Linux kernel

CVEs (17)

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2026-46289	Linux Linux kernel	Cri	0.57	9.8	Jun 8, 2026	In the Linux kernel, the following vulnerability has been resolved: lib/scatterlist: fix length calculations in extract_kvec_to_sg Patch series "Fix bugs in extract_iter_to_sg()", v3. Fix bugs in the kvec and user variants of extract_iter_to_sg. This series is growing due to…
CVE-2026-46316	Linux Linux kernel	Cri	0.53	9.3	Jun 9, 2026	In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgic_its_invalidate_cache() walks the per-ITS translation cache with xa_for_each() and drops the cache's reference on each…
CVE-2026-46288	Linux Linux kernel	Hig	0.48	8.4	Jun 8, 2026	In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in of_unittest_changeset() The variable 'parent' is assigned the value of 'nchangeset' earlier in the function, meaning both point to the same struct device_node. The call to…
CVE-2026-46307	Linux Linux kernel	Hig	0.47	8.3	Jun 8, 2026	In the Linux kernel, the following vulnerability has been resolved: wifi: ath5k: do not access array OOB Vincent reports: > The ath5k driver seems to do an array-index-out-of-bounds access as > shown by the UBSAN kernel message: > UBSAN: array-index-out-of-bounds in…
CVE-2026-52907	Linux Linux kernel	Hig	0.44	7.8	Jun 9, 2026	In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: fix off by one bugs Change these comparisons from > vs >= to avoid accessing one element beyond the end of the arrays. While at it, use ARRAY_SIZE instead of the _MAX enum values. [fix…
CVE-2026-46330	Linux Linux kernel	Hig	0.44	7.8	Jun 9, 2026	In the Linux kernel, the following vulnerability has been resolved: Revert "net/smc: Introduce TCP ULP support" This reverts commit d7cd421da9da2cc7b4d25b8537f66db5c8331c40. As reported by Al Viro, the TCP ULP support for SMC is fundamentally broken. The implementation…
CVE-2026-46327	Linux Linux kernel	Hig	0.44	7.8	Jun 9, 2026	In the Linux kernel, the following vulnerability has been resolved: dm: fix unlocked test for dm_suspended_md The function dm_blk_report_zones tests if the device is suspended with the "dm_suspended_md" call. However, this function is called without holding any locks, so the…
CVE-2026-46324	Linux Linux kernel	Hig	0.44	7.8	Jun 9, 2026	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use list_del_rcu for netlink hooks nft_netdev_unregister_hooks and __nft_unregister_flowtable_net_hooks need to use list_del_rcu(), this list can be walked by concurrent dumpers. Add a…
CVE-2026-46311	Linux Linux kernel	Hig	0.44	7.8	Jun 8, 2026	In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drm_exec to take both locks i.e vm root bo and wptr_obj bo to access the mapping data properly. This fixes the security issue of unmap the wptr_obj while…
CVE-2026-46277	Linux Linux kernel	Hig	0.44	7.8	Jun 8, 2026	In the Linux kernel, the following vulnerability has been resolved: mm/zone_device: do not touch device folio after calling ->folio_free() The contents of a device folio can immediately change after calling ->folio_free(), as the folio may be reallocated by a driver with a…
CVE-2026-46275	Linux Linux kernel	Hig	0.44	7.8	Jun 8, 2026	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths Vulnerabilities leading to Use-After-Free (UAF) and Null Pointer Dereference (NPD) conditions were observed in the lifecycle management…
CVE-2026-46274	Linux Linux kernel	Hig	0.44	7.8	Jun 8, 2026	In the Linux kernel, the following vulnerability has been resolved: io-wq: check that the predecessor is hashed in io_wq_remove_pending() io_wq_remove_pending() needs to fix up wq->hash_tail[] if the cancelled work was the tail of its hash bucket. When doing this, it checks…
CVE-2026-52906	Linux Linux kernel	Hig	0.43	7.7	Jun 9, 2026	In the Linux kernel, the following vulnerability has been resolved: 9p: fix access mode flags being ORed instead of replaced Since commit 1f3e4142c0eb ("9p: convert to the new mount API"), v9fs_apply_options() applies parsed mount flags with \|= onto flags already set by…
CVE-2026-46306	Linux Linux kernel	Hig	0.42	7.5	Jun 8, 2026	In the Linux kernel, the following vulnerability has been resolved: flow_dissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression (PFC) is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE…
CVE-2026-46328	Linux Linux kernel	Hig	0.40	7.3	Jun 9, 2026	In the Linux kernel, the following vulnerability has been resolved: apparmor: fix rlimit for posix cpu timers Posix cpu timers requires an additional step beyond setting the rlimit. Refactor the code so its clear when what code is setting the limit and conditionally update the…
CVE-2026-46322	Linux Linux kernel	Hig	0.39	7.1	Jun 9, 2026	In the Linux kernel, the following vulnerability has been resolved: tun: free page on build_skb failure in tun_xdp_one() When build_skb() fails in tun_xdp_one(), the function sets ret to -ENOMEM and jumps to the out label, which returns without freeing the page that…
CVE-2026-46299	Linux Linux kernel	Hig	0.39	7.0	Jun 8, 2026	In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix held lock freed on hfsplus_fill_super() hfsplus_fill_super() calls hfs_find_init() to initialize a search structure, which acquires tree->tree_lock. If the subsequent call to…

CVE-2026-46289CriJun 8, 2026
Linux
Linux kernel
risk 0.57cvss 9.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: lib/scatterlist: fix length calculations in extract_kvec_to_sg Patch series "Fix bugs in extract_iter_to_sg()", v3. Fix bugs in the kvec and user variants of extract_iter_to_sg. This series is growing due to…
CVE-2026-46316CriJun 9, 2026
Linux
Linux kernel
risk 0.53cvss 9.3epss 0.00
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgic_its_invalidate_cache() walks the per-ITS translation cache with xa_for_each() and drops the cache's reference on each…
CVE-2026-46288HigJun 8, 2026
Linux
Linux kernel
risk 0.48cvss 8.4epss 0.00
In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in of_unittest_changeset() The variable 'parent' is assigned the value of 'nchangeset' earlier in the function, meaning both point to the same struct device_node. The call to…
CVE-2026-46307HigJun 8, 2026
Linux
Linux kernel
risk 0.47cvss 8.3epss 0.00
In the Linux kernel, the following vulnerability has been resolved: wifi: ath5k: do not access array OOB Vincent reports: > The ath5k driver seems to do an array-index-out-of-bounds access as > shown by the UBSAN kernel message: > UBSAN: array-index-out-of-bounds in…
CVE-2026-52907HigJun 9, 2026
Linux
Linux kernel
risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: fix off by one bugs Change these comparisons from > vs >= to avoid accessing one element beyond the end of the arrays. While at it, use ARRAY_SIZE instead of the _MAX enum values. [fix…
CVE-2026-46330HigJun 9, 2026
Linux
Linux kernel
risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: Revert "net/smc: Introduce TCP ULP support" This reverts commit d7cd421da9da2cc7b4d25b8537f66db5c8331c40. As reported by Al Viro, the TCP ULP support for SMC is fundamentally broken. The implementation…
CVE-2026-46327HigJun 9, 2026
Linux
Linux kernel
risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: dm: fix unlocked test for dm_suspended_md The function dm_blk_report_zones tests if the device is suspended with the "dm_suspended_md" call. However, this function is called without holding any locks, so the…
CVE-2026-46324HigJun 9, 2026
Linux
Linux kernel
risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use list_del_rcu for netlink hooks nft_netdev_unregister_hooks and __nft_unregister_flowtable_net_hooks need to use list_del_rcu(), this list can be walked by concurrent dumpers. Add a…
CVE-2026-46311HigJun 8, 2026
Linux
Linux kernel
risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drm_exec to take both locks i.e vm root bo and wptr_obj bo to access the mapping data properly. This fixes the security issue of unmap the wptr_obj while…
CVE-2026-46277HigJun 8, 2026
Linux
Linux kernel
risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: mm/zone_device: do not touch device folio after calling ->folio_free() The contents of a device folio can immediately change after calling ->folio_free(), as the folio may be reallocated by a driver with a…
CVE-2026-46275HigJun 8, 2026
Linux
Linux kernel
risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths Vulnerabilities leading to Use-After-Free (UAF) and Null Pointer Dereference (NPD) conditions were observed in the lifecycle management…
CVE-2026-46274HigJun 8, 2026
Linux
Linux kernel
risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: io-wq: check that the predecessor is hashed in io_wq_remove_pending() io_wq_remove_pending() needs to fix up wq->hash_tail[] if the cancelled work was the tail of its hash bucket. When doing this, it checks…
CVE-2026-52906HigJun 9, 2026
Linux
Linux kernel
risk 0.43cvss 7.7epss 0.00
In the Linux kernel, the following vulnerability has been resolved: 9p: fix access mode flags being ORed instead of replaced Since commit 1f3e4142c0eb ("9p: convert to the new mount API"), v9fs_apply_options() applies parsed mount flags with |= onto flags already set by…
CVE-2026-46306HigJun 8, 2026
Linux
Linux kernel
risk 0.42cvss 7.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: flow_dissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression (PFC) is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE…
CVE-2026-46328HigJun 9, 2026
Linux
Linux kernel
risk 0.40cvss 7.3epss 0.00
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix rlimit for posix cpu timers Posix cpu timers requires an additional step beyond setting the rlimit. Refactor the code so its clear when what code is setting the limit and conditionally update the…
CVE-2026-46322HigJun 9, 2026
Linux
Linux kernel
risk 0.39cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: tun: free page on build_skb failure in tun_xdp_one() When build_skb() fails in tun_xdp_one(), the function sets ret to -ENOMEM and jumps to the out label, which returns without freeing the page that…
CVE-2026-46299HigJun 8, 2026
Linux
Linux kernel
risk 0.39cvss 7.0epss 0.00
In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix held lock freed on hfsplus_fill_super() hfsplus_fill_super() calls hfs_find_init() to initialize a search structure, which acquires tree->tree_lock. If the subsequent call to…