367606 matches found
CVE-2026-46214
CVE-2026-46214 relates to the Linux kernel vsock/virtio transport: a backlog count leak occurs when vsock_assign_transport() fails or switches transport, because sk_acceptq_added() is called before transport validation and not removed on error. This can cause sk_acceptq_is_full() to reject new co...
CVE-2026-46213
The CVE-2026-46213 issue affects the Linux kernel HID Apple keyboard driver (appletb-kbd). A use-after-free (UAF) in the inactivity-timer cleanup path during driver tear-down was fixed by reordering teardown: (1) call hid_hw_close()/hid_hw_stop() before backlight cleanup to prevent late callbacks...
CVE-2026-46212
CVE-2026-46212 concerns the Linux kernel’s batman-adv module. The vulnerability arises when deleting backbone claims in batman-adv (function batadv_bla_del_backbone_claims): the code drops a hash-list link entry that is still referenced, risking that the entry could be freed by batadv_claim_relea...
CVE-2026-46211
CVE-2026-46211 affects the Linux kernel drm/msm/gem component. The flaw in msm_ioctl_gem_info_get_metadata() can cause a NULL pointer dereference due to unchecked allocation (kmemdup()) and always returning 0 on errors, making userspace believe success. The issue is fixed by adding a NULL check f...
CVE-2026-46210
The CVE-2026-46210 issue affects the Linux kernel Iris media driver. A race between per-instance locks (inst->lock) and the core list lock (core->lock) allows a use-after-free during MBPF checks: MBPF iterates the core list and reads fields like fmt_src->width/height while iris_close() m...
CVE-2026-46209
CVE-2026-46209 affects the Linux kernel DRM GEM: a discrepancy between plane dimension calculations in drm_gem_fb_init_with_funcs() (plain integer division) and framebuffer_check() (DIV_ROUND_UP via drm_format_info_plane_width/height) can cause GEM size checks to miscalculate, potentially allowin...
CVE-2026-46208
In the Linux kernel, batman-adv has a vulnerability where tp_meter sessions are not stopped during mesh teardown in batadv_mesh_free(). This allows a running sender thread or late tp_meter packets to keep operating against a mesh instance that is shutting down, potentially causing system instabil...
CVE-2026-46207
The CVE-2026-46207 issue affects the Linux kernel’s vsock/virtio path, where non-linear skbs could fail to copy payloads to the vsockmon tap device due to iov_iter not being properly initialized. The fix standardizes handling for both linear and non-linear skbs by removing the linear/non-linear s...
CVE-2026-46205
Summary (grounded from provided sources): CVE-2026-46205 affects the Linux kernel atomisp driver (staging: media). The root cause is unsafe handling of private IOCTLs; the change disallows all private IOCTLs and returns early when cmd is non-zero to satisfy static checkers. This vulnerability is ...
CVE-2026-46206
The CVE-2026-46206 issue affects the Linux kernel’s batman-adv implementation, where the tp_meter component could start new sender or receiver sessions after mesh_state had exited BATADV_MESH_ACTIVE during teardown. The vulnerability stems from improper state management in batman-adv/tp_meter, po...
CVE-2026-46204
CVE-2026-46204 affects the Linux kernel DRM_AMDGPU driver (drm/amdgpu/vcn4). The root cause is an out-of-bounds read when parsing an Instruction Buffer (IB). The patch rewrites the IB parsing to use amdgpu_ib_get_value(), ensuring bounds checks are performed and preventing OOB reads. Public descr...
CVE-2026-46203
The CVE-2026-46203 issue affects the Linux kernel, specifically the spi: cadence-quadspi driver. The root cause is unclocked register access that can occur if the controller is not runtime-resumed before being disabled during driver unbind. The fix ensures the controller is runtime resumed prior ...
CVE-2026-46202
CVE-2026-46202 concerns the Linux kernel HID driver for the Apple Touch Bar (hid-appletb-kbd). The issue arises when inactivity autodim uses backlight_device_set_brightness() from two atomic contexts (a timer_list callback and input/event paths), causing a mutex lock from an atomic context bug an...
