223766 matches found
CVE-2026-45977
In the Linux kernel, the following vulnerability has been resolved: fbnic: close fwlog race between users and teardown Fixes a theoretical race on fwlog between the teardown path and fwlog write functions. fwlog is written inside fbnicfwlogwrite and can be reached from the mailbox handler...
CVE-2026-45974
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix invalid leaf access in btrfsquotaenable if ref key not found If btrfssearchslotforread returns 1, it means we did not find any key greater than or equals to the key we asked for, meaning we have reached the end of the...
CVE-2026-45971
In the Linux kernel, the following vulnerability has been resolved: bpf: Limit bpf program signature size Practical BPF signatures are significantly smaller than KMALLOCMAXCACHESIZE Allowing larger sizes opens the door for abuse by passing excessive size values and forcing the kernel into expensi...
CVE-2026-45973
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix UMR hang in LAG error state unload During firmware reset in LAG mode, a race condition causes the driver to hang indefinitely while waiting for UMR completion during device unload. See 1. In LAG mode the bond devic...
CVE-2026-45976
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix memory leak in amdgpurasinit When amdgpunbiorasswinit fails in amdgpurasinit, the function returns directly without freeing the allocated con structure, leading to a memory leak. Fix this by jumping to the...
CVE-2026-45978
In the Linux kernel, the following vulnerability has been resolved: staging: greybus: lights: avoid NULL deref gblightslightconfig stores channelcount before allocating the channels array. If kcalloc fails, gblightsrelease iterates the non-zero count and dereferences light-channels, which is NULL...
CVE-2026-45972
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2openfile Zero out @erriov and @errbuftype before retrying SMB2open to prevent an UAF bug if @data != NULL, otherwise a double free...
CVE-2026-45975
In the Linux kernel, the following vulnerability has been resolved: ublk: use READONCE to read struct ublksrvctrlcmd struct ublksrvctrlcmd is part of the iouringsqe, which may lie in userspace-mapped memory. It's racy to access its fields with normal loads, as userspace may write to them...
CVE-2026-45964
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix gssauth kref leak in gssallocmsg error path Commit 5940d1cf9f42 "SUNRPC: Rebalance a kref in authgss.c" added a krefget&gssauth-kref call to balance the gssputauth done in gssreleasemsg, but forgot to add a...
CVE-2026-45968
In the Linux kernel, the following vulnerability has been resolved: cpuidle: Skip governor when only one idle state is available On certain platforms PowerNV systems without a power-mgt DT node, cpuidle may register only a single idle state. In cases where that single state is a polling state sta...
CVE-2026-45969
In the Linux kernel, the following vulnerability has been resolved: HID: playstation: Add missing check for inputffcreatememless The psgamepadcreate function calls inputffcreatememless without verifying its return value, which can lead to incorrect behavior or potential crashes when FF effects ar...
CVE-2026-45966
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL pointer dereference in unixneedsrevalidation When receiving file descriptors via SCMRIGHTS, both the socket pointer and the socket's sk pointer can be NULL during socket setup or teardown, causing NULL pointer...
CVE-2026-45967
In the Linux kernel, the following vulnerability has been resolved: bpf: Return proper address for non-zero offsets in insn array The mapdirectvalueaddr function of the instruction array map incorrectly adds offset to the resulting address. This is a bug, because later the resolvepseudoldimm64...
CVE-2026-45959
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree Annotating a local pointer variable, which will be assigned with the kmalloc-family functions, with the cleanupkfree attribute will make the address of the local...
CVE-2026-45957
In the Linux kernel, the following vulnerability has been resolved: rcu: Fix rcureadunlock deadloop due to softirq Commit 5f5fa7ea89dc "rcu: Don't use negative nesting depth in rcureadunlock" removes the recursion-protection code from rcureadunlock. Therefore, we could invoke the deadloop in...
CVE-2026-45962
In the Linux kernel, the following vulnerability has been resolved: ublk: Validate SQE128 flag before accessing the cmd ublkctrlcmddump accesses header sqe-cmd before IOURINGFSQE128 flag check. This could cause out of boundary memory access. Move the SQE128 flag check earlier in ublkctrluringcmd ...
CVE-2026-45955
In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: fix percpuref not resurrected on suspend timeout When llbitmapsuspendtimeout times out waiting for percpuref to become zero, it returns -ETIMEDOUT without resurrecting the percpuref. The caller mdllbitmapdaemonfn...
CVE-2026-45956
In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use priv-vididev for ctx lookup in vidiconnectionioctl vidiconnectionioctl retrieves the driverdata from drmdev-dev to obtain a struct vidicontext pointer. However, drmdev-dev is the exynos-drm master device, an...
CVE-2026-45960
In the Linux kernel, the following vulnerability has been resolved: hfsplus: return error when node already exists in hfsbnodecreate When hfsbnodecreate finds that a node is already hashed which should not happen in normal operation, it currently returns the existing node without incrementing its...
CVE-2026-45958
In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: fix to avoid directly dereferencing user pointer In vidiconnectionioctl, vidi-ediduser pointer is directly dereferenced in the kernel. This allows arbitrary kernel memory access from the user space, so instead o...