Lucene search
K
LinuxLinux Kernel7.1

371 matches found

CVE
CVE
added 2026/05/28 9:35 a.m.32 views

CVE-2026-46123

Summary: CVE-2026-46123 affects the Linux kernel Bluetooth virtio_bt driver. The issue arises when virtbt_rx_work() skb_put(skb, len) uses an unvalidated len sourced from virtqueue_get_buf(), with the device exposing a 1000-byte RX buffer. Since alloc_skb() tailroom can exceed 1000, a malicious/b...

7.7CVSS5.9AI score0.00142EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.32 views

CVE-2026-46197

The CVE-2026-46197 issue affects the Linux kernel DRM/AMDKFD component, where the nattr field validation for SVM ioctl was insufficient against the reported buffer size, enabling out-of-bounds access via a user-controlled attribute count. The root cause is input size validation failure in the SVM...

7.8CVSS5.9AI score0.00139EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.32 views

CVE-2026-46202

CVE-2026-46202 concerns the Linux kernel HID driver for the Apple Touch Bar (hid-appletb-kbd). The issue arises when inactivity autodim uses backlight_device_set_brightness() from two atomic contexts (a timer_list callback and input/event paths), causing a mutex lock from an atomic context bug an...

5.5CVSS6AI score0.00128EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.32 views

CVE-2026-46224

The CVE-2026-46224 issue affects the Linux kernel drm/xe driver. The bug is a lifecycle/ownership problem in xe_dma_buf_init_obj() where a pre-allocated storage bo is not freed when drm_gpuvm_resv_object_alloc() fails, leading to a potential resource leak. The kernel now ensures that, on failure,...

5.5CVSS5.8AI score0.00117EPSS
CVE
CVE
added 2026/06/08 3:46 p.m.32 views

CVE-2026-46308

CVE-2026-46308 affects the Linux kernel: a use-after-free in mediatek’s pmdomain code, within scpsys_get_bus_protection_legacy(). The bug stems from of_find_node_with_property() returning a device node with an incremented refcount, followed by of_node_put(node) before validating the result of sys...

7.8CVSS5.4AI score0.00115EPSS
CVE
CVE
added 2026/06/19 2:43 p.m.32 views

CVE-2026-52910

The CVE-2026-52910 issue is in the Linux kernel where a cBPF reuseport program may be freed immediately when detached from a reuseport group, without waiting for an RCU grace period. This can lead to a use-after-free and potential memory corruption when a concurrent UDP send crosses the fast path...

7.8CVSS5.7AI score0.00104EPSS
CVE
CVE
added 2026/06/24 9:0 a.m.32 views

CVE-2026-52943

CVE-2026-52943 affects the Linux kernel: two pskb_carve helpers (pskb_carve_inside_header and pskb_carve_inside_nonlinear) copy the old skb_shared_info header via memcpy without calling net_zcopy_get() for the new copy, creating an unaccounted destructor_arg (uarg) reference. This can cause use-a...

7.8CVSS5.9AI score0.00238EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.32 views

CVE-2026-53228

The CVE-2026-53228 entry documents a vulnerability in the Linux kernel SIT IPv6 tunnel driver. When GSO offloads are used, the code may keep a stale pointer to the inner IPv6 header after skb header unclone and potential headroom reallocation, leading to reads from freed memory. A fix reloads the...

9.8CVSS5.7AI score0.00559EPSS
CVE
CVE
added 2026/05/21 12:12 p.m.31 views

CVE-2026-43496

CVE-2026-43496 affects the Linux kernel net/sched subsystem (sch_red). When red qdiscs with children (e.g., qfq) perform a peek() to expose an skb and then immediately dequeue from the child, the code path could dereference NULL and trigger a kernel panic. The fix changes the sequence from direct...

5.5CVSS5.8AI score0.00118EPSS
CVE
CVE
added 2026/05/26 4:14 p.m.31 views

CVE-2026-45836

The CVE-2026-45836 vulnerability affects the Linux kernel Bluetooth L2CAP code and stems from a missing NULL guard in l2cap_sock_get_sndtimeo_cb(), which can cause a null pointer dereference. The issue is resolved by adding the same NULL guard already present in l2cap_sock_resume_cb() and l2cap_s...

5.5CVSS5.8AI score0.00122EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.31 views

CVE-2026-46176

The CVE-2026-46176 issue affects the Linux kernel RDMA mlx5 path (mlx5_ib_dev_res_srq_init): when ib_create_srq() fails for s1, the error path can end up with freed s0 and ERR_PTR s1 assigned to devr->s0/devr->s1, leading to use-after-free/double-free risk in subsequent access. The fix adds...

7.8CVSS5.8AI score0.00142EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.31 views

CVE-2026-46198

The CVE-2026-46198 issue affects the Linux kernel’s batman-adv component. A mismatch between integer types caused an integer overflow in batadv_iv_ogm_send_to_if, where buff_pos is s16 while the size check uses an int in batadv_iv_ogm_aggr_packet, potentially enabling an out-of-bounds read. The v...

8.8CVSS5.8AI score0.00281EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.31 views

CVE-2026-46209

CVE-2026-46209 affects the Linux kernel DRM GEM: a discrepancy between plane dimension calculations in drm_gem_fb_init_with_funcs() (plain integer division) and framebuffer_check() (DIV_ROUND_UP via drm_format_info_plane_width/height) can cause GEM size checks to miscalculate, potentially allowin...

7.8CVSS5.8AI score0.00139EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.31 views

CVE-2026-46232

The CVE-2026-46232 entry concerns the Linux kernel HID PlayStation driver. A flaw allows a device to report more touch_reports than the array can hold, risking an out-of-bounds read in dualshock4_parse_report and potentially exposing up to ~2 KiB of kernel memory when DS4_TOUCH_POINT_INACTIVE is ...

8.1CVSS5.7AI score0.00258EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.30 views

CVE-2026-46151

CVE-2026-46151 affects the Linux kernel USB printer driver usblp, causing a heap leak in IEEE 1284 device ID handling due to short GET_DEVICE_ID responses. The issue stems from usblp_ctrl_msg() discarding actual bytes and usblp_cache_device_id_string() trusting a 2‑byte length prefix, exposing st...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.30 views

CVE-2026-46161

CVE-2026-46161 affects the Linux kernel md/raid10 code: setup_geo() may divide by zero when fc (far copies) is 0, since it derives geo->far_set_size from disks/fc without validating zero. The fix validates nc and fc after extraction and returns -1 if either is zero. Connected OSV entries show ...

5.5CVSS5.8AI score0.00128EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.30 views

CVE-2026-46221

CVE-2026-46221 concerns the Linux kernel EDAC/versalnet component. The issue is a memory leak where the device name allocated with kzalloc() in init_one_mc() is assigned to dev->init_name, then never freed on the normal removal path. Since device_register() copies init_name and then sets dev-&...

5.5CVSS5.8AI score0.00117EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.30 views

CVE-2026-46223

The CVE-2026-46223 issue concerns the Linux kernel cgroup subsystem: rmdir defers percpu_ref kill of CSS until the cgroup is depopulated. A chain of commits reworked rmdir behavior to ensure ->css_offline() does not run while tasks are still doing kernel work in the cgroup. The core problem wa...

5.5CVSS5.7AI score0.00083EPSS
CVE
CVE
added 2026/06/08 3:46 p.m.30 views

CVE-2026-46298

CVE-2026-46298 affects the Linux kernel component pseries/papr-hvpipe. A race during ioctl or release handling can occur if an interrupt fires on the same CPU, potentially causing a deadlock. The patch fixes both handlers by using spin_lock_irqsave/spin_lock_irqrestore, preventing the deadlock. T...

4.7CVSS5.5AI score0.00074EPSS
CVE
CVE
added 2026/06/09 12:11 p.m.30 views

CVE-2026-46318

CVE-2026-46318 concerns a Linux kernel hugetlbfs issue: a revert of the mmap_prepare-related change due to a potential VMA lock leak after a failed allocation. The fix reverts the change to allow rework, while attempting to preserve VMA flag changes. Connected sources consistently describe the ro...

5.5CVSS5.4AI score0.001EPSS
CVE
CVE
added 2026/06/24 7:14 a.m.30 views

CVE-2026-52934

The CVE-2026-52934 entry involves the Linux kernel’s batman-adv TVLV handling. The root cause is batadv_tvlv_container_list_size() using a 16-bit accumulator, which can wrap when the total size exceeds U16_MAX, causing an undersized allocation in batadv_tvlv_container_ogm_append() and a subsequen...

8.8CVSS5.7AI score0.00247EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.30 views

CVE-2026-53268

CVE-2026-53268 affects the Linux kernel netfilter component, specifically the conntrack_irc module. The root cause is a failure to bail out after a command string is matched, which can lead to an out-of-bounds read during parsing. Impact per sources is a potential information disclosure or denial...

8.2CVSS5.7AI score0.00364EPSS
CVE
CVE
added 2026/05/01 1:56 p.m.29 views

CVE-2026-31703

The CVE-2026-31703 entry is supported by multiple connected sources describing a Linux kernel use-after-free in the writeback path. Specifically, inode_switch_wbs_work_fn() loops over switch_wbs_ctxs and can have wb->switch_work pending while the wb reference is dropped, enabling a use-after-f...

7.8CVSS5.5AI score0.00114EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.29 views

CVE-2026-46118

CVE-2026-46118 concerns the Linux kernel component pseries/papr-hvpipe, where a null pointer dereference could occur in papr_hvpipe_dev_create_handle() after changing to FD_PREPARE. The root cause described across sources is that src_info is reused post-retain_and_null_ptr when adding to a global...

5.5CVSS5.7AI score0.00121EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.29 views

CVE-2026-46120

Concrete details found: CVE-2026-46120 affects the Linux kernel ip6_gre machinery. The issue is in ip6erspan_changelink(), which wrongly uses dev_net(dev) instead of the correct per-netns hash resolved by link_net, after a patch series that fixed per-netns resolution in ip6erspan_newlink(). This ...

7.8CVSS5.8AI score0.00126EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.29 views

CVE-2026-46126

CVE-2026-46126 affects the Linux kernel RDMA/mana component. The issue stems from the error unwind flow in mana_ib_create_qp_rss() cleanup of the Work Queue (WQ) table, leading to improper resource cleanup. Reports identify two bugs: (1) a double i-- in the first failure path of the unwinding loo...

5.5CVSS5.8AI score0.00127EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.29 views

CVE-2026-46163

CVE-2026-46163 concerns the Linux kernel wifi subsystem (b43legacy) where a firmware-controlled key index in b43legacy_rx() could exceed dev->max_nr_keys, allowing an out-of-bounds read of dev->key[]. The fix makes the bounds check enforcing by dropping frames with invalid indices. Patches ...

7.8CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.29 views

CVE-2026-46208

In the Linux kernel, batman-adv has a vulnerability where tp_meter sessions are not stopped during mesh teardown in batadv_mesh_free(). This allows a running sender thread or late tp_meter packets to keep operating against a mesh instance that is shutting down, potentially causing system instabil...

7.8CVSS5.8AI score0.00138EPSS
CVE
CVE
added 2026/06/08 3:46 p.m.29 views

CVE-2026-46295

CVE-2026-46295 involves the Linux kernel KVM/x86 interrupt handling fix. The patch ensures IRR is scanned via __kvm_apic_update_irr even when PIR is empty, falling back to apic_find_highest_vector() when PID.ON is set but PIR is empty, so the highest pending interrupt is reported from the existin...

