205412 matches found
CVE-2026-45889
A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. This vulnerability occurs due to incorrect accounting for out-of-order OoO data in the mptcprcvbufgrow function. A subtle and very unlikely race condition could lead to a divide-by-zero error, potentially causing a system...
CVE-2026-45888
A flaw was found in the Linux kernel's md/raid1 module. This vulnerability occurs when the raid1run function calls setupconf to register a thread, but a subsequent failure in raid1setlimits prevents the proper unregistration of this thread. This oversight leads to a memory leak, consuming system...
CVE-2026-45890
A flaw was found in the Linux kernel's xen-netback component. A malicious or buggy Xen guest can exploit this by writing a zero value to the 'multi-queue-num-queues' xenbus key. This improper input validation can trigger a warning in the kernel's memory allocation, leading to a guest-to-host Deni...
CVE-2026-45895
A flaw was found in the Linux kernel. A local attacker could exploit a livelock condition between the quotactl and freezesuper operations. This occurs when a filesystem is frozen and the quotactlblock function enters a retry loop, preventing the system from reaching an RCU Read-Copy Update...
CVE-2026-45893
A flaw was found in the Linux kernel's AppArmor security module. This vulnerability occurs when AppArmor attempts to create tables from user-provided data that may be unaligned in memory. A local attacker could exploit this by providing specially crafted input, leading to unaligned memory accesse...
CVE-2026-45896
A flaw was found in the Linux kernel's mtdinteldg driver. This vulnerability occurs because the regions array is accessed before its size nregions is properly set, leading to an out-of-bounds memory access. A local attacker could potentially exploit this issue to cause system instability or a...
CVE-2026-45902
A flaw was found in the Linux kernel's bq256xx power supply driver. A race condition during device removal or probing can lead to a use-after-free vulnerability. This occurs when an interrupt handler attempts to access a power supply handle that has already been freed or is uninitialized. A local...
CVE-2026-45901
A flaw was found in the Linux kernel's netfilter nftables component. This vulnerability allows a local attacker to cause a denial of service DoS by triggering a circular lock dependency. This occurs when nft reset, ipset list, and iptables-nft with a '-m set' rule are executed concurrently, leadi...
CVE-2026-45891
A flaw was found in the Linux kernel's hns3 network driver. This double-free vulnerability occurs due to incorrect handling of the txspare buffer during ring parameter setup. If memory allocation fails in the error cleanup path, a stale pointer to backup memory is erroneously freed twice. This ca...
CVE-2026-45894
A flaw was found in the Linux kernel's Intel VT-d Virtualization Technology for Directed I/O Scalable Mode. When a Process Address Space ID PASID table entry is being removed, the system may attempt to clear the entry before properly signaling to the hardware that the entry is no longer active...
CVE-2026-45892
A flaw was found in the Linux kernel's ext4 filesystem. This vulnerability occurs during certain buffered write operations when splitting unwritten data blocks, known as extents. A logic error can lead to an inconsistency where the filesystem's internal record of data blocks the extent status tre...
CVE-2026-45897
A flaw was found in the Linux kernel's netfilter component, specifically in how network counters are handled. This vulnerability allows for a race condition during simultaneous operations to read and reset these counters. As a result, counter values could be incorrectly reduced, leading to...
CVE-2026-45898
A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA Internet Wide Area RDMA Protocol iWARP subsystem. Incorrect work submission logic in the iwcm component can lead to multiple queueing of work items. This allows a work item to be processed and freed while still present in the...
CVE-2026-45899
A flaw was found in the Linux kernel, specifically within the ext4 filesystem's extent cache management. When an operation to split an extent fails, the system may not properly clear all related entries, leading to stale extent entries remaining in the extent status tree. This can result in data...
CVE-2026-45900
A flaw was found in the Linux kernel's crypto: caam module. When the dpaa2caamprobe function attempts to set up network devices netdevs and the dpaa2dpsecidpiosetup function fails, the allocated netdevs are not properly freed. This oversight in the error handling can lead to memory leaks,...
CVE-2026-45903
A flaw was found in the Linux kernel's Berkeley Packet Filter BPF verifier. This vulnerability occurs because several BPF helper functions lack proper memory access flags, such as MEMRDONLY or MEMWRITE. Consequently, the verifier may incorrectly assume that buffer contents remain unchanged across...
CVE-2026-42782
Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects...
CVE-2025-68710
Easyelife App lock aka Fingerprint,Applock or locker.app.safe.applocker 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows -...
