CVE-2026-46280

A flaw was found in the Linux kernel's Heterogeneous Memory Management HMM test module. When a device mirror dmirror structure is freed, its associated device private pages are not properly migrated back to system memory. This can lead to a use-after-free condition where a dangling pointer to the...

CVE-2026-46281

A flaw was found in the Linux kernel. When shrinking a vmalloc allocation using the vreallocnodealign function, if the requested new size is smaller than the old size, an out-of-bounds write can occur. This memory corruption vulnerability could allow a local attacker to cause a denial of service ...

CVE-2026-46282

A flaw was found in the Linux kernel's iio: frequency: admv1013 driver. This vulnerability occurs when the system attempts to read a device property, and an uninitialized string is used, leading to a NULL pointer dereference. This could allow a local attacker to trigger a system crash, resulting ...

CVE-2026-46283

A flaw was found in the Linux kernel's Trusted Platform Module TPM driver. This vulnerability arises from the driver's failure to securely clear sensitive cryptographic material, such as session keys and passphrases, from memory when a TPM device is released. A local attacker could potentially...

CVE-2026-46285

A flaw was found in the Linux kernel's mtd: docg3 module. The docg3release function attempts to access memory that has already been deallocated, leading to a use-after-free vulnerability. This issue could allow a local attacker to cause a denial of service or potentially execute arbitrary code...

CVE-2026-46284

A flaw was found in the Linux kernel's hugetlb memory management. A local user could exploit this by providing malformed kernel command-line parameters, such as hugepages or hugepagesz, without an '=' separator. This improper handling of input during early parameter parsing can lead to a system...

CVE-2026-46287

A flaw was found in the Linux kernel's txgbe network driver. When removing a module for a copper Network Interface Card NIC with an external physical layer PHY, the driver failed to acquire the necessary RTNL Routing Netlink lock before disconnecting the PHY. This oversight can lead to an RTNL...

CVE-2026-46288

A flaw was found in the Linux kernel. This vulnerability, a use-after-free UAF, occurs within the ofunittestchangeset function due to improper handling of device node references. An attacker could exploit this by causing a device node's memory to be freed while it is still in use. This could lead...

CVE-2026-46289

A flaw was found in the Linux kernel's lib/scatterlist component. Incorrect length calculations within the extractkvectosg function, when extracting data from a kvec to a scatterlist, could lead to writing beyond intended page boundaries. Additionally, when extracting a user buffer, the scatterli...

CVE-2026-46290

A flaw was found in the Linux kernel's x86/efi component. Due to changes in FPU softirq handling, the system incorrectly identifies normal task context as an interrupt context. This issue, when combined with buggy firmware that triggers page faults during EFI Extensible Firmware Interface runtime...

CVE-2026-46291

A flaw was found in the Linux kernel's crypto: caam component. This vulnerability allows for the disclosure of sensitive HMAC Hash-based Message Authentication Code key bytes at runtime. The issue occurs because the hashdigestkey function uses printhexdumpdevel without proper guarding, which can...

CVE-2026-46293

A flaw was found in the Linux kernel's clock driver for Microchip PolarFire SoC MPFS systems. This vulnerability involves an out-of-bounds memory access that occurs during the registration of clock outputs. The issue stems from incorrect memory allocation within the driver, which can lead to syst...

CVE-2026-46292

A flaw was found in the Linux kernel's generic power domain genpd component. When a virtual device is detached from a power management PM domain, the pmruntimedisable function is not called, leaving runtime PM enabled for the detached device. This oversight can lead to critical errors, including ...

CVE-2026-46294

A flaw was found in the Linux kernel, specifically within the dm-ioctl module. An improper pointer alignment in the retrievestatus function could lead to a buffer overflow, where data is written beyond the allocated buffer. Despite this, the vulnerability has no practical security implications as...

CVE-2026-46295

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM component. A race condition in the Advanced Programmable Interrupt Controller APIC interrupt handling can lead to an incorrect state during interrupt synchronization. This issue, occurring between a sender and target virtual...

CVE-2026-46296

A flaw was found in the Linux kernel's s3c64xx Serial Peripheral Interface SPI driver. An issue with incorrect DMA Direct Memory Access channel deallocation during driver unbind could lead to a NULL-pointer dereference. This vulnerability can cause a system crash, resulting in a denial of service...

CVE-2026-46297

A flaw was found in the Linux kernel's libwx network driver. Incorrect handling of virtual function VF miscellaneous interrupts, specifically using requestthreadedirq with a null threaded handler and the IRQFONESHOT flag, can trigger a kernel warning. This issue may lead to system instability or...

CVE-2026-46298

A flaw was found in the Linux kernel, specifically within the pseries/papr-hvpipe component. This vulnerability is a race condition that can occur when an interrupt fires on the same central processing unit CPU while the ioctl or release handlers are executing. This can lead to a deadlock,...

CVE-2026-46301

A flaw was found in the Linux kernel's spi-topcliff-pch driver. This vulnerability, a use-after-free error, occurs when the driver attempts to release Direct Memory Access DMA buffers during an unbind operation without properly flushing its queue. An attacker could potentially exploit this memory...

CVE-2026-46299

A flaw was found in the hfsplus filesystem component of the Linux kernel. An issue exists in the hfsplusfillsuper function where a lock is not properly released during an error handling path. This can occur when certain conditions cause hfspluscatbuildkey to fail during filesystem initialization....