CVE-2026-46201
CVE-2026-46201 affects the Linux kernel drm/xe: an error path in xe_gem_prime_import() leaks a dma_buf attachment when xe_dma_buf_init_obj() fails, because the attachment from dma_buf_dynamic_attach() is not detached. The fix explicitly detaches via dma_buf_detach() before returning an error, avo...
CVE-2026-46200
CVE-2026-46200 affects the Linux kernel SPI MPC52xx driver. The issue stems from improper controller deregistration: the driver may deregister the controller after or without ensuring proper release of resources (interrupts, GPIOs) during driver unbind, risking system instability or resource exha...
CVE-2026-46199
CVE-2026-46199 affects the Linux kernel drm/amdgpu/vcn4 component. The root cause is missing bounds checking when parsing decoder messages, allowing out-of-bounds reads. The issue is resolved by adding checks against the end of the BO whenever the message is accessed. Impact is information disclo...
CVE-2026-46198
The CVE-2026-46198 issue affects the Linux kernel’s batman-adv component. A mismatch between integer types caused an integer overflow in batadv_iv_ogm_send_to_if, where buff_pos is s16 while the size check uses an int in batadv_iv_ogm_aggr_packet, potentially enabling an out-of-bounds read. The v...
CVE-2026-46197
The CVE-2026-46197 issue affects the Linux kernel DRM/AMDKFD component, where the nattr field validation for SVM ioctl was insufficient against the reported buffer size, enabling out-of-bounds access via a user-controlled attribute count. The root cause is input size validation failure in the SVM...
CVE-2026-46196
CVE-2026-46196 describes a Linux kernel tracepoint regression: during a 0→1 transition, tracepoint_add_func() calls ext->regfunc() before installing a probe, and if func_add() fails (e.g., -ENOMEM), it previously did not call ext->unregfunc(), leaving behind side effects. The fix mirrors th...
CVE-2026-46195
The CVE-2026-46195 entry concerns a Linux kernel SMB client vulnerability. 32-bit servers can supply a crafted dacloffset that wraps a DACL pointer, allowing dereferencing of DACL fields during chmod/chown if validated only after pointer arithmetic. The flaw occurs in parse_sec_desc(), build_sec_...
CVE-2026-46194
CVE-2026-46194 is a Linux kernel/f2fs race condition where f2fs_destroy_extent_node() clears extent nodes without FI_NO_EXTENT, allowing concurrent writeback to insert nodes and trigger a bug check. The issue arises when dropping inodes with I_SYNC during writeback, leading to a potential crash/D...
CVE-2026-46193
CVE-2026-46193 concerns a Linux kernel xfrm AH (AH) implementation issue where ESN high bits are not accounted for in async callback paths, causing miscalculation of ICV/auth offsets on IPv4/IPv6 when ESN is enabled and async hmac is used. The vulnerability arises from reconstructing the temporar...
CVE-2026-46192
CVE-2026-46192 concerns the Linux kernel spi: microchip-core-qspi driver, where transmitting garbage data during emulated read-only dual/quad operations could brick the QSPI transfer. The issue was resolved in the kernel, with reads handled by the core via clock cycles, removing the need to emit ...
CVE-2026-46190
Summary (CVE-2026-46190) : A Linux kernel vulnerability in the MTD SPI-NOR debugfs code caused an out-of-bounds read in spi_nor_params_show() due to passing an array of pointers to spi_nor_print_flags() with sizeof(snor_f_names). Since sizeof on a pointer array yields bytes, not element count, th...
CVE-2026-46191
CVE-2026-46191 concerns the Linux kernel fbcon component: when console rotation fails during fbcon_rotate_font(), the font buffer may overflow due to an OOB access. The fix clears the font buffer if the reallocation during console rotation fails and ensures the rotated buffer does not overflow. D...