CVE-2026-45904
A flaw was found in the Linux kernel's PowerPC Enhanced Error Handling EEH driver. This issue involves a recursive locking mechanism where the system attempts to acquire a Peripheral Component Interconnect PCI bus lock multiple times. This can lead to a system deadlock, causing unresponsiveness a...
CVE-2026-45906
A flaw was found in the Linux kernel's power supply driver for the pf1550 component. A race condition during system shutdown or startup could lead to a use-after-free vulnerability. This issue allows an interrupt to access memory that has been deallocated or not yet initialized, potentially causi...
CVE-2026-45905
A flaw was found in the Linux kernel's networking subsystem, specifically within the xfrm IPsec component. A race condition can occur during the processing of Internet Control Message Protocol ICMP error messages. This vulnerability allows a local attacker to trigger a kernel warning, which could...
CVE-2026-45908
A flaw was found in the Linux kernel's accel/amdxdna component. The amdxdnaubufmap function allocates memory for scatter-gather SG and internal SG table structures. However, it fails to free this allocated memory if subsequent operations, such as sgalloctablefrompages or dmamapsgtable, encounter ...
CVE-2026-45907
A flaw was found in the Linux kernel's mlx5e network driver. Incorrect lock ordering between devlink and netdev instance locks can lead to deadlocks. This issue can be triggered during various work tasks related to devlink health reporter recovery or concurrent channel tear down. A local attacker...
CVE-2026-45910
A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA RXE component. A race condition exists between the retransmittimer and rxedestroyqp functions. This can cause a Queue Pair QP reference count to underflow, leading to a use-after-free vulnerability. A local attacker could...
CVE-2026-45912
A flaw was found in the Linux kernel's ext4 filesystem. During certain file operations, specifically when splitting data extents, an issue with caching can lead to incorrect tracking of disk space. This can result in errors in space accounting, potentially impacting data integrity and the overall...
CVE-2026-45911
A flaw was found in the Linux kernel's Cadence Design Systems USB3 cdns3 driver. During system resume, if the USB role is switched to host mode, the driver attempts to access an uninitialized device, leading to a NULL pointer dereference. This can be exploited by a local user to cause a system...
CVE-2026-45913
A flaw was found in the Linux kernel's bridge multicast module. This vulnerability arises from an inconsistency in how the system tracks multicast database entries mdbnentries for virtual local area network VLAN contexts. A local user with network configuration privileges could exploit this by...
CVE-2026-45914
A flaw was found in the Linux kernel's hwmon: ibmpex driver. A race condition exists where a userspace process reading a sensor file can attempt to access freed memory if it races with a device deletion operation. This use-after-free vulnerability could allow a local attacker to cause a system...
CVE-2026-45915
A flaw was found in the Linux kernel's handling of FAT File Allocation Table filesystems. When processing corrupted FAT images, the rmdir function can incorrectly decrement the parent directory's link count. This underflow can lead to a system instability or a denial of service DoS by triggering ...
CVE-2026-45916
A flaw was found in the Linux kernel's sbs-battery power supply driver. A race condition exists where an interrupt can occur after the powersupply handle has been freed but before the interrupt handler is unregistered. This can lead to the interrupt handler attempting to use a freed powersupply...
CVE-2026-45918
A flaw was found in the Linux kernel's handling of OpenVPN Open Virtual Private Network TCP Transmission Control Protocol connections. A race condition can occur when a userspace process closes a socket while a peer is in the kernel's release list. This can lead to a null pointer dereference when...
CVE-2026-45917
A flaw was found in the Linux kernel's IP Virtual Server IPVS component. A race condition exists between the network device notifier and the destination cache when a device is shutting down. This can lead to a leaked device reference, potentially causing system instability or a denial of service...
CVE-2026-45919
A flaw was found in the Linux kernel's real-time RT scheduler. Under specific heavy load conditions, a vulnerability in the rtonextcpu function can cause a CPU to repeatedly interrupt itself. This leads to a CPU hardlockup, resulting in a Denial of Service DoS for the system. This issue can be...
CVE-2026-45921
A flaw was found in the Linux kernel's mtd: parsers component. A memory leak occurs in the mtdparsertplinksafeloaderparse function. This happens when a buffer is allocated but not freed if a subsequent allocation for a part name fails, leading to unreleased memory. This could potentially lead to...
