20992 matches found
CVE-2026-45971 bpf: Limit bpf program signature size
In the Linux kernel, the following vulnerability has been resolved: bpf: Limit bpf program signature size Practical BPF signatures are significantly smaller than KMALLOCMAXCACHESIZE Allowing larger sizes opens the door for abuse by passing excessive size values and forcing the kernel into expensi...
CVE-2026-45964
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix gssauth kref leak in gssallocmsg error path Commit 5940d1cf9f42 "SUNRPC: Rebalance a kref in authgss.c" added a krefget&gssauth-kref call to balance the gssputauth done in gssreleasemsg, but forgot to add a...
CVE-2026-45934
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation I have been observing a number of systems aborting at insertdevextents in btrfscreatependingblockgroups. The following is a sample stack trace of such an abo...
CVE-2026-45934 btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation I have been observing a number of systems aborting at insertdevextents in btrfscreatependingblockgroups. The following is a sample stack trace of such an abo...
CVE-2026-45934
CVE-2026-45934 – Linux kernel/Btrfs issue : A vulnerability in Btrfs chunk allocation caused an EEXIST abort when non-consecutive gaps appeared during forced DUP chunk allocations, leading to a transaction abort with “Object already exists.” The problem manifests in btrfs_create_pending_block_gro...
CVE-2026-45928 media: chips-media: wave5: Fix memory leak on codec_info allocation failure
In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix memory leak on codecinfo allocation failure In wave5vpuopenenc and wave5vpuopendec, a vpu instance is allocated via kzalloc. If the subsequent allocation for inst-codecinfo fails, the functions retu...
CVE-2026-45926
In the Linux kernel PWM subsystem, CVE-2026-45926 fixes a memory leak on init error in pwmchip_alloc(). If __pinned_init() fails, the allocated pwm_chip could leak because error paths did not call pwmchip_put(). The patch ensures the initial reference is released on all error paths, preventing a ...
CVE-2026-45921 mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse()
In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: Fix memory leak in mtdparsertplinksafeloaderparse The function mtdparsertplinksafeloaderparse allocates buf via mtdparsertplinksafeloaderreadtable. If the allocation for partsidx.name fails inside the loop, the code...
CVE-2026-45908 accel/amdxdna: Fix memory leak in amdxdna_ubuf_map
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix memory leak in amdxdnaubufmap The amdxdnaubufmap function allocates memory for sg and internal sg table structures, but it fails to free them if subsequent operations sgalloctablefrompages or dmamapsgtable fail...
CVE-2026-45896 mtd: intel-dg: Fix accessing regions before setting nregions
In the Linux kernel, the following vulnerability has been resolved: mtd: intel-dg: Fix accessing regions before setting nregions The regions array is counted by nregions, but it's set only after accessing it: UBSAN: array-index-out-of-bounds in drivers/mtd/devices/mtdinteldg.c:750:15 index 0 is o...
CVE-2026-45896
The CVE-2026-45896 issue affects the Linux kernel MTD Intel DG driver (mtd_intel_dg.c). A UBSAN array-index-out-of-bounds occurs because regions are counted by nregions but the array is accessed before nregions is set, at drivers/mtd/devices/mtd_intel_dg.c:750:15. The fix also corrects an undesir...
CVE-2026-45876 arm64/gcs: Fix error handling in arch_set_shadow_stack_status()
In the Linux kernel, the following vulnerability has been resolved: arm64/gcs: Fix error handling in archsetshadowstackstatus allocgcs returns an error-encoded pointer on failure, which comes from dommap, not NULL. The current NULL check fails to detect errors, which could lead to using an invali...
CVE-2026-45868 pinctrl: single: fix refcount leak in pcs_add_gpio_func()
In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix refcount leak in pcsaddgpiofunc ofparsephandlewithargs returns a devicenode pointer with refcount incremented in gpiospec.np. The loop iterates through all phandles but never releases the reference, causing a...
Use-after-free
Affected versions of oneringbuf exposed the obsolete IntoRef::intoref method through the public IntoRef trait. For heap-backed ring buffers, this method returned a DroppableRef handle. DroppableRef stored an owning raw pointer created from Box::intoraw. Its Clone implementation copied this raw...
PT-2026-43801
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue in the btrfs file system can lead to a transaction abort with an EEXIST error Object already exists during chunk allocation. This occurs due to non-consecutive gaps in chunk...
CVE-2026-46035
mm/pagealloc: return NULL early from allocfrozenpagesnolock in NMI on UP...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an oversight in AppArmor where the counter for each CPU’s cache holdings does not check for...
PT-2026-43751
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the AppArmor module where the aa get buffer function unconditionally decrements the cache-hold variable when pulling from the per-cpu list. If hold reaches 0 while cou...
UBUNTU-CVE-2026-45998
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix potential UAF after skbunshare failure If skbunshare fails to unshare a packet due to allocation failure in rxrpcinputpacket, the skb pointer in the parent rxrpciothread will be NULL'd out. This will likely cause the...
CVE-2026-46068
crypto: nx - fix bounce buffer leaks in nx842cryptoalloc,freectx...