Skip to main content

Information Disclosure

67022 CVEs technique

Monthly

CVE-2026-46037 HIGH PATCH This Week

Out-of-bounds read in the Linux kernel's IPv4 ICMP handling allows remote attackers to trigger denial of service and potential information disclosure by sending crafted ICMP Extended Echo Reply packets. The flaw stems from the kernel consulting the icmp_pointers[] array with reply types (ICMP_EXT_ECHOREPLY) that fall outside its bounded range (NR_ICMP_TYPES). No public exploit identified at time of analysis and EPSS probability is very low (0.02%), but the network attack vector and high availability impact make patching a priority for exposed Linux hosts.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-46036 HIGH PATCH This Week

Local privilege escalation in the Linux kernel's vfio/cdx (Composable DMA-capable eXtension) driver allows a process with access to a VFIO device file descriptor to trigger a use-after-free of the cdx_irqs array via concurrent VFIO_DEVICE_SET_IRQS ioctls. The race in vfio_cdx_set_msi_trigger() can be exploited by a local low-privileged attacker for memory corruption with high confidentiality, integrity, and availability impact (CVSS 7.8). There is no public exploit identified at time of analysis and EPSS is very low (0.02%, 5th percentile).

Linux Information Disclosure Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-46035 MEDIUM PATCH This Month

Lock re-entrancy corruption in the Linux kernel's mm/page_alloc subsystem affects uniprocessor (UP/!CONFIG_SMP) builds, allowing freelist corruption that crashes the kernel. On UP kernels, spin_trylock() is a compile-time no-op that unconditionally succeeds; when alloc_frozen_pages_nolock() is invoked from NMI context, it re-enters rmqueue() and acquires the zone lock already held by the interrupted context, corrupting the page allocator's freelists. No public exploit exists and EPSS sits at the 4th percentile (0.02%), consistent with the narrow scope: only non-default UP kernel builds on specific kernel versions are affected, making this a targeted stability concern for embedded or legacy uniprocessor deployments rather than a broad production threat.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46033 HIGH PATCH This Week

Out-of-bounds read in the Linux kernel's crypto authencesn AEAD wrapper allows a local user with AF_ALG access to trigger memory disclosure and possible denial of service by instantiating an authencesn transform built on an ahash whose digest size is 1-3 bytes (for example cbcmac(cipher_null)). The flaw stems from crypto_authenc_esn_create() failing to validate the inner digest size, letting an invalid default authsize bypass the existing setauthsize() check. No public exploit identified at time of analysis and EPSS probability is negligible (0.02%), but the upstream fix is shipping across multiple stable trees.

Linux Information Disclosure Buffer Overflow
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-46031 HIGH PATCH This Week

Denial of service in the Linux kernel ks8851 Ethernet driver allows a deadlock condition when handling concurrent IRQ and TX softirq processing on systems using the Micrel KS8851 MAC/PHY chip. The flaw manifests when the IRQ handler executes netdev_alloc_skb_ip_align() with bottom-halves enabled, triggering pending softirq processing that re-enters the driver's xmit path and attempts to re-acquire an already-held spinlock. EPSS scores this at 0.02% (5th percentile) and no public exploit identified at time of analysis, consistent with a local hardware-dependent stability bug rather than a remotely weaponizable vulnerability.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-46030 MEDIUM PATCH This Month

Memory leak in the Linux kernel's EDAC/versalnet driver (mc_probe()) results in unreleased device_node references, enabling local low-privileged users to cause kernel memory exhaustion and availability degradation on AMD/Xilinx Versal SoC systems. The root cause is a missing of_node_put() call on all exit paths of mc_probe(), with the fix applied across stable branches including 6.18.27 and 7.0.4. No public exploit or CISA KEV listing exists, and EPSS sits at 0.02% (4th percentile), reflecting minimal active exploitation risk.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46029 HIGH PATCH This Week

Slab allocator corruption in the Linux kernel's mm/slab subsystem allows local low-privileged users on uniprocessor (UP, !CONFIG_SMP) builds to potentially corrupt kernel memory state when kmalloc_nolock() is invoked from NMI context. The flaw stems from spin_trylock() being a no-op on UP kernels, allowing re-entry into the slab allocator while n->list_lock is already held by the interrupted context. EPSS is very low (0.02%) and no public exploit has been identified at time of analysis, though an upstream patch is available.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-46028 MEDIUM PATCH This Month

Race condition in the Linux kernel's AF_ALG AEAD AIO interface allows a local low-privileged user to trigger a denial of service by exploiting shared socket-wide IV buffer state across concurrent asynchronous AEAD requests. The algif_aead subsystem fails to snapshot the Initialization Vector into per-request storage before dispatching async operations, meaning any concurrent socket activity that updates the shared IV can corrupt an in-flight request before it completes. No public exploit has been identified and EPSS is extremely low at 0.02% (7th percentile); vendor-released patches are available across all supported stable kernel branches.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46027 HIGH PATCH This Week

Denial-of-service in the Linux kernel's SMC (Shared Memory Communications) networking subsystem allows remote attackers to crash the kernel by sending a CLC decline message during the early stage of an SMC handshake before the connection is associated with a link group. The flaw, tracked as EUVD-2026-32408, stems from smc_clc_wait_msg() accessing link-group sync state that does not yet exist at that point in the handshake. No public exploit identified at time of analysis and EPSS probability is very low (0.02%, 5th percentile), but the network attack vector and high availability impact warrant patching on systems that use SMC.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-46026 MEDIUM PATCH This Month

Uncontrolled resource consumption in the Linux kernel's QRTR (Qualcomm IPC Router) nameserver module allows a local authenticated user to exhaust nameserver resources by flooding it with unbounded NEW_LOOKUP messages over a single socket. The affected subsystem (net/qrtr/ns) restricted lookups to local clients but imposed no count limit, enabling a sustained denial-of-service against QRTR-dependent inter-process communication on Qualcomm SoC platforms. No public exploit has been identified and EPSS stands at 0.02% (5th percentile), placing this firmly in the low real-world priority tier despite its High availability impact rating.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46025 MEDIUM PATCH This Month

Deadlock and memory leak in the Linux kernel DAMON subsystem arise from a race condition between damon_call() request registration and kdamond_fn() thread exit, affecting systems using the Data Access MONitor (DAMON) API. A local low-privileged process can trigger the race at precisely the moment a kdamond thread is terminating - causing the calling thread to wait indefinitely for a handler that has already exited, resulting in a kernel-level availability denial. No active exploitation is confirmed (EPSS 0.02%, not in CISA KEV), and the high attack complexity required to win the race significantly constrains real-world risk.

Race Condition Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-46022 HIGH PATCH This Week

Out-of-bounds MMIO read in the Linux kernel's ibmasm (IBM Advanced System Management) misc driver allows a compromised IBM service processor to read 8 bytes from unintended device registers or trigger a machine check exception (system crash) by writing an out-of-range queue reader/writer index before asserting an interrupt. The flaw resides in ibmasm_handle_mouse_interrupt() where raw readl() values are passed unchecked to get_queue_entry(), and is fixed by bounds-checking both indices against REMOTE_QUEUE_SIZE (60). No public exploit identified at time of analysis, and EPSS probability is negligible at 0.02%.

Linux Information Disclosure Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-46021 MEDIUM PATCH This Month

Two related memory-management defects in the Linux kernel thermal zone governor subsystem expose local low-privileged users to system availability loss. The first is a memory leak (CWE-401) in the registration error path of thermal_zone_device_register_with_trips(), which fails to remove an attached governor when registration fails mid-way. The second, and more critically impactful, is a race condition in thermal_zone_device_unregister(), which calls thermal_set_governor() without first acquiring the thermal zone lock - permitting a concurrent sysfs-based governor update to produce a use-after-free, which can trigger a kernel panic. No public exploit code exists and EPSS is 0.02% (5th percentile); vendor-released patches are available across multiple stable kernel branches including 6.6.140, 6.12.86, 6.18.27, and 7.0.4.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46020 HIGH PATCH This Week

Out-of-bounds memory access in the Linux kernel's DAMON (Data Access MONitor) subsystem allows privileged local users to crash the kernel by supplying arbitrary node IDs to damos_quota_goal via DAMON_SYSFS. Affecting Linux 6.16 and fixed in 6.18.27, 7.0.4, and 7.1-rc1, the flaw stems from missing validation before si_meminfo_node()/NODE_DATA() lookups and is reproducible with the upstream 'damo' user-space tool. No public exploit identified at time of analysis and EPSS is very low at 0.02%.

Denial Of Service Linux Information Disclosure Buffer Overflow Red Hat +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-46019 MEDIUM PATCH This Month

The atmel-aes crypto driver in the Linux kernel leaks 3 pages of kernel memory per cleanup cycle due to a mismatch between allocation and deallocation functions: atmel_aes_buff_init() allocates 4 contiguous pages via __get_free_pages() with ATMEL_AES_BUFFER_ORDER, but atmel_aes_buff_cleanup() frees only a single page via free_page() instead of the correct free_pages(). Systems running on Atmel/Microchip ARM SoC hardware with this driver loaded are vulnerable to gradual kernel memory exhaustion leading to denial of service. No public exploit code exists and no active exploitation has been confirmed; the EPSS score of 0.02% (5th percentile) reflects the extremely narrow hardware-specific attack surface, and vendor-released patches are available across multiple stable kernel branches.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46018 MEDIUM PATCH This Month

Availability degradation in the Linux kernel ALSA USB audio subsystem allows a local attacker with a crafted UAC2 USB audio device to trigger an unbounded parsing loop that holds register_mutex while repeatedly flooding the kernel log with error messages. Affected systems running snd-usb-audio on multiple stable kernel branches from 3.x through 7.0 are exposed to denial-of-service via mutex contention during USB device probe. No public exploit has been identified at time of analysis, and the EPSS score of 0.02% (6th percentile) reflects minimal threat actor interest; no CISA KEV listing exists.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46017 MEDIUM PATCH This Month

Race condition in the Linux kernel memory management subsystem during large-folio migration can cause kernel availability disruption on SMP/NUMA systems. The flaw in migrate_folio_move() causes a destination folio to become visible to concurrent rmap-removal paths before being requeued onto the deferred split queue, triggering a kernel WARN in deferred_split_folio() or silently losing a folio from split_queue when the shrinker races the migration lock. With no public exploit, no CISA KEV listing, and an EPSS of 0.02%, this is a low real-world risk issue primarily relevant to HPC, virtualization, and database workloads with heavy NUMA migration activity.

Nvidia Race Condition Linux Information Disclosure Red Hat +1
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-46015 HIGH PATCH This Week

Race condition and missed wake-up in the Linux kernel TCP listener migration path (SO_REUSEPORT) allows local low-privileged attackers to cause hangs and potentially exploit a use-after-free on listener sockets. Affects kernels from 5.14 up to versions fixed in 6.6.140, 6.12.86, 6.18.27, 7.0.4, and 7.1-rc1. No public exploit identified at time of analysis, and EPSS is very low (0.02%).

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-46014 MEDIUM PATCH This Month

Broken LBR MSR save/restore in the Linux kernel KVM/SVM subsystem allows a low-privileged local attacker to cause high-impact availability failures in virtualized environments running on AMD SVM hardware. MSR_IA32_DEBUGCTLMSR and Last Branch Record (LBR) MSRs are not enumerated by KVM_GET_MSR_INDEX_LIST and cannot be set via KVM_SET_MSRS, meaning VM state is not correctly preserved across save/restore or live migration cycles, particularly when L2 guests are running. No public exploit has been identified at time of analysis, and EPSS of 0.02% indicates very low exploitation probability, but the flaw affects a foundational hypervisor state management path on production AMD virtualization infrastructure.

Linux Information Disclosure Intel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46013 MEDIUM PATCH This Month

Incorrect physical address conversion in the Linux kernel's mm/memfd_luo subsystem can crash the kernel when the put_folios error-cleanup path executes during memfd Live Update Object (LUO) operations. The cleanup passes a raw Page Frame Number (PFN) where kho_restore_folio() requires a phys_addr_t, and a missing sparse-hole guard (pfn==0) risks misprocessing file holes. No public exploit identified at time of analysis; EPSS of 0.02% (5th percentile) and absence from CISA KEV confirm very low real-world exploitation probability, with impact confined to local denial of service on systems running the experimental KHO/LUO subsystem.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46011 HIGH PATCH This Week

Local privilege escalation and memory corruption in the Linux kernel's MediaTek JPEG (mtk-jpeg) media driver allows a local user with access to the device to trigger a use-after-free condition. The flaw occurs in mtk_jpeg_release() which frees the context structure without first cancelling pending workqueue items, creating a race window during device close where the worker thread accesses freed memory. No public exploit identified at time of analysis, and EPSS rates exploitation probability at just 0.02%, but the bug is fixed across multiple stable trees.