CVE-2026-45920
A flaw was found in the Linux kernel's ext4 filesystem. This vulnerability allows a local user to trigger an inconsistency in the dirty clusters count during filesystem shutdown. The issue stems from a double decrement in the error handling path, which can lead to system instability and a denial ...
CVE-2026-45922
A flaw was found in the Linux kernel, specifically within the RDMA/mlx5 component. When the GETDATADIRECTSYSFSPATH handler processes a device path, it allocates memory. If the device path's length exceeds the designated output buffer, the allocated memory is not properly released. This oversight...
CVE-2026-45923
A flaw was found in the Linux kernel's net: usb: catc driver. A malformed Universal Serial Bus USB device can present endpoint descriptors with transfer types that differ from what the driver expects. This can lead to the driver attempting to use incorrect endpoint types, potentially causing...
CVE-2026-45924
A flaw was found in ksmbd, a component of the Linux kernel. This vulnerability occurs because ksmbdvfskernpathendremoving is not called on certain error paths, leading to unbalanced inode locks and references. This can result in potential deadlocks and unbalanced locks, which may cause system...
CVE-2026-45925
A flaw was found in the Linux kernel's thermal management module. A reference leak occurs in the thermalofcmlookup function because a device node trnp obtained through ofparsephandle is not properly released. This issue can lead to resource exhaustion over time, potentially impacting system...
CVE-2026-45926
A flaw was found in the Linux kernel. When initializing a Pulse Width Modulation PWM chip, a memory leak can occur if the pwmchipalloc function fails. This happens because the allocated pwmchip's initial reference is not properly released, leading to unmanaged memory consumption. This vulnerabili...
CVE-2026-45927
A flaw was found in the Linux kernel's Berkeley Packet Filter BPF subsystem. This vulnerability, a Time-of-check to time-of-use TOCTOU bug, allows a local attacker to modify the contents of a BPF map after its hash has been calculated but before it is frozen. Consequently, a trusted loader could ...
CVE-2026-45930
A flaw was found in the Linux kernel's Multi-Channel Transport Protocol MCTP networking implementation. When processing a RTMGETNEIGH request, the system may return uninitialized data in the ndmsg pad bytes. This can allow a local attacker to obtain sensitive information from kernel memory, leadi...
CVE-2026-45928
A flaw was found in the Linux kernel's wave5 media driver. When a vpu instance is allocated, and a subsequent allocation for codecinfo fails, the driver returns an error without freeing the previously allocated vpu instance. This oversight leads to a memory leak, which could potentially impact...
CVE-2026-45929
A flaw was found in the Linux kernel's ovpn module. A use-after-free vulnerability exists in the ovpnnetxmit function where a freed skb socket buffer pointer can be used for subsequent operations. This can occur when skbsharecheck frees the original skb if it is shared, leading to a stale pointer...
CVE-2026-45931
A flaw was found in the Linux kernel's accel/amdxdna module. This vulnerability occurs when the iommusvaunbinddevice function attempts to access a memory management mm structure after it has been deallocated, leading to a use-after-free condition. This can result in a system crash, causing a Deni...
CVE-2026-45932
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix tcx/netkit detach permissions when prog fd isn't given This commit fixes a security issue where BPFPROGDETACH on tcx or netkit devices could be executed by any user when no program fd was provided, bypassing permission...
CVE-2026-45933
A flaw was found in the Linux kernel's BPF Berkeley Packet Filter verifier. The synclinkedregs function fails to preserve the register ID during bounds propagation, which can lead to incorrect register state. This issue may allow a local attacker to trigger a 'division by zero' error, resulting i...
CVE-2026-45934
A flaw was found in the Linux kernel's btrfs filesystem. This issue occurs due to non-consecutive gaps in chunk allocation, leading to overlapping chunk maps. A local attacker could exploit this by triggering specific chunk allocation scenarios, potentially causing filesystem operations to abort...
CVE-2026-45935
A flaw was found in the Linux kernel's NTFS3 filesystem driver. Insufficient bounds checking when processing log records in the DeleteIndexEntryRoot function allows a local attacker to provide a maliciously large entry size. This can lead to a heap buffer overflow, a type of memory corruption,...
CVE-2026-45937
A flaw was found in the Linux kernel's inside-secure/eip93 cryptographic driver. This vulnerability occurs during the driver detachment process, where a programming error leads to the same hash algorithm being unregistered multiple times. This issue can cause a kernel panic, resulting in a Denial...