336109 matches found
CVE-2026-46322
The CVE pertains to the Linux kernel tun driver (tun_xdp_one) where a page allocated for a frame by vhost_net_build_xdp() is not freed when build_skb() fails, causing a memory leak. Specifically, if build_skb() fails, ret is set to -ENOMEM and the code jumps to the error path without freeing the ...
CVE-2026-46322 tun: free page on build_skb failure in tun_xdp_one()
In the Linux kernel, the following vulnerability has been resolved: tun: free page on buildskb failure in tunxdpone When buildskb fails in tunxdpone, the function sets ret to -ENOMEM and jumps to the out label, which returns without freeing the page that vhostnetbuildxdp allocated for the frame. ...
EUVD-2026-35411
In the Linux kernel, the following vulnerability has been resolved: tun: free page on short-frame rejection in tunxdpone tunxdpone returns -EINVAL on a frame shorter than ETHHLEN without freeing the page that vhostnetbuildxdp allocated for it. tunsendmsg discards that -EINVAL and still returns...
CVE-2026-46321
The CVE-2026-46321 entry concerns the Linux kernel tun_xdp_one() path. A frame shorter than ETH_HLEN may return -EINVAL without freeing the page allocated by vhost_net_build_xdp(), causing a leak when vhost_tx_batch() follows the success path. This happens in scenarios where a local process opens...
CVE-2026-46321 tun: free page on short-frame rejection in tun_xdp_one()
In the Linux kernel, the following vulnerability has been resolved: tun: free page on short-frame rejection in tunxdpone tunxdpone returns -EINVAL on a frame shorter than ETHHLEN without freeing the page that vhostnetbuildxdp allocated for it. tunsendmsg discards that -EINVAL and still returns...
EUVD-2026-35409
In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: Only release RCU read lock after ctft When looking up a flow table in actct in tcfctflowtableget, rhashtablelookupfast internally opens and closes an RCU read critical section before returning ctft. The...
CVE-2026-46319
The CVE concerns the Linux kernel net/sched act_ct flow table lookup. In tcf_ct_flow_table_get(), the code uses rhashtable_lookup_fast() inside an RCU read section, but returns after rcu_read_unlock(), creating a narrow race window where the ct_ft object can be freed before refcount_inc_not_zero(...
CVE-2026-46319
In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: Only release RCU read lock after ctft When looking up a flow table in actct in tcfctflowtableget, rhashtablelookupfast internally opens and closes an RCU read critical section before returning ctft. The...
CVE-2026-46320
The CVE-2026-46320 issue in the Linux kernel tap subsystem reports a leak where tap_get_user_xdp() on error paths fails to free the page allocated for the frame, causing one page-frag chunk to leak per rejected frame in a batch. The two error paths (short frame rejection with -EINVAL and build_sk...
CVE-2026-46319 net/sched: act_ct: Only release RCU read lock after ct_ft
In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: Only release RCU read lock after ctft When looking up a flow table in actct in tcfctflowtableget, rhashtablelookupfast internally opens and closes an RCU read critical section before returning ctft. The...
CVE-2026-46318
Technical details are not publicly available in the provided documents. Monitor for updates.
EUVD-2026-35408
In the Linux kernel, the following vulnerability has been resolved: Revert "mm/hugetlbfs: update hugetlbfs to use mmapprepare" This reverts commit ea52cb24cd3f "mm/hugetlbfs: update hugetlbfs to use mmapprepare" with conflict resolution to account for changes in commit ea52cb24cd3f "mm/hugetlbfs:...
CVE-2026-46317 KVM: arm64: Reassign nested_mmus array behind mmu_lock
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nestedmmus array behind mmulock kvm-arch.nestedmmus is walked under kvm-mmulock, including from the MMU notifier path kvmunmapgfnrange - kvmnesteds2unmap, which can run at any time. kvmvcpuinitnested...
EUVD-2026-35406
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nestedmmus array behind mmulock kvm-arch.nestedmmus is walked under kvm-mmulock, including from the MMU notifier path kvmunmapgfnrange - kvmnesteds2unmap, which can run at any time. kvmvcpuinitnested...
CVE-2026-46317
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nestedmmus array behind mmulock kvm-arch.nestedmmus is walked under kvm-mmulock, including from the MMU notifier path kvmunmapgfnrange - kvmnesteds2unmap, which can run at any time. kvmvcpuinitnested...
CVE-2026-46316 KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgicitsinvalidatecache walks the per-ITS translation cache with xaforeach and drops the cache's reference on each entry with vgicputirq. It puts...
CVE-2026-46316
Summary: The vulnerability CVE-2026-46316 affects the Linux kernel KVM on arm64 with vgic-its. During invalidation, vgic_its_invalidate_cache() iterates the per-ITS translation cache and drops the cache reference on each entry with vgic_put_irq(), but incorrectly puts the iterated pointer instead...
EUVD-2026-35405
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgicitsinvalidatecache walks the per-ITS translation cache with xaforeach and drops the cache's reference on each entry with vgicputirq. It puts...
CVE-2026-46315
A flaw was found in the Linux kernel's iouring subsystem, specifically within the IORINGOPWAITID operation. This vulnerability occurs because the waitid information structure is not properly initialized before being copied to userspace. A local user could exploit this to expose stale data from...
Exploit for Use After Free in Linux Linux_Kernel
🐧 CVE-2026-23111 - Linux Kernel nftables Use-After-Free Vulne...