.04.0.35 ExpiredLTS
3.43.4.4 Expired
3.33.3.6 Expired
3.23.2.4 Expired
3.13.1.33 ExpiredLTS
3.03.0.4 Expired
2.72.7.4 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS  ·  RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “Yocto Project”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-05-08
Medium

CVE-2026-43410

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled When the Remote System Update (RSU) isn't enabled in t…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2026-43302

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Set DMA segment size to avoid debug warnings When using V3D rendering with CONFIG_DMA_API_DEBUG enabled, the kernel occa…

CVSS: 5.5 CWE: CWE-131 - Incorrect Calculation of Buffer Size View on NVD
2026-04-24
High

CVE-2026-31563

In the Linux kernel, the following vulnerability has been resolved: net: macb: Use dev_consume_skb_any() to free TX SKBs The napi_consume_skb() function is not intended to be called in an IRQ disab…

CVSS: 7.5 CWE: N/A View on NVD
2026-02-14
Medium

CVE-2026-23203

In the Linux kernel, the following vulnerability has been resolved: net: cpsw_new: Execute ndo_set_rx_mode callback in a work queue Commit 1767bb2d47b7 ("ipv6: mcast: Don't hold RTNL for IPV6_ADD_M…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2026-23175

In the Linux kernel, the following vulnerability has been resolved: net: cpsw: Execute ndo_set_rx_mode callback in a work queue Commit 1767bb2d47b7 ("ipv6: mcast: Don't hold RTNL for IPV6_ADD_MEMBE…

CVSS: 7.0 CWE: N/A View on NVD
Medium

CVE-2026-23115

In the Linux kernel, the following vulnerability has been resolved: serial: Fix not set tty->port race condition Revert commit bfc467db60b7 ("serial: remove redundant tty_port_link_device()") becau…

CVSS: 4.7 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2025-12-24
Unknown

CVE-2023-54113

In the Linux kernel, the following vulnerability has been resolved: rcu: dump vmalloc memory info safely Currently, for double invoke call_rcu(), will dump rcu_head objects memory info, if the obje…

CVSS: N/A CWE: N/A View on NVD
2025-06-18
Medium

CVE-2022-50045

In the Linux kernel, the following vulnerability has been resolved: powerpc/pci: Fix get_phb_number() locking The recent change to get_phb_number() causes a DEBUG_ATOMIC_SLEEP warning on some syste…

CVSS: 5.5 CWE: CWE-667 - Improper Locking View on NVD
2025-03-27
Medium

CVE-2023-53029

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt The commit 4af1b64f80fb ("octeontx2-pf: Fix lmtst ID used in aura…

CVSS: 5.5 CWE: CWE-667 - Improper Locking View on NVD
Medium

CVE-2025-21878

In the Linux kernel, the following vulnerability has been resolved: i2c: npcm: disable interrupt enable bit before devm_request_irq The customer reports that there is a soft lockup issue related to…

CVSS: 5.5 CWE: CWE-667 - Improper Locking View on NVD
2025-02-26
Medium

CVE-2022-49513

In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: Use kobject release() method to free dbs_data The struct dbs_data embeds a struct gov_attr_set and the struct…

CVSS: 5.5 CWE: N/A View on NVD
2024-05-21
Medium

CVE-2021-47387

In the Linux kernel, the following vulnerability has been resolved: cpufreq: schedutil: Use kobject release() method to free sugov_tunables The struct sugov_tunables is protected by the kobject, so…

CVSS: 5.5 CWE: CWE-763 - Release of Invalid Pointer or Reference View on NVD
2024-04-17
Medium

CVE-2024-26877

In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling crypto_finalize_request, BH should be disabled to avoid triggering t…

CVSS: 5.5 CWE: N/A View on NVD
2024-02-19
High

CVE-2024-25626

Yocto Project is an open source collaboration project that helps developers create custom Linux-based systems regardless of the hardware architecture. In Yocto Projects Bitbake before 2.6.2 (before a…

CVSS: 8.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2017-06-16
High

CVE-2017-9731

In meta/classes/package_ipk.bbclass in Poky in poky-pyro 17.0.0 for Yocto Project through YP Core - Pyro 2.3, attackers can obtain sensitive information by reading a URL in a Source entry in an ipk p…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox