CVE-2026-43197

CVE-2026-43197 concerns a Linux kernel netconsole vulnerability where messages from the console subsystem could be read out-of-bounds due to missing null-termination. The root cause is a netconsole write path that could access memory beyond the allocated buffer, observable as a slab-out-of-bounds...

CVE-2026-43216

Summary of CVE-2026-43216 : In the Linux kernel, skb_may_tx_timestamp() could acquire sock::sk_callback_lock in IRQ context, risking a deadlock if the lock was already write-locked on the same CPU. The fix drops the lock and uses READ_ONCE() / WRITE_ONCE() to safely access and clear the pointers ...

CVE-2026-43258

CVE-2026-43258 concerns the Linux kernel: on Alpha systems, memory compaction can trigger user-space crashes and heap corruption due to insufficient TLB shootdown during page migration. Root cause involves ASN rollover and stale instruction translations surviving migration. The fix introduces a m...

CVE-2026-43280

CVE-2026-43280 is a Linux kernel vulnerability in the drm/xe module where a malicious user can supply a malformed pat_index via the madvise IOCTL, triggering an out-of-bounds read from xe->pat.table due to missing bounds checking in xe_pat_index_get_coh_mode() (validated only by a call in madv...

CVE-2026-43302

CVE-2026-43302 affects the Linux kernel with the drm/v3d DMA API debug path. A vulnerability was resolved by ensuring max_seg_size is set to the maximum, preventing debug_dma_map_sg() warnings about SG segment lengths (len=8290304, max=65536) when V3D rendering is used with CONFIG_DMA_API_DEBUG e...

CVE-2026-43304

CVE-2026-43304 affects the Linux kernel libceph component. The flaw arises when decoding key material in process_auth_done(), where the code failed to enforce an upper bound on key length. The fix defines and enforces CEPH_MAX_KEY_LEN and clamps key material to a fixed-size buffer, addressing a v...

CVE-2026-43339

CVE-2026-43339 affects the Linux kernel. The issue is a use-after-free scenario in the IPv6 address configuration path: within addrconf_permanent_addr(), a warning message could be produced after the ipv6 object could be deleted, leading to UaF when accessed. The fix reorders the statement to avo...

CVE-2026-43427

The CVE covers a Linux kernel issue in the usb: class: cdc-wdm read path. Due to compiler optimization or CPU out-of-order execution, desc->length could be updated after a memmove, causing wdm_read() to observe a new length and copy_to_user() from uninitialized memory, violating LKMM data race...

CVE-2026-43436

The CVE-2026-43436 vulnerability affects the Linux kernel ALSA USB-audio driver (Scarlett2 mixer quirk). A malformed USB descriptor can trigger a NULL dereference in scarlett2_find_fc_interface() due to assuming an endpoint exists. The patch adds a sanity check for bNumEndpoints and skips invalid...

CVE-2026-43453

CVE-2026-43453 is a Linux kernel issue in the netfilter nft_set_pipapo path. The bug is a stack out-of-bounds read in pipapo_drop(), where rulemap[i+1].n is passed to pipapo_unmap() on every iteration, including the last when i == m->field_count-1. This reads past the end of the stack-allocate...

CVE-2026-45944

CVE-2026-45944 affects the Linux kernel IOMMU VT-d. During context-entry teardown, the implementation zeros a 128‑bit entry in two 64‑bit writes, risking a torn entry where the Present bit remains set while other fields are zeroed, potentially causing unpredictable behavior or spurious faults. Th...

CVE-2026-45997

CVE-2026-45997 concerns the Linux kernel SCSI disk driver (sd). The issue arises when device_add(&sdkp->disk_dev) fails during sd_probe; as a result, put_device() calls lead to scsi_disk_release() freeing the scsi_disk but leaving the gendisk referenced. The fix adds a missing put_disk(gd) in ...

CVE-2026-46019

In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup atmel_aes_buff_init() allocates 4 pages using __get_free_pages() withATMEL_AES_BUFFER_ORDER, but atmel_aes_buff_cleanup() frees only thefirst page using free_pa...

