Linux Kernel vulnerabilities

CVE-2026-45855 [MEDIUM] CWE-821 kernel: ata: libata-scsi: avoid Non-NCQ command starvation kernel: ata: libata-scsi: avoid Non-NCQ command starvation A flaw was found in the Linux kernel's libata-scsi component. This vulnerability allows for a denial of service (DoS) where non-Native Command Queuing (NCQ) commands can experience significant delays or complete starvation. This occurs when non-NCQ commands are issued while NCQ commands are actively being processed, particularly in systems utilizi

CVE-2026-46022 [MEDIUM] CWE-1285 kernel: misc: ibmasm: fix OOB MMIO read in ibmasm_handle_mouse_interrupt() kernel: misc: ibmasm: fix OOB MMIO read in ibmasm_handle_mouse_interrupt() A flaw was found in the Linux kernel's `ibmasm` module. A compromised service processor can exploit this by manipulating specific hardware registers, causing the system to read data from an unintended memory location. This out-of-bounds read can lead to a system crash, resulting in a Denial of Service (DoS). Packa

CVE-2026-45840 [MEDIUM] CWE-131 kernel: openvswitch: cap upcall PID array size and pre-size vport replies kernel: openvswitch: cap upcall PID array size and pre-size vport replies A flaw was found in the Linux kernel's Open vSwitch component. A local attacker, with administrative network capabilities, could exploit this by providing an overly large Process ID (PID) array. This action triggers a buffer overflow within the network link (netlink) reply mechanism, leading to a kernel panic. The con

CVE-2026-46084 [MEDIUM] CWE-459 kernel: RDMA/mana_ib: Disable RX steering on RSS QP destroy kernel: RDMA/mana_ib: Disable RX steering on RSS QP destroy A flaw was found in the Linux kernel's RDMA (Remote Direct Memory Access) mana_ib driver. When a Receive Side Scaling Queue Pair (RSS QP) is destroyed, the vPort RX (receive) steering in the firmware is not properly disabled, leaving stale steering configurations. This can lead to receive completions being misdirected to transmit completion queu

CVE-2026-45951 [MEDIUM] CWE-911 kernel: bpf: Fix a potential use-after-free of BTF object kernel: bpf: Fix a potential use-after-free of BTF object A flaw was found in the Linux kernel, specifically within its BPF (Berkeley Packet Filter) subsystem. This vulnerability, a use-after-free, arises from incorrect reference counting in the `check_pseudo_btf_id()` function. It allows a local attacker to potentially corrupt memory, which could lead to privilege escalation or a system crash (denial of s

CVE-2026-46094 [MEDIUM] CWE-125 kernel: ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access kernel: ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access A flaw was found in the Linux kernel's ext4 filesystem, specifically in the `check_xattrs()` function. A local attacker could exploit a bounds check error, allowing an out-of-bounds read when processing extended attributes (xattrs). This could lead to memory corruption, potentially causing a denial of se

CVE-2026-45912 [MEDIUM] CWE-372 kernel: ext4: don't cache extent during splitting extent kernel: ext4: don't cache extent during splitting extent A flaw was found in the Linux kernel's ext4 filesystem. During certain file operations, specifically when splitting data extents, an issue with caching can lead to incorrect tracking of disk space. This can result in errors in space accounting, potentially impacting data integrity and the overall stability of the filesystem. Package: kernel (Red Hat

CVE-2026-46035 [MEDIUM] CWE-413 kernel: mm/page_alloc: return NULL early from alloc_frozen_pages_nolock() in NMI on UP kernel: mm/page_alloc: return NULL early from alloc_frozen_pages_nolock() in NMI on UP A flaw was found in the Linux kernel's memory management subsystem. On uniprocessor (UP) kernels, a Non-Maskable Interrupt (NMI) can cause the `alloc_frozen_pages_nolock()` function to re-enter `rmqueue()` and acquire a zone lock that is already held by an interrupted process. This can lead t

CVE-2026-46082 [MEDIUM] CWE-390 kernel: KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0 kernel: KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0 A flaw was found in the Linux kernel's virtualization component, known as KVM. This vulnerability arises when a specific instruction, INVLPGA, is used in a virtualized environment without the proper security setting (EFER.SVME). The system fails to trigger an expected error, which could allow a local attacker to bypass security controls or disrupt the s

CVE-2026-45841 [MEDIUM] CWE-369 kernel: netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO kernel: netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO A flaw was found in the Linux kernel's netfilter component. A local attacker with CAP_NET_ADMIN capabilities, which grants certain network administration privileges, could trigger a divide-by-zero error by adding a specially crafted fingerprint via nfnetlink. This vulnerability could lead to a kernel panic, effectively caus

