CVE-2026-46015 tcp: call sk_data_ready() after listener migration

In the Linux kernel, the following vulnerability has been resolved: tcp: call skdataready after listener migration When inetcsklistenstop migrates an established child socket from a closing listener to another socket in the same SOREUSEPORT group, the target listener gets a new accept-queue entry...

EUVD-2026-32397

In the Linux kernel, the following vulnerability has been resolved: remoteproc: xlnx: Only access buffer information if IPI is buffered In the receive callback check if message is NULL to prevent possibility of crash by NULL pointer dereferencing...

EUVD-2026-32396

In the Linux kernel, the following vulnerability has been resolved: tcp: call skdataready after listener migration When inetcsklistenstop migrates an established child socket from a closing listener to another socket in the same SOREUSEPORT group, the target listener gets a new accept-queue entry...

CVE-2026-46016 remoteproc: xlnx: Only access buffer information if IPI is buffered

In the Linux kernel, the following vulnerability has been resolved: remoteproc: xlnx: Only access buffer information if IPI is buffered In the receive callback check if message is NULL to prevent possibility of crash by NULL pointer dereferencing...

CVE-2026-46014 KVM: SVM: Add missing save/restore handling of LBR MSRs

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Add missing save/restore handling of LBR MSRs MSRIA32DEBUGCTLMSR and LBR MSRs are currently not enumerated by KVMGETMSRINDEXLIST, and LBR MSRs cannot be set with KVMSETMSRS. So save/restore is completely broken. Fix it ...

EUVD-2026-32395

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Add missing save/restore handling of LBR MSRs MSRIA32DEBUGCTLMSR and LBR MSRs are currently not enumerated by KVMGETMSRINDEXLIST, and LBR MSRs cannot be set with KVMSETMSRS. So save/restore is completely broken. Fix it ...

CVE-2026-46012 rxrpc: Fix memory leaks in rxkad_verify_response()

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix memory leaks in rxkadverifyresponse Fix rxkadverifyresponse to free the ticket and the server key under all circumstances by initialising the ticket pointer to NULL and then making all paths through the function after...

EUVD-2026-32309

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix memory leaks in rxkadverifyresponse Fix rxkadverifyresponse to free the ticket and the server key under all circumstances by initialising the ticket pointer to NULL and then making all paths through the function after...

EUVD-2026-32308

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtkjpegrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-jpegwork. This creates a race...

CVE-2026-46011

Summary (CVE-2026-46011, Linux kernel, media: mtk-jpeg): A use-after-free in the mtk-jpeg driver arises when the release path frees the context (ctx) without cancelling pending/running work in ctx->jpeg_work, creating a race with the workqueue accessing freed memory. The race occurs during clo...

EUVD-2026-32307

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix error handling in rxgkextracttoken Fix a missing bit of error handling in rxgkextracttoken: in the event that rxgkdecryptskb returns -ENOMEM, it should just return that rather than continuing on for anything else, it...

CVE-2026-46010

CVE-2026-46010 affects the Linux kernel's rxrpc component. The root cause is missing error handling in rxgk_extract_token(): if rxgk_decrypt_skb() returns -ENOMEM, the function should return that error instead of proceeding, which can lead to an abort. Several advisories state the vulnerability c...

CVE-2026-46009 PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown epfntbepcdestroy duplicates the teardown that the caller is supposed to do later. This leads to an oops when .allowlink fails or when .droplink is performed. Remove t...

EUVD-2026-32306

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown epfntbepcdestroy duplicates the teardown that the caller is supposed to do later. This leads to an oops when .allowlink fails or when .droplink is performed. Remove t...

CVE-2026-46008 mm/damon/core: fix damos_walk() vs kdamond_fn() exit race

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix damoswalk vs kdamondfn exit race When kdamondfn main loop is finished, the function cancels remaining damoswalk request and unset the damonctx-kdamond so that API callers and API functions themselves can show t...

EUVD-2026-32305

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix damoswalk vs kdamondfn exit race When kdamondfn main loop is finished, the function cancels remaining damoswalk request and unset the damonctx-kdamond so that API callers and API functions themselves can show t...

CVE-2026-46008

CVE-2026-46008 relates to the Linux kernel DAMON subsystem. The race occurs between daño_walk() registration and damon_ctx->kdamond unset, potentially causing deadlocks when a kdamond_fn() loop exits. The fix introduces a new damon_ctx field, walk_control_obsolete, protected by walk_control_lo...

EUVD-2026-32304

In the Linux kernel, the following vulnerability has been resolved: hwmon: powerz Avoid cacheline sharing for DMA buffer Depending on the architecture the transfer buffer may share a cacheline with the following mutex. As the buffer may be used for DMA, that is problematic. Use the high-level DMA...

EUVD-2026-32303

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix u32 overflow in pushbuf reloc bounds check nouveaugempushbufrelocapply validates each relocation with if r-relocbooffset + 4 nvbo-bo.base.size but relocbooffset is u32 uapi/drm/nouveaudrm.h and the integer litera...

CVE-2026-46005

The CVE-2026-46005 issue concerns a resource leak in the XFS code path of the Linux kernel (xfs_alloc_buftarg) where, in error paths, the DAX device reference must be dropped via fs_put_dax(). Connected documents indicate patches and mitigations across multiple distributions: Debian/OpenSUSE OSV ...