CVE-2026-45983

In CVE-2026-45983, the Linux kernel NFS server (nfsd) vulnerability stems from idmap lookup upcalls during v4 request decoding: if upcall responses are delayed beyond the time limit, cache_check() postpones the request and it gets dropped, causing NFSD4_SLOT_INUSE to block subsequent SEQUENCE ope...

CVE-2026-45981

CVE-2026-45981 (Linux kernel, s390/cio): The vulnerability stems from device lifecycle mismanagement in css_alloc_subchannel() where, if dma_set_coherent_mask() or dma_set_mask() fails, the error path frees the subchannel without proper device model reference counting. After device_initialize() i...

CVE-2026-45981 s390/cio: Fix device lifecycle handling in css_alloc_subchannel()

In the Linux kernel, the following vulnerability has been resolved: s390/cio: Fix device lifecycle handling in cssallocsubchannel cssallocsubchannel calls deviceinitialize before setting up the DMA masks. If dmasetcoherentmask or dmasetmask fails, the error path frees the subchannel structure...

CVE-2026-45976

Summary: CVE-2026-45976 affects the Linux kernel’s drm/amdgpu driver, where amdgpu_nbio_ras_sw_init() failing inside amdgpu_ras_init() could leak memory because the allocated con structure wasn’t freed. The fix makes the function jump to release_con to properly clean up before returning the error...

CVE-2026-45973

CVE-2026-45973 affects the Linux kernel’s RDMA/mlx5 driver. A race during firmware reset in LAG mode could cause the driver to hang indefinitely while waiting for UMR completion on device unload, because the master/bond device would miss slave sys_error events. The fix adds a sys_error notifier r...

CVE-2026-45973 RDMA/mlx5: Fix UMR hang in LAG error state unload

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix UMR hang in LAG error state unload During firmware reset in LAG mode, a race condition causes the driver to hang indefinitely while waiting for UMR completion during device unload. See 1. In LAG mode the bond devic...

CVE-2026-45972 smb: client: fix potential UAF and double free in smb2_open_file()

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2openfile Zero out @erriov and @errbuftype before retrying SMB2open to prevent an UAF bug if @data != NULL, otherwise a double free...

CVE-2026-45966

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL pointer dereference in unixneedsrevalidation When receiving file descriptors via SCMRIGHTS, both the socket pointer and the socket's sk pointer can be NULL during socket setup or teardown, causing NULL pointer...

CVE-2026-45964

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix gssauth kref leak in gssallocmsg error path Commit 5940d1cf9f42 "SUNRPC: Rebalance a kref in authgss.c" added a krefget&gssauth-kref call to balance the gssputauth done in gssreleasemsg, but forgot to add a...

CVE-2026-45964 SUNRPC: fix gss_auth kref leak in gss_alloc_msg error path

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix gssauth kref leak in gssallocmsg error path Commit 5940d1cf9f42 "SUNRPC: Rebalance a kref in authgss.c" added a krefget&gssauth-kref call to balance the gssputauth done in gssreleasemsg, but forgot to add a...

CVE-2026-45961

CVE-2026-45961 in the Linux kernel’s GFS2 filesystem is fixed: memory leaks occur on gfs2_fill_super() error paths when transitioning to read-write mode. Two leaks are addressed: (1) kernel thread objects (logd, quotad) not destroyed after init_threads() if failure occurs; (2) a quota bitmap buff...

CVE-2026-45961 gfs2: fix memory leaks in gfs2_fill_super error path

In the Linux kernel, the following vulnerability has been resolved: gfs2: fix memory leaks in gfs2fillsuper error path Fix two memory leaks in the gfs2fillsuper error handling path when transitioning a filesystem to read-write mode fails. First leak: kthread objects threadstruct, taskstruct, etc...

CVE-2026-45961

In the Linux kernel, the following vulnerability has been resolved: gfs2: fix memory leaks in gfs2fillsuper error path Fix two memory leaks in the gfs2fillsuper error handling path when transitioning a filesystem to read-write mode fails. First leak: kthread objects threadstruct, taskstruct, etc...

CVE-2026-45960

CVE-2026-45960 concerns the Linux kernel hfsplus filesystem. The root cause is in hfs_bnode_create(): when a node is already hashed, it returns the existing node without incrementing its reference count, causing refcnt inconsistency and a kernel panic during hfs_bnode_put(). The vulnerability is ...

CVE-2026-45960 hfsplus: return error when node already exists in hfs_bnode_create

In the Linux kernel, the following vulnerability has been resolved: hfsplus: return error when node already exists in hfsbnodecreate When hfsbnodecreate finds that a node is already hashed which should not happen in normal operation, it currently returns the existing node without incrementing its...

CVE-2026-45950

CVE-2026-45950 : Linux kernel vulnerability in crypto: starfive, where the function starfive_aes_aead_do_one_req() allocates rctx->adata via kzalloc() but fails to free it on certain error paths (sg_copy_to_buffer(), starfive_aes_hw_init()), causing memory leaks. The issue is resolved by ensur...

CVE-2026-45950 crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req()

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Fix memory leak in starfiveaesaeaddoonereq The starfiveaesaeaddoonereq function allocates rctx-adata with kzalloc but fails to free it if sgcopytobuffer or starfiveaeshwinit fails, which lead to memory leaks...

CVE-2026-45947

CVE-2026-45947 concerns a memory leak in the Linux kernel DRM/AMD GPU code: amdgpu_acpi_enumerate_xcc() may return -ENOMEM from amdgpu_acpi_dev_init() without freeing the allocated xcc_info, causing a leak. The linked fixes in the Ubuntu/RootOS/NVD/SUSE entries indicate a patch to ensure xcc_info...

CVE-2026-45947 drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc()

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix memory leak in amdgpuacpienumeratexcc In amdgpuacpienumeratexcc, if amdgpuacpidevinit returns -ENOMEM, the function returns directly without releasing the allocated xccinfo, resulting in a memory leak. Fix this by...

CVE-2026-45941 tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure

In the Linux kernel, the following vulnerability has been resolved: tpm: tpmi2cinfineon: Fix locality leak on getburstcount failure getburstcount can return -EBUSY on timeout. When this happens, the function returns directly without releasing the locality that was acquired at the beginning of...