206286 matches found
CVE-2026-53104
A flaw was found in the Linux kernel's mt76 Wi-Fi driver. This vulnerability, a memory leak, occurs when the device is destroyed during module unload. Specifically, the mt76dmacleanup routine fails to properly destroy the pagepool associated with all MT76 receive queues, leading to unreleased...
CVE-2026-53069
A flaw was found in the Linux kernel's networking subsystem. This vulnerability, a null-pointer dereference, occurs in the XDP eXpress Data Path redirect mechanism when processing network traffic on a bonding device that has not been fully initialized. An attacker could potentially trigger this...
CVE-2026-53038
A flaw was found in the Linux kernel's Integrity Measurement Architecture IMA subsystem. When handling unsupported Trusted Platform Module TPM hash algorithms, the imafs component incorrectly accesses a hash algorithm name array, leading to a read out-of-bounds. This vulnerability could allow a...
CVE-2026-52997
A flaw was found in the Linux kernel's schdualpi2 qdisc queueing discipline component. When dualpi2change attempts to enforce updated limit and memory limit values, it may incorrectly try to dequeue packets from an empty C-queue while packets are present in the L-queue. This can lead to a NULL sk...
CVE-2026-52974
A flaw was found in the Linux kernel's network Transport Layer Security TLS module. Specifically, a memory leak occurs during the setup of receive offload when a particular function fails. This issue can lead to the gradual consumption of system memory. If exploited repeatedly, this could result ...
CVE-2026-53108
A flaw was found in the Linux kernel. A race condition exists between the movepages system call, which sets up a Page Middle Directory PMD migration entry, and the munmap system call, which unmaps memory regions. This race can be exploited by a local user to trigger a kernel bug, causing a system...
CVE-2026-53121
A flaw was found in the Linux kernel's amd-pstate driver. When the amdpstateeppcpuinit function fails to set the Energy Performance Preference EPP, it does not properly free a previously allocated data object. This oversight leads to a memory leak, which could result in resource exhaustion over...
CVE-2026-52962
A flaw was found in the Linux kernel, specifically within the Ceph file system's extended attribute handling. A buffer leak occurs in the cephsetxattr function because a previously allocated buffer oldblob is not properly released. This can lead to resource exhaustion over time, potentially causi...
CVE-2026-41567
A flaw was found in Moby, the open-source container framework, and Docker Engine. A malicious container image can exploit this vulnerability to achieve arbitrary code execution with full daemon privileges, including host root access. This occurs when a user uploads a compressed archive to the...
CVE-2026-52995
A flaw was found in the Linux kernel's Reliable Datagram Sockets RDS subsystem. This vulnerability allows a local unprivileged user to disclose sensitive kernel memory. When a user queries connection information through getsockoptSOLRDS, RDSINFOIBCONNECTIONS while an RDS connection is not fully...
CVE-2026-52948
A flaw was found in the Linux kernel's I2C Inter-Integrated Circuit subsystem. A malicious local user can exploit an integer overflow vulnerability in the I2CTIMEOUT ioctl. By providing a large timeout value, the multiplication by 10 causes an overflow, leading to a truncated value. This results ...
CVE-2026-52946
A flaw was found in the Linux kernel. A lock order deadlock can occur in the sendsigio and sendsigurg functions when a process group receives a signal. This vulnerability, caused by an unsafe lock order during software interrupts SOFTIRQ in asynchronous I/O fasync signaling, could allow a remote...
CVE-2026-53067
A flaw was found in the Linux kernel's PCI Peripheral Component Interconnect endpoint Message Signaled Interrupts MSI doorbell allocation. When MSI allocation fails, the system may attempt to free already freed memory, leading to a double-free vulnerability. This issue can result in memory...
CVE-2026-53032
A flaw was found in the Linux kernel's Berkeley Packet Filter BPF subsystem. This vulnerability occurs in the mapkptrmatchtype function when a scalar register is stored into a kernel pointer kptr slot. Due to an incorrect order of checks, the system attempts to access a null pointer, specifically...
CVE-2026-52952
A flaw was found in the Linux kernel's Input/Output Memory Management Unit IOMMU subsystem, which manages how devices access system memory. A race condition, a situation where multiple operations occur in an unpredictable order, exists during device recovery when multiple memory domains are being...
CVE-2026-53025
A flaw was found in the Linux kernel's Greybus raw subsystem. A local user application could trigger a use-after-free vulnerability by disconnecting a Greybus raw bundle while its associated character device was still open. When the application subsequently attempts to release the character devic...