5.5CVSS5.4AI score0.00112EPSS
CVE
CVE
added 2026/06/08 3:50 p.m.29 views

CVE-2026-46311

CVE-2026-46311 (Linux kernel) involves the drm/amdgpu/userq path where access to a stale wptr mapping could occur during queue creation. The root cause is improper locking when accessing the mapping data, risking unmapping of wptr_obj while a queue is in progress and another BO is at the same add...

7.8CVSS5.4AI score0.00112EPSS
CVE
CVE
added 2026/06/25 8:38 a.m.29 views

CVE-2026-53175

The CVE-2026-53175 entries describe a use-after-free in the Linux kernel’s fragment reassembly during netns teardown. Root cause: fqdir_pre_exit() flushes fragment queues but may leave freed skbs referenced by fragment queue state (fragments_tail/last_run_head) before INET_FRAG_COMPLETE is set, a...

9.8CVSS5.8AI score0.0034EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.29 views

CVE-2026-53273

CVE-2026-53273 describes a use-after-free in the Linux kernel TEE/OP-TEE path. When a client exits before the supplicant finishes processing, freed request memory could be dereferenced, enabling a potential crash or code execution path. The root cause is a race around request lifetime between the...

7.8CVSS5.8AI score0.00126EPSS
CVE
CVE
added 2026/05/27 12:59 p.m.28 views

CVE-2026-46101

CVE-2026-46101 — Linux kernel netfilter nft_bitwise : The issue arises in the carry-propagation for 32-bit words when a zero shift operand is used in nft_bitwise left/right shift expressions, causing undefined behaviour. The fix rejects zero shift operands during initialization and extends the ex...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.28 views

CVE-2026-46108

In the Linux kernel, CVE-2026-46108 affects the ipmi:si path where a failure to allocate a message could leave the driver in a bad state. The root cause is insufficiently returning to normal operation after allocation fails, which can impact availability (local access, low privileges). The vulner...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.28 views

CVE-2026-46128

The CVE-2026-46128 issue concerns the Linux kernel IPMI event message handling. The root cause is an insufficiently validated event message buffer/data size occurring when fetching events, with some BMCs returning an empty message instead of an error. This leads to a potential failure in processi...

5.5CVSS5.8AI score0.00128EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.28 views

CVE-2026-46138

The CVE-2026-46138 issue affects the Linux kernel Bluetooth subsystem, specifically hci_le_create_big_complete_evt. A loop over BT_BOUND connections for a BIG handle may access ev->bis_handle[i++] without ensuring i

8.1CVSS5.7AI score0.00277EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.28 views

CVE-2026-46148

CVE-2026-46148 concerns the Linux kernel’s microchip-core-qspi driver where the built-in chip select could be driven active when multiple devices share the QSPI controller, potentially conflicting with GPIO-based CS. The provided records confirm a concrete fix: the driver now controls chip select...

5.5CVSS5.8AI score0.00121EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.28 views

CVE-2026-46156

CVE-2026-46156 affects the Linux kernel LoongArch implementation, specifically loongson_gpu_fixup_dma_hang(), where the code may read device registers using an incorrect base (base+PCI_DEVICE_ID) when a discrete GPU is present. This causes ADE and can trigger a kernel panic, leading to local DoS....

5.5CVSS5.8AI score0.00095EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.28 views

CVE-2026-46184

CVE-2026-46184 relates to the Linux kernel sound/ua101 driver. The root cause is a missing sanity check for bNrChannels in detect_usb_format(), which can lead to a division by zero in playback_urb_complete() and capture_urb_complete() when a device reports bNrChannels = 0. The USB core does not v...

5.5CVSS5.8AI score0.00128EPSS
CVE
CVE
added 2026/06/08 3:46 p.m.28 views

CVE-2026-46290

The CVE-2026-46290 issue in Linux kernels’ x86 EFI runtime handling was fixed by replacing in_interrupt() with !in_task() to preserve interrupt/NMI fault handling without being affected by the FPU softirq path. Root cause: kernel_fpu_begin() uses fpregs_lock() with local_bh_disable(), setting SOF...

