CVE-2026-45837

A flaw was found in the Linux kernel. A use-after-free vulnerability exists in the arenavmclose function during a fork operation. This occurs because the child's Virtual Memory Area VMA is not correctly registered, leading to a dangling pointer. If a child process attempts to access this stale...

CVE-2026-45841

A flaw was found in the Linux kernel's netfilter component. A local attacker with CAPNETADMIN capabilities, which grants certain network administration privileges, could trigger a divide-by-zero error by adding a specially crafted fingerprint via nfnetlink. This vulnerability could lead to a kern...

CVE-2026-45840

A flaw was found in the Linux kernel's Open vSwitch component. A local attacker, with administrative network capabilities, could exploit this by providing an overly large Process ID PID array. This action triggers a buffer overflow within the network link netlink reply mechanism, leading to a...

CVE-2026-45842

A flaw was found in the Linux kernel's SLIP Serial Line Internet Protocol and PPP Point-to-Point Protocol components. An unprivileged local user can exploit this vulnerability by manipulating the PPPIOCSMAXCID ioctl to configure the SLIP Compressed Header SLHC state incorrectly. This...

CVE-2026-45843

A flaw was found in the Linux kernel's Serial Line Internet Protocol SLIP implementation. The slhcuncompress function, which handles VJ-compressed TCP headers, fails to perform proper bounds checks during packet processing. A remote attacker could exploit this by sending a specially crafted...

CVE-2026-45844

A flaw was found in the Linux kernel's netfilter ARP Address Resolution Protocol tables. When processing IPv4-over-IEEE1394 ARP packets on IEEE1394 interfaces, the kernel incorrectly parses the ARP payload. This can lead to incorrect filtering decisions by arptables, where packets that should be...

CVE-2025-71311

The CVE-2025-71311 vulnerability affects the Linux kernel’s ntfs3 code path. It arises when allocating new folios during ntfs_compress_write: if folios are not marked uptodate and ni_read_frame() is skipped because the caller expects a complete overwrite, some reserved folios may remain partially...

CVE-2026-45846

A flaw was found in the bareudp driver of the Linux kernel. This vulnerability allows a local attacker to trigger a NULL pointer dereference in the bareudpfillmetadatadst function. This occurs because the function attempts to access a NULL socket when the bareudp device is down, leading to a syst...

CVE-2026-45845

A flaw was found in the Linux kernel's TAPRIO Traffic Policing and Rate Limiting I/O qdisc. An unprivileged local user, with namespace-scoped CAPNETADMIN capabilities, can trigger a kernel null pointer dereference. This occurs by creating a TAPRIO qdisc in a new network namespace, grafting and th...

CVE-2026-45984

The CVE-2026-45984 issue is a concrete Linux-kernel vulnerability in the GFS2 iomap inline data write path. A data buffer head (dibh) is released prematurely via release_metapath() in gfs2_iomap_begin(), while iomap->inline_data still references dibh->b_data, causing a use-after-free when i...

CVE-2026-45983 nfsd: never defer requests during idmap lookup

In the Linux kernel, the following vulnerability has been resolved: nfsd: never defer requests during idmap lookup During v4 request compound arg decoding, some ops e.g. SETATTR can trigger idmap lookup upcalls. When those upcall responses get delayed beyond the allowed time limit, cachecheck wil...

CVE-2026-45982 ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch()

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix NULL pointer dereference in acpievaddressspacedispatch Cover a missed execution path with a new check...

CVE-2026-45981 s390/cio: Fix device lifecycle handling in css_alloc_subchannel()

In the Linux kernel, the following vulnerability has been resolved: s390/cio: Fix device lifecycle handling in cssallocsubchannel cssallocsubchannel calls deviceinitialize before setting up the DMA masks. If dmasetcoherentmask or dmasetmask fails, the error path frees the subchannel structure...

CVE-2026-45980 accel/amdxdna: Stop job scheduling across aie2_release_resource()

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Stop job scheduling across aie2releaseresource Running jobs on a hardware context while it is in the process of releasing resources can lead to use-after-free and crashes. Fix this by stopping job scheduling before...

CVE-2026-45980

In the Linux kernel, the accel/amdxdna driver vulnerability CVE-2026-45980 arises from scheduling jobs on a hardware context while aie2_release_resource() is releasing resources. This can cause a use-after-free and crashes. The fix is to stop job scheduling before calling aie2_release_resource() ...

CVE-2026-45977

The CVE-2026-45977 issue affects the Linux kernel fbnic driver. A race in handling firmware logs can cause a use‑after‑free: fw_log is written in fbnic_fw_log_write() and can be accessed from the mailbox handler fbnic_fw_msix_intr(), but the log data is freed during IRQ/MBX teardown, potentially ...

CVE-2026-45975 ublk: use READ_ONCE() to read struct ublksrv_ctrl_cmd

In the Linux kernel, the following vulnerability has been resolved: ublk: use READONCE to read struct ublksrvctrlcmd struct ublksrvctrlcmd is part of the iouringsqe, which may lie in userspace-mapped memory. It's racy to access its fields with normal loads, as userspace may write to them...

CVE-2026-45975

CVE-2026-45975 is a Linux kernel vulnerability in the ublk subsystem where a race condition can occur reading struct ublksrv_ctrl_cmd from userspace-mapped memory in the io_uring_sqe. The fix uses READ_ONCE() to copy ublksrv_ctrl_cmd from the io_uring_sqe to a local stack copy and then operates o...

CVE-2026-45973 RDMA/mlx5: Fix UMR hang in LAG error state unload

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix UMR hang in LAG error state unload During firmware reset in LAG mode, a race condition causes the driver to hang indefinitely while waiting for UMR completion during device unload. See 1. In LAG mode the bond devic...

CVE-2026-45972

The CVE-2026-45972 issue affects the Linux kernel SMB client, specifically smb2_open_file(), where improper handling could lead to memory corruption (UAF) or a double free during SMB2_open() retries. The fixed description states that zeroing err_iov and err_buftype before retrying SMB2_open() pre...