219860 matches found
CVE-2026-46166
The CVE-2026-46166 affects the Linux kernel’s wireless subsystem (mac80211) in the radar detect work. The root cause is unsafe list iteration during radar processing, where ieee80211_dfs_cac_cancel can free the iterated chanctx and remove it from the list, causing a slab-use-after-free. A guarded...
EUVD-2026-32793
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use safe list iteration in radar detect work The call to ieee80211dfscaccancel can cause the iterated chanctx to be freed and removed from the list. Guard against this to avoid a slab-use-after-free error...
CVE-2026-46166 wifi: mac80211: use safe list iteration in radar detect work
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use safe list iteration in radar detect work The call to ieee80211dfscaccancel can cause the iterated chanctx to be freed and removed from the list. Guard against this to avoid a slab-use-after-free error...
CVE-2026-46166
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use safe list iteration in radar detect work The call to ieee80211dfscaccancel can cause the iterated chanctx to be freed and removed from the list. Guard against this to avoid a slab-use-after-free error...
EUVD-2026-32791
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free in createspaceinfosubgroup error path When kobjectinitandadd fails, the call chain is: createspaceinfosubgroup - btrfssysfsaddspaceinfotype - kobjectinitandadd - failure - kobjectput&subgroup-kobj -...
CVE-2026-46164
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free in createspaceinfosubgroup error path When kobjectinitandadd fails, the call chain is: createspaceinfosubgroup - btrfssysfsaddspaceinfotype - kobjectinitandadd - failure - kobjectput⊂group-kobj -...
EUVD-2026-32790
In the Linux kernel, the following vulnerability has been resolved: wifi: b43legacy: enforce bounds check on firmware key index in RX path Same fix as b43: the firmware-controlled key index in b43legacyrx can exceed dev-maxnrkeys. The existing B43legacyWARNON is non-enforcing in production builds...
CVE-2026-46163 wifi: b43legacy: enforce bounds check on firmware key index in RX path
In the Linux kernel, the following vulnerability has been resolved: wifi: b43legacy: enforce bounds check on firmware key index in RX path Same fix as b43: the firmware-controlled key index in b43legacyrx can exceed dev-maxnrkeys. The existing B43legacyWARNON is non-enforcing in production builds...
EUVD-2026-32789
In the Linux kernel, the following vulnerability has been resolved: ice: fix double free in icesfethactivate error path When auxiliarydeviceadd fails, icesfethactivate jumps to auxdevuninit and calls auxiliarydeviceuninit&sfdev-adev. The device release callback icesfdevrelease frees sfdev, but th...
CVE-2026-46162
In the Linux kernel, the following vulnerability has been resolved: ice: fix double free in icesfethactivate error path When auxiliarydeviceadd fails, icesfethactivate jumps to auxdevuninit and calls auxiliarydeviceuninitdev-adev. The device release callback icesfdevrelease frees sfdev, but the...
EUVD-2026-32788
In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix divide-by-zero in setupgeo with zero farcopies setupgeo extracts nearcopies nc and farcopies fc from the user-provided layout parameter without checking for zero. When fc=0 with the "improved" far set layout...
CVE-2026-46161
The CVE concerns the Linux kernel’s md/raid10 code where setup_geo() extracts near_copies (nc) and far_copies (fc) from the user layout without validating zero values. If fc equals 0 under the “improved” far set layout, geo->far_set_size = disks / fc can trigger a divide-by-zero. The fix valid...
CVE-2026-46161
In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix divide-by-zero in setupgeo with zero farcopies setupgeo extracts nearcopies nc and farcopies fc from the user-provided layout parameter without checking for zero. When fc=0 with the "improved" far set layout...
CVE-2026-46160
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix missing lastunlinktrans update when removing a directory When removing a directory we are not updating its lastunlinktrans field, which can result in incorrect fsync behaviour in case some one fsyncs the directory afte...
EUVD-2026-32787
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix missing lastunlinktrans update when removing a directory When removing a directory we are not updating its lastunlinktrans field, which can result in incorrect fsync behaviour in case some one fsyncs the directory afte...
CVE-2026-46159
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix btrfsioctlspaceinfo slotcount TOCTOU which can lead to info-leak btrfsioctlspaceinfo has a TOCTOU race between two passes over the block group RAID type lists. The first pass counts entries to determine the allocation...
CVE-2026-46158
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADDADDR rtx: always decrease sk refcount When an ADDADDR is retransmitted, the sk is held in skresettimer. It should then be released in all cases at the end. Some unlikely checks were returning directly instead of...
CVE-2026-46158 mptcp: pm: ADD_ADDR rtx: always decrease sk refcount
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADDADDR rtx: always decrease sk refcount When an ADDADDR is retransmitted, the sk is held in skresettimer. It should then be released in all cases at the end. Some unlikely checks were returning directly instead of...
EUVD-2026-32784
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger Currently the runtime.oss.trigger field may be accessed concurrently without protection, which may lead to the data race. And, in this case, it may lead to more sever...
CVE-2026-46157
The CVE-2026-46157 entry concerns the ALSA PCM OSS subsystem in the Linux kernel, where runtime.oss.trigger could be accessed concurrently without protection, causing a data race on a bit field and risking corruption of adjacent fields. The issue is addressed by extending the existing params_lock...