CVE-2026-46024

CVE-2026-46024 targets the Linux kernel libceph component, where a CEPH_MSG_AUTH_REPLY containing zero values for both protocol and result could lead to a null pointer dereference due to ac->ops being NULL after faulty auth handling. The root cause is that a too-permissive check allowed ac-&gt...

CVE-2026-46024

In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in cephhandleauthreply If a message of type CEPHMSGAUTHREPLY contains a zero value for both protocol and result, this is currently not treated as an error. In case of ac-negotiating == tr...

EUVD-2026-32405

In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in cephhandleauthreply If a message of type CEPHMSGAUTHREPLY contains a zero value for both protocol and result, this is currently not treated as an error. In case of ac-negotiating == tr...

CVE-2026-46024 libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply()

In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in cephhandleauthreply If a message of type CEPHMSGAUTHREPLY contains a zero value for both protocol and result, this is currently not treated as an error. In case of ac-negotiating == tr...

CVE-2026-46024

In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in cephhandleauthreply If a message of type CEPHMSGAUTHREPLY contains a zero value for both protocol and result, this is currently not treated as an error. In case of ac-negotiating == tr...

CVE-2026-46016

CVE-2026-46016 is a Linux kernel remoteproc issue for the xlnx driver where the receive callback does not guard against NULL messages, potentially enabling a crash scenario and requiring a fix. The publicly referenced OSV entries indicate patches have been released/applied in some distributions (...

EUVD-2026-32397

In the Linux kernel, the following vulnerability has been resolved: remoteproc: xlnx: Only access buffer information if IPI is buffered In the receive callback check if message is NULL to prevent possibility of crash by NULL pointer dereferencing...

CVE-2026-46016 remoteproc: xlnx: Only access buffer information if IPI is buffered

In the Linux kernel, the following vulnerability has been resolved: remoteproc: xlnx: Only access buffer information if IPI is buffered In the receive callback check if message is NULL to prevent possibility of crash by NULL pointer dereferencing...

CVE-2026-45835

A flaw was found in the Linux kernel's Bluetooth L2CAP Logical Link Control and Adaptation Protocol component. A missing null pointer check in the l2capsocknewconnectioncb function could allow a remote attacker to trigger a null-pointer dereference. This vulnerability can lead to a system crash,...

CVE-2026-45836

A flaw was found in the Linux kernel's Bluetooth L2CAP subsystem. This vulnerability, a null-pointer dereference, occurs due to a missing NULL guard in the l2capsockgetsndtimeocb function. A local attacker could exploit this flaw to trigger a system crash, leading to a Denial of Service DoS...

CVE-2026-45834

A flaw was found in the Linux kernel's Bluetooth L2CAP Logical Link Control and Adaptation Protocol implementation. A missing null pointer guard in the l2capsockstatechangecb function can lead to a null pointer dereference. This vulnerability could allow an attacker to cause a system crash,...

CVE-2026-45846

A flaw was found in the bareudp driver of the Linux kernel. This vulnerability allows a local attacker to trigger a NULL pointer dereference in the bareudpfillmetadatadst function. This occurs because the function attempts to access a NULL socket when the bareudp device is down, leading to a syst...

CVE-2026-45982 ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch()

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix NULL pointer dereference in acpievaddressspacedispatch Cover a missed execution path with a new check...

CVE-2026-45982

CVE-2026-45982 concerns the Linux kernel ACPICA component, specifically a NULL pointer dereference in the function acpi_ev_address_space_dispatch(). The issue arises from a missed execution path due to an incomplete check, which could be exploited locally (as indicated by the CVSS vector and Red ...

CVE-2026-45982

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix NULL pointer dereference in acpievaddressspacedispatch Cover a missed execution path with a new check...

CVE-2026-45978

In the Linux kernel, the following vulnerability has been resolved: staging: greybus: lights: avoid NULL deref gblightslightconfig stores channelcount before allocating the channels array. If kcalloc fails, gblightsrelease iterates the non-zero count and dereferences light-channels, which is NULL...

CVE-2026-45966 apparmor: fix NULL pointer dereference in __unix_needs_revalidation

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL pointer dereference in unixneedsrevalidation When receiving file descriptors via SCMRIGHTS, both the socket pointer and the socket's sk pointer can be NULL during socket setup or teardown, causing NULL pointer...

CVE-2026-45966

CVE-2026-45966 concerns a Linux kernel/AppArmor regression. When receiving file descriptors via SCM_RIGHTS, both sock and sock->sk can be NULL, leading to NULL pointer dereferences in __unix_needs_revalidation() and a crash. The issue stems from added NULL checks in a new function without ensu...

CVE-2026-45966

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL pointer dereference in unixneedsrevalidation When receiving file descriptors via SCMRIGHTS, both the socket pointer and the socket's sk pointer can be NULL during socket setup or teardown, causing NULL pointer...

CVE-2026-45965 apparmor: fix invalid deref of rawdata when export_binary is unset

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix invalid deref of rawdata when exportbinary is unset If the exportbinary parameter is disabled on runtime, profiles that were loaded before that will still have their rawdata stored in apparmorfs, with a symbolic lin...