CVE-2026-46020

CVE-2026-46020 affects the Linux kernel DAMON subsystem. The issue arises from unvalidated damos_quota_goal->nid for node_mem_{used,free}_bp, which is used by si_meminfo_node() and NODE_DATA(), potentially enabling out-of-bounds memory access via DAMON_SYSFS. The provided patch series mm/damon...

CVE-2026-46028

CVE-2026-46028 — Linux kernel crypto/AF_ALG: per‑request IV storage for async AEAD . The vulnerability occurs in AF_ALG AEAD async requests that previously reused a socket‑wide IV buffer during processing, allowing later socket activity to modify the shared IV before the original request finished...

CVE-2026-46048

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: fix usb_dev refcount leak on probe failure create_card() takes a reference on the USB device with usb_get_dev()and stores the matching usb_put_dev() in card_free(), which isinstalled as the snd_card's ->private_fr...

CVE-2026-46051

In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix soft lockup in retry_aligned_read() When retry_aligned_read() encounters an overlapped stripe, it releasesthe stripe via raid5_release_stripe() which puts it on the locklessreleased_stripes llist. In the next raid5d...

CVE-2026-46053

CVE-2026-46053 affects the Linux kernel RDS memory-registration cleanup. In net/rds, __rds_rdma_map() transfers ownership of sg/pages after get_mr(); if copying the cookie back to user space fails, resources could be freed more than once. The fix removes a duplicate unpin/free in the put_user() f...

CVE-2026-46055

CVE-2026-46055 affects the Linux kernel AppArmor LSM. The issue is a missing string terminator in aa_dfa_match, causing a slab-out-of-bounds read/write during path mounting on ARM64 Ubuntu 26.04 with Linux 7.0-rc4 (Snapdragon X1). Reported impact includes potential DoS or information disclosure. ...

CVE-2026-46147

CVE-2026-46147 concerns the Linux kernel KVM on ARM64, where two bugs in vCPU initialisation can leak pin references to host vCPU/SVE pages and allow observation of a partially initialised vCPU object. The fixes extract a helper for vCPU registration, ensure proper unpinning on error, and enforce...

CVE-2026-46156

CVE-2026-46156 affects the Linux kernel LoongArch implementation, specifically loongson_gpu_fixup_dma_hang(), where the code may read device registers using an incorrect base (base+PCI_DEVICE_ID) when a discrete GPU is present. This causes ADE and can trigger a kernel panic, leading to local DoS....

CVE-2026-46193

CVE-2026-46193 concerns a Linux kernel xfrm AH (AH) implementation issue where ESN high bits are not accounted for in async callback paths, causing miscalculation of ICV/auth offsets on IPv4/IPv6 when ESN is enabled and async hmac is used. The vulnerability arises from reconstructing the temporar...

CVE-2026-46196

CVE-2026-46196 describes a Linux kernel tracepoint regression: during a 0→1 transition, tracepoint_add_func() calls ext->regfunc() before installing a probe, and if func_add() fails (e.g., -ENOMEM), it previously did not call ext->unregfunc(), leaving behind side effects. The fix mirrors th...

CVE-2026-46221

CVE-2026-46221 concerns the Linux kernel EDAC/versalnet component. The issue is a memory leak where the device name allocated with kzalloc() in init_one_mc() is assigned to dev->init_name, then never freed on the normal removal path. Since device_register() copies init_name and then sets dev-&...

CVE-2026-46223

The CVE-2026-46223 issue concerns the Linux kernel cgroup subsystem: rmdir defers percpu_ref kill of CSS until the cgroup is depopulated. A chain of commits reworked rmdir behavior to ensure ->css_offline() does not run while tasks are still doing kernel work in the cgroup. The core problem wa...

CVE-2026-46233

CVE-2026-46233 affects the Linux kernel batman-adv component (batadv_bla_purge_claims). The issue arises when iterating the claims list with an rcu_read_lock() and encountering a claim being released, potentially setting backbone_gw to NULL before the delayed kfree, making batadv_bla_claim_get_ba...

