175854 matches found
CVE-2026-46239 media: i2c: ov5647: Fix runtime PM refcount leak in s_ctrl
In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Fix runtime PM refcount leak in sctrl Three control cases AUTOGAIN, EXPOSUREAUTO, ANALOGUEGAIN directly return without calling pmruntimeput, causing runtime PM reference count leaks. Change these cases from...
CVE-2026-46239
In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Fix runtime PM refcount leak in sctrl Three control cases AUTOGAIN, EXPOSUREAUTO, ANALOGUEGAIN directly return without calling pmruntimeput, causing runtime PM reference count leaks. Change these cases from...
CVE-2026-46237 drm/amdgpu/vcn3: Avoid overflow on msg bound check
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn3: Avoid overflow on msg bound check As pointed out by SDL, the previous condition may be vulnerable to overflow. cherry picked from commit db00257ac9e4a51eb2515aaea161a019f7125e10...
EUVD-2026-32755
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn3: Avoid overflow on msg bound check As pointed out by SDL, the previous condition may be vulnerable to overflow. cherry picked from commit db00257ac9e4a51eb2515aaea161a019f7125e10...
CVE-2026-46238
In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop caching unowned originator pointers in BAT IV BAT IV keeps the last-hop neighbor address in each neighnode, but some paths also cache an originator pointer derived from a temporary lookup. That pointer is not own...
CVE-2026-46237
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn3: Avoid overflow on msg bound check As pointed out by SDL, the previous condition may be vulnerable to overflow. cherry picked from commit db00257ac9e4a51eb2515aaea161a019f7125e10...
CVE-2026-46236 media: rc: xbox_remote: heed DMA restrictions
In the Linux kernel, the following vulnerability has been resolved: media: rc: xboxremote: heed DMA restrictions The buffer for IO must not be part of the device structure because that violates the DMA coherency rules...
CVE-2026-46236
CVE-2026-46236 affects the Linux kernel media: rc Xbox remote driver, where the IO buffer was placed in the device structure, violating DMA coherency rules. This is a local, low-complexity issue with high availability impact. Publicly documented fixes are present in OSV entries for Root: Debian 1...
EUVD-2026-32754
In the Linux kernel, the following vulnerability has been resolved: media: rc: xboxremote: heed DMA restrictions The buffer for IO must not be part of the device structure because that violates the DMA coherency rules...
CVE-2026-46236
In the Linux kernel, the following vulnerability has been resolved: media: rc: xboxremote: heed DMA restrictions The buffer for IO must not be part of the device structure because that violates the DMA coherency rules...
EUVD-2026-32753
In the Linux kernel, the following vulnerability has been resolved: media: saa7164: add ioremap return checks and cleanups Add checks for ioremap return values in saa7164devsetup. If ioremap for BAR0 or BAR2 fails, release the already allocated PCI memory regions, remove the device from the globa...
CVE-2026-46234 vsock: fix buffer size clamping order
In the Linux kernel, the following vulnerability has been resolved: vsock: fix buffer size clamping order In vsockupdatebuffersize, the buffer size was being clamped to the maximum first, and then to the minimum. If a user sets a minimum buffer size larger than the maximum, the minimum check...
CVE-2026-46234
CVE-2026-46234 affects the Linux kernel vsock code, specifically the vsock_update_buffer_size path. The bug arises from clamping the buffer size: it first enforces the maximum, then the minimum, which allows vsk->buffer_size to exceed vsk->buffer_max_size when a larger minimum is configured...
CVE-2026-46234
In the Linux kernel, the following vulnerability has been resolved: vsock: fix buffer size clamping order In vsockupdatebuffersize, the buffer size was being clamped to the maximum first, and then to the minimum. If a user sets a minimum buffer size larger than the maximum, the minimum check...
EUVD-2026-32751
In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: only purge non-released claims When batadvblapurgeclaims goes through the list of claims, it is only traversing the hash list with an rcureadlock. Due to a potential parallel batadvclaimput, it can happen that it...
CVE-2026-46233
In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: only purge non-released claims When batadvblapurgeclaims goes through the list of claims, it is only traversing the hash list with an rcureadlock. Due to a potential parallel batadvclaimput, it can happen that it...
CVE-2026-46232 HID: playstation: Clamp num_touch_reports
In the Linux kernel, the following vulnerability has been resolved: HID: playstation: Clamp numtouchreports A device would never lie about the number of touch reports would it? If it does the loop in dualshock4parsereport will read off the end of the touchreports array, up to about 2 KiB for the...
CVE-2026-46232
The CVE-2026-46232 entry concerns the Linux kernel HID PlayStation driver. A flaw allows a device to report more touch_reports than the array can hold, risking an out-of-bounds read in dualshock4_parse_report and potentially exposing up to ~2 KiB of kernel memory when DS4_TOUCH_POINT_INACTIVE is ...
CVE-2026-46232
In the Linux kernel, the following vulnerability has been resolved: HID: playstation: Clamp numtouchreports A device would never lie about the number of touch reports would it? If it does the loop in dualshock4parsereport will read off the end of the touchreports array, up to about 2 KiB for the...
CVE-2026-46231
In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: put backbone reference on failed claim hash insert When batadvblaaddclaim fails to insert a new claim into the hash, it leaked a reference to the backbonegw for which the claim was intended. Call...