9586 matches found
CVE-2026-64146 erofs: fix metabuf leak in inode xattr initialization
In the Linux kernel, the following vulnerability has been resolved: erofs: fix metabuf leak in inode xattr initialization commit bb88e8da0025 "erofs: use meta buffers for xattr operations" converted xattr operations to use on-stack erofsbuf instances. erofsinitinodexattrs uses such a metabuf whil...
CVE-2026-64146
In the Linux kernel, the following vulnerability has been resolved: erofs: fix metabuf leak in inode xattr initialization commit bb88e8da0025 "erofs: use meta buffers for xattr operations" converted xattr operations to use on-stack erofsbuf instances. erofsinitinodexattrs uses such a metabuf whil...
EUVD-2026-45831
In the Linux kernel, the following vulnerability has been resolved: erofs: fix metabuf leak in inode xattr initialization commit bb88e8da0025 "erofs: use meta buffers for xattr operations" converted xattr operations to use on-stack erofsbuf instances. erofsinitinodexattrs uses such a metabuf whil...
CVE-2026-64145 wifi: wilc1000: fix dma_buffer leak on bus acquire failure
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix dmabuffer leak on bus acquire failure wilcwlanfirmwaredownload allocates dmabuffer with kmalloc at the top of the function and uses a 'fail:' label to free it via kfreedmabuffer on error. All later error paths...
CVE-2026-64145
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix dmabuffer leak on bus acquire failure wilcwlanfirmwaredownload allocates dmabuffer with kmalloc at the top of the function and uses a 'fail:' label to free it via kfreedmabuffer on error. All later error paths...
CVE-2026-64120 net: ethtool: fix NULL pointer dereference in phy_reply_size
In the Linux kernel, the following vulnerability has been resolved: net: ethtool: fix NULL pointer dereference in phyreplysize In phypreparedata, several strings such as 'name', 'drvname', 'upstreamsfpname', and 'downstreamsfpname' are allocated using kstrdup. However, these allocations were not...
EUVD-2026-45805
In the Linux kernel, the following vulnerability has been resolved: net: ethtool: fix NULL pointer dereference in phyreplysize In phypreparedata, several strings such as 'name', 'drvname', 'upstreamsfpname', and 'downstreamsfpname' are allocated using kstrdup. However, these allocations were not...
CVE-2026-64115
In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: fix UAF when peer resets connection during handshake vmcitransportrecvconnectingserver returned err = 0 for a peer RST in its default switch arm: err = pkt-type == VMCITRANSPORTPACKETTYPERST ? 0 : -EINVAL; That made...
CVE-2026-64105
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic: Free privateirqs when init fails after allocation Companion to commit 250f25367b58 "KVM: arm64: Tear down vGIC on failed vCPU creation", which added the missing kvmvgicvcpudestroy call to the kvmsharehyp failure...
CVE-2026-64105
The CVE concerns the Linux kernel KVM for arm64 vgic. A failure during vCPU creation could leak private IRQs if allocation happened before a redistributor iodev registration failure. The fix adds a call to kvm_vgic_vcpu_destroy() on the kvm_vgic_vcpu_init() failure path, ensuring that private IRQ...
CVE-2026-64095
CVE-2026-64095 concerns the Linux kernel’s batman-adv subsystem, where the bla.num_requests counter could be decremented concurrently in non-atomic TOCTOU scenarios. The vulnerability arises from non-atomic handling of request_sent and bla.num_requests across multiple code paths (announcement, ba...
CVE-2026-64095 batman-adv: bla: avoid double decrement of bla.num_requests
In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: avoid double decrement of bla.numrequests The bla.numrequests is increased when no requestsent was in progress. And it is decremented in various places announcement was received, backbone is purged, periodic work...
CVE-2026-64095
In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: avoid double decrement of bla.numrequests The bla.numrequests is increased when no requestsent was in progress. And it is decremented in various places announcement was received, backbone is purged, periodic work...
CVE-2026-64093
The CVE-2026-64093 issue is in batman-adv’s TP meter cleanup within the Linux kernel. The defect arose from batadv_tp_sender_cleanup() calling timer_delete_sync() and then timer_delete(), creating a double-deletion scenario that could permit re-arming after cleanup. The root cause is a timer that...
CVE-2026-64093 batman-adv: tp_meter: directly shut down timer on cleanup
In the Linux kernel, the following vulnerability has been resolved: batman-adv: tpmeter: directly shut down timer on cleanup batadvtpsendercleanup was calling timerdeletesync followed by timerdelete to guard against the timer handler re-arming itself between the two calls. This double-deletion ha...
EUVD-2026-45778
In the Linux kernel, the following vulnerability has been resolved: batman-adv: tpmeter: directly shut down timer on cleanup batadvtpsendercleanup was calling timerdeletesync followed by timerdelete to guard against the timer handler re-arming itself between the two calls. This double-deletion ha...
EUVD-2026-45627
In the Linux kernel, the following vulnerability has been resolved: net: shaper: reject duplicate leaves in GROUP request netshapernlgroupdoit does not deduplicate NETSHAPERALEAVES entries. When userspace supplies the same leaf handle twice, the same old-parent pointer lands twice in oldnodes. Th...
CVE-2026-64038 hwmon: (lm90) Stop work before releasing hwmon device
In the Linux kernel, the following vulnerability has been resolved: hwmon: lm90 Stop work before releasing hwmon device Sashiko reports: In lm90probe, the devm action to cancel the alertwork and reportwork lm90restoreconf is registered in lm90initclient before devmhwmondeviceregisterwithinfo is...
CVE-2026-64035 igc: set tx buffer type for SMD frames
In the Linux kernel, the following vulnerability has been resolved: igc: set tx buffer type for SMD frames Sashiko pointed out that igcfpeinitsmdframe initializes igctxbuffer fields for an SMD skb, but does not set the buffer type:...
CVE-2026-64035
The CVE-2026-64035 issue affects the Linux kernel igc driver: igc_fpe_init_smd_frame() initializes igc_tx_buffer for SMD skbs but omits setting the buffer type, allowing reused entries to retain a stale XDP/XSK type and cause TX completion to take the wrong cleanup path. The fix sets the buffer t...