Linux Kernel vulnerabilities

CVE-2026-45892 [MEDIUM] CWE-367 kernel: ext4: drop extent cache after doing PARTIAL_VALID1 zeroout kernel: ext4: drop extent cache after doing PARTIAL_VALID1 zeroout A flaw was found in the Linux kernel's ext4 filesystem. This vulnerability occurs during certain buffered write operations when splitting unwritten data blocks, known as extents. A logic error can lead to an inconsistency where the filesystem's internal record of data blocks (the extent status tree) incorrectly marks an extent as u

CVE-2026-45944 [MEDIUM] CWE-367 kernel: iommu/vt-d: Clear Present bit before tearing down context entry kernel: iommu/vt-d: Clear Present bit before tearing down context entry A flaw was found in the Linux kernel's IOMMU (Input/Output Memory Management Unit) VT-d (Virtualization Technology for Directed I/O) component. When a context entry is being torn down, the 'Present' bit might not be cleared before other parts of the entry are zeroed. This can lead to the hardware reading an inconsistent s

CVE-2026-46066 [MEDIUM] CWE-193 kernel: ceph: fix num_ops off-by-one when crypto allocation fails kernel: ceph: fix num_ops off-by-one when crypto allocation fails A flaw was found in the Linux kernel's Ceph filesystem. When writing to encrypted CephFS files, a failure to allocate a bounce buffer for a dirty folio can lead to an off-by-one error in the `num_ops` counter. This inconsistency can cause a kernel panic, resulting in a Denial of Service (DoS) for the system. A local user can trigger

CVE-2026-46037 [MEDIUM] CWE-1285 kernel: ipv4: icmp: validate reply type before using icmp_pointers kernel: ipv4: icmp: validate reply type before using icmp_pointers A flaw was found in the Linux kernel, specifically within its IPv4 Internet Control Message Protocol (ICMP) component. This vulnerability occurs because the system does not properly check the type of ICMP replies before attempting to process them. An attacker could potentially exploit this by sending specially crafted extended ech

CVE-2026-46000 [MEDIUM] CWE-319 kernel: rxrpc: Fix conn-level packet handling to unshare RESPONSE packets kernel: rxrpc: Fix conn-level packet handling to unshare RESPONSE packets A flaw was found in the Linux kernel's rxrpc component. Security operations that decrypt RESPONSE packets in place may share the socket buffer (`sk_buff`) with a packet sniffer. This could allow a local attacker or an attacker with network access to intercept and view decrypted portions of these packets, leading to in

CVE-2026-46023 [MEDIUM] CWE-190 kernel: dm mirror: fix integer overflow in create_dirty_log() kernel: dm mirror: fix integer overflow in create_dirty_log() A flaw was found in the Linux kernel's device mapper (dm mirror) component. A local user could exploit an integer overflow vulnerability in the create_dirty_log() function by providing a specially crafted device mapper table string. This could lead to out-of-bounds reads, potentially causing system instability or information disclosure. Pac

CVE-2026-45856 [MEDIUM] CWE-1284 kernel: RDMA/uverbs: Validate wqe_size before using it in ib_uverbs_post_send kernel: RDMA/uverbs: Validate wqe_size before using it in ib_uverbs_post_send A flaw was found in the Linux kernel's Remote Direct Memory Access (RDMA) subsystem, specifically within the `ib_uverbs_post_send` function. A local user can exploit this vulnerability by providing an invalid work queue element size (`wqe_size`) from userspace without proper validation. This can lead to an ou

CVE-2026-45988 [MEDIUM] CWE-372 kernel: rxrpc: Fix re-decryption of RESPONSE packets kernel: rxrpc: Fix re-decryption of RESPONSE packets A flaw was found in the Linux kernel's rxrpc subsystem. When an rxrpc RESPONSE packet experiences a temporary processing failure, it may enter a partially decrypted state and be re-queued for another attempt. This incorrect handling of partially decrypted packets could lead to communication disruptions or resource exhaustion within the rxrpc subsystem, potent

CVE-2026-45860 [MEDIUM] CWE-770 kernel: netfilter: nf_conncount: increase the connection clean up limit to 64 kernel: netfilter: nf_conncount: increase the connection clean up limit to 64 A flaw was found in the Linux kernel's netfilter connection counting (nf_conncount) feature. This vulnerability occurs when the system tracks more than eight new connections per jiffy, causing the connection list to not be cleaned up efficiently. A remote attacker could exploit this by rapidly establishing con

CVE-2026-45999 [MEDIUM] CWE-191 kernel: erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap() kernel: erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap() A flaw was found in the Linux kernel's EROFS (Enhanced Read-Only File System) component. A local user could provide a specially crafted EROFS image that triggers an unsigned underflow in the `z_erofs_lz4_handle_overlap()` function during LZ4 inplace decompression. This vulnerability allows the system to read past the `decompr

