225320 matches found
CVE-2026-46155 smb/client: fix out-of-bounds read in smb2_compound_op()
In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...
CVE-2026-46155
CVE-2026-46155 affects the Linux kernel SMB client. The vulnerability is an out-of-bounds read in smb2_compound_op() caused by memcpy reading size[0] (OutputBufferLength) when iov_len is smaller than that length after a truncated server response. This can leak adjacent kernel heap memory. Impact ...
CVE-2026-46154
CVE-2026-46154 affects the Linux kernel sched_ext functionality. Root cause: in cgroup setters, scx_group_set_{weight,idle,bandwidth}() cache the scx_root before acquiring scx_cgroup_ops_rwsem, enabling a window where the pointer can become stale if a scheduler is disabled and freed (via RCU) and...
CVE-2026-46154
In the Linux kernel, the following vulnerability has been resolved: schedext: Read scxroot under scxcgroupopsrwsem in cgroup setters scxgroupsetweight,idle,bandwidth cache scxroot before acquiring scxcgroupopsrwsem, so the pointer can be stale by the time the op runs. If the loaded scheduler is...
EUVD-2026-32781
In the Linux kernel, the following vulnerability has been resolved: schedext: Read scxroot under scxcgroupopsrwsem in cgroup setters scxgroupsetweight,idle,bandwidth cache scxroot before acquiring scxcgroupopsrwsem, so the pointer can be stale by the time the op runs. If the loaded scheduler is...
EUVD-2026-32780
In the Linux kernel, the following vulnerability has been resolved: 8021q: delete cleared egress QoS mappings vlandevsetegresspriority currently keeps cleared egress priority mappings in the hash as tombstones. Repeated set/clear cycles with distinct skb priorities therefore accumulate mapping...
CVE-2026-46153 8021q: delete cleared egress QoS mappings
In the Linux kernel, the following vulnerability has been resolved: 8021q: delete cleared egress QoS mappings vlandevsetegresspriority currently keeps cleared egress priority mappings in the hash as tombstones. Repeated set/clear cycles with distinct skb priorities therefore accumulate mapping...
CVE-2026-46153
In the Linux kernel, the following vulnerability has been resolved: 8021q: delete cleared egress QoS mappings vlandevsetegresspriority currently keeps cleared egress priority mappings in the hash as tombstones. Repeated set/clear cycles with distinct skb priorities therefore accumulate mapping...
CVE-2026-46153
CVE-2026-46153 affects the Linux kernel 8021q VLAN code. The vulnerability arises because vlan_dev_set_egress_priority() kept cleared egress priority mappings as tombstones in a hash, allowing repeated set/clear cycles with different skb priorities to accumulate nodes and cause memory leakage. Th...
CVE-2026-46152 wifi: mac80211: drop stray 'static' from fast-RX rx_result
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rxresult ieee80211invokefastrx is documented as safe for parallel RX, but its per-invocation rxresult is declared static. Concurrent callers then share one instance and can overwri...
CVE-2026-46152
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rxresult ieee80211invokefastrx is documented as safe for parallel RX, but its per-invocation rxresult is declared static. Concurrent callers then share one instance and can overwri...
EUVD-2026-32779
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rxresult ieee80211invokefastrx is documented as safe for parallel RX, but its per-invocation rxresult is declared static. Concurrent callers then share one instance and can overwri...
CVE-2026-46152
CVE-2026-46152 affects the Linux kernel’s wifi/mac80211 subsystem. The root cause is that ieee80211_invoke_fast_rx() uses a static per-invocation rx_result, causing concurrent callers to share a single instance and potentially overwrite results between ieee80211_rx_mesh_data() and the switch on r...
CVE-2026-46151 usb: usblp: fix heap leak in IEEE 1284 device ID via short response
In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblpctrlmsg collapses the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GETDEVICE...
EUVD-2026-32778
In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblpctrlmsg collapses the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GETDEVICE...
CVE-2026-46151
In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblpctrlmsg collapses the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GETDEVICE...
CVE-2026-46151
CVE-2026-46151 affects the Linux kernel USB printer driver usblp, causing a heap leak in IEEE 1284 device ID handling due to short GET_DEVICE_ID responses. The issue stems from usblp_ctrl_msg() discarding actual bytes and usblp_cache_device_id_string() trusting a 2‑byte length prefix, exposing st...
EUVD-2026-32777
In the Linux kernel, the following vulnerability has been resolved: fanotify: fix false positive on permission events fsnotifygetmarksafe may return false for a mark on an unrelated group, which results in bypassing the permission check. Fix by skipping over detached marks that are not in the...
CVE-2026-46150
In the Linux kernel, the following vulnerability has been resolved: fanotify: fix false positive on permission events fsnotifygetmarksafe may return false for a mark on an unrelated group, which results in bypassing the permission check. Fix by skipping over detached marks that are not in the...
CVE-2026-46150 fanotify: fix false positive on permission events
In the Linux kernel, the following vulnerability has been resolved: fanotify: fix false positive on permission events fsnotifygetmarksafe may return false for a mark on an unrelated group, which results in bypassing the permission check. Fix by skipping over detached marks that are not in the...