Linux Information Disclosure Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-46010 HIGH PATCH This Week

Memory exhaustion handling flaw in the Linux kernel's rxrpc/rxgk subsystem allows network-adjacent attackers to potentially trigger unsafe code paths when rxgk_decrypt_skb() returns -ENOMEM during RxGSS-Kerberos token extraction. Affected kernels include the 6.17 series and specific commits in 6.16.9 onward, fixed in upstream commits and stable backports targeting 6.18.27 and 7.1-rc1. No public exploit identified at time of analysis, and EPSS is very low (0.02%) despite the 8.1 CVSS score.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-46009 MEDIUM PATCH This Month

Duplicate resource teardown in the Linux kernel's PCI endpoint NTB (Non-Transparent Bridge) driver causes a kernel oops when link state transitions fail or complete, enabling a local low-privileged user to crash the kernel. The `epf_ntb_epc_destroy()` helper performs teardown that its callers also execute, resulting in a double-free-class condition. No public exploit code exists and no active exploitation has been confirmed (not in CISA KEV); the EPSS score of 0.02% at the 5th percentile reflects extremely low observed exploitation probability.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46008 MEDIUM PATCH This Month

Deadlock in Linux kernel DAMON (Data Access Monitor) subsystem allows a local low-privileged user or kernel code path to cause an indefinite thread hang in the mm/damon/core module via a race condition between damos_walk() request registration and kdamond_fn() exit sequencing. Systems running Linux kernels from commit bf0eaba0ff9c9c8e6fd58ddfa1a8b6df4b813f61 through the patch commits are affected, with availability as the sole impact (CVSS C:N/I:N/A:H). No public exploit identified at time of analysis, and EPSS probability is 0.02% (5th percentile), indicating negligible real-world exploitation interest.

Race Condition Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-46007 MEDIUM PATCH This Month

Cache coherency violation in the Linux kernel hwmon powerz driver allows a local low-privileged user to crash the kernel on architectures where DMA buffer cacheline aliasing with adjacent kernel structures (here, a mutex) produces undefined behavior. Affected systems must have the powerz USB hardware monitor driver loaded and the specific hardware attached. No public exploit code exists and EPSS is 0.02% (5th percentile), indicating negligible real-world exploitation activity; nonetheless the kernel availability impact (system crash) is concrete once triggered on a vulnerable architecture.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46005 MEDIUM PATCH This Month

Resource leak in the Linux kernel's XFS subsystem fails to release a DAX (Direct Access) device reference in the error path of xfs_alloc_buftarg(), leaving a dangling reference that prevents proper cleanup of persistent memory devices. Systems running XFS on DAX-capable persistent memory hardware are affected, spanning multiple stable kernel branches prior to the fix commits documented in EUVD-2026-32302. No public exploit identified at time of analysis, and an EPSS score of 0.02% (5th percentile) confirms negligible exploitation interest; patches are confirmed available across Linux 6.6.x, 6.12.x, 6.18.x, 7.0.x, and 7.1-rc1.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46004 HIGH PATCH This Week

Use-after-free in the Linux kernel ALSA caiaq USB audio driver allows local code execution when the device probe path encounters an error during setup_card(). The setup_card() function previously ignored failures from snd_card_register() and continued executing, leaving freed card structures accessible to subsequent initialization calls such as snd_usb_caiaq_control_init(). No public exploit identified at time of analysis, and EPSS is low at 0.02% (5th percentile), consistent with the local attack vector and narrow hardware-driver scope.

Linux Use After Free Memory Corruption Information Disclosure Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-46003 MEDIUM PATCH This Month

Memory exhaustion in the Linux kernel QRTR nameserver allows a local low-privileged attacker to crash the system by registering an unbounded number of QRTR nodes, consuming all available kernel heap memory. Affected kernels span from the commit introducing the QRTR nameserver without node limits (approximately Linux 5.7, commit 0c2204a4ad710d95d348ea006f14ba926e842ffd) through to patched stable releases 6.6.140, 6.12.86, 6.18.27, 7.0.4, and 7.1-rc1. With an EPSS of 0.02% (5th percentile), no CISA KEV listing, and no public exploit identified at time of analysis, current exploitation risk is low - however, teams managing Qualcomm SoC-based embedded or mobile Linux deployments should treat this as a targeted patch priority given the trivial attack complexity (AC:L) once local access is obtained.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46002 MEDIUM PATCH This Month

The ext2 filesystem driver in the Linux kernel allows a local user to trigger kernel WARN_ON panics by mounting a crafted ext2 image containing an inode with zero link count (i_nlink=0), non-zero mode, and zero deletion timestamp - a combination that bypasses the incomplete corruption check in ext2_iget() and reaches drop_nlink() in an invalid state. Discovered by the Linux Verification Center using Syzkaller fuzzing, the flaw affects Linux kernel versions from 2.6.12 through multiple stable branches and results in denial of service via kernel instability. No public exploit exists and no KEV listing; EPSS is negligible at 0.02%, consistent with the local access requirement and specialized image-crafting prerequisite.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46000 MEDIUM PATCH This Month

The rxrpc connection-level packet handler in the Linux kernel modifies RESPONSE packet data in-place within a potentially shared sk_buff, exposing decrypted rxrpc authentication material to co-attached packet sniffers and risking kernel instability when a cloned buffer is written without unsharing. Systems running the rxrpc subsystem (primarily AFS clients and servers) from kernel 2.6.22 onward through the affected stable branches are vulnerable. No public exploit exists and EPSS sits at 0.02% (5th percentile) with no CISA KEV listing, indicating minimal real-world exploitation pressure; patches are confirmed across stable branches 6.6.140, 6.12.88, 7.0.4, 6.18.27, and 7.1-rc1.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45999 HIGH PATCH This Week

Local denial of service and potential information disclosure in the Linux kernel's EROFS filesystem affects versions from 5.13 through pre-patch releases, where a crafted EROFS image triggers an unsigned integer underflow in z_erofs_lz4_handle_overlap(). When a malicious image is mounted and a file is read, the LZ4 inplace decompression path wraps the 'outpages - inpages' calculation to a huge value and reads past the decompressed_pages array. No public exploit identified at time of analysis and EPSS probability is very low (0.02%), but a reproducible proof-of-concept image is embedded in the upstream commit message.

Linux Information Disclosure Integer Overflow
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-45998 HIGH PATCH This Week

Use-after-free in the Linux kernel's rxrpc (AF_RXRPC) networking subsystem allows local attackers with low privileges to trigger memory corruption when skb_unshare() fails during packet input handling. Affected Linux kernel versions from 6.2 up to the fixed releases can be exploited to cause a NULL-pointer oops and potentially escalate privileges or crash the system. No public exploit identified at time of analysis; EPSS is very low (0.02%) and the issue is not present in CISA KEV.

Linux Use After Free Memory Corruption Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45997 MEDIUM PATCH This Month

Reference count leak in the Linux kernel SCSI disk driver (drivers/scsi/sd.c) allows a local low-privileged user to cause kernel resource exhaustion and system crash. In sd_probe(), when device_add(&sdkp->disk_dev) fails, the cleanup path correctly invokes put_device() triggering scsi_disk_release() to free the scsi_disk structure, but omits the corresponding put_disk(gd) call - leaving the gendisk object with an unreleased reference. This asymmetry with the device_add_disk() error path means repeated probe failures accumulate reference leaks that can exhaust kernel memory and deny service. No public exploit has been identified and EPSS probability is 0.02% (5th percentile), consistent with a stability fix rather than an attacker-targeted flaw.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45996 HIGH PATCH This Week

Use-after-free in the Linux kernel's i.MX SPI driver (spi-imx) can be triggered when the driver is unbound, allowing a local privileged user to corrupt kernel memory and potentially escalate to full kernel code execution. EPSS is very low (0.02%) and no public exploit identified at time of analysis, but a kernel-level UAF with high CIA impact warrants prompt patching on affected i.MX-based systems.

Linux Use After Free Memory Corruption Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45995 HIGH PATCH This Week

Use-after-free in the Linux kernel's io_uring zero-copy receive (zcrx) subsystem allows local low-privileged attackers to corrupt memory and potentially escalate privileges. The flaw stems from io_free_rbuf_ring() accessing a struct user_struct after io_zcrx_ifq_free() has already released the reference, creating a UAF window. No public exploit identified at time of analysis and EPSS probability is very low (0.02%), but the bug class (UAF in io_uring) has historically been weaponized for LPE.

Linux Use After Free Memory Corruption Information Disclosure Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45994 HIGH PATCH This Week

Out-of-bounds read in the Linux kernel's ibmasm driver allows a local low-privileged user with write access to the ibmasm command character device to leak kernel heap memory to the IBM Advanced System Management service processor and potentially destabilize the host. The flaw resides in command_file_write(), which trusts attacker-controlled command_size/data_size header fields after allocating a buffer of arbitrary count, enabling get_dot_command_size() to return a value larger than the allocation. EPSS is 0.02% and no public exploit is identified at time of analysis; the issue is not on CISA KEV.

Linux Information Disclosure Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-45993 MEDIUM PATCH This Month

Speculative execution bounds bypass on LoongArch allows a local unprivileged user to trigger out-of-bounds speculative reads against the kernel syscall dispatch table, potentially leaking kernel memory via cache side-channels. Affected are Linux kernel stable branches prior to 6.6.140, 6.12.86, 6.18.27, and 7.0.4 running on LoongArch architecture. No public exploit code has been identified at time of analysis, and EPSS at 0.02% reflects very low observed exploitation probability; patches are available across all affected stable series.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45992 PATCH Awaiting Data

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: Fix potentially leftover ep1_in_urb at error path The previous fix for handling the error from setup_card() missed that an internal URB cdev->ep1_in_urb might have been already submitted beforehand. In the normal case, this URB gets killed at the disconnection, but in the error path, we didn't do it, hence there can be a potential leak. Fix it in the error path for setup_card(), too.

Information Disclosure Linux
NVD VulDB
EPSS
0.0%
CVE-2026-45989 HIGH PATCH This Week

Use-after-free in the Linux kernel's Open Firmware (OF) device tree unittest driver (testdrv_probe) allows local low-privileged attackers to corrupt memory and potentially escalate privileges. The flaw stems from an erroneous of_node_put() call that releases a device_node reference owned by the device model, which can then be dereferenced later in of_platform_default_populate(). EPSS is very low (0.02%) and no public exploit identified at time of analysis, but a vendor patch is available.

Linux Use After Free Memory Corruption Information Disclosure Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45988 CRITICAL PATCH Act Now

Improper handling of failed RESPONSE packet decryption in the Linux kernel's rxrpc subsystem can leave packets in a partially decrypted state when requeued for retry after a temporary processing failure. The flaw affects multiple Linux kernel branches and was resolved upstream by discarding such packets and relying on the CHALLENGE/RESPONSE re-handshake. No public exploit identified at time of analysis, and EPSS scoring (0.02%, 5th percentile) indicates very low real-world exploitation probability despite the high CVSS rating.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-45987 MEDIUM PATCH This Month

Interrupt shadow state desynchronization in the Linux kernel KVM nSVM subsystem can hang L2 nested virtual machines on AMD-V hosts when VM state is restored in a specific ioctl ordering. Systems using KVM nested virtualization (kvm_amd with nested=1) are affected when a live migration or checkpoint-restore operation calls KVM_SET_VCPU_EVENTS before KVM_SET_NESTED_STATE, causing the interrupt shadow to be written into vmcb01 (L1 context) instead of vmcb02 (L2 context). No public exploit has been identified and EPSS is 0.02% (5th percentile), placing this squarely as a correctness and operational availability issue for nested virtualization deployments rather than a broadly exploitable security threat.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45986 MEDIUM PATCH This Month

Memory exhaustion in the Linux kernel's ccree (ARM CryptoCell) driver allows a local low-privileged user to cause a denial of service by repeatedly triggering an error path in cc_mac_digest() that fails to release mapped memory. The vulnerability exists because cc_unmap_result() is not called when cc_map_hash_request_final() returns an error, causing each failed MAC digest operation to leak kernel memory. No active exploitation is confirmed; EPSS is 0.02% at the 5th percentile, consistent with a low-severity, hardware-specific kernel maintenance fix. The 'Information Disclosure' tag in the source data is inconsistent with the CVSS vector (C:N) and description - impact is availability-only.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45985 MEDIUM PATCH This Month

Stale data exposure in the Linux kernel's ext4 filesystem affects systems using the dioread_nolock mount option, triggered by a flag-handling logic error in the extent-splitting code path during Direct I/O operations. When `EXT4_GET_BLOCKS_CONVERT` is incorrectly passed during a pre-I/O split of an unwritten extent, a simultaneous `-ENOSPC` failure in `ext4_split_extent_at()` causes the entire on-disk extent to be prematurely converted to written state while the in-memory extent status tree retains an inconsistent unwritten marker for the second half; if the DIO write subsequently fails, a future read of that region exposes stale pre-zero data. No public exploit has been identified at time of analysis, EPSS is 0.02% (7th percentile), and there is no CISA KEV listing, indicating no confirmed active exploitation.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45984 HIGH PATCH This Week

Local privilege escalation potential in the Linux kernel's GFS2 filesystem stems from a use-after-free in the inline data write path of gfs2_iomap_begin(), where the inode buffer head is released before iomap->inline_data is consumed by iomap_write_end_inline(). Local users with the ability to write to a GFS2-backed filesystem can trigger memory corruption via a freed page that kswapd has since reclaimed. No public exploit identified at time of analysis, EPSS probability is very low (0.02%), and the issue is not listed in CISA KEV, but vendor patches across multiple stable trees are available.

