3274 matches found
EUVD-2026-38872
In the Linux kernel, the following vulnerability has been resolved: sctp: fix OOB write to userspace in sctpgetsockoptpeerauthchunks sctpgetsockoptpeerauthchunks checks that the caller's optval buffer is large enough for the peer AUTH chunk list with if len gauthchunks, which lives at offset...
EUVD-2026-38855
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid double drmexecfini in userq validate When newaddition is true, amdgpuuserqvmvalidate calls drmexecfini&exec before iterating over the collected HMM ranges and calling amdgputtmttgetuserpages. If...
EUVD-2026-38849
In the Linux kernel, the following vulnerability has been resolved: neigh: let neighxmit take skb ownership neighxmit always releases the skb, except when no neighbour table is found. But even the first added user of neighxmit mpls relied on neighxmit to release the skb or queue it for tx. sashik...
CVE-2026-53030
In the Linux kernel, the following vulnerability has been resolved: i3c: master: renesas: Fix memory leak in renesasi3ci3cxfers The xfer structure allocated by renesasi3callocxfer was never freed in the renesasi3ci3cxfers function. Use the freekfree cleanup attribute to automatically free the...
EUVD-2026-38998
In the Linux kernel, the following vulnerability has been resolved: fs/omfs: reject ssysblocksize smaller than OMFSDIRSTART omfsfillsuper rejects oversized ssysblocksize values PAGESIZE, but it does not reject values smaller than OMFSDIRSTART 0x1b8 = 440. Later, omfsmakeempty uses sbi-ssysblocksi...
CVE-2026-53094
The CVE affects the Linux kernel BPF/JIT path for dev-bound-only XDP programs. When constant blinding is enabled (bpf_jit_harden >= 2), bpf_jit_blind_constants() clones the program and bpf_jit_prog_release_other() frees the original, but offload->prog isn’t updated, leaving a stale pointer....
CVE-2026-53086 net: bcmgenet: fix racing timeout handler
In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: fix racing timeout handler The bcmgenettimeout handler tries to take down all tx queues when a single queue times out. This is over zealous and causes many race conditions with queues that are still chugging along...
CVE-2026-53071 Bluetooth: l2cap: Add missing chan lock in l2cap_ecred_reconf_rsp
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: Add missing chan lock in l2capecredreconfrsp l2capecredreconfrsp calls l2capchandel without holding l2capchanlock. Every other l2capchandel caller in the file acquires the lock first. A remote BLE device can sen...
EUVD-2026-38934
In the Linux kernel, the following vulnerability has been resolved: drm/sun4i: backend: fix error pointer dereference The function drmatomicgetplanestate can return an error pointer and is not checked for it. Add error pointer check. Detected by Smatch: drivers/gpu/drm/sun4i/sun4ibackend.c:496...
CVE-2026-53061
CVE-2026-53061 affects Linux kernel dm-cache. Concrete details in connected documents show a fix for dirty mapping checking in passthrough mode switching, addressing a preload-time issue that could load dirty mappings into passthrough mode and cause data loss. The root cause involves table reload...
CVE-2026-53059 dm log: fix out-of-bounds write due to region_count overflow
In the Linux kernel, the following vulnerability has been resolved: dm log: fix out-of-bounds write due to regioncount overflow The local variable regioncount in createlogcontext is declared as unsigned int 32-bit, but dmsectordivup returns sectort 64-bit. When a device-mapper target has a...
CVE-2026-53045 memory: tegra124-emc: Fix dll_change check
In the Linux kernel, the following vulnerability has been resolved: memory: tegra124-emc: Fix dllchange check The code checking whether the specified memory timing enables DLL in the EMRS register was reversed. DLL is enabled if bit A0 is low. Fix the check...
CVE-2026-53034
CVE-2026-53034 concerns the Linux kernel’s af_unix sockmap interaction during unix_stream_connect. The vulnerability arises because unix_stream_connect() sets sk_state to TCP_ESTABLISHED before assigning the peer via unix_peer(sk) = newsk, creating a window where sock_map_sk_state_allowed() may s...
CVE-2026-53031
In the Linux kernel, the following vulnerability has been resolved: bpf: Validate nodeid in arenaallocpages arenaallocpages accepts a plain int nodeid and forwards it through the entire allocation chain without any bounds checking. Validate nodeid before passing it down the allocation chain in...
CVE-2026-53029
CVE-2026-53029: In the Linux kernel’s ntfs3 codepath, an uninitialized LCN could be triggered due to a zero-length path in ntfs_iomap_begin. The bug arises because run_lookup_entry() can fail and leave *len and the new value/err at 0, causing attr_data_get_block_locked() to take an ok path before...
CVE-2026-53020
The CVE-2026-53020 entry documents a Linux kernel issue: a race condition during Translation Lookaside Buffer (TLB) synchronization when the page table is traversed and modified without holding the proper page table lock. The root cause is the lack of adequate locking during TLB sync, which can l...
CVE-2026-52999
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix out-of-bounds read on option matching In nfosfmatch, the nfosfhdrctx structure is initialized once and passed by reference to nfosfmatchone for each fingerprint checked. During TCP option parsing,...
CVE-2026-52993 tipc: fix double-free in tipc_buf_append()
In the Linux kernel, the following vulnerability has been resolved: tipc: fix double-free in tipcbufappend tipcmsgvalidate can potentially reallocate the skb it is validating, freeing the old one. In tipcbufappend, it was being called with a pointer to a local variable which was a copy of the...
CVE-2026-52982
The CVE-2026-52982 issue affects the Linux kernel driver rtl8150 for Realtek RTL8150 USB Ethernet devices. A use-after-free (UAF) can occur in rtl8150_start_xmit() when reading skb->len for tx_bytes statistics after usb_submit_urb() is issued, because the skb may be freed in the USB completion...
CVE-2026-52981
CVE-2026-52981 concerns a Linux kernel issue in neigh_xmit: when called with an uninitialized neighbor table (e.g., NEIGH_ND_TABLE with IPv6 disabled), neigh_xmit can return -EAFNOSUPPORT without releasing the skb, risking a memory leak. The fix removes the remaining code path that could neither ...