Skip to main content
CVE-2026-46077 MEDIUM PATCH This Month

Incorrect DMA synchronization direction in the Linux kernel's atmel-tdes crypto driver exposes systems running on non-coherent cache architectures to stale cache data reads. The atmel-tdes driver incorrectly calls dma_sync_single_for_device() instead of dma_sync_single_for_cpu() before the CPU consumes DMA output, causing cache invalidation to be skipped on non-coherent platforms (typically ARM-based Atmel/Microchip SoCs). This means the CPU may read stale cached data rather than actual DES/3DES operation output, producing incorrect cryptographic results and potential information exposure from prior cache contents. No public exploit exists and EPSS is 0.02%, but hardware-platform specificity limits real-world reach significantly.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46074 MEDIUM PATCH This Month

Memory leak and potential use-after-free in the Linux kernel's spi-ch341 USB driver expose systems to local denial-of-service when CH341 device probe failures occur without proper resource cleanup. Kernels from the commit introducing the spi-ch341 driver (8846739f52afa07e63395c80227dc544f54bd7b1) through the respective stable-branch fix commits across the 6.11 through 7.0 lineages are affected. Repeated probe failures accumulate leaked kernel memory that can exhaust system resources; no active exploitation is identified (EPSS 0.02%, no CISA KEV listing), placing this firmly in the maintenance-priority rather than incident-response category.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46073 MEDIUM PATCH This Month

Linux kernel's hwmon powerz USB power meter driver fails to cancel an in-flight USB Request Block (URB) when a process is interrupted by a signal mid-read, resulting in reads from an unfilled DMA transfer buffer that can cause denial of service and potentially expose stale kernel buffer contents. Affected since commit 4381a36abdf1c5c0323c1c51f869dc000115eb20 and patched in stable releases 6.12.86, 7.0.4, and 6.18.27. No public exploit exists and EPSS is 0.02% (5th percentile), reflecting both the niche hardware dependency and strictly local attack surface; this issue is not listed in CISA KEV.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46072 MEDIUM PATCH This Month

Out-of-bounds heap read in the Linux kernel ntfs3 driver's run_unpack() function allows a local user to crash the kernel by mounting a crafted NTFS image. The flaw affects multiple stable kernel branches from 5.15 onward, where run list parsing in MFT attributes consumes up to 15 bytes beyond the valid buffer boundary without checking remaining buffer size. No public exploit code exists and EPSS sits at 0.02% (5th percentile), but the local denial-of-service impact is A:H and patches are available across all affected stable branches.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46063 MEDIUM PATCH This Month

Deadlock in the Linux kernel's x86 Control-flow Enforcement Technology (CET) shadow stack implementation can be triggered by a local unprivileged user during signal return, causing a kernel hang and denial of service. The flaw exists in x86 SMP kernels with PER_VMA_LOCK configured where X86_USER_SHADOW_STACK is enabled: holding the mmap read lock while reading the shadow stack signal frame during sigreturn allows a recursive lock acquisition attempt that deadlocks when a concurrent mmap writer is waiting on another CPU. No public exploit has been identified at time of analysis and EPSS exploitation probability is extremely low at 0.02% (5th percentile), but the availability impact is high on affected systems with shadow stack enabled.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46061 MEDIUM PATCH This Month

Deadlock in the Linux kernel jbd2 journal subsystem can hang filesystems and render systems unresponsive when filesystem blocksize is smaller than the system pagesize. Introduced by commit f76d4c28a46a, the flaw breaks the required folio-then-buffer lock ordering in jbd2_journal_cancel_revoke(), causing an ABBA deadlock between concurrent filesystem journal operations and block device writeback. No public exploit is identified at time of analysis; EPSS is 0.02% (5th percentile), consistent with a race-condition kernel bug requiring a non-default configuration that is unlikely to be deliberately weaponized.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46051 MEDIUM PATCH This Month

Soft lockup in the Linux kernel's md/raid5 subsystem allows a local low-privileged user to trigger an infinite loop in the raid5d kernel thread, causing a kernel soft lockup and system-wide denial of service on hosts running RAID5 arrays. The fault lies in retry_aligned_read() using the wrong stripe release path when encountering overlapping stripes, permanently starving handle_stripe() of the work item needed to resolve the overlap. No public exploit has been identified and EPSS at 0.02% (5th percentile) confirms negligible exploitation probability; however, multiple active stable kernel branches from 3.12 onward are affected and vendor-released patches are confirmed across five fix versions.

