Lucene search
K
LinuxLinux Kernel7.1

372 matches found

CVE
CVE
added 2026/05/15 5:15 a.m.38 views

CVE-2026-43490

The CVE-2026-43490 entry concerns the Linux kernel ksmbd SMB server. The flaw arises in smb_inherit_dacl() where the code validates a fixed SID header but not the variable-length SID described by sid.num_subauth, allowing a malformed inheritable ACE to advertise more subauthorities than present. ...

8.8CVSS6AI score0.00408EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.38 views

CVE-2026-46152

CVE-2026-46152 affects the Linux kernel’s wifi/mac80211 subsystem. The root cause is that ieee80211_invoke_fast_rx() uses a static per-invocation rx_result, causing concurrent callers to share a single instance and potentially overwrite results between ieee80211_rx_mesh_data() and the switch on r...

8.8CVSS5.8AI score0.00161EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.38 views

CVE-2026-46173

CVE-2026-46173 concerns the Linux kernel. The issue arises when an already-exiting task oopses and make_task_dead() calls do_task_dead() with preemption enabled, while __schedule() must be called with preemption disabled. If a preempted oopsing task is still in the dead-state, finish_task_switch(...

7.8CVSS5.7AI score0.00126EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.37 views

CVE-2026-46166

The CVE-2026-46166 affects the Linux kernel’s wireless subsystem (mac80211) in the radar detect work. The root cause is unsafe list iteration during radar processing, where ieee80211_dfs_cac_cancel can free the iterated chanctx and remove it from the list, causing a slab-use-after-free. A guarded...

8.8CVSS5.8AI score0.00203EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.37 views

CVE-2026-46167

CVE-2026-46167 – Linux kernel usb/usblp heap leak : The vulnerability stems from an uninitialized status buffer (statusbuf) allocated at probe time for LPGETSTATUS. If a malicious printer returns zero bytes, a stale 8-byte heap region could be copied to userspace via LPGETSTATUS, causing a heap l...

5.5CVSS5.8AI score0.00128EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.37 views

CVE-2026-46189

CVE-2026-46189 affects the Linux kernel RDMA pvrdma component (pvrdma_alloc_ucontext). The issue is a double free: pvrdma_uar_free() is invoked in pvrdma_dealloc_ucontext() and is erroneously called before, creating a double free condition. Concrete fixes exist in OSV entries for multiple distrib...

7.8CVSS5.8AI score0.00143EPSS
CVE
CVE
added 2026/06/08 3:46 p.m.37 views

CVE-2026-46303

The CVE-2026-46303 vulnerability affects the Linux kernel isofs Rock Ridge CE handling. rock_continue() could use rs->cont_extent without validating the block number, allowing potential reads of data from an adjacent filesystem via sb_bread() on crafted ISO mounts. The issue was addressed by p...

8.2CVSS5.6AI score0.00278EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.36 views

CVE-2026-46178

The CVE-2026-46178 entry concerns the Linux kernel RDMA/mlx4 component. A resource leak could occur during error handling in mlx4_ib_create_srq(), because mlx4_srq_alloc() was not undone during error unwinding. The fix adds a call to mlx4_srq_free() to properly release the resource when an error ...

7.8CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.36 views

CVE-2026-46233

CVE-2026-46233 affects the Linux kernel batman-adv component (batadv_bla_purge_claims). The issue arises when iterating the claims list with an rcu_read_lock() and encountering a claim being released, potentially setting backbone_gw to NULL before the delayed kfree, making batadv_bla_claim_get_ba...

5.5CVSS5.8AI score0.00119EPSS
CVE
CVE
added 2026/06/03 4:19 p.m.36 views

CVE-2026-46273

The CVE-2026-46273 entry describes a Linux kernel vulnerability in the ibmveth driver affecting Power systems: GSO offload fails when MSS < 224 bytes, potentially freezing the network adapter and causing DoS until a manual reset. The fix adds an ndo_features_check to disable GSO for MSS 1; si...