Linux Information Disclosure Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45983 MEDIUM PATCH This Month

NFSv4 server slot exhaustion in the Linux kernel nfsd subsystem causes persistent denial of service for NFS clients when idmap upcall delays occur during compound argument decoding. Specifically, when a SETATTR or similar compound operation triggers an idmap lookup upcall that exceeds the allowed time limit, cache_check() sets RQ_USEDEFERRAL and drops the request before nfs4svc_encode_compoundres() can execute - meaning the NFSD4_SLOT_INUSE session slot flag is never cleared. All subsequent client requests on that session slot fail with NFSERR_JUKEBOX indefinitely. No public exploit has been identified and EPSS is 0.02% (7th percentile), indicating no active exploitation pressure; this is a logic flaw with confirmed upstream patches across all major stable branches.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45979 MEDIUM PATCH This Month

Improper mutex cleanup in the Linux kernel's amdgpu DRM driver allows a local low-privileged user to cause a GPU subsystem denial-of-service on systems equipped with AMD GPU hardware. When kmalloc fails under low memory conditions inside amdgpu_cs_parser_bos, the error path previously returned without releasing the held mutex, leaving it permanently locked and stalling GPU command submission for all users. No public exploit exists and the vulnerability is not listed in CISA KEV; with an EPSS of 0.02% (5th percentile), real-world exploitation risk is low.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45977 MEDIUM PATCH This Month

Use-after-free race condition in the Linux kernel's fbnic (Facebook NIC) driver can be triggered by a local attacker to crash the system. The fw_log firmware log buffer is freed during device teardown before the mailbox IRQ is disabled, allowing a concurrent MSIX interrupt handler to dereference a freed or NULL pointer. No active exploitation is confirmed (not in CISA KEV), and the EPSS score of 0.02% (4th percentile) reflects very low real-world exploitation probability; the primary risk is a denial of service to systems hosting fbnic NICs.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45976 MEDIUM PATCH This Month

Memory leak in the Linux kernel's amdgpu DRM driver allows a local low-privileged user to gradually exhaust kernel memory on systems equipped with AMD GPUs. The flaw exists in amdgpu_ras_init(), where a failed call to amdgpu_nbio_ras_sw_init() causes the function to return an error without freeing the previously allocated 'con' context structure, bypassing the existing release_con cleanup label. No public exploit exists and EPSS is 0.02% (5th percentile), classifying this as a low-priority maintenance fix with no confirmed active exploitation.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45975 MEDIUM This Month

Race condition in the Linux kernel's ublk (userspace block device) subsystem allows a local low-privileged attacker to crash the kernel by concurrently modifying io_uring submission queue entries during kernel processing. The ublksrv_ctrl_cmd struct resides in userspace-mapped shared memory, and unguarded normal loads let a racing userspace thread corrupt the kernel's view of the command, triggering a denial-of-service condition. No public exploit exists and EPSS is 0.02%, but fixed kernel versions 6.19.4 and 7.0 are confirmed available.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45974 MEDIUM PATCH This Month

Invalid leaf access in the btrfs quota subsystem of the Linux kernel allows a local low-privileged user to crash the system by triggering a denial-of-service condition in `btrfs_quota_enable()`. When `btrfs_search_slot_for_read()` returns 1 - signaling end-of-tree with no valid key found - the function fails to exit its loop and proceeds to dereference the now-invalid path pointer, causing a kernel panic. Patched versions are confirmed across multiple stable series (5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.14, 6.19.4, 7.0); no public exploit or CISA KEV listing exists at time of analysis.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45973 MEDIUM PATCH This Month

Indefinite kernel hang in the Linux mlx5_ib RDMA driver causes denial of service during device unload when a firmware reset occurs in LAG (Link Aggregation Group) mode. The race condition leaves UMR (User Memory Registration) deregistration operations blocked forever - posted on the master NIC but awaiting completions from a slave that is already dead - deadlocking the teardown sequence and requiring a hard reboot. No public exploit has been identified, EPSS sits at 0.02% (5th percentile), and impact is confined to systems with Mellanox/NVIDIA mlx5 hardware explicitly configured in bonded LAG mode with active RDMA workloads.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45972 CRITICAL PATCH Act Now

Use-after-free and double-free conditions in the Linux kernel's SMB client (smb2_open_file) can be triggered when SMB2_open() retry paths fail to zero out err_iov and err_buftype buffers, leading to memory corruption. The flaw affects multiple stable kernel branches (6.1, 6.6, 6.12, 6.18) and is fixed in upstream patches; no public exploit identified at time of analysis and EPSS is very low (0.02%) despite the 9.8 CVSS score.

Information Disclosure Memory Corruption Use After Free Linux
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-45971 MEDIUM PATCH This Month

Uncontrolled BPF program signature size in the Linux kernel allows a low-privileged local user to force the kernel into expensive memory allocation paths (kmalloc_large or vmalloc) by supplying an arbitrarily large signature size value to the BPF_PROG_LOAD operation. Affected kernel versions prior to 6.18.14, 6.19.4, and 7.0 are vulnerable to local denial-of-service through kernel memory exhaustion. No public exploit has been identified at time of analysis and no active exploitation is confirmed (not in CISA KEV), with an EPSS score of 0.02% (4th percentile) indicating very low automated exploitation probability.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45967 MEDIUM PATCH This Month

Kernel crash (denial of service) in the Linux kernel BPF subsystem affects local low-privileged users due to a double-offset bug in the instruction array map. The `map_direct_value_addr()` function incorrectly adds the caller-supplied offset to the returned address, then `resolve_pseudo_ldimm64()` adds it a second time, resulting in an incorrect memory address that can trigger a kernel fault. No public exploit exists and the EPSS score is 0.02% (5th percentile), indicating very low opportunistic exploitation risk, but the availability impact is rated High per CVSS.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45964 MEDIUM PATCH This Month

Memory exhaustion in the Linux kernel's SUNRPC GSS authentication subsystem (net/sunrpc/auth_gss/auth_gss.c) allows a local low-privileged user to leak kernel memory by repeatedly triggering a specific error path where kstrdup_const() fails during gss_alloc_msg() processing, preventing gss_auth structures from ever being freed. The defect was introduced by commit 5940d1cf9f42, which added kref_get(&gss_auth->kref) without the corresponding kref_put() on the err_put_pipe_version error path when service_name is non-NULL. With EPSS at 0.02% (7th percentile), no CISA KEV listing, and no public exploit, this is a low-urgency memory management defect primarily relevant to systems running NFS with Kerberos/RPCSEC_GSS authentication.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45962 MEDIUM PATCH This Month

Out-of-bounds memory access in the Linux kernel ublk (userspace block device) subsystem allows a local low-privilege user to crash the kernel by submitting an io_uring control command without the IO_URING_F_SQE128 flag set. The root cause is that ublk_ctrl_cmd_dump() unconditionally accesses the extended cmd field of a Submission Queue Entry before ublk_ctrl_uring_cmd() validates that the SQE is 128 bytes in size, reading beyond the 64-byte standard SQE boundary. No public exploit is identified at time of analysis, and the EPSS score of 0.02% at the 7th percentile signals very low exploitation probability.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45960 MEDIUM PATCH This Month

Kernel panic via reference count corruption in the Linux kernel's HFS+ filesystem driver (hfsplus) allows a local attacker with low privileges to crash the system. The function hfs_bnode_create() returns an already-hashed B-tree node without incrementing its reference count when it unexpectedly encounters a node that should not yet exist - a condition triggered by filesystem corruption or a logic error in hfs_bmap_alloc(). When hfs_bnode_put() later decrements the reference count to zero and attempts cleanup, the kernel triggers a fatal BUG_ON(!atomic_read(&node->refcnt)) assertion at bnode.c:676, causing an immediate kernel panic. No public exploit exists and EPSS is 0.02% (7th percentile), consistent with the local-only attack vector and niche trigger conditions, but the availability impact is total for affected systems.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45957 HIGH PATCH This Week

Denial of service in the Linux kernel's RCU (Read-Copy-Update) subsystem allows a local condition to trigger an infinite recursion deadloop in rcu_read_unlock_special() when ftrace is enabled, leading to kernel hang or crash. The flaw stems from a missing recursion-protection flag when raise_softirq_irqoff() is invoked from the RCU unlock path, causing repeated re-entry through the softirq/trace stack. No public exploit identified at time of analysis and EPSS rates exploitation probability at 0.02%.

Denial Of Service Linux Information Disclosure Buffer Overflow Red Hat +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-45955 HIGH PATCH This Week

High-impact integrity and availability flaw in the Linux kernel's md-llbitmap (multi-device log-based bitmap) subsystem allows a local low-privileged attacker to render RAID bitmap page control structures permanently unusable. When llbitmap_suspend_timeout() times out, percpu_ref is left in a killed state and never resurrected, breaking subsequent md daemon operations on that page. EPSS is very low (0.02%, 4th percentile) and no public exploit is identified at time of analysis, but vendor-released patches are available in 6.18.14 and 6.19.4.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-45954 MEDIUM PATCH This Month

Memory leak in Linux kernel's fbdev au1200fb framebuffer driver causes resource exhaustion when the probe function encounters IRQ allocation failure. The vulnerability exists in au1200fb_drv_probe() within the au1200fb driver: when platform_get_irq() returns an error, the function returns immediately without releasing previously allocated memory, leading to kernel heap exhaustion over time. Local attackers or repeated probe failures (e.g., via hotplug events on affected MIPS-based Alchemy hardware) can deplete kernel memory, resulting in denial of service. No public exploit has been identified at time of analysis, and EPSS at 0.02% (7th percentile) confirms negligible exploitation interest.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45953 MEDIUM PATCH This Month

IO deadloop in Linux kernel's md/raid5 subsystem causes complete availability loss on systems running degraded RAID5 arrays with llbitmap enabled. When llbitmap bit state is 'unwritten', the missing synchronization check in need_this_block() diverges from the check present in handle_stripe_dirtying(), trapping handle_stripe() in an infinite loop that never makes progress - effectively hanging all IO on the affected array. No public exploit is identified at time of analysis, and EPSS at 0.02% (4th percentile) reflects very low real-world exploitation probability, consistent with the narrow deployment conditions required.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45952 MEDIUM PATCH This Month

Missing MTU validation in the Linux kernel fbnic Ethernet driver allows a local low-privileged user to trigger a denial of service by increasing the interface MTU after an XDP program is already attached. Increasing the MTU beyond the HDS (Header Data Split) threshold causes the fbnic hardware to fragment packets across multiple buffers; since single-buffer XDP programs cannot process multi-fragment frames, the driver silently drops them - breaking new TCP streams and discarding oversized non-TCP traffic. No public exploit exists and EPSS is 0.02% (4th percentile), placing this firmly in the low-priority tier despite its High availability rating; patches are confirmed available in Linux 6.18.14, 6.19.4, and 7.0.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45951 HIGH PATCH This Week

Local privilege escalation in the Linux kernel's BPF subsystem stems from incorrect refcounting in check_pseudo_btf_id() that can leave a BTF (BPF Type Format) object with a zero refcount while still in use, creating a use-after-free condition. Affected kernels (around 6.14 through pre-patch 6.18.14/6.19.4) allow a local low-privileged user capable of loading BPF programs to corrupt kernel memory, with no public exploit identified at time of analysis and EPSS scoring exploitation likelihood at only 0.02%.

Linux Information Disclosure Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45950 MEDIUM PATCH This Month

Memory leak in the Linux kernel's StarFive AES crypto driver allows a local low-privileged user on affected StarFive JH7110 RISC-V hardware to exhaust kernel memory and cause a denial of service. The flaw resides in starfive_aes_aead_do_one_req(), where kzalloc()-allocated memory for rctx->adata is not freed on two distinct error paths - failures in sg_copy_to_buffer() or starfive_aes_hw_init() - resulting in unreleased heap memory each time an AEAD operation fails. No public exploit exists and EPSS is extremely low at 0.02%, consistent with a hardware-specific, analysis-discovered defect rather than an actively targeted weakness.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45949 MEDIUM This Month

Use-after-free race condition in the Linux kernel hwrng (hardware random number generator) core subsystem allows a local attacker with low privileges to crash the kernel, causing a denial of service. The race occurs when hwrng_register() and hwrng_unregister() execute concurrently, leaving the hwrng_fill pointer dirty and enabling kthread_stop() to be invoked on an already-freed task_struct - confirmed in the virtrng_remove call path, making virtualized Linux environments a primary real-world attack surface. No public exploit code exists and no active exploitation (KEV) has been confirmed; the EPSS score of 0.02% reflects minimal opportunistic exploitation activity.

