CVE-2026-36613

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 returns 128 bytes of uninitialized internal buffer contents when receiving HTTP POST requests to undefined paths, exposing server state to unauthenticated adjacent network attackers...

PT-2026-46000

Mercusys AC12G EU V1 with firmware AC12GEU V1 200909 enables WPS 2.0 by default with a weak lockout policy 60-second lockout after 10 attempts...

EUVD-2026-32753

In the Linux kernel, the following vulnerability has been resolved: media: saa7164: add ioremap return checks and cleanups Add checks for ioremap return values in saa7164devsetup. If ioremap for BAR0 or BAR2 fails, release the already allocated PCI memory regions, remove the device from the globa...

SUSE CVE-2026-45973

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix UMR hang in LAG error state unload During firmware reset in LAG mode, a race condition causes the driver to hang indefinitely while waiting for UMR completion during device unload. See 1. In LAG mode the bond devic...

SUSE CVE-2026-46053

In the Linux kernel, the following vulnerability has been resolved: net: rds: fix MR cleanup on copy error rdsrdmamap hands sg/pages ownership to the transport after getmr succeeds. If copying the generated cookie back to user space fails after that point, the error path must not free those...

CVE-2026-45973

A flaw was found in the Linux kernel's RDMA/mlx5 driver. A race condition during firmware reset in Link Aggregation Group LAG mode can cause the driver to hang indefinitely while waiting for Unregister Memory Region UMR completion during device unload. This can lead to a denial of service, making...

CVE-2026-46053

In the Linux kernel, the following vulnerability has been resolved: net: rds: fix MR cleanup on copy error rdsrdmamap hands sg/pages ownership to the transport after getmr succeeds. If copying the generated cookie back to user space fails after that point, the error path must not free those...

CVE-2026-45973

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix UMR hang in LAG error state unload During firmware reset in LAG mode, a race condition causes the driver to hang indefinitely while waiting for UMR completion during device unload. See 1. In LAG mode the bond devic...

UBUNTU-CVE-2026-46053

In the Linux kernel, the following vulnerability has been resolved: net: rds: fix MR cleanup on copy error rdsrdmamap hands sg/pages ownership to the transport after getmr succeeds. If copying the generated cookie back to user space fails after that point, the error path must not free those...

UBUNTU-CVE-2026-45896

In the Linux kernel, the following vulnerability has been resolved: mtd: intel-dg: Fix accessing regions before setting nregions The regions array is counted by nregions, but it's set only after accessing it: UBSAN: array-index-out-of-bounds in drivers/mtd/devices/mtdinteldg.c:750:15 index 0 is o...

CVE-2026-46053 net: rds: fix MR cleanup on copy error

In the Linux kernel, the following vulnerability has been resolved: net: rds: fix MR cleanup on copy error rdsrdmamap hands sg/pages ownership to the transport after getmr succeeds. If copying the generated cookie back to user space fails after that point, the error path must not free those...

CVE-2026-46053

In the Linux kernel, the following vulnerability has been resolved: net: rds: fix MR cleanup on copy error rdsrdmamap hands sg/pages ownership to the transport after getmr succeeds. If copying the generated cookie back to user space fails after that point, the error path must not free those...

EUVD-2026-32435

In the Linux kernel, the following vulnerability has been resolved: net: rds: fix MR cleanup on copy error rdsrdmamap hands sg/pages ownership to the transport after getmr succeeds. If copying the generated cookie back to user space fails after that point, the error path must not free those...

CVE-2026-46053

CVE-2026-46053 affects the Linux kernel RDS memory-registration cleanup. In net/rds, __rds_rdma_map() transfers ownership of sg/pages after get_mr(); if copying the cookie back to user space fails, resources could be freed more than once. The fix removes a duplicate unpin/free in the put_user() f...

CVE-2026-45973 RDMA/mlx5: Fix UMR hang in LAG error state unload

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix UMR hang in LAG error state unload During firmware reset in LAG mode, a race condition causes the driver to hang indefinitely while waiting for UMR completion during device unload. See 1. In LAG mode the bond devic...

CVE-2026-45973

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix UMR hang in LAG error state unload During firmware reset in LAG mode, a race condition causes the driver to hang indefinitely while waiting for UMR completion during device unload. See 1. In LAG mode the bond devic...

CVE-2026-45973

Summary: CVE-2026-45973 affects the Linux kernel RDMA mlx5 stack, causing an indefinite hang during device unload in LAG mode due to a race between master/slave error handling and UMR completion. The root cause is that, in LAG, the bond device is registered only on the master and may miss sys_err...

CVE-2026-45896 mtd: intel-dg: Fix accessing regions before setting nregions

In the Linux kernel, the following vulnerability has been resolved: mtd: intel-dg: Fix accessing regions before setting nregions The regions array is counted by nregions, but it's set only after accessing it: UBSAN: array-index-out-of-bounds in drivers/mtd/devices/mtdinteldg.c:750:15 index 0 is o...

PT-2026-43920

In the Linux kernel, the following vulnerability has been resolved: net: rds: fix MR cleanup on copy error rds rdma map hands sg/pages ownership to the transport after get mr succeeds. If copying the generated cookie back to user space fails after that point, the error path must not free those...

CVE-2026-45896

mtd: intel-dg: Fix accessing regions before setting nregions...