8.6CVSS5.6AI score0.00389EPSS
CVE
CVE
added 2026/06/08 3:46 p.m.36 views

CVE-2026-46304

MODE C: The CVE-2026-46304 entry centers on the Linux kernel nvmet subsystem. The vulnerability stems from nvmet_tcp_release_queue_work() running on the nvmet-wq and possibly dropping the final controller reference through nvmet_cq_put(), which can trigger nvmet_ctrl_free() and flush ctrl->asy...

7.5CVSS5.4AI score0.00389EPSS
CVE
CVE
added 2026/06/24 7:14 a.m.36 views

CVE-2026-52917

Summary (concrete details from provided sources): CVE-2026-52917 fixes a Linux kernel SCTP diagnostics flaw in the sock_diag lookup during the dump_one path. The issue occurs when an SCTP association has been freed but is still being reported, allowing the code to dereference an invalid associati...

7.1CVSS5.7AI score0.00126EPSS
CVE
CVE
added 2026/05/27 12:56 p.m.35 views

CVE-2026-46033

The CVE-2026-46033 issue in the Linux kernel crypto/authencesn was fixed: authenc ESN paths require either a zero authsize or an authsize of at least 4 bytes, but a later path could copy digestsize into inst->alg.maxauthsize without validation, allowing ahash digests of 1–3 bytes (e.g., cbcmac...

7.1CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.35 views

CVE-2026-46157

The CVE-2026-46157 entry concerns the ALSA PCM OSS subsystem in the Linux kernel, where runtime.oss.trigger could be accessed concurrently without protection, causing a data race on a bit field and risking corruption of adjacent fields. The issue is addressed by extending the existing params_lock...

7.8CVSS5.7AI score0.00099EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.35 views

CVE-2026-46212

CVE-2026-46212 concerns the Linux kernel’s batman-adv module. The vulnerability arises when deleting backbone claims in batman-adv (function batadv_bla_del_backbone_claims): the code drops a hash-list link entry that is still referenced, risking that the entry could be freed by batadv_claim_relea...

8.8CVSS5.7AI score0.00274EPSS
CVE
CVE
added 2026/06/08 3:41 p.m.35 views

CVE-2026-46276

CVE-2026-46276 concerns the Linux kernel AMDGPU driver on RDNA4 (GFX 12). The issue: amdgpu_ttm_init_on_chip() is called for GDS, GWS and OA resources regardless of whether they exist; when a resource size is zero, drm_mm_init(0,0) triggers DRM_MM_BUG_ON and can crash the kernel during modprobe o...

5.5CVSS5.5AI score0.00177EPSS
CVE
CVE
added 2026/05/01 1:56 p.m.34 views

CVE-2026-31716

The CVE-2026-31716 entry covers a Linux kernel NTFS3 flaw in journal replay. Description from multiple sources states that check_file_record() validates rec->total against the record size but not rec->used. The journal-replay handlers read rec->used from disk and use it to compute memmov...

7.8CVSS5.8AI score0.00128EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.34 views

CVE-2026-46110

CVE-2026-46110 affects the Linux kernel stmmac driver. When RX memory is exhausted, stmmac_rx() could misinterpret descriptors (full vs dirty), risking a NULL pointer dereference and potential kernel panic. The fix adds an explicit check to bail out when the next RX descriptor is dirty before adv...

7.5CVSS5.9AI score0.005EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.34 views

CVE-2026-46112

CVE-2026-46112 relates to the Linux kernel RDMA/hns driver. The vulnerability arises from an unlocked call to hns_roce_qp_remove() during error unwinding in hns_roce_create_qp_common(), where the caller did not hold the required locks, risking memory corruption. The fixes synchronize by grabbing ...

7.8CVSS5.8AI score0.001EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.34 views

CVE-2026-46133

The CVE-2026-46133 issue affects Linux kernel’s Soft RoCE (RDMA/rxe) where an unauthenticated UDP packet with an unknown opcode could trigger an out-of-bounds read during ICRC/CRC processing due to missing validation of opcodes before length arithmetic. The advisory describes that entries in the ...