CVE-2026-46189
CVE-2026-46189 affects the Linux kernel RDMA pvrdma component (pvrdma_alloc_ucontext). The issue is a double free: pvrdma_uar_free() is invoked in pvrdma_dealloc_ucontext() and is erroneously called before, creating a double free condition. Concrete fixes exist in OSV entries for multiple distrib...
CVE-2026-46188
CVE-2026-46188 affects the Linux kernel in the octeon_ep_vf driver. The vulnerability arises because napi_build_skb() can return NULL on allocation failure and __octep_vf_oq_process_rx() uses the result without checking for NULL in both the single-buffer and multi-fragment paths, causing a NULL p...
CVE-2026-46187
CVE-2026-46187 – summary of documented fixes : In the Linux kernel, the wifi: rsi driver experienced a kthread lifetime race between self-exit and external-stop, causing a UAF if the exited thread is accessed after free. The confirmed remediation is to remove kthread_stop() and wait for the self-...
CVE-2026-46186
Summary: CVE-2026-46186 affects the Linux kernel Bluetooth virtio_bt driver. The vulnerability arises in virtbt_rx_handle(), which reads the leading pkt_type byte from RX skb and forwards the rest to hci_recv_frame() for multiple packet types without validating that the remaining payload is large...
CVE-2026-46185
The CVE-2026-46185 issue affects the Linux kernel SMB client. The root cause is insufficient length validation in smb2_check_message() when processing symlink error responses, allowing a symlink_data() path to read beyond the buffer if iov_len is smaller than the 64-byte SMB2 header and accessing...
CVE-2026-46184
CVE-2026-46184 relates to the Linux kernel sound/ua101 driver. The root cause is a missing sanity check for bNrChannels in detect_usb_format(), which can lead to a division by zero in playback_urb_complete() and capture_urb_complete() when a device reports bNrChannels = 0. The USB core does not v...
CVE-2026-46183
CVE-2026-46183 affects the Linux kernel DAMON sysfs code. The vulnerability is a use-after-free in damon_sysfs_quot_goal->path: user reads/writes to the sysfs 'path' file can deallocate the underlying buffer, and current protection only guards parameter reads during commit; direct user access ...
CVE-2026-46182
The CVE-2026-46182 issue affects the Linux kernel component pseries/papr-hvpipe . The root cause is that a local kernel stack variable hdr (papr_hvpipe_hdr) is allocated on the stack and only hdr.version and hdr.flags are initialized, leaving reserved padding bytes uninitialized. When copied to u...
CVE-2026-46181
Summary: CVE-2026-46181 concerns the Linux kernel RDMA/mlx4 component. The root cause is improper use of Read-Copy Update (RCU) in mlx4_srq_event(), which could allow a race where an event is delivered before the srq object is fully initialized, potentially crashing the system. The documented fix...
CVE-2026-46179
In CVE-2026-46179, the Linux kernel ASoC SOF subsystem is vulnerable to a divide-by-zero when reporting the pointer for a compressed stream if stream parameters are unconfigured. The bug arises from dividing the I/O frame position by (channels × container bytes), which defaults to zero until stre...
CVE-2026-46180
CVE-2026-46180 concerns a use-after-free in wifi brcmfmac when stopping the watchdog task in the Linux kernel. The vulnerability is addressed by increasing the watchdog task reference count before send_sig() and then dropping it with kthread_stop_put(). Connected OSV entries show patches in Root:...
CVE-2026-46178
The CVE-2026-46178 entry concerns the Linux kernel RDMA/mlx4 component. A resource leak could occur during error handling in mlx4_ib_create_srq(), because mlx4_srq_alloc() was not undone during error unwinding. The fix adds a call to mlx4_srq_free() to properly release the resource when an error ...
CVE-2026-46177
The CVE-2026-46177 issue affects the Linux kernel IPMI driver. It describes a vulnerability where the driver could continuously fetch events and receive messages from the BMC (or become stuck) due to the BMC not signaling completion or the attn bit getting stuck. The documented fix limits event/m...
