CVE-2026-46067 mm/damon/core: validate damos_quota_goal->nid for node_memcg_{used,free}_bp

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damosquotagoal-nid for nodememcgused,freebp Users can set damosquotagoal-nid with arbitrary value for nodememcgused,freebp. But DAMON core is using those for NODE-DATA without a validation of the value. Th...

CVE-2026-46067

In the Linux kernel, CVE-2026-46067 concerns the DAMON subsystem. The mm/damon/core validates damos_quota_goal->nid for node_memcg_{used,free}_bp, but before the fix it allowed arbitrary values, enabling use of these IDs in NODE-DATA() without validation and risking out-of-bounds memory access...

CVE-2026-46067

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damosquotagoal-nid for nodememcgused,freebp Users can set damosquotagoal-nid with arbitrary value for nodememcgused,freebp. But DAMON core is using those for NODE-DATA without a validation of the value. Th...

CVE-2026-46038

CVE-2026-46038 affects the Linux kernel’s net: qrtr: ns code. The issue is a memory leak where the nameserver fails to free the node memory after processing a BYE packet, potentially persisting when a node goes down. The fix modifies the BYE handling to remove the node from the Xarray list and fr...

CVE-2026-46038

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Free the node during ctrlcmdbye A node sends the BYE packet when it is about to go down. So the nameserver should advertise the removal of the node to all remote and local observers and free the node finally. But...

EUVD-2026-32419

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Free the node during ctrlcmdbye A node sends the BYE packet when it is about to go down. So the nameserver should advertise the removal of the node to all remote and local observers and free the node finally. But...

CVE-2026-46038 net: qrtr: ns: Free the node during ctrl_cmd_bye()

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Free the node during ctrlcmdbye A node sends the BYE packet when it is about to go down. So the nameserver should advertise the removal of the node to all remote and local observers and free the node finally. But...

EUVD-2026-32411

In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix devicenode leak in mcprobe ofparsephandle returns a devicenode reference that must be released with ofnodeput. The original code never freed r5corenode on any exit path, causing a memory leak. Fix this by usin...

CVE-2026-46030

In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix devicenode leak in mcprobe ofparsephandle returns a devicenode reference that must be released with ofnodeput. The original code never freed r5corenode on any exit path, causing a memory leak. Fix this by usin...

CVE-2026-46020

The CVE-2026-46020 issue affects the Linux kernel DAMON subsystem (mm/damon/core). DAMOS quota goals for node_mem_{used,free}_bp accept a node id that is used by si_meminfo_node() and NODE_DATA() without proper validation, enabling a privileged user to trigger an out-of-bounds memory access via D...

EUVD-2026-32401

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damosquotagoal-nid for nodememused,freebp Patch series "mm/damon/core: validate damosquotagoal-nid". nodememcgused,freebp DAMOS quota goals receive the node id. The node id is used for simeminfonode and...

CVE-2026-46020 mm/damon/core: validate damos_quota_goal->nid for node_mem_{used,free}_bp

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damosquotagoal-nid for nodememused,freebp Patch series "mm/damon/core: validate damosquotagoal-nid". nodememcgused,freebp DAMOS quota goals receive the node id. The node id is used for simeminfonode and...

CVE-2026-46020

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damosquotagoal-nid for nodememused,freebp Patch series "mm/damon/core: validate damosquotagoal-nid". nodememcgused,freebp DAMOS quota goals receive the node id. The node id is used for simeminfonode and...

EUVD-2026-32299

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the total number of nodes Currently, the nameserver doesn't limit the number of nodes it handles. This can be an attack vector if a malicious client starts registering random nodes, leading to memory...

CVE-2026-46003 net: qrtr: ns: Limit the total number of nodes

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the total number of nodes Currently, the nameserver doesn't limit the number of nodes it handles. This can be an attack vector if a malicious client starts registering random nodes, leading to memory...

CVE-2026-46003

The CVE-2026-46003 entry concerns the Linux kernel, specifically the net: qrtr: ns component. The issue is that the nameserver did not cap the total number of nodes it handles, allowing a malicious client to register many nodes and potentially exhaust memory. The documented fix limits the maximum...

CVE-2026-45989

In the Linux kernel CVE-2026-45989, a use-after-free occurs in testdrv_probe() where a released device_node (via of_node_put) may later be passed to of_platform_default_populate(), risking use-after-free of the freed pointer. The root cause is that pdev->dev.of_node is owned by the device mode...

CVE-2026-45989 of: unittest: fix use-after-free in testdrv_probe()

In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in testdrvprobe The function testdrvprobe retrieves the devicenode from the PCI device, applies an overlay, and then immediately calls ofnodeputdn. This releases the reference held by the PCI core...

CVE-2026-45960 hfsplus: return error when node already exists in hfs_bnode_create

In the Linux kernel, the following vulnerability has been resolved: hfsplus: return error when node already exists in hfsbnodecreate When hfsbnodecreate finds that a node is already hashed which should not happen in normal operation, it currently returns the existing node without incrementing its...

CVE-2026-45960

In the Linux kernel, the following vulnerability has been resolved: hfsplus: return error when node already exists in hfsbnodecreate When hfsbnodecreate finds that a node is already hashed which should not happen in normal operation, it currently returns the existing node without incrementing its...