Linux Kernel vulnerabilities

CVE-2026-45933 [LOW] CWE-911 kernel: bpf: Preserve id of register in sync_linked_regs() kernel: bpf: Preserve id of register in sync_linked_regs() A flaw was found in the Linux kernel's BPF (Berkeley Packet Filter) verifier. The `sync_linked_regs()` function fails to preserve the register ID during bounds propagation, which can lead to incorrect register state. This issue may allow a local attacker to trigger a 'division by zero' error, resulting in a denial of service. Package: kernel (Red Ha

CVE-2026-45876 [LOW] CWE-390 kernel: arm64/gcs: Fix error handling in arch_set_shadow_stack_status() kernel: arm64/gcs: Fix error handling in arch_set_shadow_stack_status() A flaw was found in the Linux kernel. Improper error handling in the `arch_set_shadow_stack_status()` function, specifically related to `alloc_gcs()`, could lead to the use of an invalid Global Context Structure (GCS) address. This issue may allow a local attacker to cause system instability or a denial of service. Package:

CVE-2026-45870 [LOW] CWE-772 kernel: SUNRPC: auth_gss: fix memory leaks in XDR decoding error paths kernel: SUNRPC: auth_gss: fix memory leaks in XDR decoding error paths A flaw was found in the Linux kernel's SUNRPC (Sun Remote Procedure Call) authentication GSS (Generic Security Service) module. This vulnerability occurs due to memory leaks in the XDR (eXternal Data Representation) decoding error paths within functions like gssx_dec_ctx(), gssx_dec_status(), and gssx_dec_name(). When these fu

CVE-2026-45911 [LOW] CWE-824 kernel: usb: cdns3: fix role switching during resume kernel: usb: cdns3: fix role switching during resume A flaw was found in the Linux kernel's Cadence Design Systems USB3 (cdns3) driver. During system resume, if the USB role is switched to host mode, the driver attempts to access an uninitialized device, leading to a NULL pointer dereference. This can be exploited by a local user to cause a system crash, resulting in a Denial of Service (DoS). Package: kernel (Re

CVE-2026-45915 [LOW] CWE-191 kernel: fat: avoid parent link count underflow in rmdir kernel: fat: avoid parent link count underflow in rmdir A flaw was found in the Linux kernel's handling of FAT (File Allocation Table) filesystems. When processing corrupted FAT images, the `rmdir` function can incorrectly decrement the parent directory's link count. This underflow can lead to a system instability or a denial of service (DoS) by triggering a kernel warning (`WARN_ON`) in the `drop_nlink()` func

CVE-2026-45905 [LOW] CWE-367 kernel: xfrm: fix ip_rt_bug race in icmp_route_lookup reverse path kernel: xfrm: fix ip_rt_bug race in icmp_route_lookup reverse path A flaw was found in the Linux kernel's networking subsystem, specifically within the xfrm (IPsec) component. A race condition can occur during the processing of Internet Control Message Protocol (ICMP) error messages. This vulnerability allows a local attacker to trigger a kernel warning, which could lead to a system crash and result

CVE-2026-45904 [LOW] CWE-833 kernel: powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling kernel: powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling A flaw was found in the Linux kernel's PowerPC Enhanced Error Handling (EEH) driver. This issue involves a recursive locking mechanism where the system attempts to acquire a Peripheral Component Interconnect (PCI) bus lock multiple times. This can lead to a system deadlock, causing unresponsiv

CVE-2026-45948 [LOW] CWE-772 kernel: ext4: fix memory leak in ext4_ext_shift_extents() kernel: ext4: fix memory leak in ext4_ext_shift_extents() A flaw was found in the Linux kernel's ext4 filesystem. This vulnerability occurs in the `ext4_ext_shift_extents()` function, where a memory leak can happen if the function returns prematurely without releasing a previously obtained path. A local attacker could potentially exploit this to cause a denial of service due to resource exhaustion. Package:

CVE-2026-45925 [LOW] CWE-772 kernel: thermal/of: Fix reference leak in thermal_of_cm_lookup() kernel: thermal/of: Fix reference leak in thermal_of_cm_lookup() A flaw was found in the Linux kernel's thermal management module. A reference leak occurs in the `thermal_of_cm_lookup()` function because a device node (`tr_np`) obtained through `of_parse_phandle()` is not properly released. This issue can lead to resource exhaustion over time, potentially impacting system stability and availability. P

CVE-2026-46040 [LOW] CWE-911 kernel: inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails kernel: inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails A flaw was found in the Linux kernel's inotify subsystem. When the fsnotify_add_inode_mark_locked() function fails during the creation of a new watch, the system does not properly decrement the watch count. This oversight can lead to a watch count leak, where repeated failures exhaust the maximum user wat

CVE-2026-45923 [LOW] CWE-1287 kernel: net: usb: catc: enable basic endpoint checking kernel: net: usb: catc: enable basic endpoint checking A flaw was found in the Linux kernel's `net: usb: catc` driver. A malformed Universal Serial Bus (USB) device can present endpoint descriptors with transfer types that differ from what the driver expects. This can lead to the driver attempting to use incorrect endpoint types, potentially causing unexpected behavior or resource exhaustion within the kernel.

