CVE-2026-23360

CVE-2026-23360 relates to the Linux kernel nvme subsystem where, during a controller reset, nvme_alloc_admin_tag_set() could leave a previous admin queue alive, risking an orphaned queue. The issue is fixed by releasing the old queue before allocating a new one, mitigating the leak. Multiple conn...

CVE-2026-23400

Summary of CVE-2026-23400 : In the Linux kernel, the rust_binder component is affected by a deadlock risk when processing death notifications. The root cause is calling set_notification_done() while the process lock (proc lock) is still held and the current thread is not a looper, which can cause...

CVE-2026-23408

The CVE-2026-23408 issue affects the Linux kernel AppArmor module. The root cause was a double free of ns_name in aa_replace_profiles(): ns_name could be NULLed after it had been transferred from ent->ns_name, but ent->ns_name was freed later, and then freed again when kfree(ns_name). The p...

CVE-2026-31392

CVE-2026-31392 concerns the Linux kernel SMB client and Kerberos username handling. The issue was fixed by ensuring the username mount option is respected when sec=krb5 is used, preventing reuse of an SMB session across mounts with different usernames. Connected OSV records show Debian/Ubuntu/roo...

CVE-2026-31589

The CVE-2026-31589 issue affects the Linux kernel memory management in the mm path related to folio_unmap_invalidate. The vulnerability arises when the system calls free_folio() directly, instead of loading the free_folio function pointer after obtaining a mapping reference or lock, potentially l...

CVE-2026-31627

The CVE-2026-31627 entry concerns the Linux kernel i2c s3c24xx driver, where the first byte of an SMBUS message (the size) is not validated before processing. This could allow out-of-range SMBUS block lengths to be acted on, with potential impact to I2C SMBUS block operations. The description not...

CVE-2026-31657

CVE-2026-31657 affects the Linux kernel batman-adv component. The flaw arises when batman-adv’s batadv_bla_add_claim() can replace claim->backbone_gw and drop the old gateway’s final reference while readers still follow the pointer. The netlink claim dump path dereferences claim->backbone_g...

CVE-2026-31668

The CVE-2026-31668 issue affects the Linux kernel’s seg6 lwtunnel, where a single dst_cache was shared between input and output paths. This allowed the post-encap SID lookup to be performed in different routing contexts, with the second path potentially reusing the first path’s cached data and by...

CVE-2026-31712

CVE-2026-31712 affects ksmbd in the Linux kernel. A crafted DACL with an undersized ACE can bypass validation in smb_check_perm_dacl(), causing an out-of-bounds read during a subsequent file CREATE. The issue arises when ace->size and the ACE layout permit reading access_req (offset 4) and sid...

CVE-2026-43077

CVE-2026-43077 concerns the Linux kernel crypto/algif_aead path. The vuln arises from a miscalculation of the minimum receive buffer size during decryption because the tag size was not considered in the size check. The fix adds the required extra length to account for the authentication tag, prev...

CVE-2026-43088

CVE-2026-43088 (Linux kernel) affects PF_KEY export paths in the net: af_key code, where IPv6 sockaddr payloads were not fully initialized in certain export messages (SADB_ACQUIRE, SADB_X_NAT_T_NEW_MAPPING, SADB_X_MIGRATE). The issue arises because pfkey_sockaddr_size() reserves 32 bytes for IPv6...

CVE-2026-43110

CVE-2026-43110 concerns the Linux kernel brcmfmac Wi‑Fi driver. The issue arises when processing firmware interface (IF) events: the code validates the firmware-provided interface index but still uses the raw bsscfgidx as an array index without a matching range check, enabling out-of-bounds acces...

CVE-2026-43125

CVE-2026-43125 affects the Linux kernel dlm module. The vulnerability stems from unvalidated length in dlm_dump_rsb_name() coming from network messages, allowing an out-of-bounds write in dlm_search_rsb_tree() when the length exceeds DLM_RESNAME_MAXLEN. This could enable denial of service and, in...

CVE-2026-43266

The CVE-2026-43266 issue affects the Linux kernel’s ARM CPER/APEI handling: a CPER record with an oversized section_length can cause the kernel to read beyond the intended firmware buffer, leading to a large data dump and potential memory access issues. The fix adds a guard so the kernel stops at...

CVE-2026-43304

CVE-2026-43304 affects the Linux kernel libceph component. The flaw arises when decoding key material in process_auth_done(), where the code failed to enforce an upper bound on key length. The fix defines and enforces CEPH_MAX_KEY_LEN and clamps key material to a fixed-size buffer, addressing a v...

CVE-2026-43351

The CVE-2026-43351 issue affects the Linux kernel’s KVM on arm64 when creating a virtual GIC. If vgic_allocate_private_irqs_locked() fails, kvm_vgic_create() can exit before vgic dist regions are initialised, and kvm_vgic_dist_destroy() may then attempt to free uninitialised data, risking a crash...

