CVE-2026-45937

CVE-2026-45937 concerns the Linux kernel in the crypto: inside-secure/eip93 driver, where during driver detach the same hash algorithm could be unregistered multiple times due to a faulty iterator, leading to a kernel panic. The vulnerability is addressed by a kernel fix described as “fix kernel ...

CVE-2026-45938

CVE-2026-45938 : In the Linux kernel, a race condition was fixed in the pm8916_lbc power_supply path. The bug occurred when the devm_ variant was used to request the IRQ before the devm_ variant allocated/registering the power_supply handle, causing the power_supply to be deallocated/unregistered...

CVE-2026-45938 power: supply: pm8916_lbc: Fix use-after-free in power_supply_changed()

In the Linux kernel, the following vulnerability has been resolved: power: supply: pm8916lbc: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...

CVE-2026-45936 power: supply: goldfish: Fix use-after-free in power_supply_changed()

In the Linux kernel, the following vulnerability has been resolved: power: supply: goldfish: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...

CVE-2026-45935

The CVE-2026-45935 issue affects the Linux kernel NTFS3 driver, specifically the DeleteIndexEntryRoot path in do_action. The vulnerability arises from insufficient bounds checking on the entry size (esize) read from the log record, where e2 = Add2Ptr(e1, esize) can exceed the used buffer if esize...

CVE-2026-45933 bpf: Preserve id of register in sync_linked_regs()

In the Linux kernel, the following vulnerability has been resolved: bpf: Preserve id of register in synclinkedregs synclinkedregs copies the id of knownreg to reg when propagating bounds of knownreg to reg using the off of knownreg, but when knownreg was linked to reg like: knownreg = reg ; both...

CVE-2026-45933

CVE-2026-45933 affects the Linux kernel BPF verifier. The root cause is that sync_linked_regs() failed to preserve the register ID during bounds propagation, so when known_reg bounds were propagated to reg, reg retained an old/new id mismatch. This can cause incorrect bound propagation across lin...

CVE-2026-45931 accel/amdxdna: Hold mm structure across iommu_sva_unbind_device()

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Hold mm structure across iommusvaunbinddevice Some tests trigger a crash in iommusvaunbinddevice due to accessing iommumm after the associated mm structure has been freed. Fix this by taking an explicit reference t...

CVE-2026-45930 net: mctp: ensure our nlmsg responses are initialised

In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar @farazsth98 from Zellic, and Pumpkin @u1f383 from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTMGETNEIGH will return...

CVE-2026-45928

The CVE-2026-45928 entry concerns the Linux kernel media/chips-media wave5 VPU code. In wave5_vpu_open_enc() and wave5_vpu_open_dec(), a vpu instance is allocated with kzalloc(), but if inst->codec_info allocation fails, the code returns -ENOMEM without freeing the previously allocated instanc...

CVE-2026-45927

In the Linux kernel, the following vulnerability has been resolved: bpf: Require frozen map for calculating map hash Currently, bpfmapgetinfobyfd calculates and caches the hash of the map regardless of the map's frozen state. This leads to a TOCTOU bug where userspace can call BPFOBJGETINFOBYFD t...

CVE-2026-45926

In the Linux kernel PWM subsystem, CVE-2026-45926 fixes a memory leak on init error in pwmchip_alloc(). If __pinned_init() fails, the allocated pwm_chip could leak because error paths did not call pwmchip_put(). The patch ensures the initial reference is released on all error paths, preventing a ...

CVE-2026-45925

The CVE pertains to the Linux kernel thermal subsystem. In thermal_of_cm_lookup(), a reference leak occurs because tr_np is obtained via of_parse_phandle() but not released. The fix uses the __free(device_node) cleanup attribute to automatically release the node and close the leak. The connected/...

CVE-2026-45923

In CVE-2026-45923, the Linux kernel net/usb/catc driver did not validate endpoint descriptors during probe. catc_probe() initializes three URBs using hardcoded endpoints: usb_sndbulkpipe(usbdev, 1) and usb_rcvbulkpipe(usbdev, 1) for TX/RX, and usb_rcvintpipe(usbdev, 2) for interrupt status, which...

CVE-2026-45919

The CVE-2026-45919 entry covers a Linux kernel vulnerability in the sched/rt path where CPU0 becomes overloaded during RT and non-RT task interactions, triggering self-IPI loops during RT load balancing. The root cause is that rto_next_cpu() could restart its search from -1 due to increments to r...

CVE-2026-45919 sched/rt: Skip currently executing CPU in rto_next_cpu()

In the Linux kernel, the following vulnerability has been resolved: sched/rt: Skip currently executing CPU in rtonextcpu CPU0 becomes overloaded when hosting a CPU-bound RT task, a non-CPU-bound RT task, and a CFS task stuck in kernel space. When other CPUs switch from RT to non-RT tasks, RT load...

CVE-2026-45918

The CVE-2026-45918 entry describes a race condition in the Linux kernel related to OpenVPN keepalive processing. When a peer is removed from the hashtable and placed on a release list, the code detaches from the socket by restoring the original protocol and socket callbacks. If userspace closes t...

CVE-2026-45917

CVE-2026-45917 affects the Linux kernel’s IPVS path. A race between the netdev notifier (ip_vs_dst_event()) and the code that caches a destination with a device that is going down could allow a valid route to be returned and a leaked device reference until dest is removed. The root cause is the p...

CVE-2026-45916 power: supply: sbs-battery: Fix use-after-free in power_supply_changed()

In the Linux kernel, the following vulnerability has been resolved: power: supply: sbs-battery: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...

CVE-2026-45916

CVE-2026-45916 (Linux kernel, power: supply: sbs-battery) fixes a use-after-free in power_supply_changed() caused by a race between IRQ requests and power_supply handle registration when using devm_ variants. If the IRQ is requested before the power_supply handle is registered, an interrupt can f...