336153 matches found
CVE-2026-46306
CVE-2026-46306 affects the Linux kernel where the flow_dissector incorrectly dissects PPPoE PFC frames. The root cause is handling a compressed (1-byte) Protocol Field Compression (PFC) in PPPoE, which shifts the subsequent PPP payload by one byte, causing a 4-byte network-header misalignment and...
CVE-2026-46305
The CVE relates to the Linux kernel staging area, specifically rtl8723bs os_dep code in rtw_cbuf_alloc. The bug occurs when kzalloc_flex() allocation fails and the code dereferences the resulting pointer unconditionally, leading to a NULL pointer dereference. The patch adds a guard to the allocat...
EUVD-2026-35170
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: osdep: avoid NULL pointer dereference in rtwcbufalloc The return value of kzallocflex is used without ensuring that the allocation succeeded, and the pointer is dereferenced unconditionally. Guard the access t...
CVE-2026-46305
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: osdep: avoid NULL pointer dereference in rtwcbufalloc The return value of kzallocflex is used without ensuring that the allocation succeeded, and the pointer is dereferenced unconditionally. Guard the access t...
CVE-2026-46305
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: osdep: avoid NULL pointer dereference in rtwcbufalloc The return value of kzallocflex is used without ensuring that the allocation succeeded, and the pointer is dereferenced unconditionally. Guard the access t...
CVE-2026-46304 nvmet: avoid recursive nvmet-wq flush in nvmet_ctrl_free
In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid recursive nvmet-wq flush in nvmetctrlfree nvmettcpreleasequeuework runs on nvmet-wq and can drop the final controller reference through nvmetcqput. If that triggers nvmetctrlfree, the teardown path flushes...
CVE-2026-46304
In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid recursive nvmet-wq flush in nvmetctrlfree nvmettcpreleasequeuework runs on nvmet-wq and can drop the final controller reference through nvmetcqput. If that triggers nvmetctrlfree, the teardown path flushes...
EUVD-2026-35169
In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid recursive nvmet-wq flush in nvmetctrlfree nvmettcpreleasequeuework runs on nvmet-wq and can drop the final controller reference through nvmetcqput. If that triggers nvmetctrlfree, the teardown path flushes...
CVE-2026-46304
The CVE-2026-46304 issue concerns the Linux kernel nvmet subsystem. The problem arises when nvmet_tcp_release_queue_work() runs on the nvmet-wq and can drop the final controller reference via nvmet_cq_put(), potentially triggering nvmet_ctrl_free() and flushing ctrl->async_event_work on the sa...
CVE-2026-46304
In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid recursive nvmet-wq flush in nvmetctrlfree nvmettcpreleasequeuework runs on nvmet-wq and can drop the final controller reference through nvmetcqput. If that triggers nvmetctrlfree, the teardown path flushes...
CVE-2026-46303
In the Linux kernel, the following vulnerability has been resolved: isofs: validate Rock Ridge CE continuation extent against volume size rockcontinue reads rs-contextent verbatim from the Rock Ridge CE record and passes it to sbbread without checking that the block number is within the mounted I...
EUVD-2026-35167
In the Linux kernel, the following vulnerability has been resolved: selinux: allow multiple opens of /sys/fs/selinux/policy Currently there can only be a single open of /sys/fs/selinux/policy at any time. This allows any process to block any other process from reading the kernel policy. The...
CVE-2026-46302
In the Linux kernel, the following vulnerability has been resolved: selinux: allow multiple opens of /sys/fs/selinux/policy Currently there can only be a single open of /sys/fs/selinux/policy at any time. This allows any process to block any other process from reading the kernel policy. The...
CVE-2026-46302
CVE-2026-46302 affects the Linux kernel, where the /sys/fs/selinux/policy file could be opened multiple times, allowing a process to block others from reading the policy. The patch eliminates the policy_opened flag and tightens the policy mutex critical section, removing some extraneous checks. T...
CVE-2026-46302
In the Linux kernel, the following vulnerability has been resolved: selinux: allow multiple opens of /sys/fs/selinux/policy Currently there can only be a single open of /sys/fs/selinux/policy at any time. This allows any process to block any other process from reading the kernel policy. The...
CVE-2026-46302 selinux: allow multiple opens of /sys/fs/selinux/policy
In the Linux kernel, the following vulnerability has been resolved: selinux: allow multiple opens of /sys/fs/selinux/policy Currently there can only be a single open of /sys/fs/selinux/policy at any time. This allows any process to block any other process from reading the kernel policy. The...
EUVD-2026-35166
In the Linux kernel, the following vulnerability has been resolved: spi: topcliff-pch: fix use-after-free on unbind Give the driver a chance to flush its queue before releasing the DMA buffers on driver unbind...
CVE-2026-46301
In the Linux kernel, the following vulnerability has been resolved: spi: topcliff-pch: fix use-after-free on unbind Give the driver a chance to flush its queue before releasing the DMA buffers on driver unbind...
CVE-2026-46301
The CVE pertains to the Linux kernel SPI driver for topcliff-pch, where use-after-free can occur on unbind due to not flushing the driver queue before releasing DMA buffers. The fix adds a driver unbind sequence that flushes the queue prior to DMA buffer release. No exploitation details are provi...
CVE-2026-46301
In the Linux kernel, the following vulnerability has been resolved: spi: topcliff-pch: fix use-after-free on unbind Give the driver a chance to flush its queue before releasing the DMA buffers on driver unbind...