CVE-2026-46046 [LOW] CWE-911 kernel: ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all() kernel: ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all() A flaw was found in the Linux kernel's ext4 filesystem. A reference count (refcount) leak occurs in the `ext4_xattr_inode_dec_ref_all()` function. This issue arises because the `iloc.bh` buffer head, acquired by `ext4_get_inode_loc()`, is not properly released with `brelse()`. This can lead to resource exhaustion or system instabi

CVE-2026-45968 [LOW] CWE-788 kernel: cpuidle: Skip governor when only one idle state is available kernel: cpuidle: Skip governor when only one idle state is available A flaw was found in the Linux kernel's cpuidle subsystem. On certain PowerNV systems, when only a single idle state is available, the cpuidle ladder governor may incorrectly treat state 1 as usable. This can lead to an out-of-bounds index being passed, causing a NULL enter callback to be invoked and ultimately resulting in a syste

CVE-2026-45953 [LOW] CWE-835 kernel: md/raid5: fix IO hang with degraded array with llbitmap kernel: md/raid5: fix IO hang with degraded array with llbitmap A flaw was found in the Linux kernel's RAID5 module. When a low-level bitmap (llbitmap) bit state is unwritten in a degraded array, a missing check during write operations can cause the system to enter an infinite loop. This can lead to an I/O hang, effectively resulting in a Denial of Service (DoS) for the affected system. Package: kernel

CVE-2026-46083 [LOW] CWE-772 kernel: spi: fix resource leaks on device setup failure kernel: spi: fix resource leaks on device setup failure A flaw was found in the Linux kernel. This vulnerability occurs when the `spi_setup()` function fails during the registration of a device, leading to improper cleanup and subsequent resource leaks. This can result in a denial of service (DoS) due to the exhaustion of system resources. Package: kernel (Red Hat Enterprise Linux 10) - Fix deferred Package:

CVE-2026-46063 [LOW] CWE-821 kernel: x86/shstk: Prevent deadlock during shstk sigreturn kernel: x86/shstk: Prevent deadlock during shstk sigreturn A flaw was found in the Linux kernel. A deadlock can occur during the shadow stack signal return (shstk sigreturn) process on x86 systems. This happens when the kernel attempts to read the shadow stack signal frame, and a page fault occurs, leading to a recursive attempt to acquire an mmap read lock. If another CPU is waiting to write, this can resul

CVE-2026-46002 [LOW] CWE-1288 kernel: ext2: reject inodes with zero i_nlink and valid mode in ext2_iget() kernel: ext2: reject inodes with zero i_nlink and valid mode in ext2_iget() A flaw was found in the Linux kernel's ext2 filesystem. A local attacker could create a specially crafted filesystem image with malformed inodes (index nodes) that, when mounted, would not be properly rejected by the ext2_iget() function. This could lead to a kernel warning and potentially a system crash, resulting

CVE-2026-46048 [LOW] CWE-911 kernel: ALSA: caiaq: fix usb_dev refcount leak on probe failure kernel: ALSA: caiaq: fix usb_dev refcount leak on probe failure A flaw was found in the Linux kernel's ALSA caiaq driver. This vulnerability, a reference count leak, occurs when the `create_card()` function acquires a reference to a USB device, but the corresponding release is not performed if `init_card()` fails before the destructor is properly assigned. A local attacker with a malformed Universal Aud

CVE-2026-46042 [LOW] CWE-772 kernel: mm/mempolicy: fix memory leaks in weighted_interleave_auto_store() kernel: mm/mempolicy: fix memory leaks in weighted_interleave_auto_store() A flaw was found in the Linux kernel's memory management policy (mm/mempolicy) component, specifically within the `weighted_interleave_auto_store()` function. This vulnerability allows a local user to repeatedly trigger memory leaks by writing specific values. The continuous memory allocation without proper deallocatio

CVE-2026-45971 [LOW] CWE-770 kernel: bpf: Limit bpf program signature size kernel: bpf: Limit bpf program signature size A flaw was found in the Linux kernel's Berkeley Packet Filter (BPF) component. A local attacker could exploit this vulnerability by providing an excessively large BPF program signature. This could force the kernel into expensive memory allocation paths, potentially leading to resource exhaustion and a Denial of Service (DoS) on the system. Package: kernel (Red Hat Enterprise