CVE-2026-45934

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation I have been observing a number of systems aborting at insertdevextents in btrfscreatependingblockgroups. The following is a sample stack trace of such an abo...

CVE-2026-45934 btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation I have been observing a number of systems aborting at insertdevextents in btrfscreatependingblockgroups. The following is a sample stack trace of such an abo...

CVE-2026-45927 bpf: Require frozen map for calculating map hash

In the Linux kernel, the following vulnerability has been resolved: bpf: Require frozen map for calculating map hash Currently, bpfmapgetinfobyfd calculates and caches the hash of the map regardless of the map's frozen state. This leads to a TOCTOU bug where userspace can call BPFOBJGETINFOBYFD t...

CVE-2026-45927

In CVE-2026-45927, the Linux kernel BPF path bpf_map_get_info_by_fd caches the map hash regardless of the map’s frozen state, enabling a TOCTOU where a loader could verify a stale hash before freezing contents. The fix returns -EPERM if the map is not frozen when the hash is requested, ensuring t...

CVE-2026-45926

In the Linux kernel, the following vulnerability has been resolved: rust: pwm: Fix potential memory leak on init error When initializing a PWM chip using pwmchipalloc, the allocated device owns an initial reference that must be released on all error paths. If pinnedinit were to fail, the allocate...

CVE-2026-45926

In the Linux kernel PWM subsystem, CVE-2026-45926 fixes a memory leak on init error in pwmchip_alloc(). If __pinned_init() fails, the allocated pwm_chip could leak because error paths did not call pwmchip_put(). The patch ensures the initial reference is released on all error paths, preventing a ...

CVE-2026-45926 rust: pwm: Fix potential memory leak on init error

In the Linux kernel, the following vulnerability has been resolved: rust: pwm: Fix potential memory leak on init error When initializing a PWM chip using pwmchipalloc, the allocated device owns an initial reference that must be released on all error paths. If pinnedinit were to fail, the allocate...

CVE-2026-45922

CVE-2026-45922 concerns the Linux kernel RDMA/mlx5 component. The vulnerability stems from MLX5_IB_METHOD_GET_DATA_DIRECT_SYSFS_PATH: when the device path length exceeds the output buffer, the function returns -ENOSPC but fails to free memory allocated via kobject_get_path(), causing a memory lea...

CVE-2026-45922 RDMA/mlx5: Fix memory leak in GET_DATA_DIRECT_SYSFS_PATH handler

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix memory leak in GETDATADIRECTSYSFSPATH handler The UVERBSHANDLERMLX5IBMETHODGETDATADIRECTSYSFSPATH function allocates memory for the device path using kobjectgetpath. If the length of the device path exceeds the...

CVE-2026-45921 mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse()

In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: Fix memory leak in mtdparsertplinksafeloaderparse The function mtdparsertplinksafeloaderparse allocates buf via mtdparsertplinksafeloaderreadtable. If the allocation for partsidx.name fails inside the loop, the code...

CVE-2026-45921

In the Linux kernel, the memory leak in mtd_parser_tplink_safeloader_parse() was resolved. The function allocates a temporary buffer buf via mtd_parser_tplink_safeloader_read_table(), and if parts[idx].name allocation fails inside the loop, control jumps to err_free without freeing buf. The fix a...

CVE-2026-45915 fat: avoid parent link count underflow in rmdir

In the Linux kernel, the following vulnerability has been resolved: fat: avoid parent link count underflow in rmdir Corrupted FAT images can leave a directory inode with an incorrect inlink e.g. 2 even though subdirectories exist. rmdir then unconditionally calls dropnlinkdir and can drive inlink...

CVE-2026-45904

In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: fix recursive pcilockrescanremove locking in EEH event handling The recent commit 1010b4c012b0 "powerpc/eeh: Make EEH driver device hotplug safe" restructured the EEH driver to improve synchronization with the PCI...

CVE-2026-45904 powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling

In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: fix recursive pcilockrescanremove locking in EEH event handling The recent commit 1010b4c012b0 "powerpc/eeh: Make EEH driver device hotplug safe" restructured the EEH driver to improve synchronization with the PCI...

CVE-2026-45899

Summary: CVE-2026-45899 is a Linux kernel ext4 issue corrected by dropping all remaining potentially stale extents when a split extent operation fails. What happens: If a split extent fails, some extents may remain in processing and an error is returned, leaving stale entries in the extent status...

CVE-2026-45899 ext4: drop extent cache when splitting extent fails

In the Linux kernel, the following vulnerability has been resolved: ext4: drop extent cache when splitting extent fails When the split extent fails, we might leave some extents still being processed and return an error directly, which will result in stale extent entries remaining in the extent...

CVE-2026-45891 net: hns3: fix double free issue for tx spare buffer

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix double free issue for tx spare buffer In hns3setringparam, a temporary copy tmprings of the ring structure is created for rollback. However, the txspare pointer in the original ring handle is incorrectly left...

CVE-2026-45888

The Linux kernel md/raid1 subsystem fixes a memory leak in raid1_run. When setup_conf() registers a thread via md_register_thread() and raid1_set_limits() fails, the error path previously didn’t unregister the thread, leaking md_thread and the thread resource. The patch adds md_unregister_thread(...

CVE-2026-45888 md/raid1: fix memory leak in raid1_run()

In the Linux kernel, the following vulnerability has been resolved: md/raid1: fix memory leak in raid1run raid1run calls setupconf which registers a thread via mdregisterthread. If raid1setlimits fails, the previously registered thread is not unregistered, resulting in a memory leak of the mdthre...

CVE-2026-45883

The CVE-2026-45883 entry concerns the Linux kernel iio:sca3000 driver. A resource leak occurs where spi->irq allocated via request_threaded_irq() is not released if iio_device_register() fails during sca3000_probe(). The fix adds a return-value check and jumps to a common error handler to ensu...