CVE-2026-46040

A flaw was found in the Linux kernel's inotify subsystem. When the fsnotifyaddinodemarklocked function fails during the creation of a new watch, the system does not properly decrement the watch count. This oversight can lead to a watch count leak, where repeated failures exhaust the maximum user...

CVE-2026-46044

A flaw was found in the Linux kernel's Intelligent Platform Management Interface IPMI SSIF SMBus System Interface driver. If an error occurs after a kernel thread kthread is created but before the main IPMI code initializes the SSIF interface, the kthread may not be properly stopped. This could...

CVE-2026-46049

A flaw was found in the ALSA Advanced Linux Sound Architecture ctxfi driver in the Linux kernel. When processing S/PDIF Sony/Philips Digital Interface Format passthrough playback at 32000 Hz, a missing update to the pllrate can cause an infinite loop. This can lead to a denial of service DoS for ...

CVE-2026-46048

A flaw was found in the Linux kernel's ALSA caiaq driver. This vulnerability, a reference count leak, occurs when the createcard function acquires a reference to a USB device, but the corresponding release is not performed if initcard fails before the destructor is properly assigned. A local...

CVE-2026-46058

A flaw was found in the Linux kernel, specifically within the amphion video processing unit VPU driver. A race condition, a situation where multiple operations occur in an unpredictable order, exists in the Video for Linux 2 V4L2 media-to-memory m2m framework. This vulnerability allows a local...

CVE-2026-46057

A flaw was found in the Linux kernel's Landlock security module regarding the inheritance of LOGSUBDOMAINSOFF across process forks. When a process mutes subdomain logs using landlockrestrictself without creating a domain, this setting is not properly transferred to forked child processes...

CVE-2026-46060

A flaw was found in the Linux kernel's crypto: qat driver. This vulnerability occurs when the driver fails during device initialization, leading to Interrupt Request IRQ handlers not being properly detached before their associated resources are released. This improper cleanup can result in resour...

CVE-2026-46063

A flaw was found in the Linux kernel. A deadlock can occur during the shadow stack signal return shstk sigreturn process on x86 systems. This happens when the kernel attempts to read the shadow stack signal frame, and a page fault occurs, leading to a recursive attempt to acquire an mmap read loc...

CVE-2026-46062

A flaw was found in the Linux kernel's ntfs3 filesystem driver. An integer overflow vulnerability exists in the rununpack function's volume boundary check. This flaw occurs because the check uses raw addition, which can wrap around for large values, potentially bypassing validation. This could le...

CVE-2026-46068

A flaw was found in the Linux kernel's crypto:nx component. This vulnerability involves incorrect memory management during the deallocation of bounce buffers, where an improper function is used. This can lead to memory leaks, which may result in system instability or a Denial of Service DoS...

CVE-2026-46067

A flaw was found in the Linux kernel's DAMON Data Access MONitor core component. A local user could exploit this vulnerability by providing an invalid node identifier nid when configuring memory usage tracking goals. This lack of validation allows for out-of-bounds memory access, which can lead t...

CVE-2026-46072

A flaw was found in the Linux kernel's ntfs3 module. A local attacker, by mounting a specially crafted NTFS New Technology File System image containing truncated run data, could trigger an out-of-bounds heap read. This vulnerability allows for the disclosure of sensitive information from kernel...

CVE-2026-46071

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM subsystem, specifically affecting its nested virtualization nSVM capabilities. The issue arises from incorrect handling of Virtual Machine Control Block Last Branch Record VMCBLBR data when copied to vmcb12, an operation that...

CVE-2026-46075

A flaw was found in the Linux kernel, specifically within the atmel-sha204a cryptographic hardware random number generator hwrng driver. During the device removal process, a race condition can occur where a queued callback might execute while the device is being torn down. This can lead to a...

CVE-2026-46074

A flaw was found in the Linux kernel, specifically within the spi: ch341 driver. This vulnerability occurs during probe failures, leading to memory leaks and use-after-free conditions. These issues can result in system instability or a denial of service, potentially allowing an attacker to impact...

CVE-2026-46073

A flaw was found in the Linux kernel's hwmon subsystem, specifically within the powerz driver. When a signal interrupt occurs during the waitforcompletioninterruptibletimeout function, the system fails to properly abort the USB Request Block URB. This oversight can lead to the kernel attempting t...

CVE-2026-46081

A flaw was found in the Linux kernel's asynchronous compression acomp subsystem. When an asynchronous hardware implementation, such as the QAT driver, completes a request that uses the DMA virtual address interface, an incorrect pointer is stored. This leads to memory corruption within the...

CVE-2026-46080

A flaw was found in the Linux kernel's Oracle Cluster File System 2 ocfs2 component. During direct I/O DIO write operations, specifically in the ocfs2dioendiowrite function, an issue with transaction splitting can lead to credit exhaustion in the Journaling Block Device 2 JBD2 subsystem. This can...

CVE-2026-46032

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM nSVM module. When a nested virtual machine exit VMEXIT occurs, if the restoration of the host's Control Register 3 CR3 fails, the system continues to operate with a corrupted state. This can lead to an unrecoverable error,...

CVE-2026-46033

A flaw was found in the Linux kernel's authencesn cryptographic module. This vulnerability arises from insufficient validation of cryptographic digest sizes during the creation of new instances. A local attacker could exploit this by providing a malformed input, leading to an out-of-bounds memory...