Linux Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46050 MEDIUM PATCH This Month

Deadlock in the Linux kernel md/raid10 subsystem causes a permanent denial-of-service when NOWAIT IO requests coincide with an array check (resync) operation. The md resync thread becomes permanently stuck because the nr_pending atomic counter underflows to a large negative value, preventing it from ever reaching the zero threshold needed to proceed. Systems running RAID-10 arrays where applications use O_NOWAIT IO (e.g., filesystem writeback paths via ext4) are affected. No public exploit code exists and EPSS is 0.02%, indicating low exploitation probability, but the bug is deterministically reproducible by any local user with IO access to the affected array.

Linux Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46049 MEDIUM PATCH This Month

Infinite loop denial-of-service in the Linux kernel ALSA ctxfi audio driver allows a local low-privileged user to hang the kernel by triggering S/PDIF passthrough playback at 32000 Hz on Creative Sound Blaster X-Fi hardware. The root cause is an uninitialized `pll_rate` field that causes a resource-calculation loop to never exit, consuming CPU indefinitely and degrading or halting system availability. No public exploit exists and the EPSS score of 0.02% (5th percentile) confirms negligible real-world exploitation pressure; the vulnerability is not listed in CISA KEV.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46048 MEDIUM PATCH This Month

USB device reference count leak in the Linux kernel ALSA CAIAQ driver allows a local attacker with access to USB hardware to trigger kernel memory exhaustion. The flaw exists because usb_get_dev() is called in create_card() but its matching usb_put_dev() is only installed as a destructor late in init_card(), leaving it unreachable on all intermediate failure paths. Syzbot has reproduced the issue using a malformed UAC3 USB audio device, and patches are available across all affected stable kernel branches. No public exploit has been identified at time of analysis, and EPSS is negligible at 0.02%.

Microsoft Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46046 MEDIUM PATCH This Month

Missing brelse() in the ext4 filesystem's ext4_xattr_inode_dec_ref_all() function causes a buffer head refcount leak that can degrade system availability on affected Linux kernel versions. Introduced by commit c8e008b60492 (

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46041 MEDIUM PATCH This Month

Denial-of-service via kernel panic in the Linux kernel's greybus gb-beagleplay driver allows a local low-privileged user to crash the system by triggering an illegal sleep-in-atomic-context condition. The greybus HDLC TX path calls usleep_range() inside hdlc_append() while the tx_producer_lock spinlock is held, violating the fundamental Linux kernel rule that sleeping is forbidden in atomic context and triggering a 'BUG: scheduling while atomic' kernel oops. No public exploit has been identified at time of analysis, and EPSS at 0.02% (5th percentile) reflects the hardware-specific and local-access-only nature of this flaw. The input tag 'Information Disclosure' appears to be a misclassification - the actual impact is exclusively availability (kernel crash), consistent with the CVSS vector's A:H/C:N/I:N ratings.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46040 MEDIUM PATCH This Month

Resource accounting exhaustion in the Linux kernel's inotify subsystem allows a local low-privileged user to permanently leak watch counts by repeatedly triggering a failure path in inotify_new_watch() that increments the per-namespace watch counter without a corresponding decrement. Over time this exhausts the max_user_watches limit, causing all subsequent inotify watch creation within the namespace to fail with -ENOSPC even when no watches are genuinely active, constituting a local denial-of-service against inotify-dependent applications. No public exploit has been identified at time of analysis, and the EPSS score of 0.02% (5th percentile) reflects very low real-world exploitation probability with no CISA KEV listing.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46038 MEDIUM PATCH This Month

