CVE-2026-46061

A flaw was found in the Linux kernel's journaling block device jbd2 subsystem. A lock ordering issue within the jbd2journalcancelrevoke function can lead to a deadlock under specific conditions, particularly when the filesystem blocksize is smaller than the pagesize. This vulnerability could allo...

CVE-2026-46056

A flaw was found in the Linux kernel's Bluetooth subsystem. This vulnerability, a Use-After-Free UAF, exists within the Secure Simple Pairing SSP passkey handlers. It occurs when hciconn lookup and field access are performed without proper locking, allowing a connection to be freed concurrently...

CVE-2026-46064

A flaw was found in the Linux kernel's ibmasm module. A local root user can exploit a heap over-read vulnerability within the ibmasmsendi2omessage function. This vulnerability arises from insufficient validation of user-controlled input sizes, allowing the system to read beyond allocated memory...

CVE-2026-46066

A flaw was found in the Linux kernel's Ceph filesystem. When writing to encrypted CephFS files, a failure to allocate a bounce buffer for a dirty folio can lead to an off-by-one error in the numops counter. This inconsistency can cause a kernel panic, resulting in a Denial of Service DoS for the...

CVE-2026-46065

A flaw was found in the Linux kernel's framebuffer device fbdev deferred I/O defio mechanism. A local user with an active mapping of graphics memory could trigger a device hot-unplug, leading to the system accessing undefined memory. This can result in system instability or a crash, causing a...

CVE-2026-46069

A flaw was found in the Linux kernel's mwifiex Wi-Fi driver. The mwifiexadaptercleanup function incorrectly uses a non-synchronous timer deletion, allowing the wakeuptimer callback to access memory after it has been freed. This use-after-free vulnerability can lead to system instability, crashes,...

CVE-2026-46070

A flaw was found in the Linux kernel's md/raid5 component. This vulnerability arises from insufficient validation of payload sizes within journal metadata blocks. A local attacker can exploit this by providing a corrupted journal, leading to out-of-bounds reads when the system processes payload...

CVE-2026-46078

A flaw was found in the Linux kernel's EROFS filesystem. A local attacker could exploit an out-of-bounds read vulnerability by creating a specially crafted EROFS image. This issue arises from incorrect calculations of directory entry name lengths, which can cause the system to read beyond allocat...

CVE-2026-46079

A flaw was found in the Linux kernel's Rados Block Device rbd module. When adding a new block device, a double teardown of resources can occur if the disk addition process fails. This can lead to a null-pointer dereference during cleanup operations, allowing a local attacker to cause a system...

CVE-2026-46083

A flaw was found in the Linux kernel. This vulnerability occurs when the spisetup function fails during the registration of a device, leading to improper cleanup and subsequent resource leaks. This can result in a denial of service DoS due to the exhaustion of system resources...

CVE-2026-46082

A flaw was found in the Linux kernel's virtualization component, known as KVM. This vulnerability arises when a specific instruction, INVLPGA, is used in a virtualized environment without the proper security setting EFER.SVME. The system fails to trigger an expected error, which could allow a loc...

CVE-2026-46085

A flaw was found in the Linux kernel's rxrpc subsystem, specifically in the rxkad crypto unalignment handling. A remote attacker could send a specially crafted packet with a misaligned crypto length. This improper handling could lead to system instability or a denial of service DoS due to incorre...

CVE-2026-46088

A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA control component. Improper validation of the buffer length before a string length operation in the sndctleleminitenumnames function can lead to a system panic. This vulnerability could allow a local attacker to trigger...

CVE-2026-46087

A flaw was found in the Linux kernel's Data Access MONitor DAMON subsystem. When the damonstart function fails during the damonstatstart operation, the system does not properly release the allocated memory context. This oversight leads to a memory leak, where previously allocated memory becomes...

CVE-2026-46092

A flaw was found in the Linux kernel's rtw88 Wi-Fi driver. When the 8821CE device is installed on a system where it is on a root bus, the driver's probing routine does not properly check for the existence of a PCI upstream bridge. This oversight can lead to a system crash, resulting in a denial o...

CVE-2026-46091

A flaw was found in the igorplugusb component of the Linux kernel. The USB request structure, when handled by Direct Memory Access DMA on certain host controllers, did not properly follow DMA coherency rules. This oversight could lead to data integrity issues or unexpected system behavior, as the...

CVE-2026-46084

A flaw was found in the Linux kernel's RDMA Remote Direct Memory Access manaib driver. When a Receive Side Scaling Queue Pair RSS QP is destroyed, the vPort RX receive steering in the firmware is not properly disabled, leaving stale steering configurations. This can lead to receive completions...

CVE-2026-46086

A flaw was found in the Linux kernel. Inconsistent handling of local Forwarding Database FDB entries in the bridge networking component's RCU Read-Copy-Update readers can lead to a null-pointer dereference. A local attacker could exploit this by triggering a concurrent update to an FDB entry,...

CVE-2026-46089

A flaw was found in the Linux kernel's zram module. This vulnerability allows a local user to cause a system hang, leading to a Denial of Service DoS. The issue occurs because the zram module fails to properly handle partial discard requests, specifically by not calling endio when such requests a...

CVE-2026-46090

A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture aloop driver. This Use-After-Free UAF vulnerability occurs when loopbackcheckformat stops the capture side during a format change, while a concurrent close operation detaches or frees the runtime. An attacker could...