Linux Kernel

CVEs (22)

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2026-45945	Linux Linux Kernel	Hig	0.50	8.8	May 27, 2026	In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix race condition during PASID entry replacement The Intel VT-d PASID table entry is 512 bits (64 bytes). When replacing an active PASID entry (e.g., during domain replacement), the current…
CVE-2026-45984	Linux Linux Kernel	Hig	0.44	7.8	May 27, 2026	In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in iomap inline data write path The inline data buffer head (dibh) is being released prematurely in gfs2_iomap_begin() via release_metapath() while iomap->inline_data still points to…
CVE-2026-45980	Linux Linux Kernel	Hig	0.44	7.8	May 27, 2026	In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Stop job scheduling across aie2_release_resource() Running jobs on a hardware context while it is in the process of releasing resources can lead to use-after-free and crashes. Fix this by…
CVE-2026-45970	Linux Linux Kernel	Hig	0.44	7.8	May 27, 2026	In the Linux kernel, the following vulnerability has been resolved: bonding: alb: fix UAF in rlb_arp_recv during bond up/down The ALB RX path may access rx_hashtbl concurrently with bond teardown. During rapid bond up/down cycles, rlb_deinitialize() frees rx_hashtbl while RX…
CVE-2026-45959	Linux Linux Kernel	Hig	0.44	7.8	May 27, 2026	In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree Annotating a local pointer variable, which will be assigned with the kmalloc-family functions, with the `__cleanup(kfree)` attribute will make…
CVE-2026-45951	Linux Linux Kernel	Hig	0.44	7.8	May 27, 2026	In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free of BTF object Refcounting in the check_pseudo_btf_id() function is incorrect: the __check_pseudo_btf_id() function might get called with a zero refcounted btf. Fix this, and…
CVE-2026-45957	Linux Linux Kernel	Hig	0.39	7.1	May 27, 2026	In the Linux kernel, the following vulnerability has been resolved: rcu: Fix rcu_read_unlock() deadloop due to softirq Commit 5f5fa7ea89dc ("rcu: Don't use negative nesting depth in __rcu_read_unlock()") removes the recursion-protection code from __rcu_read_unlock().…
CVE-2026-45955	Linux Linux Kernel	Hig	0.39	7.1	May 27, 2026	In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: fix percpu_ref not resurrected on suspend timeout When llbitmap_suspend_timeout() times out waiting for percpu_ref to become zero, it returns -ETIMEDOUT without resurrecting the percpu_ref. The…
CVE-2026-45983	Linux Linux Kernel	Med	0.29	5.5	May 27, 2026	In the Linux kernel, the following vulnerability has been resolved: nfsd: never defer requests during idmap lookup During v4 request compound arg decoding, some ops (e.g. SETATTR) can trigger idmap lookup upcalls. When those upcall responses get delayed beyond the allowed time…
CVE-2026-45982	Linux Linux Kernel	Med	0.29	5.5	May 27, 2026	In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch() Cover a missed execution path with a new check.
