CVE-2026-46158

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. When an ADDADDR message is retransmitted, a socket reference count may not be properly decreased, leading to a potential resource leak. Over time, this resource exhaustion could allow a remote attacker to cause a Denial of...

CVE-2026-46125

A flaw was found in the Linux kernel's mac80211 Wi-Fi subsystem. When Multi-Link Operation MLO connection preparation fails, the system may not correctly remove the associated station. This can lead to a use-after-free or double-free vulnerability in the debugfs component, potentially causing...

CVE-2026-46135

A flaw was found in the Linux kernel's NVMe over TCP nvmet-tcp implementation. A race condition exists between the handling of an Initialization Connection Request ICReq and the teardown of a queue. A remote attacker, by sending an ICReq and immediately closing the connection, could trigger a...

CVE-2026-46162

A flaw was found in the Linux kernel's ice driver. An error in the icesfethactivate function's error handling path can lead to a double free of memory. This occurs when auxiliarydeviceadd fails, causing kfreesfdev to be called twice. This vulnerability could lead to memory corruption or a denial ...

CVE-2026-46160

A flaw was found in the Linux kernel's Btrfs filesystem. This vulnerability occurs when the lastunlinktrans field is not properly updated during directory removal. If a user maintains an open file descriptor to a removed directory and subsequently performs a filesystem synchronization fsync...

CVE-2026-46168

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. This vulnerability stems from an unsafe operation where locksockfast, intended for atomic contexts, is used with functions like socksettimestamp and socksettimestamping that can cause the system to sleep. Such an operation...

CVE-2026-46170

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. When an ADDADDR message is retransmitted, an issue in socket sk reference counting can prevent the socket from being properly freed. This improper resource management may lead to a Denial of Service DoS condition, where th...

CVE-2026-46169

A flaw was found in the Linux kernel's HFS Plus HFS+ filesystem. A local attacker can exploit this vulnerability by mounting a specially crafted, corrupted HFS+ filesystem. The hfsbrecread function fails to validate the size of catalog records, which can lead to the use of uninitialized data. Thi...

CVE-2026-46172

A flaw was found in the Linux kernel's IPv6 Internet Protocol version 6 xfrm6 component. When processing encapsulated IPv6 packets, the xfrm6rcvencap function fails to release a destination dst entry reference if an IPv6 route lookup results in an error. A remote attacker could exploit this by...

CVE-2026-46185

A flaw was found in the Linux kernel's Server Message Block SMB client. This vulnerability arises from insufficient length validation in the smb2checkmessage function when processing symlink error responses. A remote attacker could exploit this by sending a specially crafted symlink error respons...

CVE-2026-46182

A flaw was found in the Linux kernel, specifically within the pseries/papr-hvpipe module. This vulnerability could allow a local user to gain access to uninitialized kernel stack memory. The issue arises because certain padding bytes in a data structure are not cleared before being sent to...

CVE-2026-46180

A flaw was found in the Linux kernel. A use-after-free vulnerability exists in the brcmfmac Wi-Fi driver when stopping the watchdog task. This issue occurs because the watchdog task might terminate prematurely, leading to a use-after-free condition. This could allow a local attacker to cause a...

CVE-2026-46174

A flaw was found in the Linux kernel, specifically within the x86/CPU/AMD Zen2's op cache. This vulnerability arises from improper isolation of shared resources, which can lead to instruction corruption. The consequence of this flaw is that it may cause unexpected behavior or instability within t...

CVE-2026-46173

A flaw was found in the Linux kernel. During the exit process of a task that has encountered an error, the system can incorrectly allow the task to be interrupted. This can lead to improper management of the task's memory, potentially causing memory corruption. Such an issue could allow a local...

CVE-2026-46188

A flaw was found in the Linux kernel. Specifically, within the octeonepvf driver, the octepvfoqprocessrx function fails to check for a NULL return value from napibuildskb during memory allocation. This oversight can lead to a NULL pointer dereference, allowing a local attacker to potentially caus...

CVE-2026-46186

A flaw was found in the Linux kernel's virtiobt Bluetooth virtual device driver. An untrusted backend can exploit this vulnerability by sending malformed Bluetooth packets with an insufficient header length. This can cause the system to read uninitialized kernel memory, potentially leading to...

CVE-2026-46152

A flaw was found in the Linux kernel's Wi-Fi mac80211 subsystem. The ieee80211invokefastrx function uses a static variable for rxresult, which is shared across concurrent calls. This can lead to incorrect processing of Wi-Fi packets, where a packet might be mishandled or its status incorrectly...

CVE-2026-46190

A flaw was found in the Linux kernel's Memory Technology Device MTD SPI-NOR debugfs component. An out-of-bounds read vulnerability exists in the spinorparamsshow function due to an incorrect calculation of an array's size. This error allows a local attacker to read memory outside of the intended...

CVE-2026-46166

A flaw was found in the Linux kernel's mac80211 wireless subsystem. This vulnerability arises from unsafe list iteration during radar detection work, where a channel context can be freed while still being processed. This can lead to a use-after-free memory error. A successful exploit could result...

CVE-2026-46181

A flaw was found in the Linux kernel's RDMA/mlx4 component. This vulnerability arises from the incorrect use of Read-Copy Update RCU in the mlx4srqevent function. An attacker could potentially trigger an event before the srq object is fully initialized, leading to a system crash. This could resul...