CVE-2026-53113
A flaw was found in the Linux kernel's ath11k Wi-Fi driver. Specifically, the ath11kmacsetupbcntmplema and ath11kmacsetupbcntmplmbssid functions, responsible for setting up beacon templates, fail to release allocated memory when an error occurs during parameter setup. This oversight can lead to...
CVE-2026-53114
A flaw was found in the Linux kernel's performance monitoring unit perf/amd/ibs. An issue exists where calling perfallowkernel from a Non-Maskable Interrupt NMI handler is unsafe. This could lead to a system crash, resulting in a Denial of Service DoS for the affected system...
CVE-2026-52991
A flaw was found in the Linux kernel's Pressure Stall Information PSI subsystem. A race condition exists between the file release and pressure write operations, specifically concerning the priv member of struct kernfsopenfile. This can lead to a use-after-free vulnerability or a NULL dereference,...
CVE-2026-53085
A flaw was found in the Linux kernel's Berkeley Packet Filter BPF subsystem. This use-after-free vulnerability occurs when the taskvma iterator reads task memory without properly acquiring a reference, allowing the memory structure to be freed concurrently while still in use. This can lead to...
CVE-2026-53051
A flaw was found in the Linux kernel. During a specific hardware reset sequence, the system attempts to access hardware registers before the PCI Express controller is fully powered on. This premature access can cause a Control Backbone CBB timeout, leading to system unresponsiveness. This issue c...
CVE-2026-53106
A flaw was found in the Linux kernel's Berkeley Packet Filter BPF local storage. This vulnerability can lead to a system deadlock when local storage is deleted within a Non-Maskable Interrupt NMI context. An attacker could potentially exploit this by triggering the deletion of BPF local storage...
CVE-2026-56370
An out-of-bounds access vulnerability exists in ImageMagick's ConnectedComponentsImage function. By passing malformed connected-components definitions through the CLI, an attacker can cause a denial of service or potentially execute arbitrary code. Mitigation Prevent the injection of malformed...
CVE-2026-53120
A flaw was found in the Linux kernel's PCI Peripheral Component Interconnect subsystem. A Use-After-Free UAF vulnerability exists where a driver, during its probing process, accesses a memory region after it has been freed. This improper handling of memory can lead to system instability, memory...
CVE-2026-53030
A flaw was found in the Linux kernel, specifically within the i3c master renesas driver. This vulnerability is caused by a memory leak in the renesasi3ci3cxfers function, where an allocated xfer structure is not properly freed. An attacker could potentially exploit this to cause a denial of servi...
CVE-2026-52981
A flaw was found in the Linux kernel. The neighxmit function, when called with an uninitialized neighbor table such as NEIGHNDTABLE when IPv6 is disabled, can return an error without properly releasing the allocated skb socket buffer. This can lead to a memory leak, potentially impacting system...
CVE-2026-56368
A flaw was found in ImageMagick. This memory leak vulnerability exists in multiple coders that write raw pixel data, where allocated objects are not properly freed. A remote attacker can exploit this by processing specially crafted images, leading to memory exhaustion and a denial of service...
CVE-2026-53020
A flaw was found in the Linux kernel. A race condition can occur during Translation Lookaside Buffer TLB synchronization when the page table is traversed and modified without properly holding the necessary page table lock. This vulnerability may allow for unpredictable system behavior or...
CVE-2026-53109
A flaw was found in the Linux kernel's powerpc page table fragment handling. During process exit, a race condition can occur where a page table fragment's active flag is not properly cleared. This can lead to a "bad page state" error, potentially causing system instability or a Denial of Service...
CVE-2026-53056
A flaw was found in the Linux kernel's Display Processing Unit DPU driver. During DPU runtime suspend, a mismatch can occur between the power rail voltage and the core clock frequency. This happens when the power management attempts to drop the voltage while the clock remains at its highest rate...
CVE-2026-53042
A flaw was found in the Linux kernel's fwctl module. An issue with the class initialization ordering can lead to a null pointer dereference when a device is removed. This can cause a system crash, resulting in a Denial of Service DoS...
CVE-2026-52970
A flaw was found in the netfilter: nftct component of the Linux kernel. The nftctexpectobjeval function allocates an expectation but fails to release its local reference. This oversight leads to a resource leak, which could potentially allow a local attacker to cause a denial of service by...
CVE-2026-52990
A flaw was found in the Linux kernel. A local attacker could exploit a race condition in the fsnotifyrecalcmask function, which fails to properly handle an inode reference. This improper handling can lead to an inode reference leak, causing tasks to hang and resulting in a Denial of Service DoS f...
