CVE-2026-45981 s390/cio: Fix device lifecycle handling in css_alloc_subchannel()

In the Linux kernel, the following vulnerability has been resolved: s390/cio: Fix device lifecycle handling in cssallocsubchannel cssallocsubchannel calls deviceinitialize before setting up the DMA masks. If dmasetcoherentmask or dmasetmask fails, the error path frees the subchannel structure...

CVE-2026-45976

CVE-2026-45976 affects the Linux kernel DRM/AMDGPU ras init path. The root cause is a memory leak: when amdgpu_nbio_ras_sw_init() fails inside amdgpu_ras_init(), the function returns without freeing the allocated con structure. The fix jumps to the release_con label to properly release the alloca...

CVE-2026-45973 RDMA/mlx5: Fix UMR hang in LAG error state unload

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix UMR hang in LAG error state unload During firmware reset in LAG mode, a race condition causes the driver to hang indefinitely while waiting for UMR completion during device unload. See 1. In LAG mode the bond devic...

CVE-2026-45973

Summary: CVE-2026-45973 affects the Linux kernel RDMA mlx5 stack, causing an indefinite hang during device unload in LAG mode due to a race between master/slave error handling and UMR completion. The root cause is that, in LAG, the bond device is registered only on the master and may miss sys_err...

CVE-2026-45972 smb: client: fix potential UAF and double free in smb2_open_file()

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2openfile Zero out @erriov and @errbuftype before retrying SMB2open to prevent an UAF bug if @data != NULL, otherwise a double free...

CVE-2026-45966

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL pointer dereference in unixneedsrevalidation When receiving file descriptors via SCMRIGHTS, both the socket pointer and the socket's sk pointer can be NULL during socket setup or teardown, causing NULL pointer...

CVE-2026-45964 SUNRPC: fix gss_auth kref leak in gss_alloc_msg error path

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix gssauth kref leak in gssallocmsg error path Commit 5940d1cf9f42 "SUNRPC: Rebalance a kref in authgss.c" added a krefget&gssauth-kref call to balance the gssputauth done in gssreleasemsg, but forgot to add a...

CVE-2026-45964

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix gssauth kref leak in gssallocmsg error path Commit 5940d1cf9f42 "SUNRPC: Rebalance a kref in authgss.c" added a krefget&gssauth-kref call to balance the gssputauth done in gssreleasemsg, but forgot to add a...

CVE-2026-45961

The CVE-2026-45961 entry concerns the Linux kernel gfs2 subsystem. It fixes two memory leaks in gfs2_fill_super() error paths when transitioning a filesystem to read-write mode: (1) kernel thread objects (logd/quotad) leaked if gfs2_freeze_lock_shared() fails after init_threads(), because fail_pe...

CVE-2026-45961 gfs2: fix memory leaks in gfs2_fill_super error path

In the Linux kernel, the following vulnerability has been resolved: gfs2: fix memory leaks in gfs2fillsuper error path Fix two memory leaks in the gfs2fillsuper error handling path when transitioning a filesystem to read-write mode fails. First leak: kthread objects threadstruct, taskstruct, etc...

CVE-2026-45961

In the Linux kernel, the following vulnerability has been resolved: gfs2: fix memory leaks in gfs2fillsuper error path Fix two memory leaks in the gfs2fillsuper error handling path when transitioning a filesystem to read-write mode fails. First leak: kthread objects threadstruct, taskstruct, etc...

CVE-2026-45960 hfsplus: return error when node already exists in hfs_bnode_create

In the Linux kernel, the following vulnerability has been resolved: hfsplus: return error when node already exists in hfsbnodecreate When hfsbnodecreate finds that a node is already hashed which should not happen in normal operation, it currently returns the existing node without incrementing its...

CVE-2026-45960

In the Linux kernel hfsplus module, CVE-2026-45960 describes a scenario where hfs_bnode_create() returns an existing node if a node is already hashed, without incrementing its refcnt. This caused reference-count inconsistencies and could trigger a kernel panic during hfs_bnode_put(). The fix chan...

CVE-2026-45950 crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req()

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Fix memory leak in starfiveaesaeaddoonereq The starfiveaesaeaddoonereq function allocates rctx-adata with kzalloc but fails to free it if sgcopytobuffer or starfiveaeshwinit fails, which lead to memory leaks...

CVE-2026-45950

In the Linux kernel, CVE-2026-45950 concerns a memory leak in crypto: starfive via starfive_aes_aead_do_one_req(). The function kzalloc() allocates rctx->adata but there was no corresponding free on failure paths (sg_copy_to_buffer() or starfive_aes_hw_init()), leading to leaks. The fix adds c...

CVE-2026-45947

In the Linux kernel DRM/AMDGPU code, a memory leak was fixed in amdgpu_acpi_enumerate_xcc(). If amdgpu_acpi_dev_init() returns -ENOMEM, xcc_info could be leaked because it wasn’t freed in the error path. The fix ensures that xcc_info is properly freed on error paths, preventing the leak. This ana...

CVE-2026-45947 drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc()

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix memory leak in amdgpuacpienumeratexcc In amdgpuacpienumeratexcc, if amdgpuacpidevinit returns -ENOMEM, the function returns directly without releasing the allocated xccinfo, resulting in a memory leak. Fix this by...

CVE-2026-45941 tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure

In the Linux kernel, the following vulnerability has been resolved: tpm: tpmi2cinfineon: Fix locality leak on getburstcount failure getburstcount can return -EBUSY on timeout. When this happens, the function returns directly without releasing the locality that was acquired at the beginning of...

CVE-2026-45940

In the Linux kernel, CVE-2026-45940 affects the stmmac driver (GMAC4) and is resolved by changing the descriptor handling: the PL bit-field in RDES3 is now applied to all descriptors, whether last or not. Previously, some descriptors could have buf2 not fully filled, causing incorrect length calc...

CVE-2026-45939 gpib: Fix memory leak in ni_usb_init()

In the Linux kernel, the following vulnerability has been resolved: gpib: Fix memory leak in niusbinit In niusbinit, if niusbsetupinit fails, the function returns -EFAULT without freeing the allocated writes buffer, leading to a memory leak. Additionally, niusbsetupinit returns 0 on failure, whic...