Memory exhaustion in the Linux Kernel's QRTR (Qualcomm IPC Router) nameserver subsystem exposes local, low-privileged users to a denial-of-service condition. The `ctrl_cmd_bye()` function, triggered when a QRTR node sends a BYE shutdown packet, fails to remove the node from the Xarray structure or release the associated memory - resulting in a persistent kernel memory leak (CWE-401). Affected systems are Linux kernels from 5.7 through multiple stable branches, with fixes backported to 6.6.140, 6.12.86, 6.18.27, 7.0.4, and 7.1-rc1. No active exploitation is confirmed (not in CISA KEV), and EPSS sits at 0.02% (5th percentile), indicating minimal real-world threat at this time.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46034 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel vfio/cdx subsystem allows a local low-privileged user with access to a CDX VFIO device to crash the kernel by issuing an out-of-order ioctl sequence. Specifically, calling VFIO_DEVICE_SET_IRQS with DATA_BOOL or DATA_NONE flags before ever initializing MSI interrupts via the EVENTFD path dereferences an unallocated cdx_irqs pointer, producing a kernel panic and denial-of-service. No public exploit code exists and EPSS is 0.02%, but vendor-released patches are confirmed available across all affected stable branches.

Denial Of Service Linux Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46026 MEDIUM PATCH This Month

Uncontrolled resource consumption in the Linux kernel's QRTR (Qualcomm IPC Router) nameserver module allows a local authenticated user to exhaust nameserver resources by flooding it with unbounded NEW_LOOKUP messages over a single socket. The affected subsystem (net/qrtr/ns) restricted lookups to local clients but imposed no count limit, enabling a sustained denial-of-service against QRTR-dependent inter-process communication on Qualcomm SoC platforms. No public exploit has been identified and EPSS stands at 0.02% (5th percentile), placing this firmly in the low real-world priority tier despite its High availability impact rating.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46023 MEDIUM PATCH This Month

Integer overflow in the Linux kernel's device mapper mirror (dm-mirror) subsystem allows a local attacker with device mapper configuration privileges to crash the kernel via a denial-of-service condition. The flaw resides in create_dirty_log() where an unchecked unsigned addition of 2 + param_count wraps around to a small value when param_count approaches UINT_MAX, bypassing an argc bounds check and triggering out-of-bounds reads in dm_dirty_log_create(). No public exploit code exists and EPSS is exceptionally low at 0.02% (5th percentile); this CVE has not been added to the CISA KEV catalog, indicating no confirmed active exploitation at time of analysis.

Linux Integer Overflow Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46021 MEDIUM PATCH This Month

Two related memory-management defects in the Linux kernel thermal zone governor subsystem expose local low-privileged users to system availability loss. The first is a memory leak (CWE-401) in the registration error path of thermal_zone_device_register_with_trips(), which fails to remove an attached governor when registration fails mid-way. The second, and more critically impactful, is a race condition in thermal_zone_device_unregister(), which calls thermal_set_governor() without first acquiring the thermal zone lock - permitting a concurrent sysfs-based governor update to produce a use-after-free, which can trigger a kernel panic. No public exploit code exists and EPSS is 0.02% (5th percentile); vendor-released patches are available across multiple stable kernel branches including 6.6.140, 6.12.86, 6.18.27, and 7.0.4.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46019 MEDIUM PATCH This Month

