CVE-2026-46241

A flaw was found in the Linux kernel's spi: mpc52xx component. This use-after-free vulnerability occurs when the controller registration fails. An attacker could potentially exploit this flaw to cause a system crash or lead to a resource leak, impacting system stability and availability...

CVE-2026-46240

A flaw was found in the Linux kernel, specifically within the media: iris driver. This vulnerability, a use-after-free, occurs when a buffer is prematurely freed by sessionreleasebuf while irisreleaseinternalbuffers continues to access it. This improper handling of memory can lead to system...

CVE-2025-71305

A flaw was found in the Linux kernel's DisplayPort Multi-Stream Transport MST subsystem. When a DisplayPort 2.1 monitor is disconnected, a timing issue can cause the Virtual Channel Packet Interval VCPI value to become zero. Subsequent operations attempting to use this zero value in a bit shift c...

CVE-2026-46015

A flaw was found in the Linux kernel's TCP networking subsystem. When an established network connection is migrated between listener sockets within the same SOREUSEPORT group, applications waiting for new connections may not be properly notified. This can cause poll, epollwait, and blocking accep...

CVE-2026-46012

A flaw was found in the Linux kernel's rxrpc subsystem. The rxkadverifyresponse function, which handles verification of responses, did not consistently release allocated memory. This oversight could lead to a memory leak, potentially causing system instability and a denial of service DoS over tim...

CVE-2026-46105

A flaw was found in the mpt3sas driver within the Linux kernel. This vulnerability allows for oversized Non-Volatile Memory Express NVMe input/output I/O operations due to improper size limitations. An attacker or a malicious NVMe device could exploit this by issuing I/O requests that exceed the...

CVE-2026-46106

A flaw was found in the Linux kernel's eventfs component. This vulnerability allows a local attacker to trigger a race condition during remount operations. By exploiting insufficient locking mechanisms when processing event descriptors, an attacker can cause memory corruption, leading to a denial...

CVE-2026-46107

A flaw was found in the Linux kernel's Device Mapper dm-thin component. This vulnerability, a metadata reference count underflow, occurs in the rebalancechildren function. When an internal btree node with a single entry is shared, the system incorrectly tracks the usage of child nodes. This can...

CVE-2026-46111

A flaw was found in the Linux kernel's Bluetooth subsystem. The createbigcomplete function, when handling errors during the creation of a Bluetooth Isochronous Group BIG synchronization, could attempt to access memory that has already been freed. This use-after-free UAF vulnerability could allow ...

CVE-2026-46113

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine x86 shadow paging mechanism. This use-after-free vulnerability arises from incorrect handling of Guest Frame Numbers GFNs when guest page tables are modified. A local attacker with control over a guest virtual machine could...

CVE-2026-46115

A flaw was found in the Linux kernel's block subsystem. The biovecphysmergeable function, which combines physically contiguous memory segments, lacked a check to ensure these segments belonged to the same device page map devpagemap. This omission could result in the incorrect identification of th...

CVE-2026-46114

A flaw was found in the Linux kernel's RDMA Remote Direct Memory Access subsystem, specifically within the rxe driver. A remote attacker could exploit this vulnerability by sending a specially crafted ATOMICWRITE request with a zero-byte payload. This improper handling of non-8-byte ATOMICWRITE...

CVE-2026-46119

A flaw was found in the Linux kernel's libceph component. A remote attacker could exploit this vulnerability by sending a specially crafted CEPHMSGAUTHREPLY message. When the message's result field contains a positive value, it can be misinterpreted as a buffer size, leading to a slab-out-of-boun...

CVE-2026-46121

A flaw was found in the Linux kernel's DAMON Data Access MONitor sysfs interface. A race condition exists between read and write operations on the memcgpath and path files. This allows a local attacker, by performing concurrent reads and writes with separate file handles, to trigger a...

CVE-2026-46123

A flaw was found in the Linux kernel's virtio Bluetooth virtiobt driver. A malicious or faulty virtualized Bluetooth device could send a specially crafted message with an incorrect length. This could lead to the kernel reading uninitialized memory, potentially exposing sensitive information from...

CVE-2026-46127

A flaw was found in the Linux kernel, specifically within the RDMA Remote Direct Memory Access ocrdma driver. This vulnerability arises from an uninitialized pointer in the ocrdmacopypduresp function's error handling, which can lead to a NULL dereference. An attacker could exploit this to cause a...

CVE-2026-46126

A flaw was found in the Linux kernel's RDMA/mana component. This issue occurs during the error unwind flow in the manaibcreateqprss function, specifically related to the Work Queue WQ table cleanup. Incorrect handling of the cleanup process, including a double decrement and an undone operation,...

CVE-2026-46132

A flaw was found in the Linux kernel's rtnetlink component. The rtnlfillvfinfo function declares a structure on the stack without full initialization. When processing RTMGETLINK requests with a specific attribute, an unprivileged local process can exploit this to read up to 26 bytes of...

CVE-2026-46133

A flaw was found in the Linux kernel's Soft RoCE RDMA/rxe driver. An unauthenticated remote attacker can send a specially crafted UDP packet with an unknown opcode to trigger an out-of-bounds read. This vulnerability can lead to a kernel panic, effectively causing a Denial of Service DoS on the...

CVE-2026-46139

A flaw was found in the Linux kernel's Server Message Block SMB client. When building an Access Control List ACL descriptor, a buffer was not properly zero-initialized, leaving a reserved field with uninitialized heap data. This can lead to Samba rejecting the security descriptor, causing chmod...