CVE-2026-46211

The CVE-2026-46211 issue affects the Linux kernel DRM MSM GEM path (drm/msm/gem). The function msm_ioctl_gem_info_get_metadata() erroneously returns 0 regardless of errors, causing user-space to misinterpret failed copies (copy_to_user) or small user buffers as successes. Additionally, kmemdup() ...

CVE-2026-46211

In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: fix error handling in msmioctlgeminfogetmetadata msmioctlgeminfogetmetadata always returns 0 regardless of errors. When copytouser fails or the user buffer is too small, the error code stored in ret is ignored becaus...

CVE-2026-46197

The CVE-2026-46197 issue affects the Linux kernel DRM/AMDKFD component, where the nattr field validation for SVM ioctl was insufficient against the reported buffer size, enabling out-of-bounds access via a user-controlled attribute count. The root cause is input size validation failure in the SVM...

CVE-2026-46197

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: validate SVM ioctl nattr against buffer size Validate nattr field against the buffer size, preventing out-of-bounds buffer access via user-controlled attribute count. cherry picked from commit...

CVE-2026-46167

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl Just like in a previous problem in this driver, usblpctrlmsg will collapse the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferre...

CVE-2026-46167

In the Linux kernel driver usb/usblp, CVE-2026-46167 fixes an uninitialized heap leak exposed via LPGETSTATUS. The bug arises because usblp_ctrl_msg() collapses usb_control_msg() return values to 0/-errno, leaving statusbuf (kmalloc(8)) uninitialized before the first LPGETSTATUS ioctl. If a print...

CVE-2026-46159

The CVE concerns the Linux kernel's btrfs_ioctl_space_info() where a TOCTOU race between two passes over block group RAID type lists can leak kernel data to userspace. The first pass counts entries to determine alloc_size, then the second pass fills the buffer; releasing groups_sem between passes...

EUVD-2026-32778

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblpctrlmsg collapses the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GETDEVICE...

PT-2026-44334

In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: fix error handling in msm ioctl gem info get metadata msm ioctl gem info get metadata always returns 0 regardless of errors. When copy to user fails or the user buffer is too small, the error code stored in ret is...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the LPGETSTATUS ioctl command in the usblp driver. This command fails to initialize heap memory,...

PT-2026-44282

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix btrfs ioctl space info slot count TOCTOU which can lead to info-leak btrfs ioctl space info has a TOCTOU race between two passes over the block group RAID type lists. The first pass counts entries to determine the...

CVE-2026-45956

A flaw was found in the Linux kernel's drm/exynos component. This vulnerability arises from an incorrect lookup of device information within the vidiconnectionioctl function, where the system uses an improper pointer to access data. This can lead to memory corruption, which means the system might...

EUVD-2026-32240

In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use priv-vididev for ctx lookup in vidiconnectionioctl vidiconnectionioctl retrieves the driverdata from drmdev-dev to obtain a struct vidicontext pointer. However, drmdev-dev is the exynos-drm master device, an...

Exploit for CVE-2026-0828

CVE-2026-0828 — Safetica ProcessMonitorDriver.sys BYOVD PoC S...

UBUNTU-CVE-2026-45958

In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: fix to avoid directly dereferencing user pointer In vidiconnectionioctl, vidi-ediduser pointer is directly dereferenced in the kernel. This allows arbitrary kernel memory access from the user space, so instead o...

CVE-2026-45956

The CVE affects the Linux kernel’s DRM Exynos driver (vidi) where vidi_connection_ioctl() looked up the struct vidi_context via drm_dev->dev, which held the exynos-drm master device instead of the vidi device. The root cause is using the wrong driver_data, leading to null pointer dereferences,...

CVE-2026-45956

In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use priv-vididev for ctx lookup in vidiconnectionioctl vidiconnectionioctl retrieves the driverdata from drmdev-dev to obtain a struct vidicontext pointer. However, drmdev-dev is the exynos-drm master device, an...

Linux Distros Unpatched Vulnerability : CVE-2026-45956

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/exynos: vidi: use priv-vididev for ctx lookup in vidiconnectionioctl vidiconnectionioctl retrieves the driverdata from drmdev-dev to obtain a struct...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the exynos-drm driver’s viidiconnectionioctl function, which directly derefreshes user-space...

PT-2026-43823

In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use priv-vidi dev for ctx lookup in vidi connection ioctl vidi connection ioctl retrieves the driver data from drm dev-dev to obtain a struct vidi context pointer. However, drm dev-dev is the exynos-drm master...