CVE-2026-9818

CVE-2026-9818 is rejected/not used; this entry does not represent an active vulnerability.

CVE-2026-9658

CVE-2026-9658 affects Plack::Middleware::Security::Common for Perl prior to version 0.13.1. The vulnerability arises from header-injection checks in request paths not consistently blocking crafted CRLF inputs unless double-encoded, e.g. GET /path\r\nHTTP/1.1\r\nHost: secret.example.com. The issue...

CVE-2026-48030

CVE-2026-48030 affects pheditor (versions 2.0.1–2.0.3). An OS Command Injection flaw exists in the terminal action handler of pheditor.php: the dir POST parameter is inserted into shell_exec() without sanitization, after a whitelist check on the command but not on dir. This allows an authenticate...

CVE-2026-46241

CVE-2026-46241 concerns the SPI driver for the MPC52xx in the Linux kernel, where a use-after-free can occur if controller registration fails because interrupts are not properly disabled and freed. The issue is resolved by a fix that ensures interrupts are disabled and resources freed on registra...

CVE-2026-46240

The CVE-2026-46240 issue affects the Linux kernel iris driver. A use-after-free occurs when iris_release_internal_buffers() accesses a buffer after session_release_buf() frees it, caused by a regression from a change that destroys internal buffers after FW releases. The documented fix sets BUF_AT...

CVE-2026-46239

CVE-2026-46239 affects the Linux kernel media: i2c: ov5647 driver. Concrete issue: three control paths (AUTOGAIN, EXPOSURE_AUTO, ANALOGUE_GAIN) return early without pm_runtime_put(), leaking runtime PM references. The patch changes these cases from return to a ret = ... break pattern to ensure pm...

CVE-2026-46238

CVE-2026-46238 affects the Linux kernel’s BAT IV implementation via the batman-adv subsystem. The issue stems from caching an auxiliary originator pointer derived from a temporary lookup in neigh_node state, where the pointer can be freed or become stale after purge handling. The documented fix i...

CVE-2026-46237

This CVE-2026-46237 entry is rejected/not used and does not represent an active vulnerability.

CVE-2026-46236

CVE-2026-46236 affects the Linux kernel media: rc Xbox remote driver, where the IO buffer was placed in the device structure, violating DMA coherency rules. This is a local, low-complexity issue with high availability impact. Publicly documented fixes are present in OSV entries for Root: Debian 1...

CVE-2026-46235

CVE-2026-46235 affects the Linux kernel saa7164 media driver. The issue arises from missing return value checks for ioremap calls in saa7164_dev_setup(), specifically for BAR0 and BAR2. When ioremap fails, the code now performs cleanup: releases allocated PCI memory regions, removes the device fr...

CVE-2026-46234

CVE-2026-46234 affects the Linux kernel vsock code, specifically the vsock_update_buffer_size path. The bug arises from clamping the buffer size: it first enforces the maximum, then the minimum, which allows vsk->buffer_size to exceed vsk->buffer_max_size when a larger minimum is configured...

CVE-2026-46233

CVE-2026-46233 affects the Linux kernel batman-adv component (batadv_bla_purge_claims). The issue arises when iterating the claims list with an rcu_read_lock() and encountering a claim being released, potentially setting backbone_gw to NULL before the delayed kfree, making batadv_bla_claim_get_ba...

CVE-2026-46232

The CVE-2026-46232 entry concerns the Linux kernel HID PlayStation driver. A flaw allows a device to report more touch_reports than the array can hold, risking an out-of-bounds read in dualshock4_parse_report and potentially exposing up to ~2 KiB of kernel memory when DS4_TOUCH_POINT_INACTIVE is ...

CVE-2026-46231

CVE-2026-46231 concerns the Linux kernel’s batman-adv code. When batadv_bla_add_claim() fails to insert a new claim into its hash, a reference to the target backbone_gw could be leaked. The vulnerability arises from not releasing that reference on the error path, potentially allowing a backbone_g...

CVE-2026-46230

CVE-2026-46230 affects the Linux kernel’s drm/amdgpu/vcn3 component. The vulnerability is an Out-of-Bounds read during decoder message parsing, due to missing bounds checks; the fix adds checks against the end of the BO before msg access. Impact is described as high severity (CVSSv3.1: Local, Low...

CVE-2026-46229

The CVE-2026-46229 issue affects the Linux kernel’s DRM/AMDKFD path: KFD VRAM allocations could leave stale data because AMDGPU_GEM_CREATE_VRAM_CLEARED was not applied in the KFD code path, unlike the GEM/user paths which already set VRAM_CLEARED. This allowed stale page-table remnants to leak in...

CVE-2026-46228

CVE-2026-46228 affects the Linux kernel, in the spi: ch341 driver, due to incorrect management of device resources (devres) lifetime. When a USB driver is unbound (e.g., probe deferral or config changes), resources tied to the interface could leak because their lifetimes weren’t released with the...

CVE-2026-46227

CVE-2026-46227 describes a race in the Linux kernel SCTP SENDALL path. The sctp_sendmsg() loop over ep->asocs caches the next entry in @tmp, then calls sctp_sendmsg_to_asoc() after dropping the socket lock, allowing a second thread to peel off the cached association and migrate it to a new end...

