Linux Kernel vulnerabilities

CVE-2026-45991 [HIGH] CWE-787 kernel: udf: fix partition descriptor append bookkeeping kernel: udf: fix partition descriptor append bookkeeping A flaw was found in the Linux kernel's Universal Disk Format (UDF) filesystem. A remote attacker could exploit this vulnerability by tricking a user into mounting a specially crafted UDF image containing repeated partition descriptors. This could lead to a heap out-of-bounds write, potentially causing system instability, denial of service, or arbitrary

CVE-2026-46054 [HIGH] CWE-280 kernel: selinux: fix overlayfs mmap() and mprotect() access checks kernel: selinux: fix overlayfs mmap() and mprotect() access checks A flaw was found in the Linux kernel's SELinux security module when handling overlayfs. The existing security model for overlayfs does not properly enforce access controls for `mmap()` and `mprotect()` operations. This oversight could allow a local attacker to bypass intended security policies, potentially leading to unauthorized acc

CVE-2026-46053 [HIGH] CWE-763 kernel: net: rds: fix MR cleanup on copy error kernel: net: rds: fix MR cleanup on copy error A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) network protocol. When handling memory registration (MR) cleanup, specifically during the process of copying generated cookies back to user space, an error in the cleanup path could lead to resources being freed multiple times. This incorrect resource handling could result in system instability or a den

CVE-2026-46033 [HIGH] CWE-1284 kernel: crypto: authencesn - reject short ahash digests during instance creation kernel: crypto: authencesn - reject short ahash digests during instance creation A flaw was found in the Linux kernel's `authencesn` cryptographic module. This vulnerability arises from insufficient validation of cryptographic digest sizes during the creation of new instances. A local attacker could exploit this by providing a malformed input, leading to an out-of-bounds memory access

CVE-2026-45932 [HIGH] kernel: bpf: Fix tcx/netkit detach permissions when prog fd isn't given kernel: bpf: Fix tcx/netkit detach permissions when prog fd isn't given No description is available for this CVE. Package: kernel (Red Hat Enterprise Linux 10) - Affected Package: kernel (Red Hat Enterprise Linux 6) - Not affected Package: kernel (Red Hat Enterprise Linux 7) - Not affected Package: kernel-rt (Red Hat Enterprise Linux 7) - Not affected Package: kernel (Red Hat Enterprise Linux 8) -

CVE-2026-45852 [HIGH] kernel: RDMA/rxe: Fix double free in rxe_srq_from_init kernel: RDMA/rxe: Fix double free in rxe_srq_from_init A flaw was found in the Linux kernel's Remote Direct Memory Access (RDMA) subsystem, specifically within the `rxe` driver. An error in the `rxe_srq_from_init` function's memory management can lead to a double free vulnerability. This occurs when an attempt to copy data to user space fails, causing the same memory region to be freed twice. A local attacker could pot

CVE-2026-45859 [MEDIUM] CWE-367 kernel: netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation kernel: netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation A flaw was found in the Linux kernel's netfilter (nfnetlink_queue) component. This vulnerability occurs when an application does not set the F_GSO capability flag and a Generic Segmentation Offload (GSO) packet with an unconfirmed netfilter connection (nf_conn) entry is received. Due to an incorrec

CVE-2026-45958 [MEDIUM] CWE-822 kernel: drm/exynos: vidi: fix to avoid directly dereferencing user pointer kernel: drm/exynos: vidi: fix to avoid directly dereferencing user pointer A flaw was found in the Linux kernel's drm/exynos: vidi driver. A local user could exploit this vulnerability by directly dereferencing a user pointer in the vidi_connection_ioctl() function. This allows for arbitrary kernel memory access from user space, potentially leading to privilege escalation or information di

CVE-2026-45957 [MEDIUM] CWE-835 kernel: rcu: Fix rcu_read_unlock() deadloop due to softirq kernel: rcu: Fix rcu_read_unlock() deadloop due to softirq A flaw was found in the Linux kernel's Read-Copy Update (RCU) mechanism. A missing recursion protection in the `rcu_read_unlock()` function can lead to an infinite loop, known as a deadloop, when a soft interrupt (softirq) is triggered. This issue can cause the system to become unresponsive, resulting in a Denial of Service (DoS). Package: kernel

CVE-2026-45838 [MEDIUM] CWE-125 kernel: bpf: fix end-of-list detection in cgroup_storage_get_next_key() kernel: bpf: fix end-of-list detection in cgroup_storage_get_next_key() A flaw was found in the Linux kernel. Specifically, within the Berkeley Packet Filter (BPF) component, an error in the `cgroup_storage_get_next_key()` function's end-of-list detection mechanism can cause the system to read from an invalid memory location. This incorrect handling may lead to internal map fields being copie

CVE-2026-46004 [MEDIUM] CWE-825 kernel: ALSA: caiaq: Handle probe errors properly kernel: ALSA: caiaq: Handle probe errors properly A flaw was found in the Linux kernel, specifically within the ALSA caiaq driver. This vulnerability arises from improper error handling during the `setup_card()` probe procedure. When an error occurs, the system may attempt to use memory that has already been freed, leading to a Use-After-Free (UAF) condition. This could allow a local attacker to potentially cause

CVE-2026-45886 [MEDIUM] kernel: bpf: Fix bpf_xdp_store_bytes proto for read-only arg kernel: bpf: Fix bpf_xdp_store_bytes proto for read-only arg No description is available for this CVE. Package: kernel (Red Hat Enterprise Linux 10) - Affected Package: kernel (Red Hat Enterprise Linux 6) - Out of support scope Package: kernel (Red Hat Enterprise Linux 7) - Not affected Package: kernel-rt (Red Hat Enterprise Linux 7) - Not affected Package: kernel (Red Hat Enterprise Linux 8) - Not affecte

CVE-2026-45864 [MEDIUM] CWE-606 kernel: fs/ntfs3: prevent infinite loops caused by the next valid being the same kernel: fs/ntfs3: prevent infinite loops caused by the next valid being the same A flaw was found in the Linux kernel's NTFS3 file system driver. This vulnerability allows a local attacker to trigger an infinite loop when the system attempts to process specific file system data. Successful exploitation can lead to a system hang, resulting in a Denial of Service (DoS). Package: kerne

CVE-2026-45960 [MEDIUM] CWE-911 kernel: hfsplus: return error when node already exists in hfs_bnode_create kernel: hfsplus: return error when node already exists in hfs_bnode_create A flaw was found in the Linux kernel's hfsplus filesystem. When the `hfs_bnode_create()` function attempts to create a node that already exists, it returns the existing node without properly incrementing its reference count. This can occur due to filesystem corruption or when a node is incorrectly marked as availabl

CVE-2026-45861 [MEDIUM] CWE-911 kernel: gfs2: Fix slab-use-after-free in qd_put kernel: gfs2: Fix slab-use-after-free in qd_put A flaw was found in the Linux kernel's GFS2 file system. During filesystem shutdown, quota data objects were freed without being properly removed from the Least Recently Used (LRU) list. This oversight could lead to a use-after-free vulnerability, where the system attempts to access memory that has already been released. Such a condition can cause system instability, c

CVE-2026-45970 [MEDIUM] CWE-364 kernel: bonding: alb: fix UAF in rlb_arp_recv during bond up/down kernel: bonding: alb: fix UAF in rlb_arp_recv during bond up/down A flaw was found in the Linux kernel's bonding driver, specifically within the Active-Backup Load Balancing (ALB) receive path. A local attacker can trigger a Use-After-Free (UAF) vulnerability in the rlb_arp_recv function by rapidly bringing a bond interface up and down while receiving Address Resolution Protocol (ARP) messages. Thi

CVE-2026-45996 [MEDIUM] CWE-911 kernel: spi: imx: fix use-after-free on unbind kernel: spi: imx: fix use-after-free on unbind A flaw was found in the Linux kernel, specifically within the `spi: imx` driver. This vulnerability, known as a use-after-free, occurs when the system attempts to access memory that has already been released, leading to unpredictable behavior. A local attacker could potentially exploit this issue to cause the system to crash, resulting in a denial of service, or in some

CVE-2026-46045 [MEDIUM] CWE-821 kernel: md/md-llbitmap: skip reading rdevs that are not in_sync kernel: md/md-llbitmap: skip reading rdevs that are not in_sync A flaw was found in the Linux kernel, specifically within the multiple device (MD) driver's bitmap handling. This vulnerability allows the system to read outdated or incomplete data from storage devices that are not fully synchronized. This can lead to errors in tracking changes to data, which may result in data corruption during system

CVE-2026-46043 [MEDIUM] CWE-191 kernel: RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv kernel: RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv A flaw was found in the Linux kernel's RDMA/rxe component. The `rxe_rcv()` function does not adequately validate the BTH pad and ICRC fields of incoming packets before calculating the payload size. A remote attacker could exploit this by sending a specially crafted short packet or a packet with a forged BTH pad. This co

CVE-2026-45914 [MEDIUM] CWE-364 kernel: Revert "hwmon: (ibmpex) fix use-after-free in high/low store" kernel: Revert "hwmon: (ibmpex) fix use-after-free in high/low store" A flaw was found in the Linux kernel's `hwmon: ibmpex` driver. A race condition exists where a userspace process reading a sensor file can attempt to access freed memory if it races with a device deletion operation. This use-after-free vulnerability could allow a local attacker to cause a system crash, leading to a Denial of