Linux Kernel vulnerabilities

CVE-2026-45922 [LOW] CWE-772 kernel: RDMA/mlx5: Fix memory leak in GET_DATA_DIRECT_SYSFS_PATH handler kernel: RDMA/mlx5: Fix memory leak in GET_DATA_DIRECT_SYSFS_PATH handler A flaw was found in the Linux kernel, specifically within the RDMA/mlx5 component. When the GET_DATA_DIRECT_SYSFS_PATH handler processes a device path, it allocates memory. If the device path's length exceeds the designated output buffer, the allocated memory is not properly released. This oversight results in a memory lea

CVE-2026-46068 [LOW] CWE-763 kernel: crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx kernel: crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx A flaw was found in the Linux kernel's crypto:nx component. This vulnerability involves incorrect memory management during the deallocation of bounce buffers, where an improper function is used. This can lead to memory leaks, which may result in system instability or a Denial of Service (DoS) condition by consumi

CVE-2026-46005 [LOW] CWE-911 kernel: xfs: fix a resource leak in xfs_alloc_buftarg() kernel: xfs: fix a resource leak in xfs_alloc_buftarg() A flaw was found in the Linux kernel's xfs filesystem. This resource leak occurs in the `xfs_alloc_buftarg()` function's error path, where a DAX (Direct Access) device reference is not properly dropped. An attacker could potentially exploit this flaw to cause resource exhaustion, leading to a Denial of Service (DoS) condition on the system. Package: kerne

CVE-2026-45917 [LOW] CWE-367 kernel: ipvs: do not keep dest_dst if dev is going down kernel: ipvs: do not keep dest_dst if dev is going down A flaw was found in the Linux kernel's IP Virtual Server (IPVS) component. A race condition exists between the network device notifier and the destination cache when a device is shutting down. This can lead to a leaked device reference, potentially causing system instability or a denial of service (DoS) due to resource exhaustion. Package: kernel (Red Hat

CVE-2026-46092 [LOW] CWE-476 kernel: wifi: rtw88: check for PCI upstream bridge existence kernel: wifi: rtw88: check for PCI upstream bridge existence A flaw was found in the Linux kernel's `rtw88` Wi-Fi driver. When the `8821CE` device is installed on a system where it is on a root bus, the driver's probing routine does not properly check for the existence of a PCI upstream bridge. This oversight can lead to a system crash, resulting in a denial of service. This vulnerability occurs during dev

CVE-2026-45872 [LOW] CWE-772 kernel: scsi: smartpqi: Fix memory leak in pqi_report_phys_luns() kernel: scsi: smartpqi: Fix memory leak in pqi_report_phys_luns() A flaw was found in the Linux kernel's `scsi: smartpqi` driver. The `pqi_report_phys_luns()` function fails to properly release allocated memory buffers under certain error conditions, such as encountering an unsupported data format or failed memory allocation. This oversight leads to a memory leak, which could potentially impact system

CVE-2026-45920 [LOW] CWE-911 kernel: ext4: fix dirtyclusters double decrement on fs shutdown kernel: ext4: fix dirtyclusters double decrement on fs shutdown A flaw was found in the Linux kernel's ext4 filesystem. This vulnerability allows a local user to trigger an inconsistency in the dirty clusters count during filesystem shutdown. The issue stems from a double decrement in the error handling path, which can lead to system instability and a denial of service. Package: kernel (Red Hat Enterpr

CVE-2026-46038 [LOW] CWE-772 kernel: net: qrtr: ns: Free the node during ctrl_cmd_bye() kernel: net: qrtr: ns: Free the node during ctrl_cmd_bye() A flaw was found in the Linux kernel's `qrtr` nameserver component. When a node sends a BYE packet, the nameserver fails to free the associated node memory, leading to a memory leak. This vulnerability can result in resource exhaustion over time, potentially impacting system stability and availability. Package: kernel (Red Hat Enterprise Linux 10) -

CVE-2026-45987 [LOW] CWE-367 kernel: KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 kernel: KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 A flaw was found in the KVM (Kernel-based Virtual Machine) nSVM component of the Linux kernel. This vulnerability occurs when the interrupt shadow state is not correctly synchronized to the cached Virtual Machine Control Block (VMCB) after a Level 2 (L2) guest virtual machine (VM) execution. A local attacker with con

CVE-2026-46089 [LOW] CWE-772 kernel: zram: do not forget to endio for partial discard requests kernel: zram: do not forget to endio for partial discard requests A flaw was found in the Linux kernel's zram module. This vulnerability allows a local user to cause a system hang, leading to a Denial of Service (DoS). The issue occurs because the zram module fails to properly handle partial discard requests, specifically by not calling `endio` when such requests are made. This oversight causes the `b

