CVE-2026-46019

CVE-2026-46019 affects the Linux kernel crypto driver for atmel-aes. The issue is a memory‑leak in atmel_aes_buff_cleanup: atmel_aes_buff_init() allocates 4 pages via __get_free_pages() with ATMEL_AES_BUFFER_ORDER, but atmel_aes_buff_cleanup() frees only the first page with free_page(), leaking t...

CVE-2026-46019 crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup

In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-aes - Fix 3-page memory leak in atmelaesbuffcleanup atmelaesbuffinit allocates 4 pages using getfreepages with ATMELAESBUFFERORDER, but atmelaesbuffcleanup frees only the first page using freepage, leaking the...

EUVD-2026-32397

In the Linux kernel, the following vulnerability has been resolved: remoteproc: xlnx: Only access buffer information if IPI is buffered In the receive callback check if message is NULL to prevent possibility of crash by NULL pointer dereferencing...

CVE-2026-46016

In the Linux kernel, the following vulnerability has been resolved: remoteproc: xlnx: Only access buffer information if IPI is buffered In the receive callback check if message is NULL to prevent possibility of crash by NULL pointer dereferencing...

CVE-2026-46016

The CVE-2026-46016 entry concerns the Linux kernel remoteproc: xlnx path. Root cause: code accessed buffer information only when IPI is buffered; fix adds a NULL check in the receive callback to avoid potential NULL-pointer dereference. Affected component is the Linux kernel (remoteproc/xlnx). Th...

CVE-2026-46016 remoteproc: xlnx: Only access buffer information if IPI is buffered

In the Linux kernel, the following vulnerability has been resolved: remoteproc: xlnx: Only access buffer information if IPI is buffered In the receive callback check if message is NULL to prevent possibility of crash by NULL pointer dereferencing...

CVE-2026-46001 hwmon: (pt5161l) Fix bugs in pt5161l_read_block_data()

In the Linux kernel, the following vulnerability has been resolved: hwmon: pt5161l Fix bugs in pt5161lreadblockdata Fix two bugs in pt5161lreadblockdata: 1. Buffer overrun: The local buffer rbuf is declared as u8 rbuf24, but i2csmbusreadblockdata can return up to I2CSMBUSBLOCKMAX 32 bytes. The...

CVE-2026-46001

In the Linux kernel fix set for CVE-2026-46001, two issues in hwmon:pt5161l_read_block_data are addressed. First, a potential buffer overrun was introduced by using a local rbuf[24] while i2c_smbus_read_block_data() can return up to 32 bytes; the patch enlarges the buffer to I2C_SMBUS_BLOCK_MAX t...

EUVD-2026-32297

In the Linux kernel, the following vulnerability has been resolved: hwmon: pt5161l Fix bugs in pt5161lreadblockdata Fix two bugs in pt5161lreadblockdata: 1. Buffer overrun: The local buffer rbuf is declared as u8 rbuf24, but i2csmbusreadblockdata can return up to I2CSMBUSBLOCKMAX 32 bytes. The...

CVE-2026-46000

The CVE-2026-46000 issue concerns the Linux kernel’s rxrpc conn-level packet handling. A security operation decrypts bits of a RESPONSE packet in place, but the sk_buff might be shared with a packet sniffer, causing the sniffer to observe a seemingly corrupt (actually decrypted) packet. The fix c...

CVE-2026-45994

In the Linux kernel, the ibmasm component is affected by CVE-2026-45994. The vulnerability occurs in command_file_write: it allocates a kernel buffer of exactly count bytes and copies user data into it without validating against the dot command protocol before calling get_dot_command_size() and g...

CVE-2026-45990

CVE-2026-45990 concerns the Linux kernel slub allocator. The issue arises in krealloc/kvrealloc when forcing reallocation for new alignment or NUMA node even while shrinking, causing data loss during NUMA migration and a buffer overflow during shrinking due to using the old size for memcpy. The f...

CVE-2026-45984 gfs2: Fix use-after-free in iomap inline data write path

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in iomap inline data write path The inline data buffer head dibh is being released prematurely in gfs2iomapbegin via releasemetapath while iomap-inlinedata still points to dibh-bdata. This causes a...

CVE-2026-45984

The CVE-2026-45984 issue is a concrete Linux-kernel vulnerability in the GFS2 iomap inline data write path. A data buffer head (dibh) is released prematurely via release_metapath() in gfs2_iomap_begin(), while iomap->inline_data still references dibh->b_data, causing a use-after-free when i...

CVE-2026-45979

The CVE affects the Linux kernel DRM/amdgpu path, specifically the amdgpu_cs_parser_bos cleanup. In low memory conditions, kmalloc can fail, and the fix ensures a clean exit by unlocking the mutex. It also notes that amdgpu_bo_list_put is not needed, as that work is handled in amdgpu_cs_parser_fi...

CVE-2026-45979 drm/amdgpu: clean up the amdgpu_cs_parser_bos

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: clean up the amdgpucsparserbos In low memory conditions, kmalloc can fail. In such conditions unlock the mutex for a clean exit. We do not need to amdgpubolistput as it's been handled in the amdgpucsparserfini...

CVE-2026-45979

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: clean up the amdgpucsparserbos In low memory conditions, kmalloc can fail. In such conditions unlock the mutex for a clean exit. We do not need to amdgpubolistput as it's been handled in the amdgpucsparserfini...

CVE-2026-45891

The CVE-2026-45891 issue affects Linux kernel networking for the hns3 driver. In hns3_set_ringparam(), a temporary copy of the ring is used for rollback, but the tx_spare pointer in the original ring is not cleared after saving its value in tmp_rings. If memory allocation fails during hns3_init_a...

CVE-2026-45891 net: hns3: fix double free issue for tx spare buffer

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix double free issue for tx spare buffer In hns3setringparam, a temporary copy tmprings of the ring structure is created for rollback. However, the txspare pointer in the original ring handle is incorrectly left...

CVE-2026-45891

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix double free issue for tx spare buffer In hns3setringparam, a temporary copy tmprings of the ring structure is created for rollback. However, the txspare pointer in the original ring handle is incorrectly left...