CVE-2026-46102 [MEDIUM] CWE-772 kernel: net: strparser: fix skb_head leak in strp_abort_strp() kernel: net: strparser: fix skb_head leak in strp_abort_strp() A flaw was found in the Linux kernel's network stream parser. This vulnerability occurs when the stream parser is unexpectedly stopped, such as during a message assembly timeout. A partially processed network message is not properly released from memory, leading to a memory leak. An attacker could repeatedly trigger this issue, causing the

CVE-2025-71305 [MEDIUM] CWE-1335 kernel: drm/display/dp_mst: Add protection against 0 vcpi kernel: drm/display/dp_mst: Add protection against 0 vcpi A flaw was found in the Linux kernel's DisplayPort Multi-Stream Transport (MST) subsystem. When a DisplayPort 2.1 monitor is disconnected, a timing issue can cause the Virtual Channel Packet Interval (VCPI) value to become zero. Subsequent operations attempting to use this zero value in a bit shift can lead to a "shift-out-of-bounds" error, potenti

CVE-2026-45983 [MEDIUM] CWE-772 kernel: nfsd: never defer requests during idmap lookup kernel: nfsd: never defer requests during idmap lookup A flaw was found in the Linux kernel's Network File System version 4 (NFSv4) daemon (nfsd). When processing NFSv4 requests, delayed responses from idmap lookups can cause requests to be dropped. This issue prevents the session slot from being properly cleared, leading to subsequent client requests failing with an NFSERR_JUKEBOX error. A remote attacker co

CVE-2026-46027 [MEDIUM] CWE-366 kernel: net/smc: avoid early lgr access in smc_clc_wait_msg kernel: net/smc: avoid early lgr access in smc_clc_wait_msg A flaw was found in the Linux kernel's `net/smc` component. A remote attacker could exploit this by sending a Connection Less Connection (CLC) decline message during an early handshake stage. This causes the system to attempt to update link-group level synchronization state before it is properly initialized. This could lead to incorrect state ma

CVE-2026-45973 [MEDIUM] CWE-833 kernel: RDMA/mlx5: Fix UMR hang in LAG error state unload kernel: RDMA/mlx5: Fix UMR hang in LAG error state unload A flaw was found in the Linux kernel's RDMA/mlx5 driver. A race condition during firmware reset in Link Aggregation Group (LAG) mode can cause the driver to hang indefinitely while waiting for Unregister Memory Region (UMR) completion during device unload. This can lead to a denial of service, making the affected system unresponsive. Package: kerne

CVE-2026-45910 [MEDIUM] CWE-911 kernel: RDMA/rxe: Fix race condition in QP timer handlers kernel: RDMA/rxe: Fix race condition in QP timer handlers A flaw was found in the Linux kernel's Remote Direct Memory Access (RDMA) RXE component. A race condition exists between the `retransmit_timer()` and `rxe_destroy_qp` functions. This can cause a Queue Pair (QP) reference count to underflow, leading to a use-after-free vulnerability. A local attacker could potentially leverage this to cause a denial

CVE-2026-45945 [MEDIUM] CWE-366 kernel: iommu/vt-d: Fix race condition during PASID entry replacement kernel: iommu/vt-d: Fix race condition during PASID entry replacement A flaw was found in the Linux kernel's Intel VT-d (Virtualization Technology for Directed I/O) implementation. A race condition occurs during the replacement of an active PASID (Process Address Space ID) entry. This can lead to the IOMMU (Input/Output Memory Management Unit) hardware reading an inconsistent state, resulting i

CVE-2026-46015 [MEDIUM] CWE-821 kernel: tcp: call sk_data_ready() after listener migration kernel: tcp: call sk_data_ready() after listener migration A flaw was found in the Linux kernel's TCP networking subsystem. When an established network connection is migrated between listener sockets within the same SO_REUSEPORT group, applications waiting for new connections may not be properly notified. This can cause poll(), epoll_wait(), and blocking accept() calls to remain unresponsive indefinitely,

CVE-2026-46079 [MEDIUM] CWE-763 kernel: rbd: fix null-ptr-deref when device_add_disk() fails kernel: rbd: fix null-ptr-deref when device_add_disk() fails A flaw was found in the Linux kernel's Rados Block Device (rbd) module. When adding a new block device, a double teardown of resources can occur if the disk addition process fails. This can lead to a null-pointer dereference during cleanup operations, allowing a local attacker to cause a system crash, resulting in a Denial of Service (DoS). P

CVE-2026-46010 [MEDIUM] CWE-253 kernel: rxrpc: Fix error handling in rxgk_extract_token() kernel: rxrpc: Fix error handling in rxgk_extract_token() A flaw was found in the Linux kernel's rxrpc component. Missing error handling in the rxgk_extract_token() function, specifically when rxgk_decrypt_skb() returns an out-of-memory error (-ENOMEM), could lead to an unexpected system abort. This vulnerability could allow a local attacker to cause a Denial of Service (DoS) by triggering this specific er