14330 matches found
CVE-2026-45851
CVE-2026-45851 targets the Linux kernel EFI subsystem. The vulnerability arises in the reserve_unaccepted() memblock reservation: it aligns the table size but does not account for cases where the table’s start (efi.unaccepted) is not page-aligned. If the table begins mid-page and ends across the ...
CVE-2026-45857
The CVE-2026-45857 issue affects the Linux kernel, specifically the SCSI subsystem in the csiostor path. The root cause is a NULL pointer dereference of rn in the error exit path, caused by the use of CSIO_INC_STATS after rn may be NULL. A fix was introduced that adds a dedicated error-return pat...
CVE-2026-45873
CVE-2026-45873 concerns Linux kernel netfilter nft_set_rbtree. The issue arises from partial overlap detection for anonymous sets where adjacent intervals omit end elements, allowing overlaps such as A-B and A-C with C
CVE-2026-45878
The CVE-2026-45878 issue affects the Linux kernel’s AMD GPU driver (drm/amdkfd) where debug address watch (watch_id) handling could overflow memory due to mixing unsigned watch_id with signed checks. The root cause is insufficient bounds validation for watch_id, which could be large enough to acc...
CVE-2026-45883
CVE-2026-45883: Linux kernel iio:sca3000 resource leak bug fixed. Root cause: spi->irq not released if iio_device_register() fails; patch adds a return value check and a common error-handler jump. Fixes appear in rootio-linux (Root:Ubuntu 22.04/24.04), Debian 11, and related OSV notices (e.g.,...
CVE-2026-45895
Mode C: The CVE-2026-45895 issue affects the Linux kernel quota handling when a filesystem is frozen. quotactl_block() retries while the freezer holds SB_FREEZE_WRITE, leading to a livelock with synchronize_rcu() and causing a freezer hang and 100% CPU on the quota task. The documented fix adds c...
CVE-2026-45901
The CVE-2026-45901 issue affects the Linux kernel netfilter nf_tables implementation. The root cause is a circular lock dependency among commit_mutex, nfnl_subsys_ipset, and nlk_cb_mutex that can occur when nft reset, ipset list, and iptables-nft with a -m set rule run concurrently, potentially l...
CVE-2026-45902
CVE-2026-45902 is a Linux kernel race-condition use-after-free in the bq256xx power-supply driver. The bug occurs when IRQs are requested before the power_supply handle is fully registered, allowing an interrupt after the handle is freed or before registration, leading to power_supply_changed() o...
CVE-2026-45910
The CVE-2026-45910 issue affects the Linux kernel RDMA/rxe driver, caused by a race between retransmit_timer() and rxe_destroy_qp that can drop a Queue Pair (QP) reference count to zero during timer handling. Public documents describe a use-after-free risk and refcount underflow in affected flows...
CVE-2026-45915
CVE-2026-45915 — FAT filesystem rmdir link-count underflow (Linux kernel) Root cause: When FAT images are corrupted, a directory inode’s i_nlink can be incorrect (e.g., 2) while subdirectories exist, causing rmdir to call drop_nlink(dir) unconditionally and potentially drive i_nlink to 0, trigger...
CVE-2026-45926
CVE-2026-45926 concerns the Linux kernel PWM initialization. The memory leak occurs when pwmchip_alloc() allocates a pwm_chip and the initial reference isn’t released on all error paths if __pinned_init() fails, causing a leak and potential resource exhaustion. The connected documents confirm the...
CVE-2026-45935
The CVE-2026-45935 issue affects the Linux kernel NTFS3 driver, specifically the DeleteIndexEntryRoot path in do_action. The vulnerability arises from insufficient bounds checking on the entry size (esize) read from the log record, where e2 = Add2Ptr(e1, esize) can exceed the used buffer if esize...
CVE-2026-45937
The CVE-2026-45937 entry concerns the Linux kernel crypto driver inside-secure/eip93. During driver detach, a programming error unregisters the same hash algorithm multiple times due to a faulty iterator, leading to a kernel panic. The vulnerability affects the kernel code path handling driver de...
CVE-2026-45945
The CVE-2026-45945 vulnerability affects the Linux kernel iommu/vt-d PASID entry handling. A race condition arises when replacing an active 512-bit PASID table entry; the existing approach writes a new entry in place, risking torn reads if the hardware fetches the entry in multiple 128-bit chunks...
CVE-2026-45951
The CVE-2026-45951 issue affects the Linux kernel BPF subsystem, caused by incorrect reference counting in check_pseudo_btf_id() that could cause a use-after-free of a BTF object. The mitigation is a kernel patch that fixes the refcount handling (and related code). RedHat notes potential privileg...
CVE-2026-45956
The CVE-2026-45956 entry concerns the Linux kernel DRM Exynos driver (vidi) where vidi_connection_ioctl() incorrectly reads driver_data from drm_dev->dev, which points to the exynos-drm master device rather than the vidi component device. This mismatch can trigger null pointer dereferences, ga...
CVE-2026-45958
The CVE-2026-45958 vulnerability affects the Linux kernel, specifically the drm/exynos vidi driver. In vidi_connection_ioctl(), the code dereferenced a user pointer directly (vidi->edid(user pointer)), enabling arbitrary kernel memory access from user space and potentially leading to privilege...
