CVE-2026-45901

A flaw was found in the Linux kernel's netfilter nftables component. This vulnerability allows a local attacker to cause a denial of service DoS by triggering a circular lock dependency. This occurs when nft reset, ipset list, and iptables-nft with a '-m set' rule are executed concurrently, leadi...

CVE-2026-45891

A flaw was found in the Linux kernel's hns3 network driver. This double-free vulnerability occurs due to incorrect handling of the txspare buffer during ring parameter setup. If memory allocation fails in the error cleanup path, a stale pointer to backup memory is erroneously freed twice. This ca...

CVE-2026-45894

A flaw was found in the Linux kernel's Intel VT-d Virtualization Technology for Directed I/O Scalable Mode. When a Process Address Space ID PASID table entry is being removed, the system may attempt to clear the entry before properly signaling to the hardware that the entry is no longer active...

CVE-2026-45892

A flaw was found in the Linux kernel's ext4 filesystem. This vulnerability occurs during certain buffered write operations when splitting unwritten data blocks, known as extents. A logic error can lead to an inconsistency where the filesystem's internal record of data blocks the extent status tre...

CVE-2026-45897

A flaw was found in the Linux kernel's netfilter component, specifically in how network counters are handled. This vulnerability allows for a race condition during simultaneous operations to read and reset these counters. As a result, counter values could be incorrectly reduced, leading to...

CVE-2026-45898

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA Internet Wide Area RDMA Protocol iWARP subsystem. Incorrect work submission logic in the iwcm component can lead to multiple queueing of work items. This allows a work item to be processed and freed while still present in the...

CVE-2026-45899

A flaw was found in the Linux kernel, specifically within the ext4 filesystem's extent cache management. When an operation to split an extent fails, the system may not properly clear all related entries, leading to stale extent entries remaining in the extent status tree. This can result in data...

CVE-2026-45900

A flaw was found in the Linux kernel's crypto: caam module. When the dpaa2caamprobe function attempts to set up network devices netdevs and the dpaa2dpsecidpiosetup function fails, the allocated netdevs are not properly freed. This oversight in the error handling can lead to memory leaks,...

kernel: Bluetooth: SCO: fix race conditions in sco_sock_connect()

A flaw was found in the Linux kernel, specifically within its Bluetooth Synchronous Connection-Oriented SCO component. This vulnerability occurs due to race conditions when multiple connection attempts are made simultaneously on the same Bluetooth socket. This can lead to a use-after-free error,...

kernel: netfilter: xt_tcpmss: check remaining length before reading optlen

A flaw was found in the Linux kernel, specifically within the netfilter: xttcpmss module. A remote attacker could exploit this vulnerability by sending a specially crafted TCP packet. The TCP option parser does not properly validate the remaining option length, which results in an out-of-bounds...

kernel: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq

A flaw was found in the Linux kernel's Wacom Human Interface Device HID driver. This vulnerability allows a remote attacker to trigger an out-of-bounds read by sending a specially crafted, short Bluetooth HID report. This can lead to the disclosure of sensitive information from the system's memor...

kernel: smb: client: validate the whole DACL before rewriting it in cifsacl

A flaw was found in the Linux kernel's Server Message Block SMB client, specifically within the cifsacl functionality. A malicious SMB server could provide a malformed Discretionary Access Control List DACL that claims to contain more Access Control Entries ACEs than are actually present. This...

kernel: mm/page_alloc: clear page->private in free_pages_prepare()

A flaw was found in the Linux kernel's memory management subsystem. When pages are freed, the page-private field is not properly cleared. If these pages are later reallocated as high-order pages and split, the tail pages can retain stale page-private values. This can lead to a use-after-free...

kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets

A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs because the eui64mt6 function, which processes IPv6 packets, does not properly validate the MAC header for all packets. Specifically, packets with a zero fragment offset could bypass an existing guard, allowing...

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

kernel: Bluetooth: MGMT: validate LTK enc_size on load

A flaw was found in the Linux kernel's Bluetooth management MGMT component. An attacker could exploit a vulnerability in how Long Term Keys LTK are loaded. By providing an oversized encryption size, a stack buffer overflow can occur, potentially leading to a denial of service...

kernel: net: sched: act_csum: validate nested VLAN headers

A flaw was found in the Linux kernel's network scheduler component. A remote attacker could send specially crafted network packets containing nested Virtual Local Area Network VLAN headers. This could cause the kernel to read beyond allocated memory, leading to a system crash and a denial of...

kernel: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al

In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proclseek as ones for procreaditer et.al Check pde-procops-proclseek directly may cause UAF in rmmod scenario. It's a gap in procregopen after commit 654b33ada4ab"proc: fix UAF in...

kernel: netfilter: nf_tables: release flowtable after rcu grace period on error

A flaw was found in the Linux kernel's netfilter component, specifically within the nftables subsystem. An error in releasing a flowtable after an RCU Read-Copy-Update grace period could lead to a use-after-free vulnerability. This issue could expose the flowtable to the packet path and...

kernel: nbd: defer config unlock in nbd_genl_connect

In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbdgenlconnect There is one use-after-free warning when running NBDCMDCONNECT and NBDCLEARSOCK: nbdgenlconnect nbdallocandinitconfig // configrefs=1 nbdstartdevice // configrefs=2 set NBDRTHASCONFIGREF...