CVE-2026-52992
A flaw was found in the Linux kernel's Advanced Disc Filing System ADFS component. This vulnerability allows a local attacker to cause an out-of-bounds write by providing a specially crafted ADFS disc record with a zero zone count. This can lead to memory corruption, potentially resulting in a...
CVE-2026-53060
A flaw was found in the Linux kernel's device-mapper dm cache metadata. This memory leak vulnerability occurs when the dmcachemetadataabort function fails to acquire the root lock because the block manager is read-only, leading to the improper release of a temporary block manager. A local attacke...
CVE-2026-53194
A flaw was found in the Linux kernel's kl5kusb105 USB serial driver. This buffer overflow vulnerability allows a local attacker to write data beyond the intended memory boundary if attacker controls USB device or driver, because triggered from the internals of the device. By sending a specially...
CVE-2026-57438
A flaw was found in Nokogiri, an XML and HTML library for the Ruby programming language. When performing XInclude substitutions, the library prematurely frees memory associated with nodes and namespaces. If an application has exposed these freed objects to Ruby, a local attacker could potentially...
CVE-2026-53163
A flaw was found in the Linux kernel's rtmutex locking mechanism. A local attacker could trigger a null-pointer dereference by using the FUTEXCMPREQUEUEPI operation. This vulnerability occurs because the removewaiter function is called when the waiter is not properly enqueued, leading to a system...
CVE-2026-53168
A flaw was found in the Linux kernel's Filesystem in Userspace FUSE component. The fusenotify function, specifically the FUSENOTIFYSTORE and FUSENOTIFYRETRIEVE operations, allows the FUSE daemon to write or read pagecache contents. When these operations are performed on directories configured wit...
CVE-2026-53183
A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. This vulnerability occurs because the TCP stack independently manages the TCP-level receive window, which can lead to an artificial inflation of the MPTCP receive window. A remote attacker could exploit this by sending...
CVE-2026-53236
A flaw was found in the Linux kernel's handling of TCP sockets. An unprivileged application can exploit this vulnerability by attaching a Berkeley Packet Filter BPF using the SOATTACHFILTER option. This allows the application to conduct a side-channel attack, leading to the leakage of sensitive T...
CVE-2026-13325
A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain TCP listener on all interfaces 0.0.0.0/:: on a random port with no authentication, peer allow-list, or handshake toke...
CVE-2026-53242
A flaw was found in the Advanced Linux Sound Architecture ALSA Pulse-Code Modulation PCM component of the Linux kernel. This vulnerability involves a corruption of wait queue lists within the sndpcmdrain function when processing linked streams. An attacker could exploit this issue to trigger a...
CVE-2026-53271
A flaw was found in the ksmbd component of the Linux kernel. A remote attacker could exploit a NULL-dereference vulnerability in the oplock/lease break notifiers. This occurs because opinfo-conn is read without proper checks, allowing a concurrent Server Message Block SMB2 LOGOFF to set op-conn t...
CVE-2026-53245
A flaw was found in the Linux kernel's Multiple Registration Protocol MRP implementation. An issue in the mrppduparsevecattr function, related to the incorrect parsing of vector attributes, can lead to the processing of spurious events or the corruption of the offset for subsequent Protocol Data...
CVE-2026-53137
A flaw was found in the Linux kernel's drm/amd/display component. A malicious HDMI repeater could exploit this vulnerability during HDCP 2.x repeater authentication by sending a message size larger than the allocated buffer. This could lead to an out-of-bounds write, potentially causing a denial ...
CVE-2026-53139
A flaw was found in the Linux kernel's graphics driver for Broadcom V3D VideoCore V GPUs. This vulnerability occurs when a compute shader dispatch CSD is initiated with zero workgroup counts, which the hardware could misinterpret as a very large number. This misinterpretation could lead to...
CVE-2026-53269
A flaw was found in the Linux kernel's netfilter synproxy component. This vulnerability is caused by a race condition during the on-demand registration of netfilter hooks. A local user with privileges to modify netfilter rules could exploit this flaw by concurrently adding iptables targets or...
CVE-2026-53218
A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs in the nftexthdr module when handling user-controlled data lengths with a specific flag, NFTEXTHDRFPRESENT, enabled. An attacker could exploit this by providing a crafted input, leading to the exposure of...
CVE-2026-53197
A flaw was found in the iptfs module of the Linux kernel. This issue, an ABBA deadlock, occurs when iptfsdestroystate attempts to cancel a timer while holding a spinlock that the timer's callback also tries to acquire. This circular dependency can cause the system to become unresponsive, leading ...