CVE-2026-45923

In CVE-2026-45923, the Linux kernel net/usb/catc driver did not validate endpoint descriptors during probe. catc_probe() initializes three URBs using hardcoded endpoints: usb_sndbulkpipe(usbdev, 1) and usb_rcvbulkpipe(usbdev, 1) for TX/RX, and usb_rcvintpipe(usbdev, 2) for interrupt status, which...

CVE-2026-45919 sched/rt: Skip currently executing CPU in rto_next_cpu()

In the Linux kernel, the following vulnerability has been resolved: sched/rt: Skip currently executing CPU in rtonextcpu CPU0 becomes overloaded when hosting a CPU-bound RT task, a non-CPU-bound RT task, and a CFS task stuck in kernel space. When other CPUs switch from RT to non-RT tasks, RT load...

CVE-2026-45919

The CVE-2026-45919 entry covers a Linux kernel vulnerability in the sched/rt path where CPU0 becomes overloaded during RT and non-RT task interactions, triggering self-IPI loops during RT load balancing. The root cause is that rto_next_cpu() could restart its search from -1 due to increments to r...

CVE-2026-45918

The CVE-2026-45918 entry describes a race condition in the Linux kernel related to OpenVPN keepalive processing. When a peer is removed from the hashtable and placed on a release list, the code detaches from the socket by restoring the original protocol and socket callbacks. If userspace closes t...

CVE-2026-45917

CVE-2026-45917 affects the Linux kernel’s IPVS path. A race between the netdev notifier (ip_vs_dst_event()) and the code that caches a destination with a device that is going down could allow a valid route to be returned and a leaked device reference until dest is removed. The root cause is the p...

CVE-2026-45916

CVE-2026-45916 (Linux kernel, power: supply: sbs-battery) fixes a use-after-free in power_supply_changed() caused by a race between IRQ requests and power_supply handle registration when using devm_ variants. If the IRQ is requested before the power_supply handle is registered, an interrupt can f...

CVE-2026-45916 power: supply: sbs-battery: Fix use-after-free in power_supply_changed()

In the Linux kernel, the following vulnerability has been resolved: power: supply: sbs-battery: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...

CVE-2026-45914

CVE-2026-45914 concerns a Linux kernel issue where a patch reverting a previous ibmpex hwmon use-after-free fix potentially introduces a new race. The description notes that the revert may set the driver data (dev_get_drvdata()) to NULL and then remove sensor attributes, creating a window where i...

CVE-2026-45913 net: bridge: mcast: always update mdb_n_entries for vlan contexts

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mcast: always update mdbnentries for vlan contexts syzbot triggered a warning1 about the number of mdb entries in a context. It turned out that there are multiple ways to trigger that warning today some got added...

CVE-2026-45912

In the Linux kernel, the following vulnerability has been resolved: ext4: don't cache extent during splitting extent Caching extents during the splitting process is risky, as it may result in stale extents remaining in the status tree. Moreover, in most cases, the corresponding extent block entri...

CVE-2026-45909

CVE-2026-45909 pertains to the Linux kernel Mediatek clock-gate driver. The fix removes __initconst from mtk_gate structures because, since commit 8ceff24a... the gate structs are used at runtime, not just for initialization. Documents indicate this resolves a runtime-access issue with potentiall...

CVE-2026-45909 clk: mediatek: Drop __initconst from gates

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Drop initconst from gates Since commit 8ceff24a754a "clk: mediatek: clk-gate: Refactor mtkclkregistergate to use mtkgate struct" the mtkgate structs are no longer just used for initialization/registration, but also...

CVE-2026-45908

The CVE affects the Linux kernel’s accel/amdxdna path. The amdxdna_ubuf_map() function allocates memory for sg and internal sg table structures but fails to free them if subsequent operations (sg_alloc_table_from_pages or dma_map_sgtable) fail, causing a memory leak. The entry notes that this vul...

CVE-2026-45907

CVE-2026-45907 : In the Linux kernel, the net/mlx5e subsystem could deadlock between devlink and netdev instance locks due to incorrect lock ordering during recovery. The fix moves netdev_trylock usage from high-level work handlers to the lower recovery functions where it’s actually required, ali...

CVE-2026-45906 power: supply: pf1550: Fix use-after-free in power_supply_changed()

In the Linux kernel, the following vulnerability has been resolved: power: supply: pf1550: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...

CVE-2026-45906

Summary: CVE-2026-45906 affects the Linux kernel’s power_supply handling. A race condition can occur when using devm_ variants for IRQ request and power_supply handle registration, causing an IRQ to fire after the power_supply handle has been freed but before IRQ unregistration, or before the han...

CVE-2026-45905 xfrm: fix ip_rt_bug race in icmp_route_lookup reverse path

In the Linux kernel, the following vulnerability has been resolved: xfrm: fix iprtbug race in icmproutelookup reverse path icmproutelookup performs multiple route lookups to find a suitable route for sending ICMP error messages, with special handling for XFRM IPsec policies. The lookup sequence i...

CVE-2026-45903 bpf: Fix memory access flags in helper prototypes

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory access flags in helper prototypes After commit 37cce22dbd51 "bpf: verifier: Refactor helper access type tracking", the verifier started relying on the access type flags in helper function prototypes to perform...

CVE-2026-45902 power: supply: bq256xx: Fix use-after-free in power_supply_changed()

In the Linux kernel, the following vulnerability has been resolved: power: supply: bq256xx: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...

CVE-2026-45902

In the Linux kernel, CVE-2026-45902 involves a use-after-free race in the power_supply_changed() path for the bq256xx power supply. The issue arises when requesting an IRQ via devm_ before registering the power_supply handle, causing the handle to be freed/unregistered too late or too soon and po...