CVE-2026-45975

CVE-2026-45975 is a Linux kernel vulnerability in the ublk subsystem where a race condition can occur reading struct ublksrv_ctrl_cmd from userspace-mapped memory in the io_uring_sqe. The fix uses READ_ONCE() to copy ublksrv_ctrl_cmd from the io_uring_sqe to a local stack copy and then operates o...

CVE-2026-46015

The CVE-2026-46015 issue affects the Linux kernel TCP path when migrating an established child socket between listeners in the same SO_REUSEPORT group. After inet_csk_listen_stop() migrates, the target listener can obtain a new accept-queue entry via inet_csk_reqsk_queue_add(), but the path does ...

CVE-2026-46018

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES parse_uac2_sample_rate_range() caps the number of enumeratedrates at MAX_NR_RATES, but it only breaks out of the currentrate loop. A malformed UAC2 RANGE response with addi...

CVE-2026-46037

The CVE-2026-46037 issue affects the Linux kernel IPv4 ICMP component. Extended echo replies could use ICMP_EXT_ECHOREPLY outside the icmp_pointers[] range; the fix avoids icmp_pointers[] lookups for out-of-range types and uses array_index_nospec() for in-range lookups. Multiple OS feeds report p...

CVE-2026-46039

CVE-2026-46039 affects the Linux kernel. The root cause is a potential integer overflow in rxgk_extract_token() during the length check. The fix changes the check to round down the size of the available data rather than rounding up, preventing overflow. Kernel commits upstream (listed in referenc...

CVE-2026-46048

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: fix usb_dev refcount leak on probe failure create_card() takes a reference on the USB device with usb_get_dev()and stores the matching usb_put_dev() in card_free(), which isinstalled as the snd_card's ->private_fr...

CVE-2026-46052

The CVE-2026-46052 issue concerns the Linux kernel Ceph filesystem where a negative dentry that is already hashed can be re-added to the dcache, corrupting the d_hash bucket and leading to an RCU stall or system hang. The root cause is that d_add() can rehash and reinstate a dentry that is alread...

CVE-2026-46146

CVE-2026-46146 affects the Linux kernel's ALSA USB audio stack, specifically the convert_chmap_v3() routine. A loop uses cs_desc->wLength for increment but this value isn’t validated, allowing a potential endless loop with malformed descriptors. The issue is resolved by adding a proper size ch...

CVE-2026-46163

CVE-2026-46163 concerns the Linux kernel wifi subsystem (b43legacy) where a firmware-controlled key index in b43legacy_rx() could exceed dev->max_nr_keys, allowing an out-of-bounds read of dev->key[]. The fix makes the bounds check enforcing by dropping frames with invalid indices. Patches ...

CVE-2026-46178

The CVE-2026-46178 entry concerns the Linux kernel RDMA/mlx4 component. A resource leak could occur during error handling in mlx4_ib_create_srq(), because mlx4_srq_alloc() was not undone during error unwinding. The fix adds a call to mlx4_srq_free() to properly release the resource when an error ...

CVE-2026-46190

Summary (CVE-2026-46190) : A Linux kernel vulnerability in the MTD SPI-NOR debugfs code caused an out-of-bounds read in spi_nor_params_show() due to passing an array of pointers to spi_nor_print_flags() with sizeof(snor_f_names). Since sizeof on a pointer array yields bytes, not element count, th...

CVE-2026-46225

CVE-2026-46225 concerns the Linux kernel SPI host controller driver (rspi). The issue arises when deregistering the controller: resources such as DMA can be released before proper deregistration, potentially impacting availability. The root cause is captured as “spi: rspi: fix controller deregist...

CVE-2026-46234

CVE-2026-46234 affects the Linux kernel vsock code, specifically the vsock_update_buffer_size path. The bug arises from clamping the buffer size: it first enforces the maximum, then the minimum, which allows vsk->buffer_size to exceed vsk->buffer_max_size when a larger minimum is configured...

CVE-2021-4460

CVE-2021-4460 affects the Linux kernel drm/amdkfd path. The issue is a UBSAN shift-out-of-bounds warning when get_num_sdma_queues or get_num_xgmi_sdma_queues is 0, causing a shift by the operand’s bit width (undefined behavior). The fix changes the code to set num_sdma_queues or num_xgmi_sdma_que...

CVE-2022-49996

CVE-2022-49996 is a Linux kernel issue affecting the btrfs subsystem. The vulnerability arises when btrfs_get_dev_args_from_path() calls btrfs_get_bdev_and_sb() with an invalid path, causing the function to return without freeing previously allocated memory for args->uuid and args->fsid, wh...

CVE-2022-50113

The connected sources indicate CVE-2022-50113 affects the Linux kernel ASoc audio-graph-card2 component, where a refcount leak occurred in __graph_get_type() due to not calling of_node_put() before replacement and before return. The root cause is improper refcount management related to of_get_par...

CVE-2022-50253

CVE-2022-50253 is a Linux kernel issue where bpf code did not ensure skb->len was non-zero when redirecting to a tunneling device, leading to a length underflow/invalid skb handling path after __skb_pull in certain redirect paths. The vulnerability is exploited via BPF/XDP filtering paths that...

