CVE-2026-46069

A flaw was found in the Linux kernel's mwifiex Wi-Fi driver. The mwifiexadaptercleanup function incorrectly uses a non-synchronous timer deletion, allowing the wakeuptimer callback to access memory after it has been freed. This use-after-free vulnerability can lead to system instability, crashes,...

CVE-2026-46070

A flaw was found in the Linux kernel's md/raid5 component. This vulnerability arises from insufficient validation of payload sizes within journal metadata blocks. A local attacker can exploit this by providing a corrupted journal, leading to out-of-bounds reads when the system processes payload...

CVE-2026-46078

A flaw was found in the Linux kernel's EROFS filesystem. A local attacker could exploit an out-of-bounds read vulnerability by creating a specially crafted EROFS image. This issue arises from incorrect calculations of directory entry name lengths, which can cause the system to read beyond allocat...

CVE-2026-46079

A flaw was found in the Linux kernel's Rados Block Device rbd module. When adding a new block device, a double teardown of resources can occur if the disk addition process fails. This can lead to a null-pointer dereference during cleanup operations, allowing a local attacker to cause a system...

CVE-2026-46083

A flaw was found in the Linux kernel. This vulnerability occurs when the spisetup function fails during the registration of a device, leading to improper cleanup and subsequent resource leaks. This can result in a denial of service DoS due to the exhaustion of system resources...

CVE-2026-46082

A flaw was found in the Linux kernel's virtualization component, known as KVM. This vulnerability arises when a specific instruction, INVLPGA, is used in a virtualized environment without the proper security setting EFER.SVME. The system fails to trigger an expected error, which could allow a loc...

CVE-2026-46085

A flaw was found in the Linux kernel's rxrpc subsystem, specifically in the rxkad crypto unalignment handling. A remote attacker could send a specially crafted packet with a misaligned crypto length. This improper handling could lead to system instability or a denial of service DoS due to incorre...

CVE-2026-46088

A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA control component. Improper validation of the buffer length before a string length operation in the sndctleleminitenumnames function can lead to a system panic. This vulnerability could allow a local attacker to trigger...

CVE-2026-46087

A flaw was found in the Linux kernel's Data Access MONitor DAMON subsystem. When the damonstart function fails during the damonstatstart operation, the system does not properly release the allocated memory context. This oversight leads to a memory leak, where previously allocated memory becomes...

CVE-2026-46092

A flaw was found in the Linux kernel's rtw88 Wi-Fi driver. When the 8821CE device is installed on a system where it is on a root bus, the driver's probing routine does not properly check for the existence of a PCI upstream bridge. This oversight can lead to a system crash, resulting in a denial o...

CVE-2026-46091

A flaw was found in the igorplugusb component of the Linux kernel. The USB request structure, when handled by Direct Memory Access DMA on certain host controllers, did not properly follow DMA coherency rules. This oversight could lead to data integrity issues or unexpected system behavior, as the...

CVE-2026-46084

A flaw was found in the Linux kernel's RDMA Remote Direct Memory Access manaib driver. When a Receive Side Scaling Queue Pair RSS QP is destroyed, the vPort RX receive steering in the firmware is not properly disabled, leaving stale steering configurations. This can lead to receive completions...

CVE-2026-46086

A flaw was found in the Linux kernel. Inconsistent handling of local Forwarding Database FDB entries in the bridge networking component's RCU Read-Copy-Update readers can lead to a null-pointer dereference. A local attacker could exploit this by triggering a concurrent update to an FDB entry,...

CVE-2026-46089

A flaw was found in the Linux kernel's zram module. This vulnerability allows a local user to cause a system hang, leading to a Denial of Service DoS. The issue occurs because the zram module fails to properly handle partial discard requests, specifically by not calling endio when such requests a...

CVE-2026-46090

A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture aloop driver. This Use-After-Free UAF vulnerability occurs when loopbackcheckformat stops the capture side during a format change, while a concurrent close operation detaches or frees the runtime. An attacker could...

CVE-2026-46093

A flaw was found in the Linux kernel's memory management vmalloc subsystem. The decayvapoolnode function, when invoked concurrently from the shrinker path, lacks proper serialization. This oversight can lead to race conditions, potentially resulting in memory leaks and affecting system stability...

CVE-2026-46095

A flaw was found in the Linux kernel's RAID Redundant Array of Independent Disks driver component. A race condition can occur when the system attempts to write or discard data, as a necessary synchronization barrier is not properly established before critical state changes. This oversight could...

CVE-2026-46097

A flaw was found in the Linux kernel's edt-ft5x06 input driver. This vulnerability, a use-after-free, arises during the debugfs teardown, allowing debugfs files to be accessed after an associated buffer has been released. This could enable a local attacker to cause system instability or potential...

CVE-2026-46096

A flaw was found in the Linux kernel's tpm2-sessions component. The tpm2readpublic function fails to properly destroy a buffer on certain exit paths, leading to a page allocation leak. This resource exhaustion could allow a local attacker to cause a Denial of Service DoS...

CVE-2026-46098

A flaw was found in the Linux kernel's CAIF network module. When a client is torn down, the caiffreeclient function frees a service pointer but leaves it in a stale state. If the socket is later destroyed, caiffreeclient may be called again, attempting to use the previously freed pointer. This ca...