Race Condition Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-45948 MEDIUM PATCH This Month

Memory exhaustion in the Linux kernel's ext4 filesystem driver allows a local low-privilege user to gradually degrade system availability by repeatedly triggering a kernel memory leak in ext4_ext_shift_extents(). The flaw, present since approximately kernel 3.15, causes path structures allocated by ext4_find_extent() to go unreleased when a NULL extent is encountered during fallocate shift operations. With no CISA KEV listing, an EPSS of 0.02%, and no public exploit code identified, this is a low-urgency but genuine patch priority for long-lived ext4 systems with unprivileged local users.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45947 MEDIUM PATCH This Month

Memory exhaustion in the Linux kernel's drm/amdgpu driver allows a local low-privileged user on AMD GPU-equipped systems to degrade host availability by repeatedly triggering an error path in amdgpu_acpi_enumerate_xcc() that leaks kernel heap memory. The root cause is a missing free of the xcc_info structure when amdgpu_acpi_dev_init() returns -ENOMEM, identified through static analysis and code review rather than active exploitation. With EPSS at 0.02% (5th percentile) and no CISA KEV listing, this is a low-priority maintenance fix for most environments, most relevant to long-running AMD GPU compute workloads where repeated enumeration failures could accumulate leaked memory.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45945 HIGH PATCH This Week

Race condition in the Linux kernel's Intel VT-d IOMMU driver allows a local low-privileged attacker to trigger inconsistent PASID table state during domain replacement, potentially producing spurious IOMMU faults and unpredictable DMA behavior with cross-scope impact. The flaw stems from non-atomic updates to 512-bit PASID entries while the Present bit is set, and no public exploit identified at time of analysis despite a high CVSS score driven by the scope-changed local attack surface.

Linux Information Disclosure Intel Race Condition
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-45944 HIGH PATCH This Week

Race condition in the Intel VT-d IOMMU driver of the Linux kernel allows a window where hardware can fetch a 'torn' context entry while the Present bit is still set, leading to unpredictable IOMMU behavior or spurious DMA faults on affected systems. The flaw stems from non-atomic teardown of 128-bit context entries via multiple 64-bit writes and is addressed by aligning with the VT-d specification's ownership handshake (Section 6.5.3.3); no public exploit identified at time of analysis, and EPSS rates exploitation probability at just 0.02%.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-45943 HIGH PATCH This Week

Kernel NULL pointer dereference in the Linux EROFS compressed filesystem driver allows a local user reading from an EROFS image to crash the system. The flaw lives in z_erofs_decompress_pcluster(), where compressed folios for ztailpacking pclusters are added to I/O chains before being validated; if inline-data reading fails (notably when a fatal signal interrupts read_mapping_folio()), decompression assumes the folios are valid and dereferences a NULL pointer. There is no public exploit identified at time of analysis, EPSS is negligible (0.02%), and the issue is not in CISA KEV.

Linux Denial Of Service Buffer Overflow Information Disclosure Red Hat +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-45942 HIGH PATCH This Week

Filesystem data integrity issue in the Linux kernel ext4 module allows local low-privileged users to trigger bitmap inconsistencies through a race condition between page migration and ext4 buddy bitmap modification under mixed huge-page workloads. The flaw can produce false group descriptor mismatches and corruption of in-memory block allocation state, with high confidentiality, integrity, and availability impact per CVSS 7.8 (AV:L). No public exploit has been identified at time of analysis and EPSS is very low at 0.02%.

Linux Information Disclosure Race Condition
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45941 MEDIUM PATCH This Month

TPM locality leak in the Linux kernel's tpm_i2c_infineon driver allows a local user on an affected system to exhaust TPM localities and render the TPM device unavailable. The tpm_tis_i2c_send() function acquires a TPM locality at entry but fails to release it when get_burstcount() times out with -EBUSY, causing a resource leak on every such timeout. Patches are available across multiple stable kernel branches; no public exploit code or active exploitation (CISA KEV) has been identified, and EPSS is 0.02% at the 7th percentile.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45940 MEDIUM PATCH This Month

Kernel crash (oops) in the stmmac GMAC4 Ethernet driver causes a denial of service when split header reception is enabled. The stmmac receive path incorrectly assumes that buf2 of the first DMA descriptor is always fully populated with payload, but the GMAC4 hardware does not guarantee this in all cases. When the assumption is violated, the driver miscalculates the length of buf2 in the second descriptor, resulting in an invalid virtual address dereference deep in the DMA cache-invalidation path, crashing the kernel. No public exploit has been identified at time of analysis, and EPSS is 0.02% (4th percentile), indicating negligible opportunistic exploitation interest.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45939 MEDIUM PATCH This Month

Memory leak in the Linux kernel's NI USB GPIB driver allows a local low-privileged user to exhaust kernel memory by repeatedly triggering a failed initialization path. The flaw exists in ni_usb_init(), where a writes buffer is allocated but never freed when ni_usb_setup_init() returns failure, compounding the issue with an incorrect error code (-EFAULT instead of -EINVAL). No public exploit is identified at time of analysis, and EPSS sits at 0.02%, consistent with the niche hardware driver context and local-only attack surface.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45937 MEDIUM PATCH This Month

Kernel panic in the Linux kernel's Inside Secure EIP-93 hardware crypto driver occurs during driver detach due to a loop iterator bug that causes the same hash algorithm to be unregistered multiple times. Systems equipped with Inside Secure EIP-93 cryptographic accelerator hardware and running unpatched kernels between the introducing commit (9739f5f93b78) and the fix commits are vulnerable. A local low-privileged user who can trigger driver detach - via module unload or device removal - can crash the kernel, resulting in a full system denial of service. No public exploit exists and EPSS is 0.02% (4th percentile), indicating negligible in-the-wild activity.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45935 HIGH PATCH This Week

Heap buffer overflow read in the Linux kernel's NTFS3 filesystem driver allows local attackers to trigger out-of-bounds memory access by mounting or processing a maliciously crafted NTFS volume. The flaw resides in the DeleteIndexEntryRoot path of the do_action function, where an attacker-controlled entry size ('esize') bypasses bounds checks and causes memmove to operate on an unsigned-converted negative offset. EPSS scores exploitation probability at 0.03% (9th percentile) and no public exploit has been identified at time of analysis.

Linux Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45934 MEDIUM PATCH This Month

Btrfs transaction aborts in the Linux kernel allow local low-privileged users to crash the filesystem by triggering a logic defect in DUP chunk allocation that generates overlapping physical address ranges in the chunk map. Systems running btrfs with DUP metadata profiles - the default for single-device btrfs deployments - can encounter EEXIST (-17) errors in insert_dev_extents() during btrfs_create_pending_block_groups(), causing the transaction to abort and the filesystem to enter an error state. No public exploit or active exploitation (CISA KEV) has been identified; with an EPSS of 0.02% (4th percentile), this is a kernel reliability defect of operational concern to btrfs operators rather than a traditional attack vector.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45933 HIGH PATCH This Week

Local privilege escalation potential in the Linux kernel BPF verifier (introduced in 6.11+ commit 98d7ca374ba4) arises from sync_linked_regs() failing to preserve register IDs when propagating bounds, breaking linked-register tracking and allowing crafted eBPF programs to bypass the verifier's range analysis. EPSS is very low (0.02%) and the issue is not in CISA KEV, but the BPF verifier is a historically high-value local attack surface, and upstream patches landed in 6.12.75, 6.18.14, and 6.19.4. No public exploit identified at time of analysis.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45930 MEDIUM PATCH This Month

Uninitialized kernel memory leaks to local users via the MCTP netlink subsystem in the Linux kernel, where RTM_GETNEIGH responses return stale kernel data in the pad bytes of ndmsg structures across link, addr, and neigh response messages. Any local user with PR:L access to the MCTP netlink interface can extract arbitrary pad-byte contents from kernel memory allocations, potentially exposing pointers, partial stack data, or remnants of prior allocations that could assist in defeating kernel address space layout randomization (KASLR). Disclosed by Syed Faraz Abrar (Zellic) and Pumpkin (DEVCORE Research Team) via Trend Micro Zero Day Initiative; no public exploit code exists and EPSS sits at the 5th percentile (0.02%), indicating negligible active exploitation at time of analysis.

Linux Information Disclosure Trend Micro Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45929 HIGH PATCH This Week

Use-after-free in the Linux kernel's OpenVPN data channel offload (ovpn) module allows a local attacker with low privileges to potentially trigger memory corruption when transmitting shared sk_buff packets through ovpn_net_xmit. The flaw stems from continued use of a stale skb pointer after skb_share_check frees the original buffer, affecting peer lookup, skb_dst_drop, and TX statistics paths. No public exploit identified at time of analysis, and the EPSS probability is very low (0.02%), suggesting the bug is more of a stability and memory-safety concern than an imminently weaponized vector.

Linux Information Disclosure Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45928 MEDIUM PATCH This Month

Memory leak in the Linux kernel's chips-media wave5 VPU media driver allows a local low-privileged user to exhaust kernel memory, resulting in denial of service. The flaw exists in both the encoder and decoder open paths - wave5_vpu_open_enc() and wave5_vpu_open_dec() - where a VPU instance allocated via kzalloc() is not freed when the subsequent codec_info allocation fails. No public exploit exists and EPSS sits at 0.02% (5th percentile), reflecting the hardware-specific and local-only nature of this issue.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45927 MEDIUM PATCH This Month

BPF map hash verification in the Linux kernel is vulnerable to a TOCTOU race condition that allows a local low-privileged attacker to bypass integrity checks enforced by trusted BPF loaders. Userspace can call BPF_OBJ_GET_INFO_BY_FD to prime the hash cache, then modify the map contents in the race window before freezing it, causing a trusted loader to verify the original (stale) hash against the silently-altered map. No active exploitation is confirmed (not in CISA KEV) and EPSS is 0.02%, but the attack's integrity impact appears understated by the published CVSS vector, which records A:H/I:N - inconsistent with a hash-bypass that enables modified code/data to be loaded as trusted.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-45926 MEDIUM This Month

Memory leak in the Linux kernel's Rust-language PWM subsystem allows a local low-privileged attacker to gradually exhaust kernel memory through repeated PWM chip initialization failures. The `pwmchip_alloc()` function allocates a device structure holding an initial reference that must be explicitly released via `pwmchip_put()` on error paths, but when `__pinned_init()` fails the reference is never dropped, leaking the `pwm_chip` allocation. EPSS stands at 0.02% (5th percentile) and the vulnerability is not listed in CISA KEV, indicating no known active exploitation; no public exploit code has been identified at time of analysis.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45925 MEDIUM PATCH This Month

Reference leak in the Linux kernel's thermal/of subsystem allows a local low-privileged user to degrade system availability through repeated kernel resource exhaustion. The thermal_of_cm_lookup() function acquires a device_node reference via of_parse_phandle() but never releases it, causing reference counts to accumulate without bound on systems with Device Tree-based thermal configuration. No active exploitation is identified (EPSS 0.02%, 5th percentile; no CISA KEV listing), and this is a reliability and availability defect rather than a code-execution primitive; patched stable kernel versions are available across multiple maintained branches.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45924 MEDIUM PATCH This Month

Improper lock release in the Linux kernel ksmbd subsystem (in-kernel SMB server) allows a local low-privileged user to trigger a deadlock by inducing error paths in `ksmbd_vfs_kern_path_locked` where `ksmbd_vfs_kern_path_end_removing()` is never called to balance the corresponding `ksmbd_vfs_kern_path_start_removing()`. Affected kernel versions span multiple stable branches from 5.15 through 6.17. No public exploit or active exploitation is known; EPSS stands at 0.02% (7th percentile), confirming low real-world exploitation probability.

Linux Information Disclosure Debian Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45923 MEDIUM PATCH This Month

Missing endpoint descriptor validation in the Linux kernel catc USB Ethernet driver allows a physically-present attacker with a crafted USB device to cause a kernel denial of service. The catc_probe() function submits URBs against hardcoded endpoint pipes (bulk on endpoint 1, interrupt on endpoint 2) without confirming that the connected device actually presents those endpoint types - a malformed device can exploit this assumption to trigger undefined behavior at the URB submission layer. No active exploitation has been confirmed (not listed in CISA KEV), and the EPSS score is extremely low at 0.02% (7th percentile), reflecting limited real-world exploitation likelihood.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45922 MEDIUM PATCH This Month

Memory leak in the Linux kernel's RDMA/mlx5 subsystem allows a local low-privileged user to exhaust kernel memory by repeatedly triggering the error path in the GET_DATA_DIRECT_SYSFS_PATH uverbs handler. The flaw affects multiple stable kernel branches requiring mlx5-family InfiniBand/RDMA hardware, and was discovered through static analysis and code review rather than active exploitation. No public exploit exists and EPSS probability is 0.02% (5th percentile), indicating no public exploit or active exploitation at time of analysis.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45921 MEDIUM PATCH This Month

Memory leak in the Linux kernel's MTD TP-Link SafeLoader partition parser allows a local low-privileged user to cause availability degradation on affected embedded systems. The `mtd_parser_tplink_safeloader_parse()` function omits freeing a temporary buffer `buf` on the error path when a subsequent `kmalloc()` for `parts[idx].name` fails inside the parsing loop. No public exploit exists and EPSS is negligible at 0.02% (5th percentile); this vulnerability was identified via static analysis and code review, not observed exploitation.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45920 HIGH PATCH This Week

Local denial-of-condition in the Linux kernel ext4 filesystem driver allows an internal counter (s_dirtyclusters_counter) to be double-decremented to -1 along the block-allocation error path that triggers during filesystem shutdown, surfacing as a WARNING in ext4_put_super(). The flaw lives between ext4_mb_mark_diskspace_used() and ext4_mb_new_blocks(), where a metadata-write failure causes the dirty-clusters reservation to be released twice. There is no public exploit identified at time of analysis and EPSS is negligible (0.02%, 7th percentile); despite the CWE-415 (double free) classification and a 7.8 CVSS, the observed effect is cluster-accounting corruption rather than demonstrated memory corruption.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45917 MEDIUM PATCH This Month

Reference leak in the Linux kernel IPVS (IP Virtual Server) subsystem allows a local low-privileged user to trigger a race condition between the netdev notifier handler and destination cache update logic, potentially causing kernel resource exhaustion. When a network device is shutting down, the FIB routing subsystem may return a valid route after ip_vs_dst_event() finishes processing, allowing that route to be cached against a closing device and leaking a device reference until the IPVS destination is removed. This is a medium-severity availability issue with no public exploit identified at time of analysis and a very low EPSS score of 0.02% (5th percentile), indicating it is not currently a prioritized exploitation target.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Out-of-bounds read in the Linux kernel's IPv4 ICMP handling allows remote attackers to trigger denial of service and potential information disclosure by sending crafted ICMP Extended Echo Reply packets. The flaw stems from the kernel consulting the icmp_pointers[] array with reply types (ICMP_EXT_ECHOREPLY) that fall outside its bounded range (NR_ICMP_TYPES). No public exploit identified at time of analysis and EPSS probability is very low (0.02%), but the network attack vector and high availability impact make patching a priority for exposed Linux hosts.

Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Linux kernel's vfio/cdx (Composable DMA-capable eXtension) driver allows a process with access to a VFIO device file descriptor to trigger a use-after-free of the cdx_irqs array via concurrent VFIO_DEVICE_SET_IRQS ioctls. The race in vfio_cdx_set_msi_trigger() can be exploited by a local low-privileged attacker for memory corruption with high confidentiality, integrity, and availability impact (CVSS 7.8). There is no public exploit identified at time of analysis and EPSS is very low (0.02%, 5th percentile).

Linux Information Disclosure Use After Free +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Lock re-entrancy corruption in the Linux kernel's mm/page_alloc subsystem affects uniprocessor (UP/!CONFIG_SMP) builds, allowing freelist corruption that crashes the kernel. On UP kernels, spin_trylock() is a compile-time no-op that unconditionally succeeds; when alloc_frozen_pages_nolock() is invoked from NMI context, it re-enters rmqueue() and acquires the zone lock already held by the interrupted context, corrupting the page allocator's freelists. No public exploit exists and EPSS sits at the 4th percentile (0.02%), consistent with the narrow scope: only non-default UP kernel builds on specific kernel versions are affected, making this a targeted stability concern for embedded or legacy uniprocessor deployments rather than a broad production threat.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Out-of-bounds read in the Linux kernel's crypto authencesn AEAD wrapper allows a local user with AF_ALG access to trigger memory disclosure and possible denial of service by instantiating an authencesn transform built on an ahash whose digest size is 1-3 bytes (for example cbcmac(cipher_null)). The flaw stems from crypto_authenc_esn_create() failing to validate the inner digest size, letting an invalid default authsize bypass the existing setauthsize() check. No public exploit identified at time of analysis and EPSS probability is negligible (0.02%), but the upstream fix is shipping across multiple stable trees.

Linux Information Disclosure Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in the Linux kernel ks8851 Ethernet driver allows a deadlock condition when handling concurrent IRQ and TX softirq processing on systems using the Micrel KS8851 MAC/PHY chip. The flaw manifests when the IRQ handler executes netdev_alloc_skb_ip_align() with bottom-halves enabled, triggering pending softirq processing that re-enters the driver's xmit path and attempts to re-acquire an already-held spinlock. EPSS scores this at 0.02% (5th percentile) and no public exploit identified at time of analysis, consistent with a local hardware-dependent stability bug rather than a remotely weaponizable vulnerability.

Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory leak in the Linux kernel's EDAC/versalnet driver (mc_probe()) results in unreleased device_node references, enabling local low-privileged users to cause kernel memory exhaustion and availability degradation on AMD/Xilinx Versal SoC systems. The root cause is a missing of_node_put() call on all exit paths of mc_probe(), with the fix applied across stable branches including 6.18.27 and 7.0.4. No public exploit or CISA KEV listing exists, and EPSS sits at 0.02% (4th percentile), reflecting minimal active exploitation risk.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Slab allocator corruption in the Linux kernel's mm/slab subsystem allows local low-privileged users on uniprocessor (UP, !CONFIG_SMP) builds to potentially corrupt kernel memory state when kmalloc_nolock() is invoked from NMI context. The flaw stems from spin_trylock() being a no-op on UP kernels, allowing re-entry into the slab allocator while n->list_lock is already held by the interrupted context. EPSS is very low (0.02%) and no public exploit has been identified at time of analysis, though an upstream patch is available.

Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Race condition in the Linux kernel's AF_ALG AEAD AIO interface allows a local low-privileged user to trigger a denial of service by exploiting shared socket-wide IV buffer state across concurrent asynchronous AEAD requests. The algif_aead subsystem fails to snapshot the Initialization Vector into per-request storage before dispatching async operations, meaning any concurrent socket activity that updates the shared IV can corrupt an in-flight request before it completes. No public exploit has been identified and EPSS is extremely low at 0.02% (7th percentile); vendor-released patches are available across all supported stable kernel branches.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial-of-service in the Linux kernel's SMC (Shared Memory Communications) networking subsystem allows remote attackers to crash the kernel by sending a CLC decline message during the early stage of an SMC handshake before the connection is associated with a link group. The flaw, tracked as EUVD-2026-32408, stems from smc_clc_wait_msg() accessing link-group sync state that does not yet exist at that point in the handshake. No public exploit identified at time of analysis and EPSS probability is very low (0.02%, 5th percentile), but the network attack vector and high availability impact warrant patching on systems that use SMC.

Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Uncontrolled resource consumption in the Linux kernel's QRTR (Qualcomm IPC Router) nameserver module allows a local authenticated user to exhaust nameserver resources by flooding it with unbounded NEW_LOOKUP messages over a single socket. The affected subsystem (net/qrtr/ns) restricted lookups to local clients but imposed no count limit, enabling a sustained denial-of-service against QRTR-dependent inter-process communication on Qualcomm SoC platforms. No public exploit has been identified and EPSS stands at 0.02% (5th percentile), placing this firmly in the low real-world priority tier despite its High availability impact rating.

Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Deadlock and memory leak in the Linux kernel DAMON subsystem arise from a race condition between damon_call() request registration and kdamond_fn() thread exit, affecting systems using the Data Access MONitor (DAMON) API. A local low-privileged process can trigger the race at precisely the moment a kdamond thread is terminating - causing the calling thread to wait indefinitely for a handler that has already exited, resulting in a kernel-level availability denial. No active exploitation is confirmed (EPSS 0.02%, not in CISA KEV), and the high attack complexity required to win the race significantly constrains real-world risk.

Race Condition Linux Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Out-of-bounds MMIO read in the Linux kernel's ibmasm (IBM Advanced System Management) misc driver allows a compromised IBM service processor to read 8 bytes from unintended device registers or trigger a machine check exception (system crash) by writing an out-of-range queue reader/writer index before asserting an interrupt. The flaw resides in ibmasm_handle_mouse_interrupt() where raw readl() values are passed unchecked to get_queue_entry(), and is fixed by bounds-checking both indices against REMOTE_QUEUE_SIZE (60). No public exploit identified at time of analysis, and EPSS probability is negligible at 0.02%.

Linux Information Disclosure Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Two related memory-management defects in the Linux kernel thermal zone governor subsystem expose local low-privileged users to system availability loss. The first is a memory leak (CWE-401) in the registration error path of thermal_zone_device_register_with_trips(), which fails to remove an attached governor when registration fails mid-way. The second, and more critically impactful, is a race condition in thermal_zone_device_unregister(), which calls thermal_set_governor() without first acquiring the thermal zone lock - permitting a concurrent sysfs-based governor update to produce a use-after-free, which can trigger a kernel panic. No public exploit code exists and EPSS is 0.02% (5th percentile); vendor-released patches are available across multiple stable kernel branches including 6.6.140, 6.12.86, 6.18.27, and 7.0.4.

Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Out-of-bounds memory access in the Linux kernel's DAMON (Data Access MONitor) subsystem allows privileged local users to crash the kernel by supplying arbitrary node IDs to damos_quota_goal via DAMON_SYSFS. Affecting Linux 6.16 and fixed in 6.18.27, 7.0.4, and 7.1-rc1, the flaw stems from missing validation before si_meminfo_node()/NODE_DATA() lookups and is reproducible with the upstream 'damo' user-space tool. No public exploit identified at time of analysis and EPSS is very low at 0.02%.

Denial Of Service Linux Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The atmel-aes crypto driver in the Linux kernel leaks 3 pages of kernel memory per cleanup cycle due to a mismatch between allocation and deallocation functions: atmel_aes_buff_init() allocates 4 contiguous pages via __get_free_pages() with ATMEL_AES_BUFFER_ORDER, but atmel_aes_buff_cleanup() frees only a single page via free_page() instead of the correct free_pages(). Systems running on Atmel/Microchip ARM SoC hardware with this driver loaded are vulnerable to gradual kernel memory exhaustion leading to denial of service. No public exploit code exists and no active exploitation has been confirmed; the EPSS score of 0.02% (5th percentile) reflects the extremely narrow hardware-specific attack surface, and vendor-released patches are available across multiple stable kernel branches.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Availability degradation in the Linux kernel ALSA USB audio subsystem allows a local attacker with a crafted UAC2 USB audio device to trigger an unbounded parsing loop that holds register_mutex while repeatedly flooding the kernel log with error messages. Affected systems running snd-usb-audio on multiple stable kernel branches from 3.x through 7.0 are exposed to denial-of-service via mutex contention during USB device probe. No public exploit has been identified at time of analysis, and the EPSS score of 0.02% (6th percentile) reflects minimal threat actor interest; no CISA KEV listing exists.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Race condition in the Linux kernel memory management subsystem during large-folio migration can cause kernel availability disruption on SMP/NUMA systems. The flaw in migrate_folio_move() causes a destination folio to become visible to concurrent rmap-removal paths before being requeued onto the deferred split queue, triggering a kernel WARN in deferred_split_folio() or silently losing a folio from split_queue when the shrinker races the migration lock. With no public exploit, no CISA KEV listing, and an EPSS of 0.02%, this is a low real-world risk issue primarily relevant to HPC, virtualization, and database workloads with heavy NUMA migration activity.

Nvidia Race Condition Linux +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Race condition and missed wake-up in the Linux kernel TCP listener migration path (SO_REUSEPORT) allows local low-privileged attackers to cause hangs and potentially exploit a use-after-free on listener sockets. Affects kernels from 5.14 up to versions fixed in 6.6.140, 6.12.86, 6.18.27, 7.0.4, and 7.1-rc1. No public exploit identified at time of analysis, and EPSS is very low (0.02%).

Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Broken LBR MSR save/restore in the Linux kernel KVM/SVM subsystem allows a low-privileged local attacker to cause high-impact availability failures in virtualized environments running on AMD SVM hardware. MSR_IA32_DEBUGCTLMSR and Last Branch Record (LBR) MSRs are not enumerated by KVM_GET_MSR_INDEX_LIST and cannot be set via KVM_SET_MSRS, meaning VM state is not correctly preserved across save/restore or live migration cycles, particularly when L2 guests are running. No public exploit has been identified at time of analysis, and EPSS of 0.02% indicates very low exploitation probability, but the flaw affects a foundational hypervisor state management path on production AMD virtualization infrastructure.