5.5CVSS5.4AI score0.00121EPSS
CVE
CVE
added 2026/06/08 3:46 p.m.28 views

CVE-2026-46305

CVE-2026-46305 affects the Linux kernel, specifically the staging/rtl8723bs path. The issue arises when kzalloc_flex()’s return value is used without checking for allocation failure, leading to a potential NULL pointer dereference when accessing the allocated structure. The fix guards access to t...

5.5CVSS5.4AI score0.001EPSS
CVE
CVE
added 2026/06/24 7:14 a.m.28 views

CVE-2026-52914

In the Linux kernel, the batman-adv component is affected by CVE-2026-52914. The root cause is an accounting bug where the accumulated fragment length used for validating queued fragment chains can be truncated during updates. This allows malformed fragment chains to bypass validation and drive r...

9.8CVSS5.7AI score0.00519EPSS
CVE
CVE
added 2026/06/25 8:39 a.m.28 views

CVE-2026-53205

The CVE-2026-53205 issue is in the Linux kernel Intel Versatile Processing Unit (IVPU) accelerator driver (accel/ivpu). It stems from insufficient validation of read/write indices in the firmware log buffer, allowing potential out-of-bounds access if firmware supplies invalid indices. Affected sy...

7.1CVSS6AI score0.00131EPSS
CVE
CVE
added 2026/05/27 9:24 a.m.27 views

CVE-2026-45846

CVE-2026-45846 affects the Linux kernel bareudp code path. The vulnerability arises in bareudp_fill_metadata_dst(), which passes bareudp->sock to udp_tunnel6_dst_lookup() in the IPv6 path without a NULL check. If the bareudp device is down (socket not created or already NULLed in bareudp_stop)...

5.5CVSS5.8AI score0.00115EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.27 views

CVE-2026-46109

The CVE-2026-46109 issue concerns the Linux kernel USB ULPI code. Specifically, memory allocated for the ulpi structure could be leaked if ulpi_of_register() or ulpi_read_id() failed before device_register() was invoked, despite a previous fix targeting a different error path. The authoritative m...

5.5CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.27 views

CVE-2026-46139

CVE-2026-46139 covers the Linux kernel SMB client: when building an ACL descriptor in build_sec_desc(), a kzalloc-based allocation fix was introduced to zero-initialize the security descriptor buffer, replacing a previous kmalloc path. The change splits struct smb_acl's __le32 num_aces into __le1...

5.5CVSS5.9AI score0.00122EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.27 views

CVE-2026-46140

CVE-2026-46140 affects the Linux kernel Bluetooth btmtk driver. The wmt event handling in btmtk_usb_hci_wmt_sync() casts SKB data to btmtk_hci_wmt_evt structures (7/9 bytes) without ensuring sufficient payload, risking out-of-bounds reads from SKB tailroom when a short firmware response is receiv...

7.1CVSS5.8AI score0.00131EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.27 views

CVE-2026-46146

CVE-2026-46146 affects the Linux kernel's ALSA USB audio stack, specifically the convert_chmap_v3() routine. A loop uses cs_desc->wLength for increment but this value isn’t validated, allowing a potential endless loop with malformed descriptors. The issue is resolved by adding a proper size ch...

5.5CVSS5.8AI score0.00128EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.27 views

CVE-2026-46168

The CVE-2026-46168 issue affects the Linux kernel's multipath TCP (mptcp) scheduling around timestamp sockopts. The root cause is using lock_sock_fast() (atomic context) around sock_set_timestamp() and sock_set_timestamping(), which can sleep and cause atomic-context issues. The published fixes r...

5.5CVSS5.8AI score0.00128EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.27 views

CVE-2026-46187

CVE-2026-46187 – summary of documented fixes : In the Linux kernel, the wifi: rsi driver experienced a kthread lifetime race between self-exit and external-stop, causing a UAF if the exited thread is accessed after free. The confirmed remediation is to remove kthread_stop() and wait for the self-...

4.7CVSS5.8AI score0.00093EPSS
Total number of security vulnerabilities371