CVE-2026-46063

The CVE-2026-46063 issue affects the Linux kernel (x86/shstk) where a deadlock could occur during sigreturn while popping the shadow stack frame. The root cause was reading the shadow stack with the mmap lock held; a page fault could trigger a recursive mmap lock acquisition, risking deadlock if ...

EUVD-2026-32438

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: fix potential UAF in SSP passkey handlers hciconn lookup and field access must be covered by hdev lock in hciuserpasskeynotifyevt and hcikeypressnotifyevt, otherwise the connection can be freed concurrently...

CVE-2026-46056

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: fix potential UAF in SSP passkey handlers hciconn lookup and field access must be covered by hdev lock in hciuserpasskeynotifyevt and hcikeypressnotifyevt, otherwise the connection can be freed concurrently...

CVE-2026-46056

The CVE-2026-46056 entry documents a Linux kernel Bluetooth UAF vulnerability in the SSP passkey handlers (hci_event path). The issue arises when hci_conn lookup and field access are performed without holding the hdev lock, creating a window where a connection could be freed concurrently in hci_u...

EUVD-2026-32406

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix damoncall vs kdamondfn exit race Patch series "mm/damon/core: fix damoncall/damoswalk vs kdmond exit race". damoncall and damoswalk can leak memory and/or deadlock when they race with kdamond terminations. Fix...

EUVD-2026-32402

In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix thermal zone governor cleanup issues If thermalzonedeviceregisterwithtrips fails after adding a thermal governor to the thermal zone being registered, the governor is not removed from it as appropriate which ma...

CVE-2026-46017 mm: fix deferred split queue races during migration

In the Linux kernel, the following vulnerability has been resolved: mm: fix deferred split queue races during migration migratefoliomove records the deferred split queue state from src and replays it on dst. Replaying it after removemigrationptessrc, dst, 0 makes dst visible before it is requeued...

CVE-2026-46015 tcp: call sk_data_ready() after listener migration

In the Linux kernel, the following vulnerability has been resolved: tcp: call skdataready after listener migration When inetcsklistenstop migrates an established child socket from a closing listener to another socket in the same SOREUSEPORT group, the target listener gets a new accept-queue entry...

CVE-2026-45942 ext4: fix e4b bitmap inconsistency reports

In the Linux kernel, the following vulnerability has been resolved: ext4: fix e4b bitmap inconsistency reports A bitmap inconsistency issue was observed during stress tests under mixed huge-page workloads. Ext4 reported multiple e4b bitmap check failures like: ext4mbcomplexscangroup:2508: group...

CVE-2026-45942

Summary of CVE-2026-45942 : A race condition in the Linux kernel ext4 bitmap handling enables inconsistent bitmap reporting due to concurrent page migration and bitmap modification in the load_buddy path. The root cause is that the fast load_buddy path only increments the folio refcount and can o...

CVE-2026-45918

The CVE-2026-45918 entry describes a race condition in the Linux kernel related to OpenVPN keepalive processing. When a peer is removed from the hashtable and placed on a release list, the code detaches from the socket by restoring the original protocol and socket callbacks. If userspace closes t...

CVE-2026-45918 ovpn: tcp - don't deref NULL sk_socket member after tcp_close()

In the Linux kernel, the following vulnerability has been resolved: ovpn: tcp - don't deref NULL sksocket member after tcpclose When deleting a peer in case of keepalive expiration, the peer is removed from the OpenVPN hashtable and is temporary inserted in a "release list" for further processing...

CVE-2026-45907

CVE-2026-45907 : In the Linux kernel, the net/mlx5e subsystem could deadlock between devlink and netdev instance locks due to incorrect lock ordering during recovery. The fix moves netdev_trylock usage from high-level work handlers to the lower recovery functions where it’s actually required, ali...

CVE-2026-45907 net/mlx5e: Fix deadlocks between devlink and netdev instance locks

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix deadlocks between devlink and netdev instance locks In the mentioned "Fixes" commit, various work tasks triggering devlink health reporter recovery were switched to use netdevtrylock to protect against concurrent...

CVE-2026-45907

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix deadlocks between devlink and netdev instance locks In the mentioned "Fixes" commit, various work tasks triggering devlink health reporter recovery were switched to use netdevtrylock to protect against concurrent...

CVE-2026-45904

CVE-2026-45904 – powerpc/eeh locking fix in Linux kernel : The vulnerability was resolved by a patchset that corrects recursive locking between EEH (Enhanced Error Handling) and PCI hotplug logic. The root cause was that eeh_handle_normal_event() acquired pci_lock_rescan_remove() before calling e...

CVE-2026-45901

The CVE-2026-45901 issue is in the Linux kernel netfilter nf_tables code. A circular lock dependency can occur between commit_mutex, nfnl_subsys_ipset, and nlk_cb_mutex when nft reset, ipset list, and iptables-nft with -m set run concurrently. The problem arose after changes that had previously a...

CVE-2026-45897 netfilter: nft_counter: serialize reset with spinlock

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftcounter: serialize reset with spinlock Add a global static spinlock to serialize counter fetch+reset operations, preventing concurrent dump-and-reset from underrunning values. The lock is taken before fetching the...

CVE-2026-45849

The CVE-2026-45849 vulnerability affects the Linux kernel net: mscc: ocelot path. The issue was that ocelot_port_xmit_inj() invoked ocelot_can_inject() and ocelot_port_inject_frame() without holding the injection group lock, with lockdep_assert_held() present in the callee. The correct caller, fe...

CVE-2026-45849 net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj()

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add missing lock protection in ocelotportxmitinj ocelotportxmitinj calls ocelotcaninject and ocelotportinjectframe without holding the injection group lock. Both functions contain lockdepassertheld for the...