The atmel-aes crypto driver in the Linux kernel leaks 3 pages of kernel memory per cleanup cycle due to a mismatch between allocation and deallocation functions: atmel_aes_buff_init() allocates 4 contiguous pages via __get_free_pages() with ATMEL_AES_BUFFER_ORDER, but atmel_aes_buff_cleanup() frees only a single page via free_page() instead of the correct free_pages(). Systems running on Atmel/Microchip ARM SoC hardware with this driver loaded are vulnerable to gradual kernel memory exhaustion leading to denial of service. No public exploit code exists and no active exploitation has been confirmed; the EPSS score of 0.02% (5th percentile) reflects the extremely narrow hardware-specific attack surface, and vendor-released patches are available across multiple stable kernel branches.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46016 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's Xilinx remoteproc (xlnx) IPI receive callback enables a local low-privileged user to crash the kernel on Xilinx SoC-based systems. The receive callback unconditionally accesses buffer information without first validating whether the message pointer is NULL, which occurs when IPI is operating in non-buffered mode. No public exploit exists and no active exploitation is confirmed; with EPSS at 0.02% (5th percentile), real-world risk is very low and hardware-specific.

Denial Of Service Linux Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46013 MEDIUM PATCH This Month

Incorrect physical address conversion in the Linux kernel's mm/memfd_luo subsystem can crash the kernel when the put_folios error-cleanup path executes during memfd Live Update Object (LUO) operations. The cleanup passes a raw Page Frame Number (PFN) where kho_restore_folio() requires a phys_addr_t, and a missing sparse-hole guard (pfn==0) risks misprocessing file holes. No public exploit identified at time of analysis; EPSS of 0.02% (5th percentile) and absence from CISA KEV confirm very low real-world exploitation probability, with impact confined to local denial of service on systems running the experimental KHO/LUO subsystem.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46012 MEDIUM PATCH This Month

Memory exhaustion denial-of-service in the Linux kernel's rxkad Kerberos authentication layer allows a local low-privilege attacker to leak kernel memory by repeatedly triggering error paths in rxkad_verify_response(). The vulnerability affects kernels from approximately 5.11 through all unpatched stable series prior to 6.6.140, 6.12.86, 6.18.27, and 7.0.4. No public exploit exists and EPSS sits at 0.02% (5th percentile), indicating minimal real-world exploitation likelihood; however, systems running AFS workloads with rxrpc active warrant patching at next maintenance.

Linux Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46009 MEDIUM PATCH This Month

Duplicate resource teardown in the Linux kernel's PCI endpoint NTB (Non-Transparent Bridge) driver causes a kernel oops when link state transitions fail or complete, enabling a local low-privileged user to crash the kernel. The `epf_ntb_epc_destroy()` helper performs teardown that its callers also execute, resulting in a double-free-class condition. No public exploit code exists and no active exploitation has been confirmed (not in CISA KEV); the EPSS score of 0.02% at the 5th percentile reflects extremely low observed exploitation probability.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46007 MEDIUM PATCH This Month

Cache coherency violation in the Linux kernel hwmon powerz driver allows a local low-privileged user to crash the kernel on architectures where DMA buffer cacheline aliasing with adjacent kernel structures (here, a mutex) produces undefined behavior. Affected systems must have the powerz USB hardware monitor driver loaded and the specific hardware attached. No public exploit code exists and EPSS is 0.02% (5th percentile), indicating negligible real-world exploitation activity; nonetheless the kernel availability impact (system crash) is concrete once triggered on a vulnerable architecture.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46005 MEDIUM PATCH This Month

Resource leak in the Linux kernel's XFS subsystem fails to release a DAX (Direct Access) device reference in the error path of xfs_alloc_buftarg(), leaving a dangling reference that prevents proper cleanup of persistent memory devices. Systems running XFS on DAX-capable persistent memory hardware are affected, spanning multiple stable kernel branches prior to the fix commits documented in EUVD-2026-32302. No public exploit identified at time of analysis, and an EPSS score of 0.02% (5th percentile) confirms negligible exploitation interest; patches are confirmed available across Linux 6.6.x, 6.12.x, 6.18.x, 7.0.x, and 7.1-rc1.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46003 MEDIUM PATCH This Month

