63118 matches found
EUVD-2026-45714
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Correctly cap ZCREL2 provided by a guest hypervisor ZCREL2 can be updated by a VHE guest hypervisor either using ZCREL2 which traps or ZCREL1 which does not trap. KVM handles both in different way: - on ZCREL2 trap,...
EUVD-2026-45696
In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: validate body pcifunc in rvumboxhandlerrepeventnotify rvumboxhandlerrepeventnotify in drivers/net/ethernet/marvell/ octeontx2/af/rvurep.c queues a sender-controlled REPEVENTNOTIFY request body verbatim, and...
CVE-2026-64153
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix iommumapsgtable return value check and avoid WARN Commit "iommu: return full error code from iommumapsgatomic" changed iommumapsgtable to return an ssizet and negative values in error cases, rather than a sizet and a...
CVE-2026-64120
In the Linux kernel, the following vulnerability has been resolved: net: ethtool: fix NULL pointer dereference in phyreplysize In phypreparedata, several strings such as 'name', 'drvname', 'upstreamsfpname', and 'downstreamsfpname' are allocated using kstrdup. However, these allocations were not...
CVE-2026-64057
In the Linux kernel, the following vulnerability has been resolved: afs: Fix the locking used by afsgetlink The afs filesystem in the kernel doesn't do locking correctly for symbolic links. There are a number of problems: 1 It doesn't do any locking around afsreadsingle to prevent races between...
CVE-2026-64060
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix leak of request in netfswritebegin error handling Fix netfswritebegin to not leak our ref on the request in the event that we get an error from netfswaitforread...
CVE-2026-64040
In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix error return when vfsmkdir fails When vfsmkdir fails, the error code is not extracted from the returned error pointer. This causes mkdirerror to be reached with ret=0, which leads to returning ERRPTR0 NULL instead...
CVE-2026-64038
In the Linux kernel, the following vulnerability has been resolved: hwmon: lm90 Stop work before releasing hwmon device Sashiko reports: In lm90probe, the devm action to cancel the alertwork and reportwork lm90restoreconf is registered in lm90initclient before devmhwmondeviceregisterwithinfo is...
CVE-2026-63915
In the Linux kernel, the following vulnerability has been resolved: nfc: hci: fix out-of-bounds read in HCP header parsing Both nfchcirecvfromllc and ncihcidatareceivedcb read packet-header from skb-data at function entry without first checking that the buffer holds at least one byte. A malicious...
CVE-2026-63913
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: tcp: do not force CLOSE on invalid-seq RST without direction check An unintended behavior in the TCP conntrack state machine allows a connection to be forced into the CLOSE state using an RST packet with an...
CVE-2026-64183
The CVE-2026-64183 issue concerns the Linux kernel where ACPI PRM calls were delegated to a runtime workqueue that could be accessed before efisubsys_init() allocated the queue, risking NULL pointer dereferences during early init. The fix splits the workqueue allocation into a dedicated postcore ...
CVE-2026-64181 mm: fix __vm_normal_page() to handle missing support for pmd_special()/pud_special()
In the Linux kernel, the following vulnerability has been resolved: mm: fix vmnormalpage to handle missing support for pmdspecial/pudspecial On x86 32-bit with THP enabled, zaphugepmd is seen to generate a "WARNING: mm/memory.c:735 at vmnormalpage+0x6a/0x7d", from the VMWARNONONCEiszeropfnpfn ||...
CVE-2026-64179
In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix potential memory leaks in ipcimeminit The memory allocated in ipcprotocolinit is not freed on the error paths that follow in ipcimeminit. Fix that by calling the corresponding release function ipcprotocoldein...
CVE-2026-64178
In CVE-2026-64178, the Linux kernel Bluetooth BNEP path fixed a use-after-free when reading dev->name in bnep_add_connection(). The root cause was reading dev->name without holding the bnep_session_sem, allowing the bnep_session() thread to free the net_device concurrently, particularly dur...
EUVD-2026-45845
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix potential for tearing in -remoteisize and -zeropoint Fix potential tearing in using -remoteisize and -zeropoint by copying isizeread and isizewrite and using the same seqcount as for isize. We need to make sure that...
CVE-2026-64155
The CVE-2026-64155 entry describes a Linux kernel fix in the ath11k WiFi driver (WMI WOW calls). Two error-path paths that returned the result of ath11k_wmi_cmd_send(...) without checking the return value could skip freeing the skb in error scenarios, potentially leaking resources. The patch adds...
CVE-2026-64155 wifi: ath11k: fix error path leaks in some WMI WOW calls
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix error path leaks in some WMI WOW calls Fix two instances where we used to directly return the result of ath11kwmicmdsend.... Because we did not check the return value, we also did not free the skb in the error...
CVE-2026-64148 pds_core: fix error handling in pdsc_devcmd_wait
In the Linux kernel, the following vulnerability has been resolved: pdscore: fix error handling in pdscdevcmdwait Fix two cases where pdscdevcmdwait returns stale success from the completion register instead of an error: 1. FW crash: If firmware stops running, the wait loop breaks early with...
CVE-2026-64147 pds_core: fix debugfs_lookup dentry leak and error handling
In the Linux kernel, the following vulnerability has been resolved: pdscore: fix debugfslookup dentry leak and error handling debugfslookup returns a dentry with an elevated reference count that must be released with dput. The current code discards the returned dentry without calling dput, causin...
CVE-2026-64147
The CVE-2026-64147 entry concerns the Linux kernel pds_core path where debugfs_lookup() leaks a dentry by not calling dput() on the returned dentry, causing a reference leak on every firmware reset recovery. Additionally, with CONFIG_DEBUG_FS disabled, debugfs_lookup() returns ERR_PTR(-ENODEV) in...