5151658 matches found
CVE-2026-64186
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Remove latent out-of-bounds access in IOMMU debugfs In iommummiowrite and iommucapabilitywrite, the variables dbgmmiooffset and dbgcapoffset are declared as int. However, they are populated using kstrtou32fromuser. If ...
CVE-2026-64179
In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix potential memory leaks in ipcimeminit The memory allocated in ipcprotocolinit is not freed on the error paths that follow in ipcimeminit. Fix that by calling the corresponding release function ipcprotocoldein...
CVE-2026-64180
In the Linux kernel, the following vulnerability has been resolved: mm/memoryhotplug: fix memory block reference leak on remove Patch series "mm: Fix memory block leaks and locking", v2. This series fixes two memory block device reference leaks and one locking issue around the per-memoryblock...
CVE-2026-64185
In the Linux kernel, the following vulnerability has been resolved: sysfs: don't remove existing directory on update failure When sysfsupdategroup is called for a named group and createfiles fails e.g. -ENOMEM, internalcreategroup calls kernfsremovekn on the group directory. In the update path, k...
CVE-2026-64183
In the Linux kernel, the following vulnerability has been resolved: efi: Allocate runtime workqueue before ACPI init Since commit 5894cf571e14 "acpi/prmt: Use EFI runtime sandbox to invoke PRM handlers" ACPI PRM calls are delegated to a workqueue which runs in a kernel thread, making it easier to...
CVE-2026-64178
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: Fix UAF read of dev-name bnepaddconnection needs to keep holding the bnepsessionsem while reading dev-name just like bnepgetconnlist does; otherwise the bnepsession thread can concurrently free the netdevice, whi...
CVE-2026-64181
In the Linux kernel, the following vulnerability has been resolved: mm: fix vmnormalpage to handle missing support for pmdspecial/pudspecial On x86 32-bit with THP enabled, zaphugepmd is seen to generate a "WARNING: mm/memory.c:735 at vmnormalpage+0x6a/0x7d", from the VMWARNONONCEiszeropfnpfn ||...
CVE-2026-64182
In the Linux kernel, the following vulnerability has been resolved: drivers/base/memory: fix memory block reference leak in poison accounting memblknrpoisoninc and memblknrpoisonsub look up a memory block via findmemoryblockbyid, which acquires a reference to the memory block device. Both helpers...
CVE-2026-64184
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: call missing memcgroupiterbreak damonsysfsmemcgpathtoid breaks memcgroupiter loop without calling memcgroupiterbreak. This leaks the cgroup reference. Fix the issue by calling memcgroupiterbreak before the...
CVE-2026-64170
In the Linux kernel, the following vulnerability has been resolved: spi: qup: fix error pointer deref after DMA setup failure The driver falls back to PIO mode if DMA setup fails during probe. Make sure to the clear the DMA channel pointers on setup failure to avoid dereferencing an error pointer...
CVE-2026-64171
In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: fix pmruntime leak on mutexlock failure If tegrai2cmutexlock fails, the function returns without calling pmruntimeput, leaking the runtime PM reference acquired by the preceding pmruntimegetsync. This prevents the...
CVE-2026-64174
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: advance loop vars in cfg80211mergeprofile cfg80211mergeprofile reassembles a Multi-BSSID non-transmitted BSS profile that has been split across multiple consecutive MBSSID elements. Its while-loop calls...
CVE-2026-64177
In the Linux kernel, the following vulnerability has been resolved: phonet/pep: disable BH around forwarded skreceiveskb The networking receive path is usually run from softirq context, but protocols that take the socket lock may have packets stored in the backlog and processed later from process...
CVE-2026-64172
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Disable AVIC IPI virtualization on Hygon Family 18h erratum 1235 Hygon Family 18h CPUs are derived from AMD Family 17h Zen1 silicon and share the same erratum 1235: hardware may read a stale IsRunning=1 bit during ICR...
CVE-2026-64173
In the Linux kernel, the following vulnerability has been resolved: tracing: Do not call map-ops-eltfree if eltalloc fails In paths where tracingmapeltalloc failed to allocate objects, the map-ops-eltalloc call was never successful. In this case, map-ops-eltfree should not be called...
CVE-2026-64169
In the Linux kernel, the following vulnerability has been resolved: spi: ep93xx: fix error pointer deref after DMA setup failure The driver falls back to PIO mode if DMA setup fails during probe. Make sure to the clear the DMA channel pointers on setup failure to avoid dereferencing an error...
CVE-2026-64175
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: stop TX during firmware restart When iwlwifi firmware crashes e.g., NMIINTERRUPTUNKNOWN on Intel BE201/Wi-Fi 7, iwlmldnicerror sets mld-fwstatus.inhwrestart to true. However, iwlmldtxfromtxq does not check thi...
CVE-2026-64176
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix driver-set TX rates on old devices On old devices such as 7265D, rates are still encoded in version 1 format, which doesn't use the CCK/OFDM rate index 0-3/0-7 but rather their PLCP value e.g. 10 for 1 Mbp...
CVE-2026-64162
In the Linux kernel, the following vulnerability has been resolved: idpf: fix readdevclklock spinlock init in idpfptpinit In idpfptpinit, readdevclklock is initialized after ptpscheduleworker had already been called and after idpfptpsettime64 could reach the lock. The PTP aux worker fires...
CVE-2026-64167
In the Linux kernel, the following vulnerability has been resolved: kho: skip KHO for crash kernel khofillkimage unconditionally populates the kimage with KHO metadata for every kexec image type. When the image is a crash kernel, this can be problematic as the crash kernel can run in a small...