CVE-2026-53160

A flaw was found in the Linux kernel's fastrpc component. A race condition in the fastrpcmapcreate function allows for a use-after-free vulnerability. This could enable an attacker to cause system instability, disclose sensitive information, or potentially execute unauthorized code...

CVE-2026-53263

A flaw was found in the Linux kernel's 6lowpan component. An off-by-one error during multicast context address compression can lead to the transmission of uninitialized kernel stack memory over the network. This vulnerability results in information disclosure, potentially allowing an attacker to...

CVE-2026-53157

A flaw was found in the Linux kernel's phonet networking subsystem. This vulnerability occurs because a phonet device is freed immediately after being removed from a list, while other parts of the kernel RCU readers may still hold a pointer to the freed memory. This can lead to a use-after-free...

CVE-2026-53216

A flaw was found in the Linux kernel's mvpp2 network driver. This vulnerability arises from improper handling of the eXpress Data Path XDP frame size, where the system advertises a larger frame size than the actual allocated buffer for short buffer pools. This can allow the bpfxdpadjusttail...

CVE-2026-53252

A flaw was found in the Linux kernel's Bluetooth subsystem. Specifically, an issue in the error handling path of the hciallocdev function within the Bluetooth Host Controller Interface HCI Universal Asynchronous Receiver/Transmitter UART configuration can lead to a memory leak. This occurs when...

CVE-2026-53223

A flaw was found in the Linux kernel's networking component. This vulnerability allows a remote attacker to potentially access sensitive information or cause system instability. By sending specially crafted network packets, an attacker can exploit an issue in how the kernel handles timestamping f...

CVE-2026-53233

A flaw was found in the Linux kernel. A double-free vulnerability exists within the netdevnlbindrxdoit function, which is responsible for binding network device receive operations. This vulnerability arises when genlmsgreply consumes the socket buffer skb, and the error handling path subsequently...

CVE-2026-53186

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA SCSI RDMA Protocol SRP component. A malicious or compromised SRP target on the InfiniBand/RoCE fabric can exploit this vulnerability by sending a specially crafted SRP response with an excessively large data length. This can...

CVE-2026-53255

A flaw was found in the Linux kernel's Bluetooth Management MGMT component. A remote attacker could exploit this by providing specially crafted advertising data, leading to an out-of-bounds read vulnerability. This occurs because the system incorrectly validates the length of advertising data...

CVE-2026-53217

A flaw was found in the Linux kernel's mvpp2 network driver. This issue occurs because the driver incorrectly synchronizes received RX data at the hardware packet offset. On systems with non-coherent Direct Memory Access DMA, this can lead to the Central Processing Unit CPU reading stale cache...

CVE-2026-53191

A flaw was found in the Linux kernel's iouring networking component. During bundle receive retries, an issue with inheriting the IORINGCQEFBUFMORE flag can cause the userspace to incorrectly advance the ring head. This memory handling error could lead to information disclosure or potentially allo...

CVE-2026-53203

A flaw was found in the Linux kernel's accel/ivpu component. This vulnerability, a buffer overflow, occurs when the firmware returns a size larger than the allocated buffer during a metric stream information query. This can lead to an incorrect buffer copy, potentially causing system instability ...

CVE-2026-53205

A flaw was found in the Linux kernel's Intel Versatile Processing Unit IVPU accelerator driver. This vulnerability occurs due to insufficient validation of read and write indices in the firmware log buffer. If the firmware provides invalid log indices, it could lead to out-of-bounds buffer access...

CVE-2026-53254

A flaw was found in the Linux kernel's Bluetooth RFCOMM Radio Frequency Communication subsystem. A malicious remote device could exploit this vulnerability by sending specially crafted, truncated Multiplexing Control Channel MCC frames. This lack of proper validation of incoming data length befor...

CVE-2026-53192

A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA timer component. A race condition can occur during the release of a timer object, specifically when the SNDRVTIMERIOCTLPARAMS ioctl is called concurrently. This can lead to a use-after-free vulnerability, potentially...

CVE-2026-53244

A flaw was found in the Linux kernel's Network File System Daemon NFSD component. When NFSD exports a filesystem utilizing atomiccreate, an error during atomiccreate processing can result in nfsd4createfile failing to unlock the parent directory. This resource management issue may lead to resourc...

CVE-2026-53195

A flaw was found in the USB: serial: ioti module of the Linux kernel. The buildi2cfwhdr function allocates a fixed-size buffer but copies data into it without properly validating the input length from the firmware header. This oversight allows an attacker to provide a crafted firmware image,...

CVE-2026-53262

A flaw was found in the Linux kernel's pppol2tp module. This Use-After-Free UAF vulnerability arises from improper handling of session references within the pppol2tpioctl function. A local attacker could exploit this by triggering a race condition during data copying, leading to the dereferencing...

CVE-2026-53172

A flaw was found in the Linux kernel's accel/ethosu component. An incorrect mask used when processing the NPUSETIFMREGION command allows a local userspace caller to provide an out-of-bounds region index. This can lead to an out-of-bounds write, corrupting adjacent kernel heap data...

CVE-2026-53170

A flaw was found in the Linux kernel's accel/ethosu driver. A local attacker could exploit a vulnerability where DMA commands with uninitialized length are not properly handled. By omitting a specific DMA length setup command and issuing a DMA start command, a user could bypass bounds checks,...