CVE-2022-50256

CVE-2022-50256 affects the Linux kernel’s DRM Meson/Meson DW HDMI components. The issue arose because bridges added by meson_encoder_hdmi_init and meson_encoder_cvbs_init were not removed at aggregate driver unload, leaving references to freed memory in the global bridge_list. On reload, drm_brid...

CVE-2022-50259

CVE-2022-50259 : In the Linux kernel, a race in sock_map_free() can cause use-after-free because sock_map_free() calls release_sock(sk) without owning a socket reference. This vulnerability affects BPF sockmap handling and is illustrated by the kernel call chain leading to release_sock and sock_m...

CVE-2022-50274

CVE-2022-50274 : In the Linux kernel, a use-after-free in dvb_unregister_device() was mitigated by adding a reference counter to struct dvb_device and delaying deallocation until no pointers reference the object. The vulnerability stemmed from cleanup releasing the dvb_device while file->priva...

CVE-2022-50279

CVE-2022-50279 affects the Linux kernel wifi rtlwifi driver (rtl8821ae/rtl8812ae). Root cause: _rtl8812ae_eq_n_byte() compared prate_section from tail to head, causing a global-out-of-bounds read when the value is HT, per KASAN. The fix: remove _rtl8812ae_eq_n_byte() and use strcmp() instead; thi...

CVE-2022-50282

CVE-2022-50282: Linux kernel vulnerability in chardev handling where error paths in cdev_device_add() could leave kobject state inconsistent during fault injection tests. Connected advisories (Unity Linux UTSA entries and related EulerOS/SUSE notices) confirm the issue and describe the fix as add...

CVE-2022-50283

In the Linux kernel, CVE-2022-50283 is due to a missing of_node_get() in the dynamic partitions code, causing an unbalanced of_node_put() and a use-after-free in refcount handling during MTD partition parsing on gpmi-nand. The issue manifested in traces such as refcount_t: addition on 0; use-afte...

CVE-2022-50299

CVE-2022-50299 is a Linux kernel issue in the md (multiple device) module where snprintf() could wrap around when the total length of the block device names with slashes exceeds 200, leading to incorrect buffer sizing. The vulnerability arises from using snprintf; the fix is to replace snprintf w...

CVE-2022-50301

CVE-2022-50301: Linux kernel iommu/omap debugfs vulnerability causing a buffer overflow in omap2_iommu_dump_ctx when bytes

CVE-2022-50304

CVE-2022-50304 affects the Linux kernel mtd/core with a resource leak in init_mtd() that could impact systems registering MTD devices. The issue was fixed in the kernel code (references include commits such as 26c304a3f136009c5a2a04e2bf3ac6aa25aabcb4 and 1aadf01e5076b9ab6bf294b9622335c651314895)....

CVE-2022-50314

The CVE-2022-50314 issue affects the Linux kernel nbd subsystem. When a signal interrupts nbd_start_device_ioctl() while waiting for inflight I/Os to complete, a hung task could occur. The fix clears the queue (not just shutdown) on signal interruption to nbd_start_device_ioctl(), mitigating the ...

CVE-2022-50326

CVE-2022-50326 relates to a memory leak in the Linux kernel’s media: airspy probe. The root cause is that a variable buf was moved from stack to heap by commit ca9dc8d06ab6, but deallocation was only present in the error path, not the success path. Consequently, buf can leak in the success path. ...

CVE-2022-50330

CVE-2022-50330: In the Linux kernel, the cavium crypto path has an overflow when loading firmware. The overflow arises from the code_length value sourced from the firmware file; multiplying ntohl(ucode->code_length) by 2 can overflow, potentially enabling local impact per the advisory. The des...

CVE-2022-50339

CVE-2022-50339 : In the Linux kernel Bluetooth stack, a race exists between mgmt_init_hdev() and mgmt_index_removed() where the HCI_MGMT flag testing/setting can race against testing due to missing serialization (hci_dev_lock()). The fix splits hci_dev_test_and_set_flag() into hci_dev_test_flag()...

CVE-2022-50343

CVE-2022-50343 is a Linux kernel vulnerability in the rapid io (rapidio) subsystem. The issue is a memory-leak in error handling: when rio_add_device() returns an error, the name allocated by dev_set_name() was not freed, potentially leaking memory. The patch series “rapidio: fix three possible m...

CVE-2022-50349

The connected advisories for CVE-2022-50349 describe a Linux kernel memory-leak fix in tifm: tifm_7xx1_switch_media. If device_register() fails, the kobject name allocated in dev_set_name() during device_add() is leaked. The recommended remediation is not to free @dev after device_register(), and...

CVE-2022-50360

The CVE-2022-50360 entry concerns a Linux kernel flaw in drm/msm/dp where device-managed resources allocated after component binding could outlive the aggregate DRM device, risking resource leaks or failed binding if binding is retried. The root cause is improper lifetime management: EP (DP AUX) ...

CVE-2022-50366

CVE-2022-50366 affects the Linux kernel powercap subsystem (intel_rapl). Root cause: UBSAN shift-out-of-bounds when ilog2() is computed with a value