CVE-2026-45843

A flaw was found in the Linux kernel's Serial Line Internet Protocol SLIP implementation. The slhcuncompress function, which handles VJ-compressed TCP headers, fails to perform proper bounds checks during packet processing. A remote attacker could exploit this by sending a specially crafted...

CVE-2025-71311

The CVE-2025-71311 vulnerability affects the Linux kernel’s ntfs3 code path. It arises when allocating new folios during ntfs_compress_write: if folios are not marked uptodate and ni_read_frame() is skipped because the caller expects a complete overwrite, some reserved folios may remain partially...

CVE-2026-45845

A flaw was found in the Linux kernel's TAPRIO Traffic Policing and Rate Limiting I/O qdisc. An unprivileged local user, with namespace-scoped CAPNETADMIN capabilities, can trigger a kernel null pointer dereference. This occurs by creating a TAPRIO qdisc in a new network namespace, grafting and th...

CVE-2026-45846

A flaw was found in the bareudp driver of the Linux kernel. This vulnerability allows a local attacker to trigger a NULL pointer dereference in the bareudpfillmetadatadst function. This occurs because the function attempts to access a NULL socket when the bareudp device is down, leading to a syst...

CVE-2026-45984

The CVE-2026-45984 issue is a concrete Linux-kernel vulnerability in the GFS2 iomap inline data write path. A data buffer head (dibh) is released prematurely via release_metapath() in gfs2_iomap_begin(), while iomap->inline_data still references dibh->b_data, causing a use-after-free when i...

CVE-2026-45983 nfsd: never defer requests during idmap lookup

In the Linux kernel, the following vulnerability has been resolved: nfsd: never defer requests during idmap lookup During v4 request compound arg decoding, some ops e.g. SETATTR can trigger idmap lookup upcalls. When those upcall responses get delayed beyond the allowed time limit, cachecheck wil...

CVE-2026-45982 ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch()

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix NULL pointer dereference in acpievaddressspacedispatch Cover a missed execution path with a new check...

CVE-2026-45981 s390/cio: Fix device lifecycle handling in css_alloc_subchannel()

In the Linux kernel, the following vulnerability has been resolved: s390/cio: Fix device lifecycle handling in cssallocsubchannel cssallocsubchannel calls deviceinitialize before setting up the DMA masks. If dmasetcoherentmask or dmasetmask fails, the error path frees the subchannel structure...

CVE-2026-45980 accel/amdxdna: Stop job scheduling across aie2_release_resource()

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Stop job scheduling across aie2releaseresource Running jobs on a hardware context while it is in the process of releasing resources can lead to use-after-free and crashes. Fix this by stopping job scheduling before...

CVE-2026-45980

In the Linux kernel, the accel/amdxdna driver vulnerability CVE-2026-45980 arises from scheduling jobs on a hardware context while aie2_release_resource() is releasing resources. This can cause a use-after-free and crashes. The fix is to stop job scheduling before calling aie2_release_resource() ...

CVE-2026-45977

The CVE-2026-45977 issue affects the Linux kernel fbnic driver. A race in handling firmware logs can cause a use‑after‑free: fw_log is written in fbnic_fw_log_write() and can be accessed from the mailbox handler fbnic_fw_msix_intr(), but the log data is freed during IRQ/MBX teardown, potentially ...

CVE-2026-45975

CVE-2026-45975 is a Linux kernel vulnerability in the ublk subsystem where a race condition can occur reading struct ublksrv_ctrl_cmd from userspace-mapped memory in the io_uring_sqe. The fix uses READ_ONCE() to copy ublksrv_ctrl_cmd from the io_uring_sqe to a local stack copy and then operates o...

CVE-2026-45975 ublk: use READ_ONCE() to read struct ublksrv_ctrl_cmd

In the Linux kernel, the following vulnerability has been resolved: ublk: use READONCE to read struct ublksrvctrlcmd struct ublksrvctrlcmd is part of the iouringsqe, which may lie in userspace-mapped memory. It's racy to access its fields with normal loads, as userspace may write to them...

CVE-2026-45973 RDMA/mlx5: Fix UMR hang in LAG error state unload

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix UMR hang in LAG error state unload During firmware reset in LAG mode, a race condition causes the driver to hang indefinitely while waiting for UMR completion during device unload. See 1. In LAG mode the bond devic...

CVE-2026-45972 smb: client: fix potential UAF and double free in smb2_open_file()

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2openfile Zero out @erriov and @errbuftype before retrying SMB2open to prevent an UAF bug if @data != NULL, otherwise a double free...

CVE-2026-45972

The CVE-2026-45972 issue affects the Linux kernel SMB client, specifically smb2_open_file(), where improper handling could lead to memory corruption (UAF) or a double free during SMB2_open() retries. The fixed description states that zeroing err_iov and err_buftype before retrying SMB2_open() pre...

CVE-2026-45967 bpf: Return proper address for non-zero offsets in insn array

In the Linux kernel, the following vulnerability has been resolved: bpf: Return proper address for non-zero offsets in insn array The mapdirectvalueaddr function of the instruction array map incorrectly adds offset to the resulting address. This is a bug, because later the resolvepseudoldimm64...

CVE-2026-45967

CVE-2026-45967 : In the Linux kernel, vulnerability in the BPF instruction array map due to the function map_direct_value_addr() adding an offset to the resulting address. The issue has been resolved with a fix that corrects the address calculation, and corresponding selftests were added in a fol...

CVE-2026-45963

CVE-2026-45963 affects the Linux kernel ASoC nau8821 driver. The issue occurs when unloading the driver while a jack-detection work (jdet_work) remains pending, which can crash the kernel if the work is scheduled. Root and OSV entries indicate patches were applied to fix Cancel delayed work on co...

CVE-2026-45963 ASoC: nau8821: Cancel delayed work on component remove

In the Linux kernel, the following vulnerability has been resolved: ASoC: nau8821: Cancel delayed work on component remove Attempting to unload the driver while a jack detection work is pending would likely crash the kernel when it is eventually scheduled for execution: 1984.896308 BUG: unable to...