CVE-2026-53164

A flaw was found in the Linux kernel's input/output memory management unit IOMMU Direct Memory Access DMA subsystem, specifically within the software IOMMU bounce buffer SWIOTLB mechanism. This vulnerability occurs when the system attempts to map a zero-length memory region, which can be triggere...

CVE-2026-53138

A flaw was found in the Linux kernel's AMD display drm/amd/display driver. A malformed VBIOS image can cause unbounded processing loops, leading to an out-of-bounds read. This could result in information disclosure or a system crash...

CVE-2026-53210

A flaw was found in the Linux kernel's Trusted Execution Environment TEE subsystem. A shared memory shm leak occurs in the registershmhelper function when TEEIOCSHMREGISTER is called with a zero-length shared memory registration. This can be triggered by a local attacker, potentially leading to a...

CVE-2026-53173

A flaw was found in the Linux kernel's accel/ethosu component. A local user can exploit this vulnerability by providing a specially crafted command stream, which causes an out-of-bounds write in memory. This memory corruption can lead to system instability, causing a denial of service or...

CVE-2026-53169

A flaw was found in the Linux kernel's accel/ethosu driver. An unprivileged local user with access to the Direct Rendering Manager DRM device could submit a specific command NPUOPRESIZE that the driver does not properly handle. This could lead to excessive kernel log spam and, if the paniconwarn...

CVE-2026-53166

A flaw was found in the Linux kernel's futex Fast Userspace Mutex requeue mechanism. When a non-top waiter attempts to requeue a Priority Inheritance PI futex it already owns, a NULL pointer dereference can occur. This issue, specifically within the removewaiter function during a self-deadlock...

CVE-2026-53241

A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA sequencer dummy port. This vulnerability arises from a stack overread when processing Universal MIDI Packet UMP events, where the system attempts to copy a UMP-sized packet into a smaller, legacy-sized stack storage. Th...

CVE-2026-53207

A flaw was found in the Linux kernel's memory management, specifically concerning huge pages. When two concurrent memory poisoning operations madviseMADVHWPOISON occur on the same huge page while it is also being unmapped, a recursive spinlock self-deadlock can be triggered. This can lead to a...

CVE-2026-53135

A flaw was found in the Linux kernel's drm/amd/display module. A local user could exploit this vulnerability by writing to the sdpmessage debugfs node. The system may experience a kernel crash due to a null pointer dereference, leading to a denial of service DoS. Additionally, the flaw could resu...

CVE-2026-53151

A flaw was found in the Linux kernel's AFRXRPC subsystem. This vulnerability involves incorrect handling of fragmented UDP packets when parsing the SACK Selective Acknowledgment table. An attacker could potentially craft a fragmented UDP packet to trigger an incorrect buffer access within the...

CVE-2026-53199

A flaw was found in the Linux kernel's Hyper-V network virtual service client hvnetvsc component. This vulnerability occurs in the netvsccopytosendbuf function, where incorrect memory mapping of page buffer entries can lead to a system fault. Specifically, on 32-bit x86 systems with high memory...

CVE-2026-53160

A flaw was found in the Linux kernel's fastrpc component. A race condition in the fastrpcmapcreate function allows for a use-after-free vulnerability. This could enable an attacker to cause system instability, disclose sensitive information, or potentially execute unauthorized code...

CVE-2026-53263

A flaw was found in the Linux kernel's 6lowpan component. An off-by-one error during multicast context address compression can lead to the transmission of uninitialized kernel stack memory over the network. This vulnerability results in information disclosure, potentially allowing an attacker to...

CVE-2026-53157

A flaw was found in the Linux kernel's phonet networking subsystem. This vulnerability occurs because a phonet device is freed immediately after being removed from a list, while other parts of the kernel RCU readers may still hold a pointer to the freed memory. This can lead to a use-after-free...

CVE-2026-53216

A flaw was found in the Linux kernel's mvpp2 network driver. This vulnerability arises from improper handling of the eXpress Data Path XDP frame size, where the system advertises a larger frame size than the actual allocated buffer for short buffer pools. This can allow the bpfxdpadjusttail...

CVE-2026-53252

A flaw was found in the Linux kernel's Bluetooth subsystem. Specifically, an issue in the error handling path of the hciallocdev function within the Bluetooth Host Controller Interface HCI Universal Asynchronous Receiver/Transmitter UART configuration can lead to a memory leak. This occurs when...

CVE-2026-53223

A flaw was found in the Linux kernel's networking component. This vulnerability allows a remote attacker to potentially access sensitive information or cause system instability. By sending specially crafted network packets, an attacker can exploit an issue in how the kernel handles timestamping f...

CVE-2026-53233

A flaw was found in the Linux kernel. A double-free vulnerability exists within the netdevnlbindrxdoit function, which is responsible for binding network device receive operations. This vulnerability arises when genlmsgreply consumes the socket buffer skb, and the error handling path subsequently...

CVE-2026-53186

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA SCSI RDMA Protocol SRP component. A malicious or compromised SRP target on the InfiniBand/RoCE fabric can exploit this vulnerability by sending a specially crafted SRP response with an excessively large data length. This can...

CVE-2026-53255

A flaw was found in the Linux kernel's Bluetooth Management MGMT component. A remote attacker could exploit this by providing specially crafted advertising data, leading to an out-of-bounds read vulnerability. This occurs because the system incorrectly validates the length of advertising data...