CVE-2026-43384

The CVE-2026-43384 issue concerns the Linux kernel TCP Authentication Option (TCP-AO) where MACs were compared without constant-time handling. The connected documents confirm a fix was applied to make MAC comparisons constant-time, mitigating timing-attack leakage of sensitive information. The vu...

CVE-2026-43396

In the Linux kernel, the vulnerability CVE-2026-43396 is in the drm/xe/sync path. When dma_fence_chain_alloc() fails, the user fence reference is not released, causing a memory leak. Documented across multiple sources (Red Hat, SUSE, Ubuntu, Debian OSV entries, and NVD), the issue is fixed by the...

CVE-2026-43431

In the Linux kernel xHCI host controller driver, CVE-2026-43431 stems from a NULL pointer dereference when reading portli debugfs files. The bug occurs if xhci->max_ports counts more port registers than the number reported by Supported Protocol capabilities, which can happen when max_ports exc...

CVE-2026-43432

CVE-2026-43432 relates to the Linux kernel USB xHCI driver. The error path in usb/xhci_disable_slot() previously freed only the command structure (via kfree), leaking the associated completion structure. The patch changes the code to call xhci_free_command() , which frees both the command structu...

CVE-2026-43437

CVE-2026-43437 affects the Linux kernel ALSA PCM subsystem (snd_pcm_drain). The issue is a use-after-free in the drain path: during drain, runtime is reassigned to a linked stream’s runtime and after releasing the stream lock, runtime fields (no_period_wakeup, rate, buffer_size) are accessed with...

CVE-2026-43461

CVE-2026-43461 affects the Linux kernel’s spi: amlogic: spifc-a4 driver, specifically aml_sfc_dma_buffer_setup(). The patch fixes three DMA mapping error paths: (1) removing an unnecessary goto when sfc->daddr mapping fails, (2) preventing a double-unmap when info DMA mapping fails by avoiding...

CVE-2026-43469

Summary: CVE-2026-43469 affects the Linux kernel xprtrdma component. The root cause is that rpcrdma_post_recvs() may exit early or fail to create a work request without decrementing ep->re_receiving. This miscount can cause rpcrdma_xprt_drain() to hang, leaving the completion blocked and poten...

CVE-2026-43471

Summary (mode C): The CVE-2026-43471 issue affects the Linux kernel’s SCSI UFS core, specifically a NULL pointer dereference in ufshcd_add_command_trace() when hwq is NULL, which can occur if ufshcd_mcq_req_to_hwq() returns NULL. A patch adds a NULL check for hwq before accessing hwq->id to pr...

CVE-2026-45946

CVE-2026-45946 affects the Linux kernel ab8500 power supply driver. A race condition arises when IRQs are requested before the power_supply handle is fully registered, leading to a use-after-free if an interrupt fires after deallocation but before IRQ unregistration. The issue can crash the syste...

CVE-2026-45957

CVE-2026-45957 documents a Linux kernel RCU bug: missing recursion protection in rcu_read_unlock() can cause a deadloop when softirq handling runs under ftrace, as shown in the call stack involving raise_softirq_irqoff() and rcu_read_unlock_special(). The issue was fixed by commits that adjust ir...

CVE-2026-45966

CVE-2026-45966 concerns a Linux kernel/AppArmor regression. When receiving file descriptors via SCM_RIGHTS, both sock and sock->sk can be NULL, leading to NULL pointer dereferences in __unix_needs_revalidation() and a crash. The issue stems from added NULL checks in a new function without ensu...

CVE-2026-45976

Summary: CVE-2026-45976 affects the Linux kernel’s drm/amdgpu driver, where amdgpu_nbio_ras_sw_init() failing inside amdgpu_ras_init() could leak memory because the allocated con structure wasn’t freed. The fix makes the function jump to release_con to properly clean up before returning the error...

CVE-2026-45987

Technical details about CVE-2026-45987 are not publicly provided in the connected documents. No explicit affected products, root cause, or fixes are present beyond generic patch notes; monitor for updates.

CVE-2026-45989

CVE-2026-45989: Linux kernel use-after-free in unittest testdrv_probe() is mitigated in openSUSE/Root environments by updating kernel-devel to 7.0.11-1.1. The initial description explains that testdrv_probe() retrieves a device_node from the PCI device, applies an overlay, and then calls of_node_...

CVE-2026-46004

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: Handle probe errors properly The probe procedure of setup_card() in caiaq driver doesn't treat theerror cases gracefully, e.g. the error from snd_card_register() callssnd_card_free() but continues. This would lead to...

CVE-2026-46016

In the Linux kernel, the following vulnerability has been resolved: remoteproc: xlnx: Only access buffer information if IPI is buffered In the receive callback check if message is NULL to preventpossibility of crash by NULL pointer dereferencing.

CVE-2026-46022

CVE-2026-46022 relates to the Linux kernel code in misc: ibmasm where an OOB MMIO read occurs in ibmasm_handle_mouse_interrupt due to unbounded queue index usage. The root cause is unbounded values from get_queue_reader()/get_queue_writer() fed into get_queue_entry(), producing a potentially inva...

CVE-2026-46029

In the Linux kernel, CVE-2026-46029 describes a race within the slab allocator where kmalloc_nolock() called from NMI on uniprocessor (UP) configurations can re-enter the allocator and acquire n->list_lock that the interrupted context already holds, corrupting slab state and potentially causin...

CVE-2026-46032

Summary: CVE-2026-46032 relates to Linux kernel KVM nSVM, where a failed restore of L1 host CR3 during a nested VMEXIT could leave L1 with corrupted state and trigger a triple fault instead of a clean recovery. The fix removes the nested_svm_vmexit return value and ensures proper cleanup, resulti...

CVE-2026-46036

The CVE covers a race in the Linux kernel vfio/cdx driver where concurrent VFIO_DEVICE_SET_IRQS ioctls can observe inconsistent state of config_msi and cdx_irqs, leading to use-after-free of the cdx_irqs array. A per-device mutex (cdx_irqs_lock) is added to struct vfio_cdx_device and is acquired ...

CVE-2026-46144

The CVE-2026-46144 entry concerns the Linux kernel RDMA mana driver. A resource leak occurs during error unwind in mana_ib_create_qp_rss(), where mana_ib_cfg_vport_steering() is not properly cleaned up; this could cause resource exhaustion (DoS). The issue has been fixed in the kernel (patched), ...

CVE-2026-46160

CVE-2026-46160 concerns the Linux kernel’s Btrfs filesystem: when removing a directory, last_unlink_trans is not updated, which can lead to incorrect fsync behavior if a directory with an open file descriptor is fsynced after removal. This can cause log replay during mount to fail with -EIO, pote...

CVE-2026-46161

CVE-2026-46161 affects the Linux kernel md/raid10 code: setup_geo() may divide by zero when fc (far copies) is 0, since it derives geo->far_set_size from disks/fc without validating zero. The fix validates nc and fc after extraction and returns -1 if either is zero. Connected OSV entries show ...

CVE-2026-46165

CVE-2026-46165 affects the Linux kernel openvswitch vport code, where a self-deadlock could occur on tunnel port release due to improper ordering between RCU callbacks and RTNL/normally synchronized code paths. The root cause: vports are protected by RCU and must have netdev_put() after the RCU g...

CVE-2026-46166

The CVE-2026-46166 affects the Linux kernel’s wireless subsystem (mac80211) in the radar detect work. The root cause is unsafe list iteration during radar processing, where ieee80211_dfs_cac_cancel can free the iterated chanctx and remove it from the list, causing a slab-use-after-free. A guarded...

CVE-2026-46171

The CVE-2026-46171 issue affects the Linux kernel KVM for RISCV, where a second kzalloc failure in kvm_riscv_vcpu_alloc_vector_context leaks the first allocation (guest_context.vector.datap). The root cause is a vector context allocation leak that can degrade system stability if not freed. A fix ...

CVE-2026-46179

In CVE-2026-46179, the Linux kernel ASoC SOF subsystem is vulnerable to a divide-by-zero when reporting the pointer for a compressed stream if stream parameters are unconfigured. The bug arises from dividing the I/O frame position by (channels × container bytes), which defaults to zero until stre...

CVE-2026-46183

CVE-2026-46183 affects the Linux kernel DAMON sysfs code. The vulnerability is a use-after-free in damon_sysfs_quot_goal->path: user reads/writes to the sysfs 'path' file can deallocate the underlying buffer, and current protection only guards parameter reads during commit; direct user access ...

CVE-2026-46186

Summary: CVE-2026-46186 affects the Linux kernel Bluetooth virtio_bt driver. The vulnerability arises in virtbt_rx_handle(), which reads the leading pkt_type byte from RX skb and forwards the rest to hci_recv_frame() for multiple packet types without validating that the remaining payload is large...

CVE-2026-46187

CVE-2026-46187 – summary of documented fixes : In the Linux kernel, the wifi: rsi driver experienced a kthread lifetime race between self-exit and external-stop, causing a UAF if the exited thread is accessed after free. The confirmed remediation is to remove kthread_stop() and wait for the self-...

CVE-2026-46194

CVE-2026-46194 is a Linux kernel/f2fs race condition where f2fs_destroy_extent_node() clears extent nodes without FI_NO_EXTENT, allowing concurrent writeback to insert nodes and trigger a bug check. The issue arises when dropping inodes with I_SYNC during writeback, leading to a potential crash/D...

CVE-2026-46210

The CVE-2026-46210 issue affects the Linux kernel Iris media driver. A race between per-instance locks (inst->lock) and the core list lock (core->lock) allows a use-after-free during MBPF checks: MBPF iterates the core list and reads fields like fmt_src->width/height while iris_close() m...

CVE-2026-46232

The CVE-2026-46232 entry concerns the Linux kernel HID PlayStation driver. A flaw allows a device to report more touch_reports than the array can hold, risking an out-of-bounds read in dualshock4_parse_report and potentially exposing up to ~2 KiB of kernel memory when DS4_TOUCH_POINT_INACTIVE is ...

CVE-2026-46236

CVE-2026-46236 affects the Linux kernel media: rc Xbox remote driver, where the IO buffer was placed in the device structure, violating DMA coherency rules. This is a local, low-complexity issue with high availability impact. Publicly documented fixes are present in OSV entries for Root: Debian 1...

CVE-2022-50235

Mode C: CVE-2022-50235 affects the Linux kernel NFSD implementation for NFSv2 READDIR. The vulnerability arises from an excessive @count leading to a buffer overflow; the fix restores the previous limit on count to prevent overflow attacks. Impact is high (local, with high confidentiality, integr...

CVE-2022-50267

CVE-2022-50267 pertains to the Linux kernel’s MMC/SD subsystem, specifically the mmc_add_host() path in the mmc: rtsx_pci driver. Root cause: return value of mmc_add_host() was not checked; on error, memory allocated by mmc_alloc_host() could be leaked, risking a kernel crash when removing an una...

CVE-2022-50318

The CVE-2022-50318 issue is in the Linux kernel perf/x86/intel/uncore: hswep_has_limit_sbox reference-count leak. The root cause is that pci_get_device() increments the reference count of the dev object, and pci_read_config_dword() uses it without decrementing; the fix adds pci_dev_put() immediat...

CVE-2022-50329

CVE-2022-50329 affects the Linux kernel’s block/bfq subsystem. The root cause was a use-after-free: bfqq could be freed in bfq_exit_icq_bfqq() and then used in bic_set_bfqq(), leading to UAF. The fix reorders operations by moving bfq_exit_bfqq() behind bic_set_bfqq(), preventing the invalid access.

CVE-2022-50331

CVE-2022-50331 refers to a Linux kernel vulnerability in the wwan_hwsim subsystem. The description documents a memory leak in wwan_hwsim_dev_new() that can occur when probing a module if device_register() fails and the kobject refcount is not decremented to zero, leaking the name allocated in dev...

CVE-2022-50351

CVE-2022-50351 affects the Linux kernel CIFS subsystem. The issue stems from leaking an xid in cifs_create() when the CIFS session is shutdown, as the xid is not freed before returning. The vulnerability results in an xid leak (resource exhaustion potential) and has a fixed in the Linux kernel vi...

CVE-2022-50353

The CVE-2022-50353 issue is in the Linux kernel driver mmc/wmt-sdmmc: the return value of mmc_add_host() was not checked. If mmc_add_host() returns an error, allocated memory from mmc_alloc_host() could be leaked, leading to a kernel crash when removing the device. The advisory states the fix is ...

CVE-2022-50359

CVE-2022-50359 affects Linux kernel media driver cx88: null-ptr-deref in buffer_prepare() when cx88_risc_buffer() fails, leading to empty buffer and null-ptr-deref in buffer_queue(). The issue is fixed by validating the return value of cx88_risc_buffer() before use. Affected reports in connected ...

CVE-2022-50433

CVE-2022-50433 : Linux kernel vulnerability in the EFI/ACPI SSDT handling. Amadeusz reported KASAN use-after-free caused by unconditional kfree() of the new ACPI table when loading SSDTs from variables. Root cause: memory freed on both success and failure, mishandling ACPI core load result. Fix: ...

CVE-2022-50438

CVE-2022-50438 : In the Linux kernel, the hinic driver leaks memory when reading the function table if the input index matches a certain case in hinic_dbg_get_func_table(), where read_data is not released. A fix was applied to release the memory, resolving the issue. The connected sources referen...

CVE-2022-50439

CVE-2022-50439 is a Linux kernel vulnerability in ASoC: mediatek mt8173 where IRQs could fire before pdata is ready, causing memory read errors and kernel instability. Connected advisories (SUSE, Astra Linux, OSV) indicate the issue was resolved in the kernel by enabling IRQ once pdata is ready. ...

CVE-2022-50449

CVE-2022-50449 : In the Linux kernel, the Samsung clock driver fix addresses a memory leak in _samsung_clk_register_pll(). If clk_register() fails, pll->rate_table may be allocated by kmemdup() and is not freed, leaking memory. The patch adds proper cleanup to free the allocated memory on fail...

CVE-2022-50451

CVE-2022-50451 involves a memory leak in the Linux kernel’s ntfs3 module, specifically in the ntfs_fill_super() error path. The provided documents consistently describe a bug where an unreferenced kmemleak object is leaked during mounting, traced to the error handling path of ntfs_fill_super(). T...

CVE-2022-50454

CVE-2022-50454 affects the Linux kernel’s DRM Nouveau driver. The vulnerability arises in nouveau_gem_prime_import_sg_table() due to a use-after-free: on failure of nouveau_bo_init(), the associated gem object is released by ttm_bo_init(), but the code later calls nouveau_bo_ref() which dereferen...

CVE-2022-50473

CVE-2022-50473 affects the Linux kernel cpufreq subsystem. The root cause is calling an uninitialized completion in cpufreq_sysfs_release() when kobject_init_and_add() fails, occurring in cpufreq_policy_alloc(). This can lead to a crash (page fault) on a local system via complete+0x98, with Call ...

CVE-2022-50474

CVE-2022-50474 is a Linux kernel issue affecting the macintosh/macio path, where a device name allocated dynamically after a driver-core change was not freed on of_device_register() failure, causing a memory leak. The fix introduces a put_device() reference release to balance device_initialize() ...