CVE-2026-46084

In the Linux kernel, the following vulnerability has been resolved: RDMA/manaib: Disable RX steering on RSS QP destroy When an RSS QP is destroyed e.g. DPDK exit, manaibdestroyqprss destroys the RX WQ objects but does not disable vPort RX steering in firmware. This leaves stale steering...

CVE-2026-46084

In the Linux kernel, the following vulnerability has been resolved: RDMA/manaib: Disable RX steering on RSS QP destroy When an RSS QP is destroyed e.g. DPDK exit, manaibdestroyqprss destroys the RX WQ objects but does not disable vPort RX steering in firmware. This leaves stale steering...

CVE-2026-46079 rbd: fix null-ptr-deref when device_add_disk() fails

In the Linux kernel, the following vulnerability has been resolved: rbd: fix null-ptr-deref when deviceadddisk fails dorbdadd publishes the device with deviceadd before calling deviceadddisk. If deviceadddisk fails after deviceadd succeeds, the error path calls rbdfreedisk directly and then later...

EUVD-2026-32446

In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix heap over-read in ibmasmsendi2omessage The ibmasmsendi2omessage function uses getdotcommandsize to compute the byte count for memcpytoio, but this value is derived from user-controlled fields in the dotcommandheader...

CVE-2026-46064

The CVE-2026-46064 issue affects the Linux kernel’s ibmasm path. The ibmasm_send_i2o_message() helper derives the memcpy_toio() byte count from user-controlled dot_command_header fields (command_size: u8, data_size: u16) via get_dot_command_size(), but does not validate against the actual allocat...

CVE-2026-46064

In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix heap over-read in ibmasmsendi2omessage The ibmasmsendi2omessage function uses getdotcommandsize to compute the byte count for memcpytoio, but this value is derived from user-controlled fields in the dotcommandheader...

CVE-2026-46022 misc: ibmasm: fix OOB MMIO read in ibmasm_handle_mouse_interrupt()

In the Linux kernel, the following vulnerability has been resolved: misc: ibmasm: fix OOB MMIO read in ibmasmhandlemouseinterrupt ibmasmhandlemouseinterrupt performs an out-of-bounds MMIO read when the queue reader or writer index from hardware exceeds REMOTEQUEUESIZE 60. A compromised service...

EUVD-2026-32403

In the Linux kernel, the following vulnerability has been resolved: misc: ibmasm: fix OOB MMIO read in ibmasmhandlemouseinterrupt ibmasmhandlemouseinterrupt performs an out-of-bounds MMIO read when the queue reader or writer index from hardware exceeds REMOTEQUEUESIZE 60. A compromised service...

CVE-2026-46022

The CVE-2026-46022 entry documents a Linux kernel vulnerability in misc: ibmasm, where ibmasm_handle_mouse_interrupt() performs an out-of-bounds MMIO read when hardware queue indices exceed REMOTE_QUEUE_SIZE (60). The root cause is that get_queue_reader()/get_queue_writer() return raw readl() val...

EUVD-2026-32398

In the Linux kernel, the following vulnerability has been resolved: mm: fix deferred split queue races during migration migratefoliomove records the deferred split queue state from src and replays it on dst. Replaying it after removemigrationptessrc, dst, 0 makes dst visible before it is requeued...

CVE-2026-46017

In the Linux kernel, the following vulnerability has been resolved: mm: fix deferred split queue races during migration migratefoliomove records the deferred split queue state from src and replays it on dst. Replaying it after removemigrationptessrc, dst, 0 makes dst visible before it is requeued...

CVE-2026-46017

The CVE relates to the Linux kernel memory management migration path. A race in the deferred split queue during folio migration could mark a destination folio as partially mapped and trip a WARN in deferred_split_folio() when dst becomes visible before it is requeued. The fix realigns the sequenc...

CVE-2026-46017 mm: fix deferred split queue races during migration

In the Linux kernel, the following vulnerability has been resolved: mm: fix deferred split queue races during migration migratefoliomove records the deferred split queue state from src and replays it on dst. Replaying it after removemigrationptessrc, dst, 0 makes dst visible before it is requeued...

CVE-2026-46015

The CVE-2026-46015 issue affects the Linux kernel TCP path when migrating an established child socket between listeners in the same SO_REUSEPORT group. After inet_csk_listen_stop() migrates, the target listener can obtain a new accept-queue entry via inet_csk_reqsk_queue_add(), but the path does ...

CVE-2026-2607 Multiple vulnerabilities in IBM MQ Operator and Queue manager container images

IBM MQ Operator SC2: v3.2.0 through 3.2.23CD: v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 - v3.5.3, v3.6.0 - v3.6.4, v3.7.0 - v3.7.2, v3.8.0, v3.8.1, v3.9.0, v3.9.1LTS: v2.0.0 - 2.0.29 and IBM supplied MQ Advanced container images SC2: 9.4.0.6 through r1, 9.4.0.6-r2, 9.4.0.7-r1, 9.4.0.10-r1,...

CVE-2026-2607

CVE-2026-2607 is an in-scope vulnerability affecting IBM MQ and IBM MQ Operator components. The root issue is that IBM MQ stores potentially sensitive information in log files that could be read by a local user. Affected products/versions include IBM MQ Operator SC2 (various 3.2.x, 3.3.x, 3.4.x, ...

CVE-2026-2607 Multiple vulnerabilities in IBM MQ Operator and Queue manager container images

IBM MQ Operator SC2: v3.2.0 through 3.2.23CD: v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 - v3.5.3, v3.6.0 - v3.6.4, v3.7.0 - v3.7.2, v3.8.0, v3.8.1, v3.9.0, v3.9.1LTS: v2.0.0 - 2.0.29 and IBM supplied MQ Advanced container images SC2: 9.4.0.6 through r1, 9.4.0.6-r2, 9.4.0.7-r1, 9.4.0.10-r1,...

CVE-2026-45910

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix race condition in QP timer handlers I encontered the following warning: WARNING: drivers/infiniband/sw/rxe/rxetask.c:249 at rxeschedtask+0x1c8/0x238 rdmarxe, CPU0: swapper/0/0 ... libsha1 last unloaded: ip6udptunnel...

CVE-2026-45910

The CVE-2026-45910 issue affects the Linux kernel RDMA/rxe driver, caused by a race between retransmit_timer() and rxe_destroy_qp that can drop a Queue Pair (QP) reference count to zero during timer handling. Public documents describe a use-after-free risk and refcount underflow in affected flows...

CVE-2026-45910 RDMA/rxe: Fix race condition in QP timer handlers

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix race condition in QP timer handlers I encontered the following warning: WARNING: drivers/infiniband/sw/rxe/rxetask.c:249 at rxeschedtask+0x1c8/0x238 rdmarxe, CPU0: swapper/0/0 ... libsha1 last unloaded: ip6udptunnel...