Memory exhaustion in the Linux kernel QRTR nameserver allows a local low-privileged attacker to crash the system by registering an unbounded number of QRTR nodes, consuming all available kernel heap memory. Affected kernels span from the commit introducing the QRTR nameserver without node limits (approximately Linux 5.7, commit 0c2204a4ad710d95d348ea006f14ba926e842ffd) through to patched stable releases 6.6.140, 6.12.86, 6.18.27, 7.0.4, and 7.1-rc1. With an EPSS of 0.02% (5th percentile), no CISA KEV listing, and no public exploit identified at time of analysis, current exploitation risk is low - however, teams managing Qualcomm SoC-based embedded or mobile Linux deployments should treat this as a targeted patch priority given the trivial attack complexity (AC:L) once local access is obtained.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46002 MEDIUM PATCH This Month

The ext2 filesystem driver in the Linux kernel allows a local user to trigger kernel WARN_ON panics by mounting a crafted ext2 image containing an inode with zero link count (i_nlink=0), non-zero mode, and zero deletion timestamp - a combination that bypasses the incomplete corruption check in ext2_iget() and reaches drop_nlink() in an invalid state. Discovered by the Linux Verification Center using Syzkaller fuzzing, the flaw affects Linux kernel versions from 2.6.12 through multiple stable branches and results in denial of service via kernel instability. No public exploit exists and no KEV listing; EPSS is negligible at 0.02%, consistent with the local access requirement and specialized image-crafting prerequisite.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46000 MEDIUM PATCH This Month

The rxrpc connection-level packet handler in the Linux kernel modifies RESPONSE packet data in-place within a potentially shared sk_buff, exposing decrypted rxrpc authentication material to co-attached packet sniffers and risking kernel instability when a cloned buffer is written without unsharing. Systems running the rxrpc subsystem (primarily AFS clients and servers) from kernel 2.6.22 onward through the affected stable branches are vulnerable. No public exploit exists and EPSS sits at 0.02% (5th percentile) with no CISA KEV listing, indicating minimal real-world exploitation pressure; patches are confirmed across stable branches 6.6.140, 6.12.88, 7.0.4, 6.18.27, and 7.1-rc1.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45997 MEDIUM PATCH This Month

Reference count leak in the Linux kernel SCSI disk driver (drivers/scsi/sd.c) allows a local low-privileged user to cause kernel resource exhaustion and system crash. In sd_probe(), when device_add(&sdkp->disk_dev) fails, the cleanup path correctly invokes put_device() triggering scsi_disk_release() to free the scsi_disk structure, but omits the corresponding put_disk(gd) call - leaving the gendisk object with an unreleased reference. This asymmetry with the device_add_disk() error path means repeated probe failures accumulate reference leaks that can exhaust kernel memory and deny service. No public exploit has been identified and EPSS probability is 0.02% (5th percentile), consistent with a stability fix rather than an attacker-targeted flaw.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45993 MEDIUM PATCH This Month

Speculative execution bounds bypass on LoongArch allows a local unprivileged user to trigger out-of-bounds speculative reads against the kernel syscall dispatch table, potentially leaking kernel memory via cache side-channels. Affected are Linux kernel stable branches prior to 6.6.140, 6.12.86, 6.18.27, and 7.0.4 running on LoongArch architecture. No public exploit code has been identified at time of analysis, and EPSS at 0.02% reflects very low observed exploitation probability; patches are available across all affected stable series.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45987 MEDIUM PATCH This Month

Interrupt shadow state desynchronization in the Linux kernel KVM nSVM subsystem can hang L2 nested virtual machines on AMD-V hosts when VM state is restored in a specific ioctl ordering. Systems using KVM nested virtualization (kvm_amd with nested=1) are affected when a live migration or checkpoint-restore operation calls KVM_SET_VCPU_EVENTS before KVM_SET_NESTED_STATE, causing the interrupt shadow to be written into vmcb01 (L1 context) instead of vmcb02 (L2 context). No public exploit has been identified and EPSS is 0.02% (5th percentile), placing this squarely as a correctness and operational availability issue for nested virtualization deployments rather than a broadly exploitable security threat.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45986 MEDIUM PATCH This Month

Memory exhaustion in the Linux kernel's ccree (ARM CryptoCell) driver allows a local low-privileged user to cause a denial of service by repeatedly triggering an error path in cc_mac_digest() that fails to release mapped memory. The vulnerability exists because cc_unmap_result() is not called when cc_map_hash_request_final() returns an error, causing each failed MAC digest operation to leak kernel memory. No active exploitation is confirmed; EPSS is 0.02% at the 5th percentile, consistent with a low-severity, hardware-specific kernel maintenance fix. The 'Information Disclosure' tag in the source data is inconsistent with the CVSS vector (C:N) and description - impact is availability-only.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45979 MEDIUM PATCH This Month

Improper mutex cleanup in the Linux kernel's amdgpu DRM driver allows a local low-privileged user to cause a GPU subsystem denial-of-service on systems equipped with AMD GPU hardware. When kmalloc fails under low memory conditions inside amdgpu_cs_parser_bos, the error path previously returned without releasing the held mutex, leaving it permanently locked and stalling GPU command submission for all users. No public exploit exists and the vulnerability is not listed in CISA KEV; with an EPSS of 0.02% (5th percentile), real-world exploitation risk is low.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45976 MEDIUM PATCH This Month

Memory leak in the Linux kernel's amdgpu DRM driver allows a local low-privileged user to gradually exhaust kernel memory on systems equipped with AMD GPUs. The flaw exists in amdgpu_ras_init(), where a failed call to amdgpu_nbio_ras_sw_init() causes the function to return an error without freeing the previously allocated 'con' context structure, bypassing the existing release_con cleanup label. No public exploit exists and EPSS is 0.02% (5th percentile), classifying this as a low-priority maintenance fix with no confirmed active exploitation.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45975 MEDIUM This Month

Race condition in the Linux kernel's ublk (userspace block device) subsystem allows a local low-privileged attacker to crash the kernel by concurrently modifying io_uring submission queue entries during kernel processing. The ublksrv_ctrl_cmd struct resides in userspace-mapped shared memory, and unguarded normal loads let a racing userspace thread corrupt the kernel's view of the command, triggering a denial-of-service condition. No public exploit exists and EPSS is 0.02%, but fixed kernel versions 6.19.4 and 7.0 are confirmed available.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45973 MEDIUM PATCH This Month

Indefinite kernel hang in the Linux mlx5_ib RDMA driver causes denial of service during device unload when a firmware reset occurs in LAG (Link Aggregation Group) mode. The race condition leaves UMR (User Memory Registration) deregistration operations blocked forever - posted on the master NIC but awaiting completions from a slave that is already dead - deadlocking the teardown sequence and requiring a hard reboot. No public exploit has been identified, EPSS sits at 0.02% (5th percentile), and impact is confined to systems with Mellanox/NVIDIA mlx5 hardware explicitly configured in bonded LAG mode with active RDMA workloads.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45967 MEDIUM PATCH This Month

Kernel crash (denial of service) in the Linux kernel BPF subsystem affects local low-privileged users due to a double-offset bug in the instruction array map. The `map_direct_value_addr()` function incorrectly adds the caller-supplied offset to the returned address, then `resolve_pseudo_ldimm64()` adds it a second time, resulting in an incorrect memory address that can trigger a kernel fault. No public exploit exists and the EPSS score is 0.02% (5th percentile), indicating very low opportunistic exploitation risk, but the availability impact is rated High per CVSS.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45961 MEDIUM PATCH This Month

Memory leaks in the GFS2 cluster filesystem driver (fs/gfs2/) allow a local low-privileged user to exhaust kernel memory over time, producing availability degradation or denial of service on affected Linux systems. Two distinct leak paths exist in gfs2_fill_super() error handling: kernel thread objects for logd and quotad (~4480 bytes each) are not released when gfs2_freeze_lock_shared() fails after init_threads() succeeds, and a quota bitmap buffer (8192 bytes) is not freed when gfs2_make_fs_rw() fails after gfs2_quota_init() completes. No public exploit identified at time of analysis; EPSS is 0.02% (5th percentile), consistent with a triggered-path defect requiring GFS2-specific failure conditions rather than opportunistic mass exploitation.