CVE-2026-46226

CVE-2026-46226 affects the Linux kernel SPI FSL driver, where deregistration of the controller was not ensured before releasing DMA resources during driver unbind. The issue is fixed in updated kernels across multiple OS packages (e.g., Root:Debian-11/12, Ubuntu 22.04+, Debian/Ubuntu roots with r...

CVE-2026-46225

CVE-2026-46225 concerns the Linux kernel SPI host controller driver (rspi). The issue arises when deregistering the controller: resources such as DMA can be released before proper deregistration, potentially impacting availability. The root cause is captured as “spi: rspi: fix controller deregist...

CVE-2026-46224

The CVE-2026-46224 issue affects the Linux kernel drm/xe driver. The bug is a lifecycle/ownership problem in xe_dma_buf_init_obj() where a pre-allocated storage bo is not freed when drm_gpuvm_resv_object_alloc() fails, leading to a potential resource leak. The kernel now ensures that, on failure,...

CVE-2026-46223

The CVE-2026-46223 issue concerns the Linux kernel cgroup subsystem: rmdir defers percpu_ref kill of CSS until the cgroup is depopulated. A chain of commits reworked rmdir behavior to ensure ->css_offline() does not run while tasks are still doing kernel work in the cgroup. The core problem wa...

CVE-2026-46222

In CVE-2026-46222, the Linux kernel’s media: rockchip: rkcif driver was fixed by adding the missing MUST_CONNECT flag to pads, addressing a null-pointer dereference when a media stream is enabled. The issue arose from pads not reliably checking for connected devices, enabling a local attacker to ...

CVE-2026-46221

CVE-2026-46221 concerns the Linux kernel EDAC/versalnet component. The issue is a memory leak where the device name allocated with kzalloc() in init_one_mc() is assigned to dev->init_name, then never freed on the normal removal path. Since device_register() copies init_name and then sets dev-&...

CVE-2026-46220

CVE-2026-46220 affects the Linux kernel’s drm/amdgpu sdma4 fence emission. The vulnerability stems from two BUG_ON(addr & 0x3) assertions in sdma_v4_0_ring_emit_fence(), which could be triggered by unprivileged userspace submissions via DRM_IOCTL_AMDGPU_CS, causing a kernel panic in a scheduler w...

CVE-2026-46219

CVE-2026-46219 concerns a use-after-free in the SPI mpc52xx path of the Linux kernel. The description indicates the state machine work is scheduled by the interrupt handler and must be cancelled after interrupts are disabled to avoid use-after-free. Connected OSV entries show patches in rootio-li...

CVE-2026-46218

The vulnerability CVE-2026-46218 affects the Linux kernel DRM AMDGPU driver. The issue is in ib_get_value/ib_set_value where the uvd/vce/vcn code accessed the Instruction Buffer (IB) at predefined offsets without verifying the IB size, enabling out-of-bounds reads/writes. The root cause is missin...

CVE-2026-46217

CVE-2026-46217 concerns the Linux kernel AMDGPU driver component drm/amdgpu/vcn4, where an integer overflow occurs during a message bound check. Red Hat reports the flaw could cause system instability or DoS, indicating the vulnerability lies in the vcn4 code path of the AMDGPU driver. Several so...

CVE-2026-46215

The CVE concerns a race condition in the Linux kernel’s DRM change_handle path. A concurrent gem_close could remove one handle while another remained dangling, enabling a use-after-free. The fix uses the same sequence as gem_close: first replace the old handle with NULL via idr_replace, then, if ...

CVE-2026-46216

The CVE-2026-46216 issue affects the Linux kernel drm/xe/hdcp module. When media GT is disabled via configfs, media_gt may be NULL, causing intel_hdcp_gsc_check_status() to dereference an invalid address and trigger a kernel pagefault. The fix adds a NULL check on media_gt and returns early if NU...

CVE-2026-46214

CVE-2026-46214 relates to the Linux kernel vsock/virtio transport: a backlog count leak occurs when vsock_assign_transport() fails or switches transport, because sk_acceptq_added() is called before transport validation and not removed on error. This can cause sk_acceptq_is_full() to reject new co...

CVE-2026-46213

The CVE-2026-46213 issue affects the Linux kernel HID Apple keyboard driver (appletb-kbd). A use-after-free (UAF) in the inactivity-timer cleanup path during driver tear-down was fixed by reordering teardown: (1) call hid_hw_close()/hid_hw_stop() before backlight cleanup to prevent late callbacks...

CVE-2026-46212

CVE-2026-46212 concerns the Linux kernel’s batman-adv module. The vulnerability arises when deleting backbone claims in batman-adv (function batadv_bla_del_backbone_claims): the code drops a hash-list link entry that is still referenced, risking that the entry could be freed by batadv_claim_relea...

CVE-2026-46211

CVE-2026-46211 affects the Linux kernel drm/msm/gem component. The flaw in msm_ioctl_gem_info_get_metadata() can cause a NULL pointer dereference due to unchecked allocation (kmemdup()) and always returning 0 on errors, making userspace believe success. The issue is fixed by adding a NULL check f...