CVE-2026-45961
CVE-2026-45961 in the Linux kernel’s GFS2 filesystem is fixed: memory leaks occur on gfs2_fill_super() error paths when transitioning to read-write mode. Two leaks are addressed: (1) kernel thread objects (logd, quotad) not destroyed after init_threads() if failure occurs; (2) a quota bitmap buff...
CVE-2026-45963
CVE-2026-45963 affects the Linux kernel ASoC nau8821 driver. The issue occurs when unloading the driver while a jack-detection work (jdet_work) remains pending, which can crash the kernel if the work is scheduled. Root and OSV entries indicate patches were applied to fix Cancel delayed work on co...
CVE-2026-45964
CVE-2026-45964 concerns the Linux kernel SUNRPC path. The issue is a kref leak in gss_auth when handling an error path in gss_alloc_msg, where a failure to balance references on kstrdup_const() error path caused the gss_auth structure to remain allocated. The fix adds a forward declaration for gs...
CVE-2026-46002
Summary (CVE-2026-46002) The Linux kernel ext2 inode handling is fixed to catch a corner case where an inode with i_nlink == 0 and a non-zero i_mode could slip through if i_dtime is 0, allowing a crafted image to trigger WARN_ON in drop_nlink() via ext2_unlink/rename/rmdir. The patch extends the ...
CVE-2026-46003
CVE-2026-46003 affects the Linux kernel net: qrtr: ns by failing to limit the total number of nodes a nameserver may handle, enabling memory exhaustion via a malicious client registering many nodes. Official fixes exist in multiple OS advisories: Debian 11/12 roots patched via rootio-linux, Ubunt...
CVE-2026-46005
The CVE-2026-46005 issue concerns a resource leak in the XFS code path of the Linux kernel (xfs_alloc_buftarg) where, in error paths, the DAX device reference must be dropped via fs_put_dax(). Connected documents indicate patches and mitigations across multiple distributions: Debian/OpenSUSE OSV ...
CVE-2026-46013
Technical details about CVE-2026-46013 are not publicly provided in the supplied connected documents. Available sources reference the CVE at a high level only. Monitor for updates.
CVE-2026-46029
In the Linux kernel, CVE-2026-46029 describes a race within the slab allocator where kmalloc_nolock() called from NMI on uniprocessor (UP) configurations can re-enter the allocator and acquire n->list_lock that the interrupted context already holds, corrupting slab state and potentially causin...
CVE-2026-46041
CVE-2026-46041 affects the Linux kernel with a fix for sleeping in an atomic context in the hdlc path used by greybus/gb-beagleplay. The root cause is that hdlc_append() calls usleep_range() while tx_producer_lock (a spinlock) is held, risking a BUG: scheduling while atomic. The workaround is to ...
CVE-2026-46042
CVE-2026-46042 concerns a Linux kernel memory-leak issue in mm/mempolicy (weighted_interleave_auto_store) that leaks old/new wi_state under certain input paths; the fix moves the old_wi_state fetch to an unconditional location, enabling a unified early return when the requested mode matches the c...
CVE-2026-46087
CVE-2026-46087 affects the Linux kernel DAMON subsystem. The issue is a memory leak: if damon_start() fails, the memory context created by damon_stat_build_ctx() could remain allocated and the stale damon_stat_context pointer reused on the next enable attempt. The documented fix makes the code pa...
CVE-2026-46111
The CVE concerns a use-after-free in the Linux kernel Bluetooth stack (hci_conn, BIG creation). The patch adds hci_conn_valid() in create_big_sync() to detect stale connections before BIG creation, handles -ECANCELED in create_big_complete(), and re-validates under hci_dev_lock() before dereferen...
CVE-2026-46121
The CVE-2026-46121 issue affects the Linux kernel DAMON sysfs interface (mm/damon/sysfs-schemes). A race between reads and writes of memcg_path and path can lead to a use-after-free when a user reads or writes the sysfs files while a buffer is being deallocated. The root cause is that user-direct...
CVE-2026-46164
CVE-2026-46164 affects the Linux kernel's btrfs subsystem. The vulnerability is a double-free in create_space_info_sub_group() when kobject_init_and_add() fails, causing the sub_group to be freed twice as the error path unwinds. The call chain is: create_space_info_sub_group() → btrfs_sysfs_add_s...
CVE-2026-46169
The CVE-2026-46169 case concerns the Linux kernel HFS Plus (HFS+) filesystem. The root cause is that hfs_brec_read() validates only that entrylength fits a buffer but does not confirm that the on-disk catalog record size matches the expected type, allowing partial reads on corrupted filesystems. ...
CVE-2026-46179
In CVE-2026-46179, the Linux kernel ASoC SOF subsystem is vulnerable to a divide-by-zero when reporting the pointer for a compressed stream if stream parameters are unconfigured. The bug arises from dividing the I/O frame position by (channels × container bytes), which defaults to zero until stre...
CVE-2026-46254
The CVE-2026-46254 issue concerns the Linux kernel AppArmor module mis-handling unaligned DFA tables (originating from kernel or userspace), which can cause unaligned memory accesses and kernel warnings. The available connected advisories confirm the vulnerability in AppArmor and document an even...
CVE-2026-46270
In the Linux kernel, CVE-2026-46270 (rt9455) is a use-after-free race in the power_supply_changed() path of the power supply driver. The issue arises when IRQs are requested using the devm_ variant before the devm_ allocated/freed power_supply handle, causing the handle to be deallocated/unregist...
CVE-2026-46280
CVE-2026-46280 affects the Linux kernel in the HMM selftest path for device memory (dmirror) handling. The root cause is in dmirror_fops_release(), which frees the dmirror struct without migrating device-private pages back to system memory, leaving a stale zone_device_data pointer. If a fault occ...
CVE-2026-46283
In the provided sources, CVE-2026-46283 affects the Linux kernel TPM subsystem, where tpm_dev_release() frees sensitive material (chip->auth) with plain kfree() instead of kfree_sensitive(). This leaves HMAC session keys, nonces, and passphrase data potentially scrubbed only later in memory, u...
CVE-2026-46326
CVE-2026-46326 affects the Linux kernel driver iio: pressure: mprls0025pa. The root cause is improper initialization of the spi_transfer structure, with the patch ensuring the spi_transfer struct is zeroed out before use. The impact is high (local access with potential to read uninitialized memor...
CVE-2026-52919
CVE-2026-52919 affects the batman-adv component in the Linux kernel. The root cause is an underflow of the atomic counter “sending” in batadv_tp_sender_shutdown(), which is decremented unconditionally and can become -1 when multiple code paths call it. A negative value causes the sender kthread t...
CVE-2026-52937
CVE-2026-52937 concerns the Linux kernel where the tap_ioctl() path handling SIOCGIFHWADDR leaks kernel stack contents by copying 16 bytes of an uninitialised sockaddr_storage to userspace. Specifically, netif_get_mac_address() writes only sa_family and dev->addr_len (6 bytes), leaving sa_data...
CVE-2026-53218
CVE-2026-53218 affects the Linux kernel netfilter nft_exthdr path. The root cause is a mismatch in register initialization: nft_exthdr_init() passes priv->len to nft_parse_register_store(), which marks that many bytes as initialized, but when NFT_EXTHDR_F_PRESENT is set the eval paths write on...
CVE-2026-53265
The CVE-2026-53265 entry describes a Linux kernel race in the dm-cache policy SMQ path. A check-then-act race occurs in smq_invalidate_mapping where an e->allocated check was left outside the mq->lock after the destructive section was serialized; two concurrent invalidators can observe allo...
CVE-2026-53277
CVE-2026-53277 – Linux kernel (arm64 KVM) : A flaw where certain page-table walk operations (walk_s1 and kvm_walk_nested_s2) did not acquire the Sleepable RCU lock (SRCU) via kvm->srcu, risking memslot changes and potential instability during fault injection and Address Translation emulation. ...
CVE-2022-49947
CVE-2022-49947: Linux kernel binder null-ptr dereference in alloc->vma_vm_mm. Connected reports confirm a fix: initialize alloc->vma_vm_mm during open() and cache from current->mm to guarantee safe mmap_lock usage when a binder_proc has not mmap’d to set up alloc space. Descriptions deta...
CVE-2022-49953
CVE-2022-49953 concerns the Linux kernel’s iio: light cm3605 driver. The issue is an error-handling path in cm3605_probe() that, after a fix, introduced a new error-path which should jump to the existing error-handling path to avoid resource leaks. The connected sources consistently describe this...
CVE-2022-49992
This CVE (CVE-2022-49992) concerns the Linux kernel, where a swap-entry PFN fetch path could be misapplied during mprotect changes. Root cause: in swp_offset_pfn(), a check for swap type allowed pfn_swap_entry_to_page() to be invoked for non-write-migration entries, triggering kernel BUG at inclu...
CVE-2022-50240
CVE-2022-50240 concerns the Linux kernel Android binder subsystem. The issue arises from saving a pointer to a VMA outside of the mmap_lock, which could become stale or be freed, leading to fragile behavior in various failure paths. The documented fix changes the binder_alloc structure to record ...
CVE-2022-50245
CVE-2022-50245 concerns a Linux kernel issue in the rapidio driver where a UAF can occur if kfifo_alloc() fails during mport_cdev_open(). The fix removes priv from the chdev->file_list before freeing it to prevent traversal from accessing a freed object (the smatch warning reference). Affected...
CVE-2022-50251
CVE-2022-50251 affects the Linux kernel mmc/vub300 driver. The vulnerability arises when mmc_add_host() returns an error but its return value is ignored, leading to a memory leak from mmc_alloc_host() and a potential kernel crash due to removing an unadded device in the remove path. The accompany...
CVE-2022-50257
The CVE-2022-50257 issue is in the Linux kernel Xen grant handling (xen/gntdev) where partial grant mapping failures could leak grants. In paravirtualized domains (use_ptemod = true), alloced was not updated for all successful map_ops or kmap_ops, risking incorrect live_grants and leaks. The fix ...