CVE-2026-45926

In the Linux kernel, the following vulnerability has been resolved: rust: pwm: Fix potential memory leak on init error When initializing a PWM chip using pwmchipalloc, the allocated device owns an initial reference that must be released on all error paths. If pinnedinit were to fail, the allocate...

CVE-2026-45928

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix memory leak on codecinfo allocation failure In wave5vpuopenenc and wave5vpuopendec, a vpu instance is allocated via kzalloc. If the subsequent allocation for inst-codecinfo fails, the functions retu...

CVE-2026-45927

In the Linux kernel, the following vulnerability has been resolved: bpf: Require frozen map for calculating map hash Currently, bpfmapgetinfobyfd calculates and caches the hash of the map regardless of the map's frozen state. This leads to a TOCTOU bug where userspace can call BPFOBJGETINFOBYFD t...

CVE-2026-45930

In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar @farazsth98 from Zellic, and Pumpkin @u1f383 from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTMGETNEIGH will return...

CVE-2026-45921

In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: Fix memory leak in mtdparsertplinksafeloaderparse The function mtdparsertplinksafeloaderparse allocates buf via mtdparsertplinksafeloaderreadtable. If the allocation for partsidx.name fails inside the loop, the code...

CVE-2026-45922

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix memory leak in GETDATADIRECTSYSFSPATH handler The UVERBSHANDLERMLX5IBMETHODGETDATADIRECTSYSFSPATH function allocates memory for the device path using kobjectgetpath. If the length of the device path exceeds the...

CVE-2026-45923

In the Linux kernel, the following vulnerability has been resolved: net: usb: catc: enable basic endpoint checking catcprobe fills three URBs with hardcoded endpoint pipes without verifying the endpoint descriptors: - usbsndbulkpipeusbdev, 1 and usbrcvbulkpipeusbdev, 1 for TX/RX -...

CVE-2026-45913

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mcast: always update mdbnentries for vlan contexts syzbot triggered a warning1 about the number of mdb entries in a context. It turned out that there are multiple ways to trigger that warning today some got added...

CVE-2026-45918

In the Linux kernel, the following vulnerability has been resolved: ovpn: tcp - don't deref NULL sksocket member after tcpclose When deleting a peer in case of keepalive expiration, the peer is removed from the OpenVPN hashtable and is temporary inserted in a "release list" for further processing...

CVE-2026-45914

In the Linux kernel, the following vulnerability has been resolved: Revert "hwmon: ibmpex fix use-after-free in high/low store" This reverts commit 6946c726c3f4c36f0f049e6f97e88c510b15f65d. Jean Delvare points out that the patch does not completely fix the reported problem, that it in fact...

CVE-2026-45915

In the Linux kernel, the following vulnerability has been resolved: fat: avoid parent link count underflow in rmdir Corrupted FAT images can leave a directory inode with an incorrect inlink e.g. 2 even though subdirectories exist. rmdir then unconditionally calls dropnlinkdir and can drive inlink...

CVE-2026-45917

In the Linux kernel, the following vulnerability has been resolved: ipvs: do not keep destdst if dev is going down There is race between the netdev notifier ipvsdstevent and the code that caches dst with dev that is going down. As the FIB can be notified for the closed device after our handler...

CVE-2026-45916

In the Linux kernel, the following vulnerability has been resolved: power: supply: sbs-battery: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...

CVE-2026-45920

In the Linux kernel, the following vulnerability has been resolved: ext4: fix dirtyclusters double decrement on fs shutdown fstests test generic/388 occasionally reproduces a warning in ext4putsuper associated with the dirty clusters count: WARNING: CPU: 7 PID: 76064 at fs/ext4/super.c:1324...

CVE-2026-45919

In the Linux kernel, the following vulnerability has been resolved: sched/rt: Skip currently executing CPU in rtonextcpu CPU0 becomes overloaded when hosting a CPU-bound RT task, a non-CPU-bound RT task, and a CFS task stuck in kernel space. When other CPUs switch from RT to non-RT tasks, RT load...

CVE-2026-45906

In the Linux kernel, the following vulnerability has been resolved: power: supply: pf1550: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...

CVE-2026-45907

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix deadlocks between devlink and netdev instance locks In the mentioned "Fixes" commit, various work tasks triggering devlink health reporter recovery were switched to use netdevtrylock to protect against concurrent...

CVE-2026-45909

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Drop initconst from gates Since commit 8ceff24a754a "clk: mediatek: clk-gate: Refactor mtkclkregistergate to use mtkgate struct" the mtkgate structs are no longer just used for initialization/registration, but also...

CVE-2026-45911

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix role switching during resume If the role change while we are suspended, the cdns3 driver switches to the new mode during resume. However, switching to host mode in this context causes a NULL pointer dereference. T...

CVE-2026-45908

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix memory leak in amdxdnaubufmap The amdxdnaubufmap function allocates memory for sg and internal sg table structures, but it fails to free them if subsequent operations sgalloctablefrompages or dmamapsgtable fail...