CVE-2026-45889

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. This vulnerability occurs due to incorrect accounting for out-of-order OoO data in the mptcprcvbufgrow function. A subtle and very unlikely race condition could lead to a divide-by-zero error, potentially causing a system...

CVE-2026-45890

A flaw was found in the Linux kernel's xen-netback component. A malicious or buggy Xen guest can exploit this by writing a zero value to the 'multi-queue-num-queues' xenbus key. This improper input validation can trigger a warning in the kernel's memory allocation, leading to a guest-to-host Deni...

CVE-2026-45895

A flaw was found in the Linux kernel. A local attacker could exploit a livelock condition between the quotactl and freezesuper operations. This occurs when a filesystem is frozen and the quotactlblock function enters a retry loop, preventing the system from reaching an RCU Read-Copy Update...

CVE-2026-45893

A flaw was found in the Linux kernel's AppArmor security module. This vulnerability occurs when AppArmor attempts to create tables from user-provided data that may be unaligned in memory. A local attacker could exploit this by providing specially crafted input, leading to unaligned memory accesse...

CVE-2026-45896

A flaw was found in the Linux kernel's mtdinteldg driver. This vulnerability occurs because the regions array is accessed before its size nregions is properly set, leading to an out-of-bounds memory access. A local attacker could potentially exploit this issue to cause system instability or a...

CVE-2026-45902

A flaw was found in the Linux kernel's bq256xx power supply driver. A race condition during device removal or probing can lead to a use-after-free vulnerability. This occurs when an interrupt handler attempts to access a power supply handle that has already been freed or is uninitialized. A local...

CVE-2026-45901

A flaw was found in the Linux kernel's netfilter nftables component. This vulnerability allows a local attacker to cause a denial of service DoS by triggering a circular lock dependency. This occurs when nft reset, ipset list, and iptables-nft with a '-m set' rule are executed concurrently, leadi...

CVE-2026-45891

A flaw was found in the Linux kernel's hns3 network driver. This double-free vulnerability occurs due to incorrect handling of the txspare buffer during ring parameter setup. If memory allocation fails in the error cleanup path, a stale pointer to backup memory is erroneously freed twice. This ca...

CVE-2026-45894

A flaw was found in the Linux kernel's Intel VT-d Virtualization Technology for Directed I/O Scalable Mode. When a Process Address Space ID PASID table entry is being removed, the system may attempt to clear the entry before properly signaling to the hardware that the entry is no longer active...

CVE-2026-45892

A flaw was found in the Linux kernel's ext4 filesystem. This vulnerability occurs during certain buffered write operations when splitting unwritten data blocks, known as extents. A logic error can lead to an inconsistency where the filesystem's internal record of data blocks the extent status tre...

CVE-2026-45897

A flaw was found in the Linux kernel's netfilter component, specifically in how network counters are handled. This vulnerability allows for a race condition during simultaneous operations to read and reset these counters. As a result, counter values could be incorrectly reduced, leading to...

CVE-2026-45898

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA Internet Wide Area RDMA Protocol iWARP subsystem. Incorrect work submission logic in the iwcm component can lead to multiple queueing of work items. This allows a work item to be processed and freed while still present in the...

CVE-2026-45899

A flaw was found in the Linux kernel, specifically within the ext4 filesystem's extent cache management. When an operation to split an extent fails, the system may not properly clear all related entries, leading to stale extent entries remaining in the extent status tree. This can result in data...

CVE-2026-45900

A flaw was found in the Linux kernel's crypto: caam module. When the dpaa2caamprobe function attempts to set up network devices netdevs and the dpaa2dpsecidpiosetup function fails, the allocated netdevs are not properly freed. This oversight in the error handling can lead to memory leaks,...

kernel: Bluetooth: SCO: fix race conditions in sco_sock_connect()

A flaw was found in the Linux kernel, specifically within its Bluetooth Synchronous Connection-Oriented SCO component. This vulnerability occurs due to race conditions when multiple connection attempts are made simultaneously on the same Bluetooth socket. This can lead to a use-after-free error,...

kernel: netfilter: xt_tcpmss: check remaining length before reading optlen

A flaw was found in the Linux kernel, specifically within the netfilter: xttcpmss module. A remote attacker could exploit this vulnerability by sending a specially crafted TCP packet. The TCP option parser does not properly validate the remaining option length, which results in an out-of-bounds...

kernel: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq

A flaw was found in the Linux kernel's Wacom Human Interface Device HID driver. This vulnerability allows a remote attacker to trigger an out-of-bounds read by sending a specially crafted, short Bluetooth HID report. This can lead to the disclosure of sensitive information from the system's memor...

kernel: mm/page_alloc: clear page->private in free_pages_prepare()

A flaw was found in the Linux kernel's memory management subsystem. When pages are freed, the page-private field is not properly cleared. If these pages are later reallocated as high-order pages and split, the tail pages can retain stale page-private values. This can lead to a use-after-free...

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets

A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs because the eui64mt6 function, which processes IPv6 packets, does not properly validate the MAC header for all packets. Specifically, packets with a zero fragment offset could bypass an existing guard, allowing...