CVE-2026-46176
The CVE-2026-46176 issue affects the Linux kernel RDMA mlx5 path (mlx5_ib_dev_res_srq_init): when ib_create_srq() fails for s1, the error path can end up with freed s0 and ERR_PTR s1 assigned to devr->s0/devr->s1, leading to use-after-free/double-free risk in subsequent access. The fix adds...
CVE-2026-46175
Summary of CVE-2026-46175 (f2fs FGGC issue) : In the Linux kernel’s f2fs filesystem, Foreground Garbage Collection (FGGC) of node blocks could leave the fsync and dentry marks uncleared, causing fsck to misinterpret migrated data as fsync-written. The root cause is that the marks were not cleared...
CVE-2026-46174
In CVE-2026-46174, the Linux kernel vulnerability affects x86/CPU/AMD Zen2 by allowing improper isolation of shared resources in the Zen2 op cache, potentially leading to instruction corruption. The issue has been resolved in the Linux kernel, with Debian and Root packaging advisories noting fixe...
CVE-2026-46173
CVE-2026-46173 concerns the Linux kernel. The issue arises when an already-exiting task oopses and make_task_dead() calls do_task_dead() with preemption enabled, while __schedule() must be called with preemption disabled. If a preempted oopsing task is still in the dead-state, finish_task_switch(...
CVE-2026-46172
** CWE-XXXX**: CVE-2026-46172 affects the Linux kernel IPv6 xfrm6 path. The issue occurs in xfrm6_rcv_encap() during an IPv6 route lookup when a dst is not yet attached; ip6_route_input_lookup() can return a dst with an error, and if dst->error is set, the skb is dropped without attaching/rele...
CVE-2026-46171
The CVE-2026-46171 issue affects the Linux kernel KVM for RISCV, where a second kzalloc failure in kvm_riscv_vcpu_alloc_vector_context leaks the first allocation (guest_context.vector.datap). The root cause is a vector context allocation leak that can degrade system stability if not freed. A fix ...
CVE-2026-46170
CVE-2026-46170 affects the Linux kernel MPTCP implementation. When ADD_ADDR is retransmitted, the socket reference counting can fail to free the sk, which may trigger indefinite waiting in timer synchronization and cause a DoS. The root cause is improper timer handling during sk_free that could c...
CVE-2026-46169
The CVE-2026-46169 case concerns the Linux kernel HFS Plus (HFS+) filesystem. The root cause is that hfs_brec_read() validates only that entrylength fits a buffer but does not confirm that the on-disk catalog record size matches the expected type, allowing partial reads on corrupted filesystems. ...
CVE-2026-46168
The CVE-2026-46168 issue affects the Linux kernel's multipath TCP (mptcp) scheduling around timestamp sockopts. The root cause is using lock_sock_fast() (atomic context) around sock_set_timestamp() and sock_set_timestamping(), which can sleep and cause atomic-context issues. The published fixes r...
CVE-2026-46167
CVE-2026-46167 – Linux kernel usb/usblp heap leak : The vulnerability stems from an uninitialized status buffer (statusbuf) allocated at probe time for LPGETSTATUS. If a malicious printer returns zero bytes, a stale 8-byte heap region could be copied to userspace via LPGETSTATUS, causing a heap l...
CVE-2026-46166
The CVE-2026-46166 affects the Linux kernel’s wireless subsystem (mac80211) in the radar detect work. The root cause is unsafe list iteration during radar processing, where ieee80211_dfs_cac_cancel can free the iterated chanctx and remove it from the list, causing a slab-use-after-free. A guarded...
CVE-2026-46165
CVE-2026-46165 affects the Linux kernel openvswitch vport code, where a self-deadlock could occur on tunnel port release due to improper ordering between RCU callbacks and RTNL/normally synchronized code paths. The root cause: vports are protected by RCU and must have netdev_put() after the RCU g...