Linux Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45950 MEDIUM PATCH This Month

Memory leak in the Linux kernel's StarFive AES crypto driver allows a local low-privileged user on affected StarFive JH7110 RISC-V hardware to exhaust kernel memory and cause a denial of service. The flaw resides in starfive_aes_aead_do_one_req(), where kzalloc()-allocated memory for rctx->adata is not freed on two distinct error paths - failures in sg_copy_to_buffer() or starfive_aes_hw_init() - resulting in unreleased heap memory each time an AEAD operation fails. No public exploit exists and EPSS is extremely low at 0.02%, consistent with a hardware-specific, analysis-discovered defect rather than an actively targeted weakness.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45947 MEDIUM PATCH This Month

Memory exhaustion in the Linux kernel's drm/amdgpu driver allows a local low-privileged user on AMD GPU-equipped systems to degrade host availability by repeatedly triggering an error path in amdgpu_acpi_enumerate_xcc() that leaks kernel heap memory. The root cause is a missing free of the xcc_info structure when amdgpu_acpi_dev_init() returns -ENOMEM, identified through static analysis and code review rather than active exploitation. With EPSS at 0.02% (5th percentile) and no CISA KEV listing, this is a low-priority maintenance fix for most environments, most relevant to long-running AMD GPU compute workloads where repeated enumeration failures could accumulate leaked memory.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45930 MEDIUM PATCH This Month

Uninitialized kernel memory leaks to local users via the MCTP netlink subsystem in the Linux kernel, where RTM_GETNEIGH responses return stale kernel data in the pad bytes of ndmsg structures across link, addr, and neigh response messages. Any local user with PR:L access to the MCTP netlink interface can extract arbitrary pad-byte contents from kernel memory allocations, potentially exposing pointers, partial stack data, or remnants of prior allocations that could assist in defeating kernel address space layout randomization (KASLR). Disclosed by Syed Faraz Abrar (Zellic) and Pumpkin (DEVCORE Research Team) via Trend Micro Zero Day Initiative; no public exploit code exists and EPSS sits at the 5th percentile (0.02%), indicating negligible active exploitation at time of analysis.

Linux Information Disclosure Trend Micro Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45928 MEDIUM PATCH This Month

Memory leak in the Linux kernel's chips-media wave5 VPU media driver allows a local low-privileged user to exhaust kernel memory, resulting in denial of service. The flaw exists in both the encoder and decoder open paths - wave5_vpu_open_enc() and wave5_vpu_open_dec() - where a VPU instance allocated via kzalloc() is not freed when the subsequent codec_info allocation fails. No public exploit exists and EPSS sits at 0.02% (5th percentile), reflecting the hardware-specific and local-only nature of this issue.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45926 MEDIUM This Month

Memory leak in the Linux kernel's Rust-language PWM subsystem allows a local low-privileged attacker to gradually exhaust kernel memory through repeated PWM chip initialization failures. The `pwmchip_alloc()` function allocates a device structure holding an initial reference that must be explicitly released via `pwmchip_put()` on error paths, but when `__pinned_init()` fails the reference is never dropped, leaking the `pwm_chip` allocation. EPSS stands at 0.02% (5th percentile) and the vulnerability is not listed in CISA KEV, indicating no known active exploitation; no public exploit code has been identified at time of analysis.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45925 MEDIUM PATCH This Month