7.5CVSS5.7AI score0.00574EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.34 views

CVE-2026-46182

The CVE-2026-46182 issue affects the Linux kernel component pseries/papr-hvpipe . The root cause is that a local kernel stack variable hdr (papr_hvpipe_hdr) is allocated on the stack and only hdr.version and hdr.flags are initialized, leaving reserved padding bytes uninitialized. When copied to u...

5.5CVSS5.8AI score0.00126EPSS
CVE
CVE
added 2026/06/08 3:46 p.m.34 views

CVE-2026-46307

CVE-2026-46307 affects the Linux kernel ath5k driver, where a UBSAN-detected array-index-out-of-bounds in ath5k_tasklet_tx can write beyond a 4-entry ieee80211_tx_rate array, potentially overwriting the next info->status field (ack_signal). Rootcause: ts_final_idx may be 3, causing an out-of-b...

8.3CVSS5.4AI score0.0022EPSS
CVE
CVE
added 2026/06/09 12:11 p.m.34 views

CVE-2026-46320

The CVE-2026-46320 vulnerability affects the Linux kernel tap driver where memory pages allocated for frames in vhost_net_xdp() are not freed on error paths. Specifically, tap_get_user_xdp() may reject frames shorter than ETH_HLEN (-EINVAL) or fail build_skb() (-ENOMEM), but both error paths jump...

7.4CVSS5.4AI score0.00235EPSS
CVE
CVE
added 2026/05/26 4:14 p.m.33 views

CVE-2026-45835

CVE-2026-45835: In the Linux kernel, Bluetooth L2CAP code is vulnerable to a NULL pointer dereference in l2cap_sock_new_connection_cb() due to a missing NULL guard. The fix adds the same NULL guard already present in l2cap_sock_resume_cb() and l2cap_sock_ready_cb(), addressing the null-ptr-deref ...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.33 views

CVE-2026-46114

CVE-2026-46114 affects the Linux kernel RDMA/rxe driver. A remote attacker could exploit zero- or non-8-byte ATOMIC_WRITE payloads by triggering atomic_write_reply() to dereference 8 bytes past the packet boundary, leaking up to 4 bytes of kernel tailroom per probe (plus trailing ICRC). The issue...

7.5CVSS5.8AI score0.00467EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.33 views

CVE-2026-46160

CVE-2026-46160 concerns the Linux kernel’s Btrfs filesystem: when removing a directory, last_unlink_trans is not updated, which can lead to incorrect fsync behavior if a directory with an open file descriptor is fsynced after removal. This can cause log replay during mount to fail with -EIO, pote...

5.5CVSS5.8AI score0.00128EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.33 views

CVE-2026-46193

CVE-2026-46193 concerns a Linux kernel xfrm AH (AH) implementation issue where ESN high bits are not accounted for in async callback paths, causing miscalculation of ICV/auth offsets on IPv4/IPv6 when ESN is enabled and async hmac is used. The vulnerability arises from reconstructing the temporar...

5.5CVSS5.8AI score0.00128EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.33 views

CVE-2026-46203

The CVE-2026-46203 issue affects the Linux kernel, specifically the spi: cadence-quadspi driver. The root cause is unclocked register access that can occur if the controller is not runtime-resumed before being disabled during driver unbind. The fix ensures the controller is runtime resumed prior ...

7.1CVSS5.8AI score0.00131EPSS
CVE
CVE
added 2026/06/08 3:46 p.m.33 views

CVE-2026-46302

CVE-2026-46302 concerns the Linux kernel SELinux policy handling. The vulnerability arises because multiple processes could concurrently open /sys/fs/selinux/policy, whereas previously only one open was allowed. The root cause is a retained policy_opened flag and a too-large critical section arou...

5.5CVSS5.5AI score0.00145EPSS
CVE
CVE
added 2026/05/01 1:56 p.m.32 views

CVE-2026-31715

In Linux kernel (f2fs), CVE-2026-31715 is a use-after-free triggered by decrementing sbi->nr_pages[] during F2FS_WB_CP_DATA handling. The root cause is that f2fs_put_super() calls iput(sbi->node_inode) and NULLs the node_inode after the counter reaches zero, allowing f2fs_in_warm_node_list(...