CVE-2026-45981	Linux Linux Kernel	Med	0.29	5.5	May 27, 2026	In the Linux kernel, the following vulnerability has been resolved: s390/cio: Fix device lifecycle handling in css_alloc_subchannel() `css_alloc_subchannel()` calls `device_initialize()` before setting up the DMA masks. If `dma_set_coherent_mask()` or `dma_set_mask()` fails,…
CVE-2026-45978	Linux Linux Kernel	Med	0.29	5.5	May 27, 2026	In the Linux kernel, the following vulnerability has been resolved: staging: greybus: lights: avoid NULL deref gb_lights_light_config() stores channel_count before allocating the channels array. If kcalloc() fails, gb_lights_release() iterates the non-zero count and…
CVE-2026-45977	Linux fbnic	Med	0.29	5.5	May 27, 2026	In the Linux kernel, the following vulnerability has been resolved: fbnic: close fw_log race between users and teardown Fixes a theoretical race on fw_log between the teardown path and fw_log write functions. fw_log is written inside fbnic_fw_log_write() and can be reached…
CVE-2026-45969	Linux Linux Kernel	Med	0.29	5.5	May 27, 2026	In the Linux kernel, the following vulnerability has been resolved: HID: playstation: Add missing check for input_ff_create_memless The ps_gamepad_create() function calls input_ff_create_memless() without verifying its return value, which can lead to incorrect behavior or…
CVE-2026-45967	Linux Linux Kernel	Med	0.29	5.5	May 27, 2026	In the Linux kernel, the following vulnerability has been resolved: bpf: Return proper address for non-zero offsets in insn array The map_direct_value_addr() function of the instruction array map incorrectly adds offset to the resulting address. This is a bug, because later…
CVE-2026-45965	Linux Linux Kernel	Med	0.29	5.5	May 27, 2026	In the Linux kernel, the following vulnerability has been resolved: apparmor: fix invalid deref of rawdata when export_binary is unset If the export_binary parameter is disabled on runtime, profiles that were loaded before that will still have their rawdata stored in…
CVE-2026-45964	Linux Linux Kernel	Med	0.29	5.5	May 27, 2026	In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix gss_auth kref leak in gss_alloc_msg error path Commit 5940d1cf9f42 ("SUNRPC: Rebalance a kref in auth_gss.c") added a kref_get(&gss_auth->kref) call to balance the gss_put_auth() done in…
CVE-2026-45962	Linux Linux Kernel	Med	0.29	5.5	May 27, 2026	In the Linux kernel, the following vulnerability has been resolved: ublk: Validate SQE128 flag before accessing the cmd ublk_ctrl_cmd_dump() accesses (header *)sqe->cmd before IO_URING_F_SQE128 flag check. This could cause out of boundary memory access. Move the SQE128 flag…
CVE-2026-45961	Linux Linux Kernel	Med	0.29	5.5	May 27, 2026	In the Linux kernel, the following vulnerability has been resolved: gfs2: fix memory leaks in gfs2_fill_super error path Fix two memory leaks in the gfs2_fill_super() error handling path when transitioning a filesystem to read-write mode fails. First leak: kthread objects…
CVE-2026-45953	Linux Linux Kernel	Med	0.29	5.5	May 27, 2026	In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix IO hang with degraded array with llbitmap When llbitmap bit state is still unwritten, any new write should force rcw, as bitmap_ops->blocks_synced() is checked in handle_stripe_dirtying().…

CVE-2026-45945HigMay 27, 2026
Linux
Linux Kernel
risk 0.50cvss 8.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix race condition during PASID entry replacement The Intel VT-d PASID table entry is 512 bits (64 bytes). When replacing an active PASID entry (e.g., during domain replacement), the current…
CVE-2026-45984HigMay 27, 2026
Linux
Linux Kernel
risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in iomap inline data write path The inline data buffer head (dibh) is being released prematurely in gfs2_iomap_begin() via release_metapath() while iomap->inline_data still points to…
CVE-2026-45980HigMay 27, 2026
Linux
Linux Kernel
risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Stop job scheduling across aie2_release_resource() Running jobs on a hardware context while it is in the process of releasing resources can lead to use-after-free and crashes. Fix this by…
CVE-2026-45970HigMay 27, 2026
Linux
Linux Kernel
risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: bonding: alb: fix UAF in rlb_arp_recv during bond up/down The ALB RX path may access rx_hashtbl concurrently with bond teardown. During rapid bond up/down cycles, rlb_deinitialize() frees rx_hashtbl while RX…
CVE-2026-45959HigMay 27, 2026
Linux
Linux Kernel
risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree Annotating a local pointer variable, which will be assigned with the kmalloc-family functions, with the `__cleanup(kfree)` attribute will make…
CVE-2026-45951HigMay 27, 2026
Linux
Linux Kernel
risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free of BTF object Refcounting in the check_pseudo_btf_id() function is incorrect: the __check_pseudo_btf_id() function might get called with a zero refcounted btf. Fix this, and…
CVE-2026-45957HigMay 27, 2026
Linux
Linux Kernel
risk 0.39cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: rcu: Fix rcu_read_unlock() deadloop due to softirq Commit 5f5fa7ea89dc ("rcu: Don't use negative nesting depth in __rcu_read_unlock()") removes the recursion-protection code from __rcu_read_unlock().…
CVE-2026-45955HigMay 27, 2026
Linux
Linux Kernel
risk 0.39cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: fix percpu_ref not resurrected on suspend timeout When llbitmap_suspend_timeout() times out waiting for percpu_ref to become zero, it returns -ETIMEDOUT without resurrecting the percpu_ref. The…
CVE-2026-45983MedMay 27, 2026
Linux
Linux Kernel
risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: nfsd: never defer requests during idmap lookup During v4 request compound arg decoding, some ops (e.g. SETATTR) can trigger idmap lookup upcalls. When those upcall responses get delayed beyond the allowed time…
CVE-2026-45982MedMay 27, 2026
Linux
Linux Kernel
risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch() Cover a missed execution path with a new check.