Linux Information Disclosure Intel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Incorrect physical address conversion in the Linux kernel's mm/memfd_luo subsystem can crash the kernel when the put_folios error-cleanup path executes during memfd Live Update Object (LUO) operations. The cleanup passes a raw Page Frame Number (PFN) where kho_restore_folio() requires a phys_addr_t, and a missing sparse-hole guard (pfn==0) risks misprocessing file holes. No public exploit identified at time of analysis; EPSS of 0.02% (5th percentile) and absence from CISA KEV confirm very low real-world exploitation probability, with impact confined to local denial of service on systems running the experimental KHO/LUO subsystem.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation and memory corruption in the Linux kernel's MediaTek JPEG (mtk-jpeg) media driver allows a local user with access to the device to trigger a use-after-free condition. The flaw occurs in mtk_jpeg_release() which frees the context structure without first cancelling pending workqueue items, creating a race window during device close where the worker thread accesses freed memory. No public exploit identified at time of analysis, and EPSS rates exploitation probability at just 0.02%, but the bug is fixed across multiple stable trees.

Linux Information Disclosure Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Memory exhaustion handling flaw in the Linux kernel's rxrpc/rxgk subsystem allows network-adjacent attackers to potentially trigger unsafe code paths when rxgk_decrypt_skb() returns -ENOMEM during RxGSS-Kerberos token extraction. Affected kernels include the 6.17 series and specific commits in 6.16.9 onward, fixed in upstream commits and stable backports targeting 6.18.27 and 7.1-rc1. No public exploit identified at time of analysis, and EPSS is very low (0.02%) despite the 8.1 CVSS score.

Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Duplicate resource teardown in the Linux kernel's PCI endpoint NTB (Non-Transparent Bridge) driver causes a kernel oops when link state transitions fail or complete, enabling a local low-privileged user to crash the kernel. The `epf_ntb_epc_destroy()` helper performs teardown that its callers also execute, resulting in a double-free-class condition. No public exploit code exists and no active exploitation has been confirmed (not in CISA KEV); the EPSS score of 0.02% at the 5th percentile reflects extremely low observed exploitation probability.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Deadlock in Linux kernel DAMON (Data Access Monitor) subsystem allows a local low-privileged user or kernel code path to cause an indefinite thread hang in the mm/damon/core module via a race condition between damos_walk() request registration and kdamond_fn() exit sequencing. Systems running Linux kernels from commit bf0eaba0ff9c9c8e6fd58ddfa1a8b6df4b813f61 through the patch commits are affected, with availability as the sole impact (CVSS C:N/I:N/A:H). No public exploit identified at time of analysis, and EPSS probability is 0.02% (5th percentile), indicating negligible real-world exploitation interest.

Race Condition Linux Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Cache coherency violation in the Linux kernel hwmon powerz driver allows a local low-privileged user to crash the kernel on architectures where DMA buffer cacheline aliasing with adjacent kernel structures (here, a mutex) produces undefined behavior. Affected systems must have the powerz USB hardware monitor driver loaded and the specific hardware attached. No public exploit code exists and EPSS is 0.02% (5th percentile), indicating negligible real-world exploitation activity; nonetheless the kernel availability impact (system crash) is concrete once triggered on a vulnerable architecture.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Resource leak in the Linux kernel's XFS subsystem fails to release a DAX (Direct Access) device reference in the error path of xfs_alloc_buftarg(), leaving a dangling reference that prevents proper cleanup of persistent memory devices. Systems running XFS on DAX-capable persistent memory hardware are affected, spanning multiple stable kernel branches prior to the fix commits documented in EUVD-2026-32302. No public exploit identified at time of analysis, and an EPSS score of 0.02% (5th percentile) confirms negligible exploitation interest; patches are confirmed available across Linux 6.6.x, 6.12.x, 6.18.x, 7.0.x, and 7.1-rc1.

Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in the Linux kernel ALSA caiaq USB audio driver allows local code execution when the device probe path encounters an error during setup_card(). The setup_card() function previously ignored failures from snd_card_register() and continued executing, leaving freed card structures accessible to subsequent initialization calls such as snd_usb_caiaq_control_init(). No public exploit identified at time of analysis, and EPSS is low at 0.02% (5th percentile), consistent with the local attack vector and narrow hardware-driver scope.

Linux Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory exhaustion in the Linux kernel QRTR nameserver allows a local low-privileged attacker to crash the system by registering an unbounded number of QRTR nodes, consuming all available kernel heap memory. Affected kernels span from the commit introducing the QRTR nameserver without node limits (approximately Linux 5.7, commit 0c2204a4ad710d95d348ea006f14ba926e842ffd) through to patched stable releases 6.6.140, 6.12.86, 6.18.27, 7.0.4, and 7.1-rc1. With an EPSS of 0.02% (5th percentile), no CISA KEV listing, and no public exploit identified at time of analysis, current exploitation risk is low - however, teams managing Qualcomm SoC-based embedded or mobile Linux deployments should treat this as a targeted patch priority given the trivial attack complexity (AC:L) once local access is obtained.

Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The ext2 filesystem driver in the Linux kernel allows a local user to trigger kernel WARN_ON panics by mounting a crafted ext2 image containing an inode with zero link count (i_nlink=0), non-zero mode, and zero deletion timestamp - a combination that bypasses the incomplete corruption check in ext2_iget() and reaches drop_nlink() in an invalid state. Discovered by the Linux Verification Center using Syzkaller fuzzing, the flaw affects Linux kernel versions from 2.6.12 through multiple stable branches and results in denial of service via kernel instability. No public exploit exists and no KEV listing; EPSS is negligible at 0.02%, consistent with the local access requirement and specialized image-crafting prerequisite.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The rxrpc connection-level packet handler in the Linux kernel modifies RESPONSE packet data in-place within a potentially shared sk_buff, exposing decrypted rxrpc authentication material to co-attached packet sniffers and risking kernel instability when a cloned buffer is written without unsharing. Systems running the rxrpc subsystem (primarily AFS clients and servers) from kernel 2.6.22 onward through the affected stable branches are vulnerable. No public exploit exists and EPSS sits at 0.02% (5th percentile) with no CISA KEV listing, indicating minimal real-world exploitation pressure; patches are confirmed across stable branches 6.6.140, 6.12.88, 7.0.4, 6.18.27, and 7.1-rc1.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Local denial of service and potential information disclosure in the Linux kernel's EROFS filesystem affects versions from 5.13 through pre-patch releases, where a crafted EROFS image triggers an unsigned integer underflow in z_erofs_lz4_handle_overlap(). When a malicious image is mounted and a file is read, the LZ4 inplace decompression path wraps the 'outpages - inpages' calculation to a huge value and reads past the decompressed_pages array. No public exploit identified at time of analysis and EPSS probability is very low (0.02%), but a reproducible proof-of-concept image is embedded in the upstream commit message.

Linux Information Disclosure Integer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in the Linux kernel's rxrpc (AF_RXRPC) networking subsystem allows local attackers with low privileges to trigger memory corruption when skb_unshare() fails during packet input handling. Affected Linux kernel versions from 6.2 up to the fixed releases can be exploited to cause a NULL-pointer oops and potentially escalate privileges or crash the system. No public exploit identified at time of analysis; EPSS is very low (0.02%) and the issue is not present in CISA KEV.

Linux Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Reference count leak in the Linux kernel SCSI disk driver (drivers/scsi/sd.c) allows a local low-privileged user to cause kernel resource exhaustion and system crash. In sd_probe(), when device_add(&sdkp->disk_dev) fails, the cleanup path correctly invokes put_device() triggering scsi_disk_release() to free the scsi_disk structure, but omits the corresponding put_disk(gd) call - leaving the gendisk object with an unreleased reference. This asymmetry with the device_add_disk() error path means repeated probe failures accumulate reference leaks that can exhaust kernel memory and deny service. No public exploit has been identified and EPSS probability is 0.02% (5th percentile), consistent with a stability fix rather than an attacker-targeted flaw.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in the Linux kernel's i.MX SPI driver (spi-imx) can be triggered when the driver is unbound, allowing a local privileged user to corrupt kernel memory and potentially escalate to full kernel code execution. EPSS is very low (0.02%) and no public exploit identified at time of analysis, but a kernel-level UAF with high CIA impact warrants prompt patching on affected i.MX-based systems.

Linux Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in the Linux kernel's io_uring zero-copy receive (zcrx) subsystem allows local low-privileged attackers to corrupt memory and potentially escalate privileges. The flaw stems from io_free_rbuf_ring() accessing a struct user_struct after io_zcrx_ifq_free() has already released the reference, creating a UAF window. No public exploit identified at time of analysis and EPSS probability is very low (0.02%), but the bug class (UAF in io_uring) has historically been weaponized for LPE.

Linux Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Out-of-bounds read in the Linux kernel's ibmasm driver allows a local low-privileged user with write access to the ibmasm command character device to leak kernel heap memory to the IBM Advanced System Management service processor and potentially destabilize the host. The flaw resides in command_file_write(), which trusts attacker-controlled command_size/data_size header fields after allocating a buffer of arbitrary count, enabling get_dot_command_size() to return a value larger than the allocation. EPSS is 0.02% and no public exploit is identified at time of analysis; the issue is not on CISA KEV.

Linux Information Disclosure Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Speculative execution bounds bypass on LoongArch allows a local unprivileged user to trigger out-of-bounds speculative reads against the kernel syscall dispatch table, potentially leaking kernel memory via cache side-channels. Affected are Linux kernel stable branches prior to 6.6.140, 6.12.86, 6.18.27, and 7.0.4 running on LoongArch architecture. No public exploit code has been identified at time of analysis, and EPSS at 0.02% reflects very low observed exploitation probability; patches are available across all affected stable series.

Linux Information Disclosure
NVD VulDB
EPSS 0%
PATCH Awaiting Data

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: Fix potentially leftover ep1_in_urb at error path The previous fix for handling the error from setup_card() missed that an internal URB cdev->ep1_in_urb might have been already submitted beforehand. In the normal case, this URB gets killed at the disconnection, but in the error path, we didn't do it, hence there can be a potential leak. Fix it in the error path for setup_card(), too.

Information Disclosure Linux
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in the Linux kernel's Open Firmware (OF) device tree unittest driver (testdrv_probe) allows local low-privileged attackers to corrupt memory and potentially escalate privileges. The flaw stems from an erroneous of_node_put() call that releases a device_node reference owned by the device model, which can then be dereferenced later in of_platform_default_populate(). EPSS is very low (0.02%) and no public exploit identified at time of analysis, but a vendor patch is available.

Linux Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Improper handling of failed RESPONSE packet decryption in the Linux kernel's rxrpc subsystem can leave packets in a partially decrypted state when requeued for retry after a temporary processing failure. The flaw affects multiple Linux kernel branches and was resolved upstream by discarding such packets and relying on the CHALLENGE/RESPONSE re-handshake. No public exploit identified at time of analysis, and EPSS scoring (0.02%, 5th percentile) indicates very low real-world exploitation probability despite the high CVSS rating.

Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Interrupt shadow state desynchronization in the Linux kernel KVM nSVM subsystem can hang L2 nested virtual machines on AMD-V hosts when VM state is restored in a specific ioctl ordering. Systems using KVM nested virtualization (kvm_amd with nested=1) are affected when a live migration or checkpoint-restore operation calls KVM_SET_VCPU_EVENTS before KVM_SET_NESTED_STATE, causing the interrupt shadow to be written into vmcb01 (L1 context) instead of vmcb02 (L2 context). No public exploit has been identified and EPSS is 0.02% (5th percentile), placing this squarely as a correctness and operational availability issue for nested virtualization deployments rather than a broadly exploitable security threat.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory exhaustion in the Linux kernel's ccree (ARM CryptoCell) driver allows a local low-privileged user to cause a denial of service by repeatedly triggering an error path in cc_mac_digest() that fails to release mapped memory. The vulnerability exists because cc_unmap_result() is not called when cc_map_hash_request_final() returns an error, causing each failed MAC digest operation to leak kernel memory. No active exploitation is confirmed; EPSS is 0.02% at the 5th percentile, consistent with a low-severity, hardware-specific kernel maintenance fix. The 'Information Disclosure' tag in the source data is inconsistent with the CVSS vector (C:N) and description - impact is availability-only.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Stale data exposure in the Linux kernel's ext4 filesystem affects systems using the dioread_nolock mount option, triggered by a flag-handling logic error in the extent-splitting code path during Direct I/O operations. When `EXT4_GET_BLOCKS_CONVERT` is incorrectly passed during a pre-I/O split of an unwritten extent, a simultaneous `-ENOSPC` failure in `ext4_split_extent_at()` causes the entire on-disk extent to be prematurely converted to written state while the in-memory extent status tree retains an inconsistent unwritten marker for the second half; if the DIO write subsequently fails, a future read of that region exposes stale pre-zero data. No public exploit has been identified at time of analysis, EPSS is 0.02% (7th percentile), and there is no CISA KEV listing, indicating no confirmed active exploitation.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation potential in the Linux kernel's GFS2 filesystem stems from a use-after-free in the inline data write path of gfs2_iomap_begin(), where the inode buffer head is released before iomap->inline_data is consumed by iomap_write_end_inline(). Local users with the ability to write to a GFS2-backed filesystem can trigger memory corruption via a freed page that kswapd has since reclaimed. No public exploit identified at time of analysis, EPSS probability is very low (0.02%), and the issue is not listed in CISA KEV, but vendor patches across multiple stable trees are available.

