Linux Kernel vulnerabilities

CVE-2026-45943 [MEDIUM] CWE-1288 kernel: erofs: fix inline data read failure for ztailpacking pclusters kernel: erofs: fix inline data read failure for ztailpacking pclusters A flaw was found in the Linux kernel's erofs filesystem. This issue occurs when compressed folios for ztailpacking pclusters are not validated before being added to I/O chains. An attacker could potentially trigger a NULL pointer dereference, leading to a system crash and a Denial of Service (DoS). Package: kernel (Red Ha

CVE-2026-45949 [MEDIUM] CWE-364 kernel: hwrng: core - use RCU and work_struct to fix race condition kernel: hwrng: core - use RCU and work_struct to fix race condition A flaw was found in the Linux kernel's hardware random number generator (hwrng) core. A race condition exists where concurrent or rapid calls to the `hwrng_unregister()` function can lead to a use-after-free vulnerability. This issue allows the system to attempt to access freed memory, potentially causing system instability or, i

CVE-2026-46076 [MEDIUM] CWE-475 kernel: KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1 kernel: KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1 A flaw was found in the Kernel-based Virtual Machine (KVM) nSVM module of the Linux kernel. This vulnerability occurs when an unhandled VMMCALL is not properly intercepted by the Level 1 (L1) hypervisor. A malicious Level 2 (L2) guest operating system could exploit this by making specific hypercalls, leading to an Und

CVE-2026-45959 [MEDIUM] CWE-763 kernel: crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree kernel: crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree A flaw was found in the Linux kernel's crypto: ccp module. An incorrect cleanup usage of the `kfree` function, which is used for memory deallocation, with a local pointer variable could lead to an invalid deallocation of a stack address. This issue can result in a system crash, causing a Denial of Service (DoS). Pack

CVE-2026-45903 [MEDIUM] CWE-733 kernel: bpf: Fix memory access flags in helper prototypes kernel: bpf: Fix memory access flags in helper prototypes A flaw was found in the Linux kernel's Berkeley Packet Filter (BPF) verifier. This vulnerability occurs because several BPF helper functions lack proper memory access flags, such as MEM_RDONLY or MEM_WRITE. Consequently, the verifier may incorrectly assume that buffer contents remain unchanged across helper calls, leading to incorrect optimizations.

CVE-2026-45894 [MEDIUM] CWE-367 kernel: iommu/vt-d: Clear Present bit before tearing down PASID entry kernel: iommu/vt-d: Clear Present bit before tearing down PASID entry A flaw was found in the Linux kernel's Intel VT-d (Virtualization Technology for Directed I/O) Scalable Mode. When a Process Address Space ID (PASID) table entry is being removed, the system may attempt to clear the entry before properly signaling to the hardware that the entry is no longer active. This timing issue can lead

CVE-2026-45907 [MEDIUM] CWE-833 kernel: net/mlx5e: Fix deadlocks between devlink and netdev instance locks kernel: net/mlx5e: Fix deadlocks between devlink and netdev instance locks A flaw was found in the Linux kernel's mlx5e network driver. Incorrect lock ordering between devlink and netdev instance locks can lead to deadlocks. This issue can be triggered during various work tasks related to devlink health reporter recovery or concurrent channel tear down. A local attacker or specific network

CVE-2026-46028 [MEDIUM] CWE-367 kernel: crypto: algif_aead - snapshot IV for async AEAD requests kernel: crypto: algif_aead - snapshot IV for async AEAD requests A flaw was found in the Linux kernel's `algif_aead` (Authenticated Encryption with Associated Data) subsystem. Asynchronous (async) requests for AEAD operations use a shared initialization vector (IV) buffer. This shared state can be modified by subsequent socket activity before an async request fully completes, leading to inconsistent

CVE-2026-46052 [MEDIUM] CWE-464 kernel: ceph: only d_add() negative dentries when they are unhashed kernel: ceph: only d_add() negative dentries when they are unhashed A flaw was found in the Linux kernel's Ceph filesystem. A local user or process interacting with the Ceph filesystem could trigger a dcache hash corruption when a negative dentry is incorrectly re-added to the dcache hash while it is already present. This can cause the system to experience an RCU stall, leading to a system hang a

CVE-2026-46039 [MEDIUM] CWE-190 kernel: rxgk: Fix potential integer overflow in length check kernel: rxgk: Fix potential integer overflow in length check A flaw was found in the Linux kernel. A potential integer overflow in the `rxgk_extract_token()` function, specifically during the length check of a ticket, could occur. This issue arises from rounding up the value to be tested, which might lead to an overflow. This could potentially result in unpredictable system behavior or a denial of servi

CVE-2026-46070 [MEDIUM] CWE-1284 kernel: md/raid5: validate payload size before accessing journal metadata kernel: md/raid5: validate payload size before accessing journal metadata A flaw was found in the Linux kernel's md/raid5 component. This vulnerability arises from insufficient validation of payload sizes within journal metadata blocks. A local attacker can exploit this by providing a corrupted journal, leading to out-of-bounds reads when the system processes payload fields or computes off

CVE-2026-45857 [MEDIUM] CWE-476 kernel: scsi: csiostor: Fix dereference of null pointer rn kernel: scsi: csiostor: Fix dereference of null pointer rn A flaw was found in the Linux kernel's `scsi: csiostor` module. This null pointer dereference vulnerability occurs in an error handling path. A local attacker could exploit this to cause a system crash, leading to a Denial of Service (DoS). Statement: This Moderate-impact null pointer dereference flaw in the Linux kernel's `csiostor` module could

CVE-2026-46093 [MEDIUM] CWE-414 kernel: mm/vmalloc: take vmap_purge_lock in shrinker kernel: mm/vmalloc: take vmap_purge_lock in shrinker A flaw was found in the Linux kernel's memory management (vmalloc subsystem). The `decay_va_pool_node()` function, when invoked concurrently from the shrinker path, lacks proper serialization. This oversight can lead to race conditions, potentially resulting in memory leaks and affecting system stability. Package: kernel (Red Hat Enterprise Linux 10) - Fix d

CVE-2026-45845 [MEDIUM] CWE-476 kernel: net/sched: taprio: fix NULL pointer dereference in class dump kernel: net/sched: taprio: fix NULL pointer dereference in class dump A flaw was found in the Linux kernel's TAPRIO (Traffic Policing and Rate Limiting I/O) qdisc. An unprivileged local user, with namespace-scoped CAP_NET_ADMIN capabilities, can trigger a kernel null pointer dereference. This occurs by creating a TAPRIO qdisc in a new network namespace, grafting and then deleting a child qdisc,

CVE-2026-46032 [MEDIUM] CWE-248 kernel: KVM: nSVM: Triple fault if restore host CR3 fails on nested #VMEXIT kernel: KVM: nSVM: Triple fault if restore host CR3 fails on nested #VMEXIT A flaw was found in the Linux kernel's Kernel-based Virtual Machine (KVM) nSVM module. When a nested virtual machine exit (#VMEXIT) occurs, if the restoration of the host's Control Register 3 (CR3) fails, the system continues to operate with a corrupted state. This can lead to an unrecoverable error, resulting in

CVE-2026-45934 [MEDIUM] CWE-1285 kernel: btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation kernel: btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation A flaw was found in the Linux kernel's btrfs filesystem. This issue occurs due to non-consecutive gaps in chunk allocation, leading to overlapping chunk maps. A local attacker could exploit this by triggering specific chunk allocation scenarios, potentially causing filesystem operations to abort and resul

CVE-2026-46021 [MEDIUM] CWE-825 kernel: thermal: core: Fix thermal zone governor cleanup issues kernel: thermal: core: Fix thermal zone governor cleanup issues A flaw was found in the Linux kernel's thermal management subsystem. This vulnerability can lead to a memory leak if a thermal governor is not correctly cleaned up during device registration failures. More critically, a race condition during thermal zone unregistration, where a governor update might conflict with the unregistration proce

CVE-2026-46050 [MEDIUM] CWE-191 kernel: md/raid10: fix deadlock with check operation and nowait requests kernel: md/raid10: fix deadlock with check operation and nowait requests A flaw was found in the Linux kernel's md/raid10 component. A local user performing a check operation while an application is doing nowait I/O (Input/Output) on the same array can trigger a deadlock. This occurs because the `nr_pending` value underflows, causing the md resync thread to become stuck. This can lead to a D

CVE-2026-45899 [MEDIUM] CWE-459 kernel: ext4: drop extent cache when splitting extent fails kernel: ext4: drop extent cache when splitting extent fails A flaw was found in the Linux kernel, specifically within the ext4 filesystem's extent cache management. When an operation to split an extent fails, the system may not properly clear all related entries, leading to stale extent entries remaining in the extent status tree. This can result in data integrity issues or potential system instability.

CVE-2026-45981 [MEDIUM] CWE-911 CVE-2026-45981: A flaw was found in the Linux kernel, specifically within the s390/cio component A flaw was found in the Linux kernel, specifically within the s390/cio component. This vulnerability stems from incorrect device lifecycle management during subchannel allocation. This could allow an attacker to trigger use-after-free or double-free conditions, potentially leading to system instability or a denial of service (DoS), which disrupts normal operations. Pa