CVE-2026-45981MedMay 27, 2026
Linux
Linux Kernel
risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: s390/cio: Fix device lifecycle handling in css_alloc_subchannel() `css_alloc_subchannel()` calls `device_initialize()` before setting up the DMA masks. If `dma_set_coherent_mask()` or `dma_set_mask()` fails,…
CVE-2026-45978MedMay 27, 2026
Linux
Linux Kernel
risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: staging: greybus: lights: avoid NULL deref gb_lights_light_config() stores channel_count before allocating the channels array. If kcalloc() fails, gb_lights_release() iterates the non-zero count and…
CVE-2026-45977MedMay 27, 2026
Linux
fbnic
risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: fbnic: close fw_log race between users and teardown Fixes a theoretical race on fw_log between the teardown path and fw_log write functions. fw_log is written inside fbnic_fw_log_write() and can be reached…
CVE-2026-45969MedMay 27, 2026
Linux
Linux Kernel
risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: HID: playstation: Add missing check for input_ff_create_memless The ps_gamepad_create() function calls input_ff_create_memless() without verifying its return value, which can lead to incorrect behavior or…
CVE-2026-45967MedMay 27, 2026
Linux
Linux Kernel
risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: bpf: Return proper address for non-zero offsets in insn array The map_direct_value_addr() function of the instruction array map incorrectly adds offset to the resulting address. This is a bug, because later…
CVE-2026-45965MedMay 27, 2026
Linux
Linux Kernel
risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix invalid deref of rawdata when export_binary is unset If the export_binary parameter is disabled on runtime, profiles that were loaded before that will still have their rawdata stored in…
CVE-2026-45964MedMay 27, 2026
Linux
Linux Kernel
risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix gss_auth kref leak in gss_alloc_msg error path Commit 5940d1cf9f42 ("SUNRPC: Rebalance a kref in auth_gss.c") added a kref_get(&gss_auth->kref) call to balance the gss_put_auth() done in…
CVE-2026-45962MedMay 27, 2026
Linux
Linux Kernel
risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ublk: Validate SQE128 flag before accessing the cmd ublk_ctrl_cmd_dump() accesses (header *)sqe->cmd before IO_URING_F_SQE128 flag check. This could cause out of boundary memory access. Move the SQE128 flag…
CVE-2026-45961MedMay 27, 2026
Linux
Linux Kernel
risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: gfs2: fix memory leaks in gfs2_fill_super error path Fix two memory leaks in the gfs2_fill_super() error handling path when transitioning a filesystem to read-write mode fails. First leak: kthread objects…
CVE-2026-45953MedMay 27, 2026
Linux
Linux Kernel
risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix IO hang with degraded array with llbitmap When llbitmap bit state is still unwritten, any new write should force rcw, as bitmap_ops->blocks_synced() is checked in handle_stripe_dirtying().…

Page 1 of 2