CVE-2026-46065 [MEDIUM] CWE-825 kernel: fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info kernel: fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info A flaw was found in the Linux kernel's framebuffer device (fbdev) deferred I/O (defio) mechanism. A local user with an active mapping of graphics memory could trigger a device hot-unplug, leading to the system accessing undefined memory. This can result in system instability or a crash, causing a Denia

CVE-2026-46012 [MEDIUM] CWE-772 kernel: rxrpc: Fix memory leaks in rxkad_verify_response() kernel: rxrpc: Fix memory leaks in rxkad_verify_response() A flaw was found in the Linux kernel's `rxrpc` subsystem. The `rxkad_verify_response()` function, which handles verification of responses, did not consistently release allocated memory. This oversight could lead to a memory leak, potentially causing system instability and a denial of service (DoS) over time due to resource exhaustion. Package: ke

CVE-2026-45964 [LOW] CWE-911 kernel: SUNRPC: fix gss_auth kref leak in gss_alloc_msg error path kernel: SUNRPC: fix gss_auth kref leak in gss_alloc_msg error path A flaw was found in the Linux kernel's SUNRPC (Sun Remote Procedure Call) gss_auth module. An issue in the error handling path for `gss_alloc_msg` could lead to a kernel reference count (kref) leak. This occurs when a memory allocation fails, preventing the proper release of the `gss_auth` structure. A local attacker could potentially

CVE-2026-46049 [LOW] CWE-1095 kernel: ALSA: ctxfi: Add fallback to default RSR for S/PDIF kernel: ALSA: ctxfi: Add fallback to default RSR for S/PDIF A flaw was found in the ALSA (Advanced Linux Sound Architecture) ctxfi driver in the Linux kernel. When processing S/PDIF (Sony/Philips Digital Interface Format) passthrough playback at 32000 Hz, a missing update to the `pll_rate` can cause an infinite loop. This can lead to a denial of service (DoS) for a local user. Package: kernel (Red Hat Ent

CVE-2026-45913 [LOW] CWE-911 kernel: net: bridge: mcast: always update mdb_n_entries for vlan contexts kernel: net: bridge: mcast: always update mdb_n_entries for vlan contexts A flaw was found in the Linux kernel's bridge multicast module. This vulnerability arises from an inconsistency in how the system tracks multicast database entries (mdb_n_entries) for virtual local area network (VLAN) contexts. A local user with network configuration privileges could exploit this by performing specific o

CVE-2026-46059 [LOW] CWE-841 kernel: KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN kernel: KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN A flaw was found in the Linux kernel's KVM (Kernel-based Virtual Machine) nSVM module. This vulnerability occurs when running nested virtual machines (L2 guests) with NRIPS (Next Instruction Pointer Suppression) disabled. After an L2 guest's initial run, the `NextRIP` value in `vmcb02` may not be correctly upda

CVE-2026-45992 [LOW] CWE-772 kernel: ALSA: caiaq: Fix potentially leftover ep1_in_urb at error path kernel: ALSA: caiaq: Fix potentially leftover ep1_in_urb at error path A flaw was found in the ALSA caiaq driver in the Linux kernel. This vulnerability occurs due to a potential leftover `ep1_in_urb` in the error path of `setup_card()`. An attacker could potentially exploit this to cause a resource leak, which may lead to a denial of service. Package: kernel (Red Hat Enterprise Linux 10) - Not

CVE-2026-45963 [LOW] CWE-364 kernel: ASoC: nau8821: Cancel delayed work on component remove kernel: ASoC: nau8821: Cancel delayed work on component remove A flaw was found in the Linux kernel's ASoC nau8821 driver. This vulnerability occurs when the driver is unloaded, and a pending jack detection work (`jdet_work`) is not properly cancelled or allowed to complete. An attacker could exploit this by triggering the driver unload under specific conditions, leading to a kernel crash and a Denial of

CVE-2026-46060 [LOW] CWE-459 kernel: crypto: qat - fix IRQ cleanup on 6xxx probe failure kernel: crypto: qat - fix IRQ cleanup on 6xxx probe failure A flaw was found in the Linux kernel's crypto: qat driver. This vulnerability occurs when the driver fails during device initialization, leading to Interrupt Request (IRQ) handlers not being properly detached before their associated resources are released. This improper cleanup can result in resource leakage, which may cause system warnings and pot

CVE-2026-45851 [LOW] CWE-131 kernel: efi: Fix reservation of unaccepted memory table kernel: efi: Fix reservation of unaccepted memory table A flaw was found in the Linux kernel's Extensible Firmware Interface (EFI) subsystem. An error in memory reservation for the unaccepted memory table can occur if its starting address is not page-aligned. This vulnerability could lead to the memory table being overwritten or inaccessible, resulting in a kernel panic and system instability. This issue primar