CVE-2026-46239

CVE-2026-46239 affects the Linux kernel media: i2c: ov5647 driver. Concrete issue: three control paths (AUTOGAIN, EXPOSURE_AUTO, ANALOGUE_GAIN) return early without pm_runtime_put(), leaking runtime PM references. The patch changes these cases from return to a ret = ... break pattern to ensure pm...

CVE-2022-50239

CVE-2022-50239 refers to a Linux kernel issue in the cpufreq: qcom driver where a string literal stored in read-only memory was used as a destination for snprintf, causing an oops by writing into RO memory. The root cause was using a char *pvs_name pointing to a RO string and attempting snprintf(...

CVE-2022-50240

CVE-2022-50240 concerns the Linux kernel Android binder subsystem. The issue arises from saving a pointer to a VMA outside of the mmap_lock, which could become stale or be freed, leading to fragile behavior in various failure paths. The documented fix changes the binder_alloc structure to record ...

CVE-2022-50247

CVE-2022-50247 concerns a Linux kernel USB xHCI MTK driver issue: if wakeup IRQ setup fails, the shared HCD is leaked because usb_put_hcd() may not NULL the @shared_hcd before decreasing usage. The patch (referenced in the description) fixes leakage by ensuring shared_hcd is NULLed prior to decre...

CVE-2022-50249

CVE-2022-50249 : Linux kernel memory subsystem flaw in the OF (Open Firmware) tree. The bug is a refcount leak in of_get_ddr_timings() caused by missing of_node_put() when exiting for_each_child_of_node(). The description states the fix is to add of_node_put() on exit, addressing refcount mismana...

CVE-2022-50250

CVE-2022-50250 — Linux kernel regulator core use_count leakage (boot-on) . The advisory describes a leakage where, when a regulator rdev (A) is boot-on, enabling its supply regulator (B) increments B’s use_count inside regulator_enable(rdev->supply). If B is also boot-on, it behaves as always-...

CVE-2022-50277

CVE-2022-50277 concerns the Linux kernel ext4 subsystem. When mounting a filesystem with the journal inode having the encrypt flag, a NULL dereference can occur in fscrypt_limit_io_blocks() via the path jbd2_journal_init_inode() → ext4_iomap_begin() → fscrypt_limit_io_blocks(). The issue arises b...

CVE-2022-50284

CVE-2022-50284 affects the Linux kernel (init_mqueue_fs). If setup_mq_sysctls() fails, the mqueue_inode_cachep was not released, causing a memory leak. The issue was fixed by reordering the release path in init_mqueue_fs; upstream kernel patches exist to address this, with no explicit exploit det...

CVE-2022-50285

CVE-2022-50285 tracks a Linux kernel vulnerability in the hugetlb subsystem where resv_huge_pages could be decremented outside the hugetlb_lock, risking a corrupted counter. The issue arises in alloc_huge_page’s corner case, creating a local (unprivileged) attack surface with a low attack complex...

CVE-2022-50321

CVE-2022-50321 corresponds to a Linux kernel wifi flaw in brcmfmac where brcmf_netdev_start_xmit() could leak memory when pskb_expand_head() fails, returning NETDEV_TX_OK without freeing the skb. The fix adds dev_kfree_skb() to properly free skb and was compile-tested; multiple Unity/Linux adviso...

CVE-2022-50393

CVE-2022-50393 affects the Linux kernel in the AMDGPU SDMA update path. The root cause is SDMA updating page tables from an unlocked context, triggering a warning in dma_resv_iter_next and related functions (amdgpu_vm_sdma_update, amdgpu_vm_ptes_update, etc.). The issue is mitigated by using an u...

CVE-2022-50401

CVE-2022-50401 is a Linux kernel vulnerability fixed in NFSv4.1 path: a double svc_xprt_put on rpc_create failure in nfsd leads to refcount underflow and use-after-free in the kernel. Public advisories (Unity Linux, EulerOS, Astra Linux, SUSE) report the issue as resolved by kernel updates; the e...

CVE-2022-50436

CVE-2022-50436 : Linux kernel ext4 had a deadlock risk when ext4_unlink() extended the jbd2 transaction scope, because ext4_find_entry() could require setting up the directory encryption key inside a transaction. The fix restores the transaction to its original scope, preventing the deadlock. The...

CVE-2022-50456

Linux kernel vulnerability CVE-2022-50456 (btrfs): when a file has an inline extent followed by a regular/prealloc extent, resolving a logical address in the non-inline region could read an invalid offset and trigger a panic (general protection fault). A fix was implemented by detecting the inlin...

CVE-2022-50457

CVE-2022-50457 : In the Linux kernel, the vulnerability is in mtd: core where del_mtd_device() calls of_node_put() on mtd_get_of_node(mtd) after memset(&mtd->dev, 0), clearing mtd->dev first and causing a refcount leak. The fix caches the pointer to the device_node to avoid unbalanced of_no...

CVE-2022-50471

CVE-2022-50471 affects the Linux kernel’s xen/gntdev mapping when using paravirtual Xen domains. The root cause was improper handling of VMAs during VMA splitting, where a gntdev mapping could involve multiple VMAs. This could lead to a Bad Page Table condition and kernel messages about a bad pte...

CVE-2022-50492

CVE-2022-50492 affects the Linux kernel DRM MSM driver. The issue is a use-after-free during probe deferral, where the bridge counter isn’t reset on DRM device teardown, causing stale pointers to deallocated structures to be accessed on the next tear down (e.g., after a late bind deferral). With ...

CVE-2022-50510

CVE-2022-50510 affects the Linux kernel’s perf/smmuv3 component. The issue is a hotplug callback leak in arm_smmu_pmu_init(): when platform_driver_register() fails, the callback added by cpuhp_setup_state_multi() is not removed, potentially leaking a hotplug callback. The fix removes the callback...

CVE-2022-50511

CVE-2022-50511 : In the Linux kernel, the vulnerability is fixed in the fonts code path. Specifically, the issue arises from shifting a signed 32-bit value by 31 bits in get_default_font within lib/fonts, which is undefined behavior. The patch converts the operation to an unsigned branch to avoid...

CVE-2022-50521

The CVE-2022-50521 issue affects the Linux kernel (platform/x86 mxm-wmi) with a memleak in mxm_wmi_call_mx[ds|mx]. The ACPI buffer (out.pointer) returned by wmi_evaluate_method() was not freed after the call, causing a memory leak. The patch fixes this by passing NULL to wmi_evaluate_method(), pr...

CVE-2022-50522

The CVE-2022-50522 entry corresponds to a Linux kernel issue in mcb-parse (chameleon_parse_gdd). When mcb_device_register() returns an error, the refcount for the bus and device name is leaked. The fix adds a put_device() to relinquish the reference so resources can be released during mcb_release...

CVE-2022-50524

CVE-2022-50524 affects the Linux kernel in the iommu/mediatek path: if platform_get_resource() returns NULL and its value isn’t checked, a NULL pointer dereference can occur in resource_size(). The vulnerability has concrete fixes in kernel updates; SUSE’s SUSE-SU-2025:4320-1 (SLES15 SP5 kernel u...

CVE-2022-50527

CVE-2022-50527 concerns the Linux kernel patch for amdgpu memory size validation. The description states that amdgpu_bo_validate_size() was fixed to verify that the TTM domain manager for the requested memory exists, preventing a kernel oops when dereferencing the manager pointer. The lineage sho...

CVE-2022-50538

CVE-2022-50538 pertains to the Linux kernel VME subsystem. In fake_init(), __root_device_register() may fail and the error is not handled, which can cause unregistering vme_root during exit to fail, potentially yielding a general protection fault and a null-ptr-deref (non-canonical address 0xdfff...