CVE-2026-46035

A flaw was found in the Linux kernel's memory management subsystem. On uniprocessor UP kernels, a Non-Maskable Interrupt NMI can cause the allocfrozenpagesnolock function to re-enter rmqueue and acquire a zone lock that is already held by an interrupted process. This can lead to corruption of the...

CVE-2026-46037

A flaw was found in the Linux kernel, specifically within its IPv4 Internet Control Message Protocol ICMP component. This vulnerability occurs because the system does not properly check the type of ICMP replies before attempting to process them. An attacker could potentially exploit this by sendi...

CVE-2026-46039

A flaw was found in the Linux kernel. A potential integer overflow in the rxgkextracttoken function, specifically during the length check of a ticket, could occur. This issue arises from rounding up the value to be tested, which might lead to an overflow. This could potentially result in...

CVE-2026-46043

A flaw was found in the Linux kernel's RDMA/rxe component. The rxercv function does not adequately validate the BTH pad and ICRC fields of incoming packets before calculating the payload size. A remote attacker could exploit this by sending a specially crafted short packet or a packet with a forg...

CVE-2026-46047

A flaw was found in the Linux kernel's qrtr networking driver. During the driver's removal process, a timing issue can occur if a packet arrives after the work queue is destroyed but before the socket is released. This can cause the system to attempt to access memory that has already been freed,...

CVE-2026-46045

A flaw was found in the Linux kernel, specifically within the multiple device MD driver's bitmap handling. This vulnerability allows the system to read outdated or incomplete data from storage devices that are not fully synchronized. This can lead to errors in tracking changes to data, which may...

CVE-2026-46051

A flaw was found in the Linux kernel's md/raid5 component. When the retryalignedread function encounters an overlapped stripe, an issue in how stripes are released and processed can lead to an infinite loop. This prevents the system from resolving the overlap, resulting in a soft lockup and a...

CVE-2026-46050

A flaw was found in the Linux kernel's md/raid10 component. A local user performing a check operation while an application is doing nowait I/O Input/Output on the same array can trigger a deadlock. This occurs because the nrpending value underflows, causing the md resync thread to become stuck...

CVE-2026-46052

A flaw was found in the Linux kernel's Ceph filesystem. A local user or process interacting with the Ceph filesystem could trigger a dcache hash corruption when a negative dentry is incorrectly re-added to the dcache hash while it is already present. This can cause the system to experience an RCU...

CVE-2026-46054

A flaw was found in the Linux kernel's SELinux security module when handling overlayfs. The existing security model for overlayfs does not properly enforce access controls for mmap and mprotect operations. This oversight could allow a local attacker to bypass intended security policies, potential...

CVE-2026-46053

A flaw was found in the Linux kernel's Reliable Datagram Sockets RDS network protocol. When handling memory registration MR cleanup, specifically during the process of copying generated cookies back to user space, an error in the cleanup path could lead to resources being freed multiple times. Th...

CVE-2026-46059

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine nSVM module. This vulnerability occurs when running nested virtual machines L2 guests with NRIPS Next Instruction Pointer Suppression disabled. After an L2 guest's initial run, the NextRIP value in vmcb02 may not be correctly...

CVE-2026-46061

A flaw was found in the Linux kernel's journaling block device jbd2 subsystem. A lock ordering issue within the jbd2journalcancelrevoke function can lead to a deadlock under specific conditions, particularly when the filesystem blocksize is smaller than the pagesize. This vulnerability could allo...

CVE-2026-46056

A flaw was found in the Linux kernel's Bluetooth subsystem. This vulnerability, a Use-After-Free UAF, exists within the Secure Simple Pairing SSP passkey handlers. It occurs when hciconn lookup and field access are performed without proper locking, allowing a connection to be freed concurrently...

CVE-2026-46064

A flaw was found in the Linux kernel's ibmasm module. A local root user can exploit a heap over-read vulnerability within the ibmasmsendi2omessage function. This vulnerability arises from insufficient validation of user-controlled input sizes, allowing the system to read beyond allocated memory...

CVE-2026-46066

A flaw was found in the Linux kernel's Ceph filesystem. When writing to encrypted CephFS files, a failure to allocate a bounce buffer for a dirty folio can lead to an off-by-one error in the numops counter. This inconsistency can cause a kernel panic, resulting in a Denial of Service DoS for the...

CVE-2026-46065

A flaw was found in the Linux kernel's framebuffer device fbdev deferred I/O defio mechanism. A local user with an active mapping of graphics memory could trigger a device hot-unplug, leading to the system accessing undefined memory. This can result in system instability or a crash, causing a...

CVE-2026-46069

A flaw was found in the Linux kernel's mwifiex Wi-Fi driver. The mwifiexadaptercleanup function incorrectly uses a non-synchronous timer deletion, allowing the wakeuptimer callback to access memory after it has been freed. This use-after-free vulnerability can lead to system instability, crashes,...

CVE-2026-46070

A flaw was found in the Linux kernel's md/raid5 component. This vulnerability arises from insufficient validation of payload sizes within journal metadata blocks. A local attacker can exploit this by providing a corrupted journal, leading to out-of-bounds reads when the system processes payload...

CVE-2026-46078

A flaw was found in the Linux kernel's EROFS filesystem. A local attacker could exploit an out-of-bounds read vulnerability by creating a specially crafted EROFS image. This issue arises from incorrect calculations of directory entry name lengths, which can cause the system to read beyond allocat...