Reference leak in the Linux kernel's thermal/of subsystem allows a local low-privileged user to degrade system availability through repeated kernel resource exhaustion. The thermal_of_cm_lookup() function acquires a device_node reference via of_parse_phandle() but never releases it, causing reference counts to accumulate without bound on systems with Device Tree-based thermal configuration. No active exploitation is identified (EPSS 0.02%, 5th percentile; no CISA KEV listing), and this is a reliability and availability defect rather than a code-execution primitive; patched stable kernel versions are available across multiple maintained branches.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45922 MEDIUM PATCH This Month

Memory leak in the Linux kernel's RDMA/mlx5 subsystem allows a local low-privileged user to exhaust kernel memory by repeatedly triggering the error path in the GET_DATA_DIRECT_SYSFS_PATH uverbs handler. The flaw affects multiple stable kernel branches requiring mlx5-family InfiniBand/RDMA hardware, and was discovered through static analysis and code review rather than active exploitation. No public exploit exists and EPSS probability is 0.02% (5th percentile), indicating no public exploit or active exploitation at time of analysis.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45921 MEDIUM PATCH This Month

Memory leak in the Linux kernel's MTD TP-Link SafeLoader partition parser allows a local low-privileged user to cause availability degradation on affected embedded systems. The `mtd_parser_tplink_safeloader_parse()` function omits freeing a temporary buffer `buf` on the error path when a subsequent `kmalloc()` for `parts[idx].name` fails inside the parsing loop. No public exploit exists and EPSS is negligible at 0.02% (5th percentile); this vulnerability was identified via static analysis and code review, not observed exploitation.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45917 MEDIUM PATCH This Month

Reference leak in the Linux kernel IPVS (IP Virtual Server) subsystem allows a local low-privileged user to trigger a race condition between the netdev notifier handler and destination cache update logic, potentially causing kernel resource exhaustion. When a network device is shutting down, the FIB routing subsystem may return a valid route after ip_vs_dst_event() finishes processing, allowing that route to be cached against a closing device and leaking a device reference until the IPVS destination is removed. This is a medium-severity availability issue with no public exploit identified at time of analysis and a very low EPSS score of 0.02% (5th percentile), indicating it is not currently a prioritized exploitation target.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45913 MEDIUM PATCH This Month

Bridge multicast MDB entry counter underflow in the Linux kernel's `net/bridge/br_multicast.c` allows local attackers with low privileges to trigger a kernel WARN_ON - and a system panic on hosts configured with `panic_on_warn=1` - by manipulating VLAN snooping state on a bridge interface before flushing multicast group entries. Multiple stable kernel branches are affected across all architectures that include the bridge multicast subsystem. No public exploit identified at time of analysis, with an EPSS score of 0.02% (5th percentile) confirming low exploitation probability; patches are available across kernel stable series 6.12, 6.6, 6.18, 6.19, and 7.0.

Linux Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45901 MEDIUM PATCH This Month

Circular lock dependency in the Linux kernel's netfilter nf_tables subsystem causes kernel deadlock or hang when nft reset, ipset list, and iptables-nft with '-m set' rules execute concurrently, resulting in a local denial of service. The root cause is improper use of commit_mutex in the reset path, which - when interleaved with nfnl_subsys_ipset and nlk_cb_mutex acquisitions - creates a deadlock cycle. No public exploit code exists and no active exploitation has been confirmed; EPSS of 0.02% (5th percentile) reflects the low real-world exploitation probability for this class of locking defect.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45900 MEDIUM PATCH This Month

Memory exhaustion vulnerability in the Linux kernel's CAAM DPAA2 crypto driver allows gradual resource depletion on systems with NXP DPAA2 hardware through unreleased per-CPU net_device allocations during failed probe retries. The regression was introduced when commit 0e1a4d427f58 converted embedded net_device structs to dynamically allocated pointers but omitted cleanup in the dpaa2_dpseci_free() error path - meaning every deferred probe retry triggered by a temporarily unavailable DPIO subsystem silently leaks netdev memory. No public exploit exists and EPSS probability is 0.02% (5th percentile), consistent with the hardware-specific, non-user-controlled nature of the defect.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
Prev Page 11 of 15 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy