6 matches found
CVE-2026-45972
The CVE-2026-45972 issue affects the Linux kernel SMB client, specifically smb2_open_file(), where improper handling could lead to memory corruption (UAF) or a double free during SMB2_open() retries. The fixed description states that zeroing err_iov and err_buftype before retrying SMB2_open() pre...
CVE-2026-23273
The CVE refers to a Linux kernel macvlan race: macvlan_common_newlink() can reveal a device before error handling under an RCU grace period, leading to a use-after-free as shown by a KASAN report. Connected OSV entries confirm patches in Rootio-Linux for Root:Debian/Ubuntu variants (Root-OS-DEBIA...
CVE-2026-46260
The CVE-2026-46260 entry is supported by multiple connected sources detailing a kernel IPv6 out-of-bounds read when creating an IPv6 route with RTA_NH_ID, due to fib6_info not containing trailing fib6_nh and an unsafe read of iter->fib6_nh. The fix adds a check of iter->nh before dereferenc...
CVE-2026-23422
CVE-2026-23422 concerns the Linux kernel’s dpaa2-switch component. An out-of-bounds if_id detected in the IRQ handler could leave the interrupt status uncleared, potentially causing an interrupt storm and a DoS-like condition. The technical details in connected documents show the root cause as mi...
CVE-2026-43178
In the Linux kernel, the procfs component has a vulnerability in do_procmap_query() that can trigger a double mmput() of an mm_struct when a user passes an incorrectly sized buffer for PROCMAP_QUERY's build ID. The root cause is a change that defers cleanup after unlocking mmap_lock and per-VMA, ...
CVE-2026-31552
CVE-2026-31552 affects the Linux kernel wlcore wifi path. A memory-allocation failure in wl1271_tx_allocate()/wl1271_prepare_tx_frame() could yield -EAGAIN and be misinterpreted by wlcore_tx_work_locked() as a full aggregation buffer, causing a retry loop under wl->mutex with GFP_ATOMIC. This ...