CVE-2026-45914

CVE-2026-45914 concerns a Linux kernel issue where a patch reverting a previous ibmpex hwmon use-after-free fix potentially introduces a new race. The description notes that the revert may set the driver data (dev_get_drvdata()) to NULL and then remove sensor attributes, creating a window where i...

CVE-2026-45913 net: bridge: mcast: always update mdb_n_entries for vlan contexts

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mcast: always update mdbnentries for vlan contexts syzbot triggered a warning1 about the number of mdb entries in a context. It turned out that there are multiple ways to trigger that warning today some got added...

CVE-2026-45912

In the Linux kernel, the following vulnerability has been resolved: ext4: don't cache extent during splitting extent Caching extents during the splitting process is risky, as it may result in stale extents remaining in the status tree. Moreover, in most cases, the corresponding extent block entri...

CVE-2026-45909 clk: mediatek: Drop __initconst from gates

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Drop initconst from gates Since commit 8ceff24a754a "clk: mediatek: clk-gate: Refactor mtkclkregistergate to use mtkgate struct" the mtkgate structs are no longer just used for initialization/registration, but also...

CVE-2026-45909

CVE-2026-45909 pertains to the Linux kernel Mediatek clock-gate driver. The fix removes __initconst from mtk_gate structures because, since commit 8ceff24a... the gate structs are used at runtime, not just for initialization. Documents indicate this resolves a runtime-access issue with potentiall...

CVE-2026-45908

The CVE affects the Linux kernel’s accel/amdxdna path. The amdxdna_ubuf_map() function allocates memory for sg and internal sg table structures but fails to free them if subsequent operations (sg_alloc_table_from_pages or dma_map_sgtable) fail, causing a memory leak. The entry notes that this vul...

CVE-2026-45907

CVE-2026-45907 : In the Linux kernel, the net/mlx5e subsystem could deadlock between devlink and netdev instance locks due to incorrect lock ordering during recovery. The fix moves netdev_trylock usage from high-level work handlers to the lower recovery functions where it’s actually required, ali...

CVE-2026-45906 power: supply: pf1550: Fix use-after-free in power_supply_changed()

In the Linux kernel, the following vulnerability has been resolved: power: supply: pf1550: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...

CVE-2026-45906

Summary: CVE-2026-45906 affects the Linux kernel’s power_supply handling. A race condition can occur when using devm_ variants for IRQ request and power_supply handle registration, causing an IRQ to fire after the power_supply handle has been freed but before IRQ unregistration, or before the han...

CVE-2026-45905 xfrm: fix ip_rt_bug race in icmp_route_lookup reverse path

In the Linux kernel, the following vulnerability has been resolved: xfrm: fix iprtbug race in icmproutelookup reverse path icmproutelookup performs multiple route lookups to find a suitable route for sending ICMP error messages, with special handling for XFRM IPsec policies. The lookup sequence i...

CVE-2026-45903 bpf: Fix memory access flags in helper prototypes

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory access flags in helper prototypes After commit 37cce22dbd51 "bpf: verifier: Refactor helper access type tracking", the verifier started relying on the access type flags in helper function prototypes to perform...

CVE-2026-45902 power: supply: bq256xx: Fix use-after-free in power_supply_changed()

In the Linux kernel, the following vulnerability has been resolved: power: supply: bq256xx: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...

CVE-2026-45902

In the Linux kernel, CVE-2026-45902 involves a use-after-free race in the power_supply_changed() path for the bq256xx power supply. The issue arises when requesting an IRQ via devm_ before registering the power_supply handle, causing the handle to be freed/unregistered too late or too soon and po...

CVE-2026-45900

The CVE-2026-45900 issue affects the Linux kernel crypto/caam path for DPAA2: after embeddable net_dev structures were changed to dynamic pointers, error paths in dpaa2_dpseci_setup could leak netdev allocations if dpaa2_dpseci_dpio_setup() failed, even with deferred probing. The fix preserves th...

CVE-2026-45899

Summary: CVE-2026-45899 is a Linux kernel ext4 issue corrected by dropping all remaining potentially stale extents when a split extent operation fails. What happens: If a split extent fails, some extents may remain in processing and an error is returned, leaving stale entries in the extent status...

CVE-2026-45899

In the Linux kernel, the following vulnerability has been resolved: ext4: drop extent cache when splitting extent fails When the split extent fails, we might leave some extents still being processed and return an error directly, which will result in stale extent entries remaining in the extent...

CVE-2026-45898

The CVE-2026-45898 issue affects the Linux kernel’s RDMA/iwcm component, where flawed work submission logic could cause queue_work() to queue items that are still live, enabling a work item to be processed and freed while still on the workqueue and triggering list corruption. The root cause is th...

CVE-2026-45893

The CVE-2026-45893 entry concerns the Linux kernel’s apparmor component, where table creation from possibly unaligned user-provided data caused potential unaligned memory accesses. The underlying issue arises when a source blob from userspace may be unaligned, prompting a fix to optimize the copy...

CVE-2026-45892

In the Linux kernel, the following vulnerability has been resolved: ext4: drop extent cache after doing PARTIALVALID1 zeroout When splitting an unwritten extent in the middle and converting it to initialized in ext4splitextent with the EXT4EXTMAYZEROOUT and EXT4EXTDATAVALID2 flags set, it could...

CVE-2026-45891 net: hns3: fix double free issue for tx spare buffer

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix double free issue for tx spare buffer In hns3setringparam, a temporary copy tmprings of the ring structure is created for rollback. However, the txspare pointer in the original ring handle is incorrectly left...