CVE-2026-45962 ublk: Validate SQE128 flag before accessing the cmd

In the Linux kernel, the following vulnerability has been resolved: ublk: Validate SQE128 flag before accessing the cmd ublkctrlcmddump accesses header sqe-cmd before IOURINGFSQE128 flag check. This could cause out of boundary memory access. Move the SQE128 flag check earlier in ublkctrluringcmd ...

CVE-2026-45959

The CVE-2026-45959 issue affects the Linux kernel crypto: CCP driver. A local pointer annotated with __cleanup(kfree) could cause kfree to receive the local stack address instead of the allocated memory, leading to a crash. The underlying cause is incorrect cleanup usage; the repository indicates...

CVE-2026-45958

In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: fix to avoid directly dereferencing user pointer In vidiconnectionioctl, vidi-ediduser pointer is directly dereferenced in the kernel. This allows arbitrary kernel memory access from the user space, so instead o...

CVE-2026-45958

The CVE-2026-45958 vulnerability affects the Linux kernel, specifically the drm/exynos vidi driver. In vidi_connection_ioctl(), the code dereferenced a user pointer directly (vidi->edid(user pointer)), enabling arbitrary kernel memory access from user space and potentially leading to privilege...

CVE-2026-45957 rcu: Fix rcu_read_unlock() deadloop due to softirq

In the Linux kernel, the following vulnerability has been resolved: rcu: Fix rcureadunlock deadloop due to softirq Commit 5f5fa7ea89dc "rcu: Don't use negative nesting depth in rcureadunlock" removes the recursion-protection code from rcureadunlock. Therefore, we could invoke the deadloop in...

CVE-2026-45956

In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use priv-vididev for ctx lookup in vidiconnectionioctl vidiconnectionioctl retrieves the driverdata from drmdev-dev to obtain a struct vidicontext pointer. However, drmdev-dev is the exynos-drm master device, an...

CVE-2026-45954 fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()

In the Linux kernel, the following vulnerability has been resolved: fbdev: au1200fb: Fix a memory leak in au1200fbdrvprobe In au1200fbdrvprobe, when platformgetirq fails, it directly returns from the function with an error code, which causes a memory leak. Replace it with a goto label to ensure...

CVE-2026-45955 md/md-llbitmap: fix percpu_ref not resurrected on suspend timeout

In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: fix percpuref not resurrected on suspend timeout When llbitmapsuspendtimeout times out waiting for percpuref to become zero, it returns -ETIMEDOUT without resurrecting the percpuref. The caller mdllbitmapdaemonfn...

CVE-2026-45955

Summary (CVE-2026-45955): In the Linux kernel, the md/md-llbitmap path suffers a logic error where llbitmap_suspend_timeout() times out waiting for percpu_ref to reach zero and returns -ETIMEDOUT without resurrecting percpu_ref. This leaves the page control structure in a killed state, potentiall...

CVE-2026-45953 md/raid5: fix IO hang with degraded array with llbitmap

In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix IO hang with degraded array with llbitmap When llbitmap bit state is still unwritten, any new write should force rcw, as bitmapops-blockssynced is checked in handlestripedirtying. However, later the same check is...

CVE-2026-45952

The CVE-2026-45952 issue affects the Linux kernel fbnic driver. It concerns MTU changes when an XDP program is attached: increasing MTU beyond the hardware threshold can cause fragmentation across multiple buffers, and the driver will drop all multi-fragment frames for single-buffer XDP. This can...

CVE-2026-45952 eth: fbnic: Add validation for MTU changes

In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: Add validation for MTU changes Increasing the MTU beyond the HDS threshold causes the hardware to fragment packets across multiple buffers. If a single-buffer XDP program is attached, the driver will drop all multi-fr...

CVE-2026-45951 bpf: Fix a potential use-after-free of BTF object

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free of BTF object Refcounting in the checkpseudobtfid function is incorrect: the checkpseudobtfid function might get called with a zero refcounted btf. Fix this, and patch related code accordingly...

CVE-2026-45950 crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req()

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Fix memory leak in starfiveaesaeaddoonereq The starfiveaesaeaddoonereq function allocates rctx-adata with kzalloc but fails to free it if sgcopytobuffer or starfiveaeshwinit fails, which lead to memory leaks...

CVE-2026-45950

CVE-2026-45950 : Linux kernel vulnerability in crypto: starfive, where the function starfive_aes_aead_do_one_req() allocates rctx->adata via kzalloc() but fails to free it on certain error paths (sg_copy_to_buffer(), starfive_aes_hw_init()), causing memory leaks. The issue is resolved by ensur...

CVE-2026-45949 hwrng: core - use RCU and work_struct to fix race condition

In the Linux kernel, the following vulnerability has been resolved: hwrng: core - use RCU and workstruct to fix race condition Currently, hwrngfill is not cleared until the hwrngfillfn thread exits. Since hwrngunregister reads hwrngfill outside the rngmutex lock, a concurrent hwrngunregister may...

CVE-2026-45948 ext4: fix memory leak in ext4_ext_shift_extents()

In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leak in ext4extshiftextents In ext4extshiftextents, if the extent is NULL in the while loop, the function returns immediately without releasing the path obtained via ext4findextent, leading to a memory leak. Fix...

CVE-2026-45946

CVE-2026-45946 affects the Linux kernel ab8500 power supply driver. A race condition arises when IRQs are requested before the power_supply handle is fully registered, leading to a use-after-free if an interrupt fires after deallocation but before IRQ unregistration. The issue can crash the syste...

CVE-2026-45944 iommu/vt-d: Clear Present bit before tearing down context entry

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clear Present bit before tearing down context entry When tearing down a context entry, the current implementation zeros the entire 128-bit entry using multiple 64-bit writes. This creates a window where the hardware c...

CVE-2026-45943 erofs: fix inline data read failure for ztailpacking pclusters

In the Linux kernel, the following vulnerability has been resolved: erofs: fix inline data read failure for ztailpacking pclusters Compressed folios for ztailpacking pclusters must be valid before adding these pclusters to I/O chains. Otherwise, zerofsdecompresspcluster may assume they are alread...