7.8CVSS5.8AI score0.0012EPSS
CVE
CVE
added 2026/05/27 9:24 a.m.32 views

CVE-2026-45844

Summary: CVE-2026-45844 affects the Linux kernel netfilter arp_tables on IEEE1394 (FireWire) interfaces. The vulnerability arises because arp_packet_match() unconditionally parses the ARP payload assuming both source and target hardware addresses exist, while IPv4-over-IEEE1394 ARP omits the targ...

5.5CVSS5.8AI score0.00117EPSS
CVE
CVE
added 2026/05/27 9:24 a.m.32 views

CVE-2026-45845

The CVE-2026-45845 issue affects the Linux kernel net/sched taprio code. When deleting a TAPRIO child qdisc via RTM_DELQDISC, taprio_graft() could store NULL in q->qdiscs[] and later RTM_GETTCLASS dump paths could dereference a NULL pointer during taprio_dump_class(), causing a kernel NULL poi...

5.5CVSS5.8AI score0.00108EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.32 views

CVE-2026-46125

CVE-2026-46125 describes a Linux kernel issue in the wifi mac80211 path where, if Multi-Link Operation (MLO) connection preparation fails, the associated station may not be removed correctly. The advisory states that the interface is reset to non-MLD and the station linked to the vif should be de...

8.8CVSS5.8AI score0.00302EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.32 views

CVE-2026-46131

CVE-2026-46131 affects the Linux kernel KVM x86 code. The issue is a faulty check in slow flush hypercalls where is_guest_mode(vcpu) was used incorrectly; translate_nested_gpa() is only valid when an L2 guest runs with nested EPT/NPT enabled, so the condition should match translate_nested_gpa() i...

5.5CVSS5.8AI score0.00127EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.32 views

CVE-2026-46147

CVE-2026-46147 concerns the Linux kernel KVM on ARM64, where two bugs in vCPU initialisation can leak pin references to host vCPU/SVE pages and allow observation of a partially initialised vCPU object. The fixes extract a helper for vCPU registration, ensure proper unpinning on error, and enforce...

5.5CVSS5.8AI score0.00126EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.32 views

CVE-2026-46185

The CVE-2026-46185 issue affects the Linux kernel SMB client. The root cause is insufficient length validation in smb2_check_message() when processing symlink error responses, allowing a symlink_data() path to read beyond the buffer if iov_len is smaller than the 64-byte SMB2 header and accessing...

9.1CVSS5.7AI score0.00513EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.32 views

CVE-2026-46190

Summary (CVE-2026-46190) : A Linux kernel vulnerability in the MTD SPI-NOR debugfs code caused an out-of-bounds read in spi_nor_params_show() due to passing an array of pointers to spi_nor_print_flags() with sizeof(snor_f_names). Since sizeof on a pointer array yields bytes, not element count, th...

7.1CVSS5.8AI score0.00131EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.32 views

CVE-2026-46197

The CVE-2026-46197 issue affects the Linux kernel DRM/AMDKFD component, where the nattr field validation for SVM ioctl was insufficient against the reported buffer size, enabling out-of-bounds access via a user-controlled attribute count. The root cause is input size validation failure in the SVM...

7.8CVSS5.9AI score0.00139EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.32 views

CVE-2026-46202

CVE-2026-46202 concerns the Linux kernel HID driver for the Apple Touch Bar (hid-appletb-kbd). The issue arises when inactivity autodim uses backlight_device_set_brightness() from two atomic contexts (a timer_list callback and input/event paths), causing a mutex lock from an atomic context bug an...

5.5CVSS6AI score0.00128EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.32 views

CVE-2026-46207

The CVE-2026-46207 issue affects the Linux kernel’s vsock/virtio path, where non-linear skbs could fail to copy payloads to the vsockmon tap device due to iov_iter not being properly initialized. The fix standardizes handling for both linear and non-linear skbs by removing the linear/non-linear s...

5.5CVSS5.8AI score0.00127EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.32 views

CVE-2026-46231

CVE-2026-46231 concerns the Linux kernel’s batman-adv code. When batadv_bla_add_claim() fails to insert a new claim into its hash, a reference to the target backbone_gw could be leaked. The vulnerability arises from not releasing that reference on the error path, potentially allowing a backbone_g...

5.5CVSS5.8AI score0.00119EPSS
CVE
CVE
added 2026/06/08 3:46 p.m.32 views

CVE-2026-46292

CVE-2026-46292 (Linux kernel): The issue is in pmdomain core handling when detaching virtual devices from a genpd. The patch fixes a missing pm_runtime_disable() call in genpd_dev_pm_detach(), which could leave runtime PM enabled for virtual devices after detachment. Consequences described includ...

5.5CVSS5.5AI score0.00177EPSS
CVE
CVE
added 2026/06/24 7:14 a.m.32 views

CVE-2026-52939

CVE-2026-52939 is addressed by the Debian/Ubuntu Linux kernel fixes in the 6.1.y series. Debian LTS advisories (DLA-4671, DLA-4665) indicate linux-6.1 packages are updated to mitigate this issue, e.g., Debian 11/12 updates shipping linux-6.1 with CVE-2026-52939 included and patched versions such ...

5.5CVSS5.8AI score0.00164EPSS
CVE
CVE
added 2026/05/01 1:56 p.m.31 views

CVE-2026-31702

Summary of CVE-2026-31702 details from connected docs: The vulnerability is in the Linux kernel’s f2fs compression path. In f2fs_compress_write_end_io(), dec_page_count(sbi, type) could decrement the F2FS_WB_CP_DATA counter to zero while a concurrent unmount is unrolling, leading to a use-after-f...

7.8CVSS5.8AI score0.00119EPSS
CVE
CVE
added 2026/05/26 4:14 p.m.31 views

CVE-2026-45834

CVE-2026-45834 affects the Linux kernel Bluetooth L2CAP path. A NULL pointer dereference in l2cap_sock_state_change_cb() is fixed by adding the NULL guard already present in l2cap_sock_resume_cb() and l2cap_sock_ready_cb(); patch applies to affected kernel versions (e.g., openSUSE/SUSE notes and ...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.31 views

CVE-2026-46122

Summary : CVE-2026-46122 concerns the Linux kernel wifi driver (b43) where firmware-provided key indices can exceed the bounds of dev->key[] (58 entries) in b43_rx(), allowing an out-of-bounds read. The fix makes the B43_WARN_ON check enforcing and drops the frame when an invalid key index is ...

7.8CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.31 views

CVE-2026-46123

Summary: CVE-2026-46123 affects the Linux kernel Bluetooth virtio_bt driver. The issue arises when virtbt_rx_work() skb_put(skb, len) uses an unvalidated len sourced from virtqueue_get_buf(), with the device exposing a 1000-byte RX buffer. Since alloc_skb() tailroom can exceed 1000, a malicious/b...

7.7CVSS5.9AI score0.00142EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.31 views

CVE-2026-46170

CVE-2026-46170 affects the Linux kernel MPTCP implementation. When ADD_ADDR is retransmitted, the socket reference counting can fail to free the sk, which may trigger indefinite waiting in timer synchronization and cause a DoS. The root cause is improper timer handling during sk_free that could c...

5.5CVSS5.7AI score0.00127EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.31 views

CVE-2026-46198

The CVE-2026-46198 issue affects the Linux kernel’s batman-adv component. A mismatch between integer types caused an integer overflow in batadv_iv_ogm_send_to_if, where buff_pos is s16 while the size check uses an int in batadv_iv_ogm_aggr_packet, potentially enabling an out-of-bounds read. The v...

8.8CVSS5.8AI score0.00281EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.31 views

CVE-2026-46209

CVE-2026-46209 affects the Linux kernel DRM GEM: a discrepancy between plane dimension calculations in drm_gem_fb_init_with_funcs() (plain integer division) and framebuffer_check() (DIV_ROUND_UP via drm_format_info_plane_width/height) can cause GEM size checks to miscalculate, potentially allowin...

7.8CVSS5.8AI score0.00139EPSS
Total number of security vulnerabilities372