Linux Information Disclosure Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NFSv4 server slot exhaustion in the Linux kernel nfsd subsystem causes persistent denial of service for NFS clients when idmap upcall delays occur during compound argument decoding. Specifically, when a SETATTR or similar compound operation triggers an idmap lookup upcall that exceeds the allowed time limit, cache_check() sets RQ_USEDEFERRAL and drops the request before nfs4svc_encode_compoundres() can execute - meaning the NFSD4_SLOT_INUSE session slot flag is never cleared. All subsequent client requests on that session slot fail with NFSERR_JUKEBOX indefinitely. No public exploit has been identified and EPSS is 0.02% (7th percentile), indicating no active exploitation pressure; this is a logic flaw with confirmed upstream patches across all major stable branches.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Improper mutex cleanup in the Linux kernel's amdgpu DRM driver allows a local low-privileged user to cause a GPU subsystem denial-of-service on systems equipped with AMD GPU hardware. When kmalloc fails under low memory conditions inside amdgpu_cs_parser_bos, the error path previously returned without releasing the held mutex, leaving it permanently locked and stalling GPU command submission for all users. No public exploit exists and the vulnerability is not listed in CISA KEV; with an EPSS of 0.02% (5th percentile), real-world exploitation risk is low.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Use-after-free race condition in the Linux kernel's fbnic (Facebook NIC) driver can be triggered by a local attacker to crash the system. The fw_log firmware log buffer is freed during device teardown before the mailbox IRQ is disabled, allowing a concurrent MSIX interrupt handler to dereference a freed or NULL pointer. No active exploitation is confirmed (not in CISA KEV), and the EPSS score of 0.02% (4th percentile) reflects very low real-world exploitation probability; the primary risk is a denial of service to systems hosting fbnic NICs.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory leak in the Linux kernel's amdgpu DRM driver allows a local low-privileged user to gradually exhaust kernel memory on systems equipped with AMD GPUs. The flaw exists in amdgpu_ras_init(), where a failed call to amdgpu_nbio_ras_sw_init() causes the function to return an error without freeing the previously allocated 'con' context structure, bypassing the existing release_con cleanup label. No public exploit exists and EPSS is 0.02% (5th percentile), classifying this as a low-priority maintenance fix with no confirmed active exploitation.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Race condition in the Linux kernel's ublk (userspace block device) subsystem allows a local low-privileged attacker to crash the kernel by concurrently modifying io_uring submission queue entries during kernel processing. The ublksrv_ctrl_cmd struct resides in userspace-mapped shared memory, and unguarded normal loads let a racing userspace thread corrupt the kernel's view of the command, triggering a denial-of-service condition. No public exploit exists and EPSS is 0.02%, but fixed kernel versions 6.19.4 and 7.0 are confirmed available.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Invalid leaf access in the btrfs quota subsystem of the Linux kernel allows a local low-privileged user to crash the system by triggering a denial-of-service condition in `btrfs_quota_enable()`. When `btrfs_search_slot_for_read()` returns 1 - signaling end-of-tree with no valid key found - the function fails to exit its loop and proceeds to dereference the now-invalid path pointer, causing a kernel panic. Patched versions are confirmed across multiple stable series (5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.14, 6.19.4, 7.0); no public exploit or CISA KEV listing exists at time of analysis.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Indefinite kernel hang in the Linux mlx5_ib RDMA driver causes denial of service during device unload when a firmware reset occurs in LAG (Link Aggregation Group) mode. The race condition leaves UMR (User Memory Registration) deregistration operations blocked forever - posted on the master NIC but awaiting completions from a slave that is already dead - deadlocking the teardown sequence and requiring a hard reboot. No public exploit has been identified, EPSS sits at 0.02% (5th percentile), and impact is confined to systems with Mellanox/NVIDIA mlx5 hardware explicitly configured in bonded LAG mode with active RDMA workloads.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free and double-free conditions in the Linux kernel's SMB client (smb2_open_file) can be triggered when SMB2_open() retry paths fail to zero out err_iov and err_buftype buffers, leading to memory corruption. The flaw affects multiple stable kernel branches (6.1, 6.6, 6.12, 6.18) and is fixed in upstream patches; no public exploit identified at time of analysis and EPSS is very low (0.02%) despite the 9.8 CVSS score.

Information Disclosure Memory Corruption Use After Free +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Uncontrolled BPF program signature size in the Linux kernel allows a low-privileged local user to force the kernel into expensive memory allocation paths (kmalloc_large or vmalloc) by supplying an arbitrarily large signature size value to the BPF_PROG_LOAD operation. Affected kernel versions prior to 6.18.14, 6.19.4, and 7.0 are vulnerable to local denial-of-service through kernel memory exhaustion. No public exploit has been identified at time of analysis and no active exploitation is confirmed (not in CISA KEV), with an EPSS score of 0.02% (4th percentile) indicating very low automated exploitation probability.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Kernel crash (denial of service) in the Linux kernel BPF subsystem affects local low-privileged users due to a double-offset bug in the instruction array map. The `map_direct_value_addr()` function incorrectly adds the caller-supplied offset to the returned address, then `resolve_pseudo_ldimm64()` adds it a second time, resulting in an incorrect memory address that can trigger a kernel fault. No public exploit exists and the EPSS score is 0.02% (5th percentile), indicating very low opportunistic exploitation risk, but the availability impact is rated High per CVSS.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory exhaustion in the Linux kernel's SUNRPC GSS authentication subsystem (net/sunrpc/auth_gss/auth_gss.c) allows a local low-privileged user to leak kernel memory by repeatedly triggering a specific error path where kstrdup_const() fails during gss_alloc_msg() processing, preventing gss_auth structures from ever being freed. The defect was introduced by commit 5940d1cf9f42, which added kref_get(&gss_auth->kref) without the corresponding kref_put() on the err_put_pipe_version error path when service_name is non-NULL. With EPSS at 0.02% (7th percentile), no CISA KEV listing, and no public exploit, this is a low-urgency memory management defect primarily relevant to systems running NFS with Kerberos/RPCSEC_GSS authentication.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds memory access in the Linux kernel ublk (userspace block device) subsystem allows a local low-privilege user to crash the kernel by submitting an io_uring control command without the IO_URING_F_SQE128 flag set. The root cause is that ublk_ctrl_cmd_dump() unconditionally accesses the extended cmd field of a Submission Queue Entry before ublk_ctrl_uring_cmd() validates that the SQE is 128 bytes in size, reading beyond the 64-byte standard SQE boundary. No public exploit is identified at time of analysis, and the EPSS score of 0.02% at the 7th percentile signals very low exploitation probability.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Kernel panic via reference count corruption in the Linux kernel's HFS+ filesystem driver (hfsplus) allows a local attacker with low privileges to crash the system. The function hfs_bnode_create() returns an already-hashed B-tree node without incrementing its reference count when it unexpectedly encounters a node that should not yet exist - a condition triggered by filesystem corruption or a logic error in hfs_bmap_alloc(). When hfs_bnode_put() later decrements the reference count to zero and attempts cleanup, the kernel triggers a fatal BUG_ON(!atomic_read(&node->refcnt)) assertion at bnode.c:676, causing an immediate kernel panic. No public exploit exists and EPSS is 0.02% (7th percentile), consistent with the local-only attack vector and niche trigger conditions, but the availability impact is total for affected systems.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in the Linux kernel's RCU (Read-Copy-Update) subsystem allows a local condition to trigger an infinite recursion deadloop in rcu_read_unlock_special() when ftrace is enabled, leading to kernel hang or crash. The flaw stems from a missing recursion-protection flag when raise_softirq_irqoff() is invoked from the RCU unlock path, causing repeated re-entry through the softirq/trace stack. No public exploit identified at time of analysis and EPSS rates exploitation probability at 0.02%.

Denial Of Service Linux Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

High-impact integrity and availability flaw in the Linux kernel's md-llbitmap (multi-device log-based bitmap) subsystem allows a local low-privileged attacker to render RAID bitmap page control structures permanently unusable. When llbitmap_suspend_timeout() times out, percpu_ref is left in a killed state and never resurrected, breaking subsequent md daemon operations on that page. EPSS is very low (0.02%, 4th percentile) and no public exploit is identified at time of analysis, but vendor-released patches are available in 6.18.14 and 6.19.4.

Information Disclosure Linux
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory leak in Linux kernel's fbdev au1200fb framebuffer driver causes resource exhaustion when the probe function encounters IRQ allocation failure. The vulnerability exists in au1200fb_drv_probe() within the au1200fb driver: when platform_get_irq() returns an error, the function returns immediately without releasing previously allocated memory, leading to kernel heap exhaustion over time. Local attackers or repeated probe failures (e.g., via hotplug events on affected MIPS-based Alchemy hardware) can deplete kernel memory, resulting in denial of service. No public exploit has been identified at time of analysis, and EPSS at 0.02% (7th percentile) confirms negligible exploitation interest.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IO deadloop in Linux kernel's md/raid5 subsystem causes complete availability loss on systems running degraded RAID5 arrays with llbitmap enabled. When llbitmap bit state is 'unwritten', the missing synchronization check in need_this_block() diverges from the check present in handle_stripe_dirtying(), trapping handle_stripe() in an infinite loop that never makes progress - effectively hanging all IO on the affected array. No public exploit is identified at time of analysis, and EPSS at 0.02% (4th percentile) reflects very low real-world exploitation probability, consistent with the narrow deployment conditions required.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Missing MTU validation in the Linux kernel fbnic Ethernet driver allows a local low-privileged user to trigger a denial of service by increasing the interface MTU after an XDP program is already attached. Increasing the MTU beyond the HDS (Header Data Split) threshold causes the fbnic hardware to fragment packets across multiple buffers; since single-buffer XDP programs cannot process multi-fragment frames, the driver silently drops them - breaking new TCP streams and discarding oversized non-TCP traffic. No public exploit exists and EPSS is 0.02% (4th percentile), placing this firmly in the low-priority tier despite its High availability rating; patches are confirmed available in Linux 6.18.14, 6.19.4, and 7.0.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Linux kernel's BPF subsystem stems from incorrect refcounting in check_pseudo_btf_id() that can leave a BTF (BPF Type Format) object with a zero refcount while still in use, creating a use-after-free condition. Affected kernels (around 6.14 through pre-patch 6.18.14/6.19.4) allow a local low-privileged user capable of loading BPF programs to corrupt kernel memory, with no public exploit identified at time of analysis and EPSS scoring exploitation likelihood at only 0.02%.

Linux Information Disclosure Use After Free +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory leak in the Linux kernel's StarFive AES crypto driver allows a local low-privileged user on affected StarFive JH7110 RISC-V hardware to exhaust kernel memory and cause a denial of service. The flaw resides in starfive_aes_aead_do_one_req(), where kzalloc()-allocated memory for rctx->adata is not freed on two distinct error paths - failures in sg_copy_to_buffer() or starfive_aes_hw_init() - resulting in unreleased heap memory each time an AEAD operation fails. No public exploit exists and EPSS is extremely low at 0.02%, consistent with a hardware-specific, analysis-discovered defect rather than an actively targeted weakness.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM This Month

Use-after-free race condition in the Linux kernel hwrng (hardware random number generator) core subsystem allows a local attacker with low privileges to crash the kernel, causing a denial of service. The race occurs when hwrng_register() and hwrng_unregister() execute concurrently, leaving the hwrng_fill pointer dirty and enabling kthread_stop() to be invoked on an already-freed task_struct - confirmed in the virtrng_remove call path, making virtualized Linux environments a primary real-world attack surface. No public exploit code exists and no active exploitation (KEV) has been confirmed; the EPSS score of 0.02% reflects minimal opportunistic exploitation activity.

Race Condition Linux Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory exhaustion in the Linux kernel's ext4 filesystem driver allows a local low-privilege user to gradually degrade system availability by repeatedly triggering a kernel memory leak in ext4_ext_shift_extents(). The flaw, present since approximately kernel 3.15, causes path structures allocated by ext4_find_extent() to go unreleased when a NULL extent is encountered during fallocate shift operations. With no CISA KEV listing, an EPSS of 0.02%, and no public exploit code identified, this is a low-urgency but genuine patch priority for long-lived ext4 systems with unprivileged local users.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory exhaustion in the Linux kernel's drm/amdgpu driver allows a local low-privileged user on AMD GPU-equipped systems to degrade host availability by repeatedly triggering an error path in amdgpu_acpi_enumerate_xcc() that leaks kernel heap memory. The root cause is a missing free of the xcc_info structure when amdgpu_acpi_dev_init() returns -ENOMEM, identified through static analysis and code review rather than active exploitation. With EPSS at 0.02% (5th percentile) and no CISA KEV listing, this is a low-priority maintenance fix for most environments, most relevant to long-running AMD GPU compute workloads where repeated enumeration failures could accumulate leaked memory.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Race condition in the Linux kernel's Intel VT-d IOMMU driver allows a local low-privileged attacker to trigger inconsistent PASID table state during domain replacement, potentially producing spurious IOMMU faults and unpredictable DMA behavior with cross-scope impact. The flaw stems from non-atomic updates to 512-bit PASID entries while the Present bit is set, and no public exploit identified at time of analysis despite a high CVSS score driven by the scope-changed local attack surface.