CVE-2026-46210

The CVE-2026-46210 issue affects the Linux kernel Iris media driver. A race between per-instance locks (inst->lock) and the core list lock (core->lock) allows a use-after-free during MBPF checks: MBPF iterates the core list and reads fields like fmt_src->width/height while iris_close() m...

CVE-2026-46209

CVE-2026-46209 affects the Linux kernel DRM GEM: a discrepancy between plane dimension calculations in drm_gem_fb_init_with_funcs() (plain integer division) and framebuffer_check() (DIV_ROUND_UP via drm_format_info_plane_width/height) can cause GEM size checks to miscalculate, potentially allowin...

CVE-2026-46208

In the Linux kernel, batman-adv has a vulnerability where tp_meter sessions are not stopped during mesh teardown in batadv_mesh_free(). This allows a running sender thread or late tp_meter packets to keep operating against a mesh instance that is shutting down, potentially causing system instabil...

CVE-2026-46207

The CVE-2026-46207 issue affects the Linux kernel’s vsock/virtio path, where non-linear skbs could fail to copy payloads to the vsockmon tap device due to iov_iter not being properly initialized. The fix standardizes handling for both linear and non-linear skbs by removing the linear/non-linear s...

CVE-2026-46205

Summary (grounded from provided sources): CVE-2026-46205 affects the Linux kernel atomisp driver (staging: media). The root cause is unsafe handling of private IOCTLs; the change disallows all private IOCTLs and returns early when cmd is non-zero to satisfy static checkers. This vulnerability is ...

CVE-2026-46206

The CVE-2026-46206 issue affects the Linux kernel’s batman-adv implementation, where the tp_meter component could start new sender or receiver sessions after mesh_state had exited BATADV_MESH_ACTIVE during teardown. The vulnerability stems from improper state management in batman-adv/tp_meter, po...

CVE-2026-46204

CVE-2026-46204 affects the Linux kernel DRM_AMDGPU driver (drm/amdgpu/vcn4). The root cause is an out-of-bounds read when parsing an Instruction Buffer (IB). The patch rewrites the IB parsing to use amdgpu_ib_get_value(), ensuring bounds checks are performed and preventing OOB reads. Public descr...

CVE-2026-46203

The CVE-2026-46203 issue affects the Linux kernel, specifically the spi: cadence-quadspi driver. The root cause is unclocked register access that can occur if the controller is not runtime-resumed before being disabled during driver unbind. The fix ensures the controller is runtime resumed prior ...

CVE-2026-46202

CVE-2026-46202 concerns the Linux kernel HID driver for the Apple Touch Bar (hid-appletb-kbd). The issue arises when inactivity autodim uses backlight_device_set_brightness() from two atomic contexts (a timer_list callback and input/event paths), causing a mutex lock from an atomic context bug an...

CVE-2026-46201

CVE-2026-46201 affects the Linux kernel drm/xe: an error path in xe_gem_prime_import() leaks a dma_buf attachment when xe_dma_buf_init_obj() fails, because the attachment from dma_buf_dynamic_attach() is not detached. The fix explicitly detaches via dma_buf_detach() before returning an error, avo...

CVE-2026-46200

CVE-2026-46200 affects the Linux kernel SPI MPC52xx driver. The issue stems from improper controller deregistration: the driver may deregister the controller after or without ensuring proper release of resources (interrupts, GPIOs) during driver unbind, risking system instability or resource exha...

CVE-2026-46199

CVE-2026-46199 affects the Linux kernel drm/amdgpu/vcn4 component. The root cause is missing bounds checking when parsing decoder messages, allowing out-of-bounds reads. The issue is resolved by adding checks against the end of the BO whenever the message is accessed. Impact is information disclo...

CVE-2026-46198

The CVE-2026-46198 issue affects the Linux kernel’s batman-adv component. A mismatch between integer types caused an integer overflow in batadv_iv_ogm_send_to_if, where buff_pos is s16 while the size check uses an int in batadv_iv_ogm_aggr_packet, potentially enabling an out-of-bounds read. The v...

CVE-2026-46197

The CVE-2026-46197 issue affects the Linux kernel DRM/AMDKFD component, where the nattr field validation for SVM ioctl was insufficient against the reported buffer size, enabling out-of-bounds access via a user-controlled attribute count. The root cause is input size validation failure in the SVM...

CVE-2026-46196

CVE-2026-46196 describes a Linux kernel tracepoint regression: during a 0→1 transition, tracepoint_add_func() calls ext->regfunc() before installing a probe, and if func_add() fails (e.g., -ENOMEM), it previously did not call ext->unregfunc(), leaving behind side effects. The fix mirrors th...

CVE-2026-46195

The CVE-2026-46195 entry concerns a Linux kernel SMB client vulnerability. 32-bit servers can supply a crafted dacloffset that wraps a DACL pointer, allowing dereferencing of DACL fields during chmod/chown if validated only after pointer arithmetic. The flaw occurs in parse_sec_desc(), build_sec_...