Linux Kernel: 25 Vulnerabilities Disclosed in Single Batch on June 8-9, 2026

Key findings

• 25 Linux kernel vulnerabilities disclosed in a single batch on June 8-9, 2026.
• Vulnerabilities span graphics, media, networking, storage, and memory management subsystems.
• Fixes address issues like infinite loops, NULL pointer dereferences, and memory leaks.
• Affected components include DRM, KVM, tun/tap drivers, and various filesystem modules.
• Coordinated disclosure highlights ongoing security vigilance required for the Linux kernel.

On June 8-9, 2026, a substantial cluster of 25 vulnerabilities impacting the Linux kernel was disclosed, spanning a wide array of subsystems including graphics, media, networking, and storage. This coordinated disclosure event highlights ongoing security challenges within the kernel, affecting core components used across numerous systems, including Google's Android SDK.

The vulnerabilities addressed in this batch range from issues in memory management and device drivers to network protocols and virtual machine components. Several fixes address potential infinite loops, NULL pointer dereferences, out-of-bounds array accesses, and memory leaks.

Graphics and Media Subsystems: A notable portion of the disclosed vulnerabilities reside within the graphics (DRM) and media subsystems. For instance, CVE-2026-46314 addresses an infinite loop in the drm/v3d driver by rejecting empty multisync extensions. Similarly, CVE-2026-46313 fixes an error pointer dereference in the media/intel/ipu6 driver, and CVE-2026-46312 ensures proper vma_flags are set in vb2_dma_sg_mmap within the media/videobuf2 component. Other media-related fixes include CVE-2026-52907 in the media/rockchip/rkcif driver, which resolves off-by-one errors in array comparisons, and CVE-2026-46329 in the dm module, which corrects an unlocked test for suspended devices.

Networking and Storage: The networking stack also saw several fixes. CVE-2026-46326 addresses an initialization issue in the iio/pressure/mprls0025pa driver, while CVE-2026-46322, CVE-2026-46321, and CVE-2026-46320 focus on memory management within the tun and tap drivers, ensuring pages are freed correctly on error paths or short-frame rejections. CVE-2026-46317 and CVE-2026-46316 provide fixes for KVM on ARM64, specifically related to nested MMUs and the virtual GIC ITS translation cache. The netfilter: nf_tables component received a fix in CVE-2026-46324 for proper RCU list management. Additionally, CVE-2026-46330 reverts a change introducing TCP ULP support for SMC due to fundamental issues.

Memory Management and Other Components: Memory management vulnerabilities include CVE-2026-52905 in mm/damon/core, which disallows non-power-of-two min_region_sz on damon_start(), and CVE-2026-46318, which reverts a change to mm/hugetlbfs using mmap_prepare. CVE-2026-46315 in io_uring/waitid ensures waitid information is cleared before copying to userspace. Other fixes address issues in the 9p filesystem (CVE-2026-52906), AppArmor (CVE-2026-46328), and the erofs filesystem (CVE-2026-46329).

Exploitation and Impact: While specific details on in-the-wild exploitation for this particular batch were not immediately available in the disclosed information, the breadth of affected subsystems—graphics, media, networking, and storage—indicates a significant potential impact on systems running vulnerable Linux kernel versions. The disclosure, highlighted by sources like Vypr Intelligence, emphasizes the critical need for prompt patching to mitigate risks to data integrity and system stability.

Response and Mitigation: These vulnerabilities have been addressed through code patches integrated into the Linux kernel. Users and system administrators are advised to update their systems to kernel versions that incorporate these fixes. The specific versions and release timelines for these patches would typically be detailed in distribution-specific advisories. Prompt application of these updates is crucial to protect against potential exploitation.