367748 matches found
CVE-2026-46103
CVE-2026-46103 affects the Linux kernel, specifically the USB stack where can: ucan fixes the devres lifetime. The root cause is that resources bound to USB interfaces were not guaranteed to outlive the parent USB device, leading to memory leaks when drivers unbind (e.g., during probe deferrals o...
CVE-2026-46102
The CVE-2026-46102 issue affects the Linux kernel network stream parser (net: strparser). When the stream parser is aborted (e.g., after a message assembly timeout), the partially assembled message referenced by strp->skb_head is not released in strp_abort_strp(), causing a memory leak that co...
CVE-2026-46101
CVE-2026-46101 — Linux kernel netfilter nft_bitwise : The issue arises in the carry-propagation for 32-bit words when a zero shift operand is used in nft_bitwise left/right shift expressions, causing undefined behaviour. The fix rejects zero shift operands during initialization and extends the ex...
CVE-2026-46100
CVE-2026-46100 concerns the Linux kernel AFS subsystem where a change to mmap_prepare() could leak a refcount when a merge or allocation failure occurs after the call. The public descriptions across multiple sources indicate a partial revert of the change that converted generic_file_mmap() users ...
CVE-2026-46099
The CVE-2026-46099 entry describes a use-after-free race in Linux kernel IPv6 handling for seg6 and rpl lightweight tunnels. A NOREF destination cached during ip6_route_input() can be freed by a concurrent FIB lookup on a shared nexthop under PREEMPT_RT, leading to a WARN or potential instability...
CVE-2026-46098
CVE-2026-46098 affects the Linux kernel caif driver. The vulnerability arises when, after remote shutdown, caif_connect() tears down a client by calling caif_disconnect_client() and caif_free_client(), where caif_free_client() releases the service layer pointer but leaves adap_layer->dn dangli...
CVE-2026-46097
CVE-2026-46097: Linux kernel use-after-free in edt-ft5x06 debugfs teardown is fixed by protecting raw_buffer freeing with the device mutex and NULLing raw_buffer. The fix is described in the commit 68743c500c6e and related changes; applied so far to kernel components referenced in public advisori...
CVE-2026-46096
CVE-2026-46096 affects the Linux kernel TPM subsystem. The root cause is a leak in tpm2_read_public where tpm_buf_destroy() is missing on two exit paths after tpm_buf_init(), leaking a page allocation. The fix adds missing tpm_buf_destroy() calls on those exit paths, correcting both the error pat...
CVE-2026-46095
CVE-2026-46095 is a Linux kernel vulnerability resolved by moving the barrier raise before the llbitmap state machine transitions. The fix updates two functions, llbitmap_start_write() and llbitmap_start_discard(), to ensure the barrier is raised prior to any state changes, preventing a race wher...
CVE-2026-46094
CVE-2026-46094 affects the Linux kernel ext4 code. The vulnerability arises from a bounds check in check_xattrs() for the next xattr entry, where the code compared (void*)next >= end. This could allow next to point within sizeof(u32) bytes of end, and on the subsequent loop iteration IS_LAST_E...
CVE-2026-46093
CVE-2026-46093 affects the Linux kernel mm/vmalloc subsystem. The issue arises because decay_va_pool_node() can be invoked concurrently from two paths—the purge path and the shrinker path via vmap_node_shrink_scan—without proper serialization. This leads to races and potential memory leaks. The d...
CVE-2026-46092
CVE-2026-46092 relates to the Linux kernel's wifi rtw88 driver (8821CE) where pci_upstream_bridge() returns NULL for devices on a root bus, risking a crash during probe on certain PCI topologies. The fix is to explicitly check for the PCI upstream bridge before applying the workaround. A patch wa...
CVE-2026-46091
CVE-2026-46091 : Linux kernel vulnerability in the igorplugusb driver where a USB control request may be subject to DMA, violating DMA coherency rules. The resolution requires allocating the affected structure separately to enforce coherency. Public records identify the issue across multiple dist...
CVE-2026-46090
CVE-2026-46090 affects the Linux kernel ALSA aloop driver. A use-after-free in loopback_check_format() can occur when playback starts with parameters that no longer match a running capture stream, while a concurrent close may detach or free the runtime. The issue arises after a patch that moved t...
CVE-2026-46089
CVE-2026-46089: The Linux kernel zram discard path fails to endio for partial discard requests, causing blkdiscard to hang indefinitely. Fixes jump to end_bio and call bio_endio; CVSS v3.1 base 5.5 (Local, Low complexity). Public disclosures in NVD/NASL entries reference kernel commits addressing...
CVE-2026-46088
CVE-2026-46088 affects the Linux kernel (ALSA subsystem). The vulnerability arises in snd_ctl_elem_init_enum_names() where a loop advances through a names buffer using buf_len, and may call fortified strnlen(p, 0) when buf_len reaches zero but items remain. Public documents indicate the fix added...
CVE-2026-46087
CVE-2026-46087 affects the Linux kernel DAMON subsystem. The issue is a memory leak: if damon_start() fails, the memory context created by damon_stat_build_ctx() could remain allocated and the stale damon_stat_context pointer reused on the next enable attempt. The documented fix makes the code pa...
CVE-2026-46086
The CVE-2026-46086 issue affects the Linux kernel’s bridge FDB code. Local FDB entries could be rewritten in place by fdb_delete_local(), changing f->dst to another port or NULL while entries remain alive. Several bridge RCU readers (e.g., br_fdb_fillbuf() via brforward_read()) may observe f-&...
CVE-2026-46085
CVE-2026-46085 affects the Linux kernel rxrpc subsystem (rxkad crypto unalignment handling). The vulnerability arises from processing a packet with a misaligned crypto length and from handling non-ENOMEM decryption errors, with the WARN_ON_ONCE removal enabling remote triggering of issues. A remo...
CVE-2026-46084
CVE-2026-46084 : In the Linux kernel, the mana_ib driver fails to disable vPort RX steering when destroying RSS QP, leaving stale steering that may reference freed RX WQ objects. If traffic continues and a VF is brought up, the firmware can deliver completions using old CQ IDs, causing RX complet...
CVE-2026-46083
CVE-2026-46083 concerns the Linux kernel SPI subsystem. The description indicates a fix for resource leaks that occur when a device is being set up and spi_setup() fails during registration, requiring a call to controller cleanup() to avoid leaking resources allocated by setup(). OpenSUSE/SUSE ad...
CVE-2026-46082
CVE-2026-46082 is a Linux kernel KVM vulnerability (SVM) where INVLPGA generates a #UD if EFER.SVME is 0. The issue affects kernel code handling SVM, with local attack potential and high impact on availability, and was addressed by a patch adding a proper #UD injection when EFER.SVME=0. Public re...
CVE-2026-46081
CVE-2026-46081 is a Linux kernel vulnerability in the crypto/acomp subsystem. The issue arises when an asynchronous hardware implementation (e.g., QAT) completes a request using the DMA virtual address interface, causing acomp_save_req() to store a pointer to the wrong object in req->base.data...
CVE-2026-46080
CVE-2026-46080 : In the Linux kernel, the ocfs2 code path is fixed to prevent credit-exhaustion during direct I/O (dio) by splitting transactions in dio completion and batching extent handling. The patch relocates removing inodes from the orphan list until the extent tree update completes, reduci...
CVE-2026-46079
CVE-2026-46079 concerns the Linux kernel RBD path. The issue arises when device_add_disk() is followed by a failure in device_add_disk(); the code can call rbd_free_disk() twice and then rbd_dev_device_release(), causing a null-ptr-deref in __blk_mq_free_map_and_rqs() during blk-mq cleanup. The f...
CVE-2026-5515
CVE-2026-5515 affects IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0. The vulnerability arises because the product stores potentially sensitive information in log files that could be read by a local user, enabling confidential disclosure. Affected versions and remediation are documented by ...
CVE-2026-46078
Summary: CVE-2026-46078 affects the Linux kernel EROFS filesystem, where trailing dirents can trigger an out-of-bounds read due to incorrect nameoff handling. The root cause is that namelen calculations for trailing dirents use strnlen with unchecked nameoffs, allowing underflow when nameoff >...
CVE-2026-46077
CVE-2026-46077 involves a Linux kernel crypto module (atmel-tdes) where DMA sync direction was incorrect. The issue occurs when DMA output was consumed by the CPU and the address_out was not synced with the CPU correctly, risking stale data on non‑coherent platforms. The published fixes switch to...
CVE-2026-46076
The CVE-2026-46076 entry concerns the Linux kernel KVM nSVM, where an unhandled VMMCALL can produce an Undefined Opcode (#UD) when L2 is active, L1 does not intercept, nested_svm_l2_tlb_flush_enabled() is true, and the hypercall is not among the supported Hyper-V hypercalls. The vulnerability ari...
CVE-2026-46075
CVE-2026-46075 concerns the Linux kernel crypto driver crypto: atmel-sha204a. The available details describe a fix for potential use-after-free (UAF) and a memory leak in the remove path. The remediation includes:Unregistering the hwrng to stop new read() calls and flushing the Atmel I2C workqueu...
CVE-2026-46074
CVE-2026-46074 is addressed in openSUSE openSUSE Tumbleweed via kernel-devel-7.0.11-1.1. The issue is in the Linux kernel SPI ch341 driver, where memory leaks occur on probe failures due to improper cleanup. The patch requests deregistration of the controller, disabling pins, and killing/freeing ...
CVE-2026-46073
CVE-2026-46073 is a Linux kernel issue in hwmon: powerz where wait_for_completion_interruptible_timeout() could return -ERESTARTSYS on signal interrupt and skip usb_kill_urb(), leading to reads from an unfilled transfer buffer. Public documents confirm a patch that: 1) captures the function retur...
CVE-2026-46072
CVE-2026-46072 describes a vulnerability in ntfs3 within the Linux kernel where run_unpack() can perform an out-of-bounds read. Specifically, after checking run_buf
CVE-2026-46071
CVE-2026-46071 concerns Linux kernel KVM/nSVM behavior where svm_copy_lbrs() marks VMCB_LBR dirty, and nested_svm_vmexit() copies LBRs to vmcb12; clearing VMCB_LBR dirty bits in vmcb12 was not architecturally defined. The fix moves vmcb_mark_dirty() back to callers and drops it for vmcb12, enabli...
CVE-2026-46070
CVE-2026-46070 pertains to the Linux kernel md/raid5 path where journal metadata blocks could be overrun due to missing validation of on-disk payload sizes. r5c_recovery_analyze_meta_block() and r5l_recovery_verify_data_checksum_for_mb() may read or offset beyond a page boundary when payload size...
CVE-2026-46069
CVE-2026-46069 affects the Linux kernel mwifiex driver (wifi) where mwifiex_adapter_cleanup() used timer_delete() on wakeup_timer before freeing the adapter, risking a use-after-free if wakeup_timer_fn is running. The issue is resolved by replacing timer_delete() with timer_delete_sync() to ensur...
CVE-2026-46068
CVE-2026-46068 affects the Linux kernel's crypto nx path: bounce buffers allocated with _get_free_pages() (BOUNCE_BUFFER_ORDER) are freed with free_page() instead of free_pages(), causing memory leaks. The fix uses free_pages() with the matching order in nx842_crypto {alloc,free}_ctx. Affected: L...
CVE-2026-46067
CVE-2026-46067 affects the Linux kernel DAMON core. The issue arises because the code path in mm/damon/core validates the node-datas used by NODE-DATA() relies on damos_quota_goal->nid but does not validate its value, allowing an arbitrary nid to be supplied for node_memcg_{used,free}_bp. This...
CVE-2026-46066
CVE-2026-46066 pertains to a Linux kernel issue that surfaces as a panic in multi-folio encrypted writes when a bounce buffer allocation fails during fscrypt-enabled CephFS writes. The root cause, described in the CVE entry, is that move_dirty_folio_in_page_array() may fail after the batch has st...
CVE-2026-46065
CVE-2026-46065 affects the Linux kernel framebuffer (fbdev) defio mechanism. The issue arises from disconnecting deferred I/O from the lifetime of struct fb_info, by holding state in struct fb_deferred_io_state and freeing the instance only after the final mapping closes. If fb_info/defio are fre...
CVE-2026-46064
CVE-2026-46064 affects the Linux kernel’s ibmasm_send_i2o_message, where the copy size is derived from user-controlled dot_command_header fields and not validated against allocation size. This can let an attacker perform a heap over-read by memcpy_toio(), reaching up to ~65 KB beyond the allocate...
CVE-2026-46063
The CVE-2026-46063 issue affects the Linux kernel with x86 shadow stack (shstk) handling of sigreturn. Root cause: during a shadow-stack sigframe read, the kernel previously held the mmap lock while verifying VMA flags to distinguish shadow stack memory. A page fault during this read could trigge...
CVE-2026-46062
In the Linux kernel ntfs3 driver, CVE-2026-46062 arises from an integer overflow in run_unpack() where the volume boundary check uses raw addition (lcn + len) against sbi->used.bitmap.nbits. This can wrap for large lcn/len values, bypassing validation. A fix uses check_add_overflow() (consiste...
CVE-2026-46061
Summary: CVE-2026-46061 is a Linux kernel issue in jbd2/journal handling that can cause an ABBA deadlock when filesystem blocksize is smaller than pagesize. The root cause is a lock-order conflict introduced by switching to __find_get_block_nonatomic() which can hold folio and buffer locks in the...
CVE-2026-46060
CVE-2026-46060 : In the Linux kernel crypto: qat path, IRQ cleanup on 6xxx probe failure can race during partial adf_dev_up() completion. When adf_isr_resource_alloc() has registered IRQ handlers (eg qat0-bundle0) and then probe fails, devres may tear down MSI-X vectors via pci_free_irq_vectors w...
CVE-2026-46059
CVE-2026-46059 : In the Linux kernel, KVM/nSVM handling of NRIPS and NextRIP after the first L2 VMRUN could miscompute NextRIP if NRIPS is disabled and a soft interrupt is injected, leading to a correctness issue after save/restore. The vulnerability arises because L1 may provide an incorrect Nex...
CVE-2026-46058
CVE-2026-46058 affects the Linux kernel’s amphion VPU driver, where a race in the Video4Linux m2m framework could lead to a use-after-free and kernel panic. The issue arises when v4l2_m2m_ctx_release() frees the m2m_ctx while v4l2_m2m_try_run() is about to call device_run, potentially crashing vi...
CVE-2026-46057
The connected OpenSUSE advisory for CVE-2026-46057 documents a Linux kernel Landlock issue where fork() does not preserve the Landlock security blob because hook_cred_transfer() only copies the blob when a domain exists. The fix is to unconditionally copy the Landlock credential blob to ensure su...
CVE-2026-46056
The CVE-2026-46056 entry documents a Linux kernel Bluetooth UAF vulnerability in the SSP passkey handlers (hci_event path). The issue arises when hci_conn lookup and field access are performed without holding the hdev lock, creating a window where a connection could be freed concurrently in hci_u...
CVE-2026-46055
CVE-2026-46055 affects the Linux kernel AppArmor LSM. The issue is a missing string terminator in aa_dfa_match, causing a slab-out-of-bounds read/write during path mounting on ARM64 Ubuntu 26.04 with Linux 7.0-rc4 (Snapdragon X1). Reported impact includes potential DoS or information disclosure. ...