369062 matches found
CVE-2026-57692
WordPress PrivateContent plugin
CVE-2026-53356
The CVE-2026-53356 entry concerns the Linux kernel DRM/I915 GEM code. The root cause is in sg_page() returning a struct page pointer instead of (void *) which mis-scales pread/pwrite for phys BO and can cause access to incorrect parts of a buffer when a non-zero offset is used. A fix was cherry-p...
CVE-2026-53354
The CVE-2026-53354 entry documents a Linux kernel arm64 TLBI errata mitigation affecting Arm CPUs. The vulnerability arises from a broadcast TLBI;DSB sequence that may complete before global observation of writes translated by an affected TLB entry, though TLB invalidation remains correct. Mitiga...
CVE-2026-53355
The CVE concerns the Linux kernel’s RDS over IB teardown path. Affected component: RDS/IB setup code in the kernel, specifically the rds_ib_setup_qp() error unwind path. Root cause: when setup fails after allocating i_sends but before i_recvs, the sends_out path frees i_sends without clearing the...
CVE-2026-53353
The CVE-2026-53353 entry concerns the Linux kernel HSR subsystem. A timing window exists where hsr->self_node can be absent because hsr_del_self_node() clears self_node in hsr_dellink() and dellink() may complete before unregister_netdevice_many(), leaving a race that can affect self-node chec...
CVE-2026-53352
Summary: CVE-2026-53352 affects the Linux kernel’s thread-stop handling. When a multi-threaded process receives a stop signal, do_signal_stop() sets JOBCTL_STOP_PENDING and JOBCTL_STOP_CONSUME on all threads and tracks group_stop_count. If one thread concurrently execs, zap_other_threads() kills ...
CVE-2026-53351
CVE-2026-53351 affects the Linux kernel in the riscv/ptrace path, where the REGSET_CFI handling now uses USER_REGSET_NOTE_TYPE. The authenticated change resolves a core-dump warning seen as a note in fs/binfmt_elf.c during elf_core_dump, CPU#7. The available connected records corroborate that thi...
CVE-2026-53349
CVE-2026-53349 concerns the Linux kernel netfilter nf_conntrack component where a stale exp->expectfn pointer can survive module removal (e.g., nf_nat_h323) and be invoked later, causing a crash (Oops) in init_conntrack when a connection arrives. The fix adds nf_ct_helper_expectfn_destroy() to...
CVE-2026-53350
The CVE-2026-53350 fix applies to the Linux kernel ASoC wm_adsp component. The vulnerability was a NULL dereference in wm_adsp_control_remove() when cleaning up private control data cs_ctl->priv. The patch ensures priv is non-NULL before cleanup. Two scenarios avoid creating private data: SYST...
CVE-2026-53348
CVE-2026-53348 concerns the Linux kernel ASoC SDCA subsystem. A NULL pointer dereference in sdca_dev_unregister_functions (due to func_dev entries that may be NULL when cleanup occurs) could trigger a kernel oops during device cleanup. The issue arises when a function registration partially fails...
CVE-2026-53347
CVE-2026-53347 affects the Linux kernel’s drm/virtio component (virtio-gpu) when built with KMS disabled. The issue: DRM atomic and modesetting aren’t initialized during driver removal/unbinding, leading to access of uninitialized data and possible kernel crash. The fix: skip shutting down the at...
CVE-2026-53345
The CVE describes a Linux kernel KVM issue where a page dirty operation could warn about a missing running vCPU even when the VM is dying. The behavior was tied to the VM’s refcount and the state of SEV-ES guests; if a guest memory page remained dirty while the VM is dying and userspace had no ac...
CVE-2026-53346
In CVE-2026-53346, affected software is the Linux kernel on arm64, where a rustc bug prevents -Cforce-unwind-tables=y from annotating the module, leaving the uwtable flag missing for module constructors (e.g., asan.module_ctor). When CONFIG_UNWIND_PATCH_PAC_INTO_SCS is enabled, this mismatch can ...
CVE-2026-53344
The CVE-2026-53344 issue in the Linux kernel affects the pinctrl driver for the mcp23s08. The root cause is that mcp->dev and mcp->addr must be initialized before regmap initialization, because regmap’s cache population via regcache_maple_populate() performs an SPI read that requires these ...
CVE-2026-53343
The CVE-2026-53343 entry documents a Linux kernel ARM vulnerability patch: in configurations with KASAN_VMALLOC and VMAP_STACK, a dummy read from the KASAN VMAP shadow in __switch_to() used an unaligned word load (ldr) which can fault on ARMv5 and crash ARM926/VersatilePB; the fix switches to a b...
CVE-2026-53342
Summary (CVE-2026-53342): In the ARM64 Linux kernel, page-table allocations performed during PGD mappings (pagetable_ctor calls) were not accompanied by matching destructor calls (pagetable_dtor) when freeing hot-removed page tables. This can produce kernel warnings about bad page state and may r...
CVE-2026-53340
The CVE-2026-53340 entry concerns the Linux kernel I2C imx driver where a clock-disable happens before pinctrl state switch in runtime suspend, leading to a system crash if pinctrl_pm_select_sleep_state() fails. The fix swaps the order to switch the pinctrl state before disabling the clock so a p...
CVE-2026-53341
The CVE-2026-53341 issue affects the Linux kernel and is resolved by addressing a use-after-free (UAF) in may_decode_fh() where mount::mnt_ns was accessed without locks, risking a concurrent unmount/free of the mnt_namespace during an RCU grace period. The patch adds an rcu_read_lock() around the...
CVE-2026-53338
CVE-2026-53338 concerns the Linux kernel where airoha_qdma_init_hfwd_queues() dereferences the return of of_reserved_mem_lookup() without ensuring it is non-NULL. The issue occurs when the reserved memory region referenced by the memory-region phandle is missing from the reserved-memory table, po...
CVE-2026-53339
CVE-2026-53339 affects the Linux kernel i2c-qcom-cci driver. On Qualcomm CCI with two I2C masters, if only one is initialized, device unbinding/removal can dereference NULL because cci_halt() runs for both masters while completion exists only for the active one, leading to a NULL pointer derefere...