Linux Information Disclosure Intel +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Race condition in the Intel VT-d IOMMU driver of the Linux kernel allows a window where hardware can fetch a 'torn' context entry while the Present bit is still set, leading to unpredictable IOMMU behavior or spurious DMA faults on affected systems. The flaw stems from non-atomic teardown of 128-bit context entries via multiple 64-bit writes and is addressed by aligning with the VT-d specification's ownership handshake (Section 6.5.3.3); no public exploit identified at time of analysis, and EPSS rates exploitation probability at just 0.02%.

Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Kernel NULL pointer dereference in the Linux EROFS compressed filesystem driver allows a local user reading from an EROFS image to crash the system. The flaw lives in z_erofs_decompress_pcluster(), where compressed folios for ztailpacking pclusters are added to I/O chains before being validated; if inline-data reading fails (notably when a fatal signal interrupts read_mapping_folio()), decompression assumes the folios are valid and dereferences a NULL pointer. There is no public exploit identified at time of analysis, EPSS is negligible (0.02%), and the issue is not in CISA KEV.

Linux Denial Of Service Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Filesystem data integrity issue in the Linux kernel ext4 module allows local low-privileged users to trigger bitmap inconsistencies through a race condition between page migration and ext4 buddy bitmap modification under mixed huge-page workloads. The flaw can produce false group descriptor mismatches and corruption of in-memory block allocation state, with high confidentiality, integrity, and availability impact per CVSS 7.8 (AV:L). No public exploit has been identified at time of analysis and EPSS is very low at 0.02%.

Linux Information Disclosure Race Condition
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

TPM locality leak in the Linux kernel's tpm_i2c_infineon driver allows a local user on an affected system to exhaust TPM localities and render the TPM device unavailable. The tpm_tis_i2c_send() function acquires a TPM locality at entry but fails to release it when get_burstcount() times out with -EBUSY, causing a resource leak on every such timeout. Patches are available across multiple stable kernel branches; no public exploit code or active exploitation (CISA KEV) has been identified, and EPSS is 0.02% at the 7th percentile.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Kernel crash (oops) in the stmmac GMAC4 Ethernet driver causes a denial of service when split header reception is enabled. The stmmac receive path incorrectly assumes that buf2 of the first DMA descriptor is always fully populated with payload, but the GMAC4 hardware does not guarantee this in all cases. When the assumption is violated, the driver miscalculates the length of buf2 in the second descriptor, resulting in an invalid virtual address dereference deep in the DMA cache-invalidation path, crashing the kernel. No public exploit has been identified at time of analysis, and EPSS is 0.02% (4th percentile), indicating negligible opportunistic exploitation interest.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory leak in the Linux kernel's NI USB GPIB driver allows a local low-privileged user to exhaust kernel memory by repeatedly triggering a failed initialization path. The flaw exists in ni_usb_init(), where a writes buffer is allocated but never freed when ni_usb_setup_init() returns failure, compounding the issue with an incorrect error code (-EFAULT instead of -EINVAL). No public exploit is identified at time of analysis, and EPSS sits at 0.02%, consistent with the niche hardware driver context and local-only attack surface.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Kernel panic in the Linux kernel's Inside Secure EIP-93 hardware crypto driver occurs during driver detach due to a loop iterator bug that causes the same hash algorithm to be unregistered multiple times. Systems equipped with Inside Secure EIP-93 cryptographic accelerator hardware and running unpatched kernels between the introducing commit (9739f5f93b78) and the fix commits are vulnerable. A local low-privileged user who can trigger driver detach - via module unload or device removal - can crash the kernel, resulting in a full system denial of service. No public exploit exists and EPSS is 0.02% (4th percentile), indicating negligible in-the-wild activity.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap buffer overflow read in the Linux kernel's NTFS3 filesystem driver allows local attackers to trigger out-of-bounds memory access by mounting or processing a maliciously crafted NTFS volume. The flaw resides in the DeleteIndexEntryRoot path of the do_action function, where an attacker-controlled entry size ('esize') bypasses bounds checks and causes memmove to operate on an unsigned-converted negative offset. EPSS scores exploitation probability at 0.03% (9th percentile) and no public exploit has been identified at time of analysis.

Linux Buffer Overflow Information Disclosure
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Btrfs transaction aborts in the Linux kernel allow local low-privileged users to crash the filesystem by triggering a logic defect in DUP chunk allocation that generates overlapping physical address ranges in the chunk map. Systems running btrfs with DUP metadata profiles - the default for single-device btrfs deployments - can encounter EEXIST (-17) errors in insert_dev_extents() during btrfs_create_pending_block_groups(), causing the transaction to abort and the filesystem to enter an error state. No public exploit or active exploitation (CISA KEV) has been identified; with an EPSS of 0.02% (4th percentile), this is a kernel reliability defect of operational concern to btrfs operators rather than a traditional attack vector.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation potential in the Linux kernel BPF verifier (introduced in 6.11+ commit 98d7ca374ba4) arises from sync_linked_regs() failing to preserve register IDs when propagating bounds, breaking linked-register tracking and allowing crafted eBPF programs to bypass the verifier's range analysis. EPSS is very low (0.02%) and the issue is not in CISA KEV, but the BPF verifier is a historically high-value local attack surface, and upstream patches landed in 6.12.75, 6.18.14, and 6.19.4. No public exploit identified at time of analysis.

Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Uninitialized kernel memory leaks to local users via the MCTP netlink subsystem in the Linux kernel, where RTM_GETNEIGH responses return stale kernel data in the pad bytes of ndmsg structures across link, addr, and neigh response messages. Any local user with PR:L access to the MCTP netlink interface can extract arbitrary pad-byte contents from kernel memory allocations, potentially exposing pointers, partial stack data, or remnants of prior allocations that could assist in defeating kernel address space layout randomization (KASLR). Disclosed by Syed Faraz Abrar (Zellic) and Pumpkin (DEVCORE Research Team) via Trend Micro Zero Day Initiative; no public exploit code exists and EPSS sits at the 5th percentile (0.02%), indicating negligible active exploitation at time of analysis.

Linux Information Disclosure Trend Micro +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in the Linux kernel's OpenVPN data channel offload (ovpn) module allows a local attacker with low privileges to potentially trigger memory corruption when transmitting shared sk_buff packets through ovpn_net_xmit. The flaw stems from continued use of a stale skb pointer after skb_share_check frees the original buffer, affecting peer lookup, skb_dst_drop, and TX statistics paths. No public exploit identified at time of analysis, and the EPSS probability is very low (0.02%), suggesting the bug is more of a stability and memory-safety concern than an imminently weaponized vector.

Linux Information Disclosure Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory leak in the Linux kernel's chips-media wave5 VPU media driver allows a local low-privileged user to exhaust kernel memory, resulting in denial of service. The flaw exists in both the encoder and decoder open paths - wave5_vpu_open_enc() and wave5_vpu_open_dec() - where a VPU instance allocated via kzalloc() is not freed when the subsequent codec_info allocation fails. No public exploit exists and EPSS sits at 0.02% (5th percentile), reflecting the hardware-specific and local-only nature of this issue.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

BPF map hash verification in the Linux kernel is vulnerable to a TOCTOU race condition that allows a local low-privileged attacker to bypass integrity checks enforced by trusted BPF loaders. Userspace can call BPF_OBJ_GET_INFO_BY_FD to prime the hash cache, then modify the map contents in the race window before freezing it, causing a trusted loader to verify the original (stale) hash against the silently-altered map. No active exploitation is confirmed (not in CISA KEV) and EPSS is 0.02%, but the attack's integrity impact appears understated by the published CVSS vector, which records A:H/I:N - inconsistent with a hash-bypass that enables modified code/data to be loaded as trusted.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Memory leak in the Linux kernel's Rust-language PWM subsystem allows a local low-privileged attacker to gradually exhaust kernel memory through repeated PWM chip initialization failures. The `pwmchip_alloc()` function allocates a device structure holding an initial reference that must be explicitly released via `pwmchip_put()` on error paths, but when `__pinned_init()` fails the reference is never dropped, leaking the `pwm_chip` allocation. EPSS stands at 0.02% (5th percentile) and the vulnerability is not listed in CISA KEV, indicating no known active exploitation; no public exploit code has been identified at time of analysis.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Reference leak in the Linux kernel's thermal/of subsystem allows a local low-privileged user to degrade system availability through repeated kernel resource exhaustion. The thermal_of_cm_lookup() function acquires a device_node reference via of_parse_phandle() but never releases it, causing reference counts to accumulate without bound on systems with Device Tree-based thermal configuration. No active exploitation is identified (EPSS 0.02%, 5th percentile; no CISA KEV listing), and this is a reliability and availability defect rather than a code-execution primitive; patched stable kernel versions are available across multiple maintained branches.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Improper lock release in the Linux kernel ksmbd subsystem (in-kernel SMB server) allows a local low-privileged user to trigger a deadlock by inducing error paths in `ksmbd_vfs_kern_path_locked` where `ksmbd_vfs_kern_path_end_removing()` is never called to balance the corresponding `ksmbd_vfs_kern_path_start_removing()`. Affected kernel versions span multiple stable branches from 5.15 through 6.17. No public exploit or active exploitation is known; EPSS stands at 0.02% (7th percentile), confirming low real-world exploitation probability.

Linux Information Disclosure Debian +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Missing endpoint descriptor validation in the Linux kernel catc USB Ethernet driver allows a physically-present attacker with a crafted USB device to cause a kernel denial of service. The catc_probe() function submits URBs against hardcoded endpoint pipes (bulk on endpoint 1, interrupt on endpoint 2) without confirming that the connected device actually presents those endpoint types - a malformed device can exploit this assumption to trigger undefined behavior at the URB submission layer. No active exploitation has been confirmed (not listed in CISA KEV), and the EPSS score is extremely low at 0.02% (7th percentile), reflecting limited real-world exploitation likelihood.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory leak in the Linux kernel's RDMA/mlx5 subsystem allows a local low-privileged user to exhaust kernel memory by repeatedly triggering the error path in the GET_DATA_DIRECT_SYSFS_PATH uverbs handler. The flaw affects multiple stable kernel branches requiring mlx5-family InfiniBand/RDMA hardware, and was discovered through static analysis and code review rather than active exploitation. No public exploit exists and EPSS probability is 0.02% (5th percentile), indicating no public exploit or active exploitation at time of analysis.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory leak in the Linux kernel's MTD TP-Link SafeLoader partition parser allows a local low-privileged user to cause availability degradation on affected embedded systems. The `mtd_parser_tplink_safeloader_parse()` function omits freeing a temporary buffer `buf` on the error path when a subsequent `kmalloc()` for `parts[idx].name` fails inside the parsing loop. No public exploit exists and EPSS is negligible at 0.02% (5th percentile); this vulnerability was identified via static analysis and code review, not observed exploitation.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local denial-of-condition in the Linux kernel ext4 filesystem driver allows an internal counter (s_dirtyclusters_counter) to be double-decremented to -1 along the block-allocation error path that triggers during filesystem shutdown, surfacing as a WARNING in ext4_put_super(). The flaw lives between ext4_mb_mark_diskspace_used() and ext4_mb_new_blocks(), where a metadata-write failure causes the dirty-clusters reservation to be released twice. There is no public exploit identified at time of analysis and EPSS is negligible (0.02%, 7th percentile); despite the CWE-415 (double free) classification and a 7.8 CVSS, the observed effect is cluster-accounting corruption rather than demonstrated memory corruption.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Reference leak in the Linux kernel IPVS (IP Virtual Server) subsystem allows a local low-privileged user to trigger a race condition between the netdev notifier handler and destination cache update logic, potentially causing kernel resource exhaustion. When a network device is shutting down, the FIB routing subsystem may return a valid route after ip_vs_dst_event() finishes processing, allowing that route to be cached against a closing device and leaking a device reference until the IPVS destination is removed. This is a medium-severity availability issue with no public exploit identified at time of analysis and a very low EPSS score of 0.02% (5th percentile), indicating it is not currently a prioritized exploitation target.

Linux Information Disclosure Red Hat +1
NVD VulDB
Prev Page 45 of 745 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy