8655 matches found
UBUNTU-CVE-2026-45862
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Flush cache for PASID table before using it When writing the address of a freshly allocated zero-initialized PASID table to a PASID directory entry, do that after the CPU cache flush for this PASID table, not before i...
CVE-2026-46101
CVE-2026-46101 relates to the Linux kernel netfilter component, specifically the nft_bitwise operation. The issue arises from zero shift operands in left/right shift expressions during initialization. The carry propagation logic uses BITS_PER_TYPE(u32) - shift; a zero shift operand can produce a ...
CVE-2026-46101 netfilter: reject zero shift in nft_bitwise
In the Linux kernel, the following vulnerability has been resolved: netfilter: reject zero shift in nftbitwise Reject zero shift operands for nftbitwise left and right shift expressions during initialization. The carry propagation logic computes the carry from the adjacent 32-bit word using...
CVE-2026-46101
In the Linux kernel, the following vulnerability has been resolved: netfilter: reject zero shift in nftbitwise Reject zero shift operands for nftbitwise left and right shift expressions during initialization. The carry propagation logic computes the carry from the adjacent 32-bit word using...
CVE-2026-46088
In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Validate buflen before strnlen in sndctleleminitenumnames sndctleleminitenumnames advances pointer p through the names buffer while decrementing buflen. If buflen reaches zero but items remain, the next iteration...
CVE-2026-46049
In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Add fallback to default RSR for S/PDIF spdifpassthruplaybackgetresources uses atc-pllrate as the RSR for the MSR calculation loop. However, pllrate is only updated in atcpllinit and not in hwpllinit, so it remains 0...
CVE-2026-46044
The CVE-2026-46044 entry concerns the Linux kernel’s ipmi:ssif path. Affected component is the ssif kthread used during IPMI interface initialization. The issue occurs when an error happens after the ssif kthread is created but before the main IPMI code starts the ssif interface, leading to the k...
EUVD-2026-32409
In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - snapshot IV for async AEAD requests AFALG AEAD AIO requests currently use the socket-wide IV buffer during request processing. For async requests, later socket activity can update that shared state before the...
CVE-2026-46028
Technical details about CVE-2026-46028 are not publicly available in the provided documents. Monitor for updates.
CVE-2025-71311
The CVE-2025-71311 vulnerability affects the Linux kernel’s ntfs3 code path. It arises when allocating new folios during ntfs_compress_write: if folios are not marked uptodate and ni_read_frame() is skipped because the caller expects a complete overwrite, some reserved folios may remain partially...
CVE-2026-45977 fbnic: close fw_log race between users and teardown
In the Linux kernel, the following vulnerability has been resolved: fbnic: close fwlog race between users and teardown Fixes a theoretical race on fwlog between the teardown path and fwlog write functions. fwlog is written inside fbnicfwlogwrite and can be reached from the mailbox handler...
CVE-2026-45976
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix memory leak in amdgpurasinit When amdgpunbiorasswinit fails in amdgpurasinit, the function returns directly without freeing the allocated con structure, leading to a memory leak. Fix this by jumping to the...
CVE-2026-45976
CVE-2026-45976 affects the Linux kernel DRM/AMDGPU ras init path. The root cause is a memory leak: when amdgpu_nbio_ras_sw_init() fails inside amdgpu_ras_init(), the function returns without freeing the allocated con structure. The fix jumps to the release_con label to properly release the alloca...
CVE-2026-45976 drm/amdgpu: Fix memory leak in amdgpu_ras_init()
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix memory leak in amdgpurasinit When amdgpunbiorasswinit fails in amdgpurasinit, the function returns directly without freeing the allocated con structure, leading to a memory leak. Fix this by jumping to the...
CVE-2026-45961 gfs2: fix memory leaks in gfs2_fill_super error path
In the Linux kernel, the following vulnerability has been resolved: gfs2: fix memory leaks in gfs2fillsuper error path Fix two memory leaks in the gfs2fillsuper error handling path when transitioning a filesystem to read-write mode fails. First leak: kthread objects threadstruct, taskstruct, etc...
CVE-2026-45947
In the Linux kernel DRM/AMDGPU code, a memory leak was fixed in amdgpu_acpi_enumerate_xcc(). If amdgpu_acpi_dev_init() returns -ENOMEM, xcc_info could be leaked because it wasn’t freed in the error path. The fix ensures that xcc_info is properly freed on error paths, preventing the leak. This ana...
CVE-2026-45930
CVE-2026-45930 concerns the Linux kernel net:mctp subsystem. The issue involves RTM_GETNEIGH potentially returning uninitialized data in the pad bytes of ndmsg data within netlink responses. The description confirms a fix that initializes netlink data to zero in the link, addr, and neigh response...
CVE-2026-45909 clk: mediatek: Drop __initconst from gates
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Drop initconst from gates Since commit 8ceff24a754a "clk: mediatek: clk-gate: Refactor mtkclkregistergate to use mtkgate struct" the mtkgate structs are no longer just used for initialization/registration, but also...
CVE-2026-45858
CVE-2026-45858 affects the Linux kernel ext4 code. The issue occurs when allocating initialized blocks from a large unwritten extent or splitting an unwritten extent during end I/O, potentially leaving stale data if a split happens in the middle. The problem centers on ext4_split_extent() splitti...
CVE-2026-45852 RDMA/rxe: Fix double free in rxe_srq_from_init
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix double free in rxesrqfrominit In rxesrqfrominit, the queue pointer 'q' is assigned to 'srq-rq.queue' before copying the SRQ number to user space. If copytouser fails, the function calls rxequeuecleanup to free the...