180322 matches found
CVE-2026-45900
The CVE-2026-45900 issue affects the Linux kernel crypto/caam path for DPAA2: after embeddable net_dev structures were changed to dynamic pointers, error paths in dpaa2_dpseci_setup could leak netdev allocations if dpaa2_dpseci_dpio_setup() failed, even with deferred probing. The fix preserves th...
CVE-2026-45899
In the Linux kernel, the following vulnerability has been resolved: ext4: drop extent cache when splitting extent fails When the split extent fails, we might leave some extents still being processed and return an error directly, which will result in stale extent entries remaining in the extent...
CVE-2026-45899
Summary: CVE-2026-45899 is a Linux kernel ext4 issue corrected by dropping all remaining potentially stale extents when a split extent operation fails. What happens: If a split extent fails, some extents may remain in processing and an error is returned, leaving stale entries in the extent status...
CVE-2026-45898
The CVE-2026-45898 issue affects the Linux kernel’s RDMA/iwcm component, where flawed work submission logic could cause queue_work() to queue items that are still live, enabling a work item to be processed and freed while still on the workqueue and triggering list corruption. The root cause is th...
CVE-2026-45892
In the Linux kernel, the following vulnerability has been resolved: ext4: drop extent cache after doing PARTIALVALID1 zeroout When splitting an unwritten extent in the middle and converting it to initialized in ext4splitextent with the EXT4EXTMAYZEROOUT and EXT4EXTDATAVALID2 flags set, it could...
CVE-2026-45891 net: hns3: fix double free issue for tx spare buffer
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix double free issue for tx spare buffer In hns3setringparam, a temporary copy tmprings of the ring structure is created for rollback. However, the txspare pointer in the original ring handle is incorrectly left...
CVE-2026-45888
The Linux kernel md/raid1 subsystem fixes a memory leak in raid1_run. When setup_conf() registers a thread via md_register_thread() and raid1_set_limits() fails, the error path previously didn’t unregister the thread, leaking md_thread and the thread resource. The patch adds md_unregister_thread(...
CVE-2026-45887 af_unix: Fix memleak of newsk in unix_stream_connect().
In the Linux kernel, the following vulnerability has been resolved: afunix: Fix memleak of newsk in unixstreamconnect. When preparepeercred fails in unixstreamconnect, unixreleasesock is not called for newsk, and the memory is leaked. Let's move preparepeercred before unixcreate1...
CVE-2026-45887
In the Linux kernel af_unix code, the vulnerability relates to a memleak of the new socket (newsk) in unix_stream_connect(). If prepare_peercred() fails during unix_stream_connect(), unix_release_sock() is not called for the newsk, causing a memory leak. The fix moves prepare_peercred() before un...
CVE-2026-45886 bpf: Fix bpf_xdp_store_bytes proto for read-only arg
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpfxdpstorebytes proto for read-only arg While making some maps in Cilium read-only from the BPF side, we noticed that the bpfxdpstorebytes proto is incorrect. In particular, the verifier was throwing the following error...
CVE-2026-45885
In CVE-2026-45885, a race in the Linux kernel’s CPCAP battery driver is fixed: requesting the IRQ with devm_ before or after registering the power_supply handle can lead to use-after-free in power_supply_changed(). The race occurs when the power_supply handle is freed/unregistered before the IRQ ...
CVE-2026-45884
The CVE-2026-45884 issue affects the Linux kernel’s AppArmor path, where aa_get_buffer() decrements cache->hold when pulling from the per-CPU list. If hold hits 0 while count is non-zero, the unsigned decrement can wrap to UINT_MAX, keeping hold non-zero and preventing aa_put_buffer() from ret...
CVE-2026-45883
The CVE-2026-45883 entry concerns the Linux kernel iio:sca3000 driver. A resource leak occurs where spi->irq allocated via request_threaded_irq() is not released if iio_device_register() fails during sca3000_probe(). The fix adds a return-value check and jumps to a common error handler to ensu...
CVE-2026-45882 power: supply: pm8916_bms_vm: Fix use-after-free in power_supply_changed()
In the Linux kernel, the following vulnerability has been resolved: power: supply: pm8916bmsvm: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...
CVE-2026-45882
CVE-2026-45882 — mode C summary Context: Linux kernel vulnerability related to power supply handling in the pm8916_bms_vm path. What is affected: The issue occurs when the devm_ variant is used for requesting an IRQ before the devm_ variant that allocates/registers the power_supply handle. This c...
CVE-2026-45881 soc: mediatek: svs: Fix memory leak in svs_enable_debug_write()
In the Linux kernel, the following vulnerability has been resolved: soc: mediatek: svs: Fix memory leak in svsenabledebugwrite In svsenabledebugwrite, the buf allocated by memdupusernul is leaked if kstrtoint fails. Fix this by using freekfree to automatically free buf, eliminating the need for...
CVE-2026-45879
In CVE-2026-45879, the Linux kernel power: supply: bq25980 issue is a use-after-free caused by requesting the IRQ with the devm_ path before registering the power_supply handle. The race can occur during removal (IRQ firing after the power_supply handle is freed but before IRQ unregistration) or ...
CVE-2026-45877 HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: fix NULL-ptr-deref in ishtpbusremoveallclients During a warm reset flow, the cl-device pointer may be NULL if the reset occurs while clients are still being enumerated. Accessing cl-device-referencecount witho...
CVE-2026-45876 arm64/gcs: Fix error handling in arch_set_shadow_stack_status()
In the Linux kernel, the following vulnerability has been resolved: arm64/gcs: Fix error handling in archsetshadowstackstatus allocgcs returns an error-encoded pointer on failure, which comes from dommap, not NULL. The current NULL check fails to detect errors, which could lead to using an invali...
CVE-2026-45875 mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure
In the Linux kernel, the following vulnerability has been resolved: mfd: arizona: Fix regulator resource leak on wm5102clearwritesequencer failure The wm5102clearwritesequencer helper may return an error and just return, bypassing the cleanup sequence and causing regulators to remain enabled,...