CVE-2026-45901 [LOW] CWE-833 kernel: netfilter: nf_tables: revert commit_mutex usage in reset path kernel: netfilter: nf_tables: revert commit_mutex usage in reset path A flaw was found in the Linux kernel's netfilter nf_tables component. This vulnerability allows a local attacker to cause a denial of service (DoS) by triggering a circular lock dependency. This occurs when nft reset, ipset list, and iptables-nft with a '-m set' rule are executed concurrently, leading to a system hang. Package:

CVE-2026-45863 [LOW] CWE-772 kernel: i3c: dw: Fix memory leak in dw_i3c_master_i2c_xfers() kernel: i3c: dw: Fix memory leak in dw_i3c_master_i2c_xfers() A flaw was found in the Linux kernel's i3c dw driver. The dw_i3c_master_i2c_xfers() function allocates memory for a transfer structure. However, if a runtime power management operation fails, the allocated memory is not properly released. This oversight leads to a memory leak, which can degrade system performance over time. Package: kernel (Re

CVE-2026-46026 [LOW] CWE-770 kernel: net: qrtr: ns: Limit the maximum number of lookups kernel: net: qrtr: ns: Limit the maximum number of lookups A flaw was found in the Linux kernel's QRTR (Qualcomm IPC Router) nameserver. A malicious local client can exploit this by sending an unbounded number of NEW_LOOKUP messages. This can lead to resource exhaustion, causing a Denial of Service (DoS) for the system. The vulnerability is addressed by implementing a limit on the maximum number of lookups.

CVE-2026-46014 [LOW] CWE-372 kernel: KVM: SVM: Add missing save/restore handling of LBR MSRs kernel: KVM: SVM: Add missing save/restore handling of LBR MSRs A flaw was found in the Linux kernel's Kernel-based Virtual Machine (KVM) and Secure Virtual Machine (SVM) components. This vulnerability is due to missing save and restore handling for Last Branch Record (LBR) Model Specific Registers (MSRs) and MSR_IA32_DEBUGCTLMSR. A local attacker with access to a virtual machine could potentially explo

CVE-2026-45955 [LOW] CWE-911 kernel: md/md-llbitmap: fix percpu_ref not resurrected on suspend timeout kernel: md/md-llbitmap: fix percpu_ref not resurrected on suspend timeout A flaw was found in the Linux kernel's `md/md-llbitmap` component. This vulnerability occurs when a suspend operation times out, failing to properly reset a critical internal reference. This oversight leaves the system's page control structure in an unusable state. This issue can lead to system instability or a Denial of

CVE-2026-46071 [LOW] CWE-440 kernel: KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12 kernel: KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12 A flaw was found in the Linux kernel's Kernel-based Virtual Machine (KVM) subsystem, specifically affecting its nested virtualization (nSVM) capabilities. The issue arises from incorrect handling of Virtual Machine Control Block Last Branch Record (VMCB_LBR) data when copied to vmcb12, an operation that is not architecturally defined. This can lead to unexpected

CVE-2026-45919 [LOW] CWE-835 kernel: sched/rt: Skip currently executing CPU in rto_next_cpu() kernel: sched/rt: Skip currently executing CPU in rto_next_cpu() A flaw was found in the Linux kernel's real-time (RT) scheduler. Under specific heavy load conditions, a vulnerability in the rto_next_cpu() function can cause a CPU to repeatedly interrupt itself. This leads to a CPU hardlockup, resulting in a Denial of Service (DoS) for the system. This issue can be triggered by a local user or specific

CVE-2026-45897 [LOW] CWE-820 kernel: netfilter: nft_counter: serialize reset with spinlock kernel: netfilter: nft_counter: serialize reset with spinlock A flaw was found in the Linux kernel's netfilter component, specifically in how network counters are handled. This vulnerability allows for a race condition during simultaneous operations to read and reset these counters. As a result, counter values could be incorrectly reduced, leading to inaccurate system metrics and potential integrity issue

CVE-2026-45961 [LOW] CWE-772 kernel: gfs2: fix memory leaks in gfs2_fill_super error path kernel: gfs2: fix memory leaks in gfs2_fill_super error path A flaw was found in the Linux kernel's GFS2 filesystem. When a GFS2 filesystem transitions to read-write mode, specific error handling paths within the `gfs2_fill_super()` function fail to properly deallocate memory. This can lead to memory leaks of kernel thread objects and quota bitmap buffers. Over time, these unreferenced memