14105 matches found
CVE-2026-43214
The CVE-2026-43214 issue concerns Linux kernel KVM on x86: when reading PDPTRs in __get_sregs2(), SRCU read-side protection was missing. The root cause is that kvm_pdptr_read() may dereference guest memory via a chain (svm_cache_reg -> load_pdptrs -> kvm_vcpu_read_guest_page -> kvm_vcpu_...
CVE-2026-43348
The CVE-2026-43348 issue affects the Linux kernel’s mshv_vtl path: when registering VTL0 memory via MSHV_ADD_VTL0_MEMORY, the calculation of pgmap->vmemmap_shift can exceed MAX_FOLIO_ORDER, causing a WARN and -EINVAL during memremap_pages(). The root cause is failing to clamp the computed shif...
CVE-2026-43127
CVE-2026-43127 concerns the Linux kernel ntfs3 component, where a circular locking dependency between wnd->rw_lock and ni->file.run_lock creates an AB-BA deadlock. The deadlock scenario: ntfs_extend_mft() acquires ni->file.run_lock then wnd->rw_lock; run_unpack_ex() acquires wnd->r...
CVE-2026-43134
The CVE-2026-43134 entry affects the Linux kernel Bluetooth stack. The root cause is a missing encryption key size check in the L2CAP_LE_CONN_REQ handling, which could permit a malformed L2CAP LE connection request and trigger a protocol violation. A patch was added to perform the key-size valida...
CVE-2026-43136
The CVE-2026-43136 issue affects the Linux kernel HID subsystem (logitech-hidpp) where fake USB devices could craft HID report descriptors without valid fields, potentially crashing the kernel over USB. The root cause is a missing validation in hidpp_get_report_length() that allowed reports with ...
CVE-2026-43156
The CVE-2026-43156 entry affects the Linux kernel USB Pegasus driver. The root cause is that pegasus_probe() built URBs using hardcoded endpoint pipes (RX bulk 1, TX bulk 2, status interrupt 3) without validating endpoint descriptors, allowing a malformed USB device to present endpoints with mism...
CVE-2026-43157
Summary: CVE-2026-43157 affects the Linux kernel octeontx2-af CGX driver. The RX/TX flow-control bitmaps (rx_fc_pfvf_bmap, tx_fc_pfvf_bmap) are allocated during cgx_lmac_init() but not freed during cgx_lmac_exit(), enabling a kernel memory leak (kmemleak) when the driver is unbound and rebound. I...
CVE-2026-43180
The CVE-2026-43180 issue affects the Linux kernel kaweth USB Ethernet driver. The function kaweth_set_rx_mode() improperly manipulates the TX queue by calling netif_stop_queue() followed by netif_wake_queue(), which can wake the TX queue while a tx_urb is still in flight, causing a double usb_sub...
CVE-2026-43184
CVE-2026-43184 affects the Linux kernel component rnbd-srv. The root cause is failing to clear the response buffer before sending data, which could allow a remote client to receive unintended data when exchanging messages across protocol versions. Multiple vendors have patched this vulnerability ...
CVE-2026-43185
In Linux kernel ksmbd, a signedness bug in smb_direct_prepare_negotiation() casts unsigned __u32 values from sp->max_recv_size and req->preferred_send_size to signed int before min_t(). A crafted preferred_send_size of 0x80000000 can be treated as smaller than max_recv_size, enabling a subs...
CVE-2026-43195
CVE-2026-43195 affects the Linux kernel component drm/amdgpu related to user queue size handling. The issue is resolved by adding validation to ensure user queue sizes meet hardware requirements: the size must be a power of two for correct ring-buffer wrapping and at least AMDGPU_GPU_PAGE_SIZE to...
CVE-2026-43200
The CVE-2026-43200 issue affects the Linux kernel PCI endpoint functionality. Specifically, pci_primary_epc_epf_unlink() and pci_secondary_epc_epf_unlink() swap parameters in their configfs unlink paths, which can trigger a kernel crash when using unlink in configfs. Red Hat's advisory frames thi...
CVE-2026-43206
Summary: CVE-2026-43206 affects the Linux kernel’s drm/amdkfd component. The function kfd_event_page_set() writes KFD_SIGNAL_EVENT_LIMIT * 8 bytes using memset without validating the destination buffer size, allowing an unprivileged local user to trigger an out-of-bounds memory write and potentia...
CVE-2026-43222
In the Linux kernel, the media: verisilicon: AV1 driver patch fixes a buffer-size miscalculation for tile information. The tile info structure (row_sb, col_sb, start_pos, end_pos) requires AV1_MAX_TILES × 16 bytes; using the incorrect define caused writes to non-allocated memory, risking memory c...
CVE-2026-43239
The CVE-2026-43239 issue concerns the Linux kernel SMB client where two concurrent operations could race while updating network interfaces via query_interfaces(), risking an inconsistent state. The root cause is improper synchronization of iface_last_update under iface_lock. Public advisories con...
CVE-2026-43248
In the Linux kernel vhost subsystem, CVE-2026-43248 stems from a vdpa_sim bug that could assign a valid ASID to a group equal to ngroups, causing an out-of-bounds write and memory instability. Multiple reports confirm a patch to move the vdpa group bound check into vhost_vdpa and to fix the out-o...
CVE-2026-43250
CVE-2026-43250 affects the Linux kernel ChipIdea USB Device Controller (UDC) driver. The vulnerability arises when a USB device is reconnected during an active transfer, because _ep_nuke() returns requests without unmapping DMA buffers or cleaning bounce buffers, leaving stale DMA state (num_mapp...
CVE-2026-43261
The CVE-2026-43261 entry concerns the Linux kernel ARM64 arm64: TSV110 Spectre-BHB mitigation. The root cause is Spectre-BHB leakage via branch-prediction side channels on TSV110; mitigation consists of adding the TSV110 MIDR to the software mitigation list in the kernel. Affected component: Linu...
CVE-2026-43269
The CVE-2026-43269 issue affects the Linux kernel drm/atmel-hlcdc driver, where the atomic_destroy_state path failed to free all allocated objects (notably drm_crtc_commit), causing a memory leak observed via kmemleak. The root cause is that only the framebuffer was freed by atomic_destroy_state;...
CVE-2026-43290
Summary (CVE-2026-43290) A flaw in the Linux kernel's media subsystem (uvcvideo) can occur when start_streaming() fails due to an error in uvc_pm_get(), causing queued buffers to not be returned. The issue can lead to system instability or a denial of service by triggering a USB host controller f...
CVE-2026-43291
CVE-2026-43291 affects the Linux kernel NFC NCI subsystem. A parameter validation flaw for variable-length data packets can trigger a DoS by breaking NFC communication with NCI chips. Root cause: code compared variable-length packet data against a maximum length derived from sizeof(struct), ignor...
CVE-2026-43298
CVE-2026-43298 affects the Linux kernel drm/amdgpu driver. The issue arises during deinitialization where VF (Virtual Function) instances may attempt to release a VCN poison IRQ that was not enabled in VCNv2.5, causing a kernel warning in amdgpu_irq_put() and a potential instability. The disclose...
CVE-2026-43306
CVE-2026-43306 affects the Linux kernel due to bpf: crypto: Use the correct destructor kfunc type. With CONFIG_CFI enabled, indirect calls must match the target function’s pointer type. In the reported case, a CFI failure occurred at bpf_obj_free_fields while freeing a BPF crypto context, signali...
CVE-2026-43322
CVE-2026-43322 is a Linux kernel vulnerability in Bluetooth HCI sync handling (le_read_features_complete). The issue is a use-after-free (UAF) caused by freeing hci_conn after le_read_features_complete has been initiated but before it completes, allowing hci_cmd_sync_dequeue to fail to prevent th...
CVE-2026-43326
The CVE-2026-43326 entry documents a Linux kernel sched_ext deadlock vulnerability (SCX_KICK_WAIT) where CPUs busy-waited in kick_cpus_irq_workfn() and could form a cycle, freezing the system. The fix defers the wait to a balance callback by replacing the busy-wait with resched_curr(), forcing th...
CVE-2026-43332
In the Linux kernel thermal subsystem, CVE-2026-43332 affects the thermal_zone_device_register_with_trips() error path. The root cause is a missing wait_for_completion() after registering a thermal zone device, which can allow the thermal zone object to be freed prematurely if user space holds a ...
CVE-2026-43346
The CVE-2026-43346 entry documents a Linux kernel issue in ice: ptp used in VFIO passthrough where the PTP controlling PF (adapter->ctrl_pf) may not be initialized, causing NULL dereference risk and a WARN_ON() in ice_ptp_setup_pf(). The fix replaces the warning with an informational message a...
CVE-2026-43347
The CVE-2026-43347 details a Linux kernel arm64 Monaco issue where firmware mistakenly reports a Gunyah hypervisor memory region as available. The kernel may allocate from hypervisor-owned memory, causing spurious ESR=0x96000010 aborts and kernel crashes. The fix adds a reserved-memory carveout f...
CVE-2026-43354
CVE-2026-43354 affects the Linux kernel hx9023s proximity sensor driver (iio). The root cause is a division-by-zero in set_samp_freq when the sampling frequency is unspecified. The vulnerability was addressed by a fix in the kernel to protect against this division by zero. Multiple vendor advisor...
CVE-2026-43392
Summary (CVE-2026-43392) : In the Linux kernel, the sched_ext vulnerability causes a potential DoS by starving the enable path in scx_enable() when fair-class workloads saturate the system. The root cause is a switch of the calling thread’s sched_class from fair to ext during the READY→ENABLED lo...
CVE-2026-43402
Summary: CVE-2026-43402 affects the Linux kernel where kthread exit paths were consolidated to prevent a use-after-free in the kthread/pid data cleanup, after crashes traced to corrupted RCU function pointers during KUnit tests. The root cause involves a pid hashtable conversion changing structur...
CVE-2026-43417
CVE-2026-43417 affects the Linux kernel, specifically the vfork()/CLONE_VM handling in sched/mmcid. The bug occurs when the number of tasks in a process is smaller than MMCID users, causing the system to loop through the task list and double-count already processed tasks. If this double processin...
CVE-2026-43420
CVE-2026-43420 describes a race in Ceph/Linux kernel unlink handling where i_nlink is decremented before completion of async unlink, risking underrun if the updated i_nlink becomes zero. The root cause is updating i_nlink without proper synchronization between ceph_unlink() and MDS responses; the...
CVE-2026-43424
The CVE concerns the Linux kernel USB gadget f_tcm nexus handling. The tpg->tpg_nexus pointer used by the BOT command/data paths can be NULL during race windows (before nexus is established or after it’s dropped). Dereferencing tv_nexus->tvn_se_sess without a NULL check leads to a kernel pa...
CVE-2026-43429
CVE-2026-43429 (Linux kernel, USB usbtmc): The vulnerability arises from the usbtmc driver accepting user-specified timeouts that can be arbitrarily long for usb_bulk_msg() calls, potentially causing kernel threads to hang indefinitely. The issue is resolved by using usb_bulk_msg_killable() with ...
CVE-2026-43440
CVE-2026-43440 affects the Linux kernel net/mana driver, where during mana_gd_setup() cleanup a workqueue pointer (service_wq) could remain non-NULL after destroy_workqueue(), leading to a potential use-after-free if the pointer is checked after a failed setup. Connected advisories confirm the ro...
CVE-2026-43444
CVE-2026-43444 is a Linux kernel vulnerability in the drm/amdkfd component. The issue arises from improper error handling in which a buffer object (bo) is not released if a queue update fails, leaving the BO unreserved. The description across multiple sources notes that the error path should unre...
CVE-2026-43450
CVE-2026-43450 affects the Linux kernel nfnetlink_cthelper code. The issue is an out-of-bounds read (8 bytes) in nfnl_cthelper_dump_table() caused when a previously saved “last” helper is deleted between dump rounds, allowing a faulty goto restart to bypass bounds checks. The problem was fixed by...
CVE-2026-43458
The CVE affects the Linux kernel’s caif_serial line discipline. A use-after-free (KASAN slab UAF) could be triggered in pty_write_room() when the caif_serial TX path invokes tty_write_room(), accessing tty->link->port. Root cause: improper management of the tty->link reference during ldi...
CVE-2026-43461
CVE-2026-43461 affects the Linux kernel’s spi: amlogic: spifc-a4 driver, specifically aml_sfc_dma_buffer_setup(). The patch fixes three DMA mapping error paths: (1) removing an unnecessary goto when sfc->daddr mapping fails, (2) preventing a double-unmap when info DMA mapping fails by avoiding...
CVE-2026-43477
Summary: CVE-2026-43477 affects the Linux kernel DRM i915 VRR path. The vulnerability arises from configuring VRR timings (TRANS_VRR_VMAX/FLIPLINE) before enabling TRANS_DDI_FUNC_CTL, which can cause an MCE hang on some Intel/Icelake platforms (e.g., Dell XPS 7390 2‑in‑1 with a dock and faulty US...
CVE-2026-43479
CVE-2026-43479 concerns the Linux kernel’s lan78xx USB Ethernet driver. The issue is a WARN triggered during USB device disconnect in __netif_napi_del_locked when NAPI is still enabled, caused by an unnecessary netif_napi_del() call in the disconnect path. The provided documents consistently stat...
CVE-2026-45863
Summary: CVE-2026-45863 relates to the Linux kernel i3c dw driver, where dw_i3c_master_i2c_xfers() leaks memory when pm_runtime_resume_and_get() fails. The root cause is allocating the xfer structure via dw_i3c_master_alloc_xfer() without freeing on the error path. Consequence: memory leak potent...
CVE-2026-45884
Summary of CVE-2026-45884 (Linux kernel, AppArmor): The issue is an integer underflow in aa_get_buffer() when dequeuing from the per-CPU list. If cache->hold drops to zero while count is non-zero, the unsigned decrement can wrap to UINT_MAX, keeping hold non-zero and causing aa_put_buffer() to...
CVE-2026-45887
CVE-2026-45887 affects the Linux kernel af_unix subsystem's unix_stream_connect() path. Root cause: if prepare_peercred() fails, unix_release_sock() is not called for the new socket (newsk), causing a memory leak. Impact: potential DoS or instability due to unreleased memory. Remediation: move pr...
CVE-2026-45903
CVE-2026-45903 concerns the Linux kernel where the BPF verifier memory-access flag handling in helper prototypes was incorrect. After a verifier refactor, several helpers using ARG_PTR_TO_MEM lacked MEM_RDONLY or MEM_WRITE, causing the verifier to incorrectly assume buffers were unchanged across ...
CVE-2026-45927
The CVE-2026-45927 issue affects the Linux kernel BPF subsystem. bpf_map_get_info_by_fd caches the hash of a map regardless of its frozen state, enabling a TOCTOU where a trusted loader could compare an older hash after a map is modified but before freezing. The fix returns -EPERM when the hash i...
CVE-2026-45953
CVE-2026-45953 affects the Linux kernel’s MD RAID5 subsystem. The root cause is a missing check in need_this_block() when an llbitmap bit is unwritten in a degraded array, which can cause stripe handling to deadlock and trigger an I/O hang (DoS-like impact). Public sources describe the issue and ...
CVE-2026-46000
CVE-2026-46000 in the Linux kernel: rxrpc vulnerability where security checks decrypt bits of a packet in place while the skb may be shared with a packet sniffer, potentially exposing a decrypted (apparently corrupted) packet. The fix: when a packet was cloned, the kernel now hands a copy of the ...
CVE-2026-46001
Technical details about CVE-2026-46001 are not provided in the connected documents. The supplied sources only reiterate high‑level descriptions; there is no explicit information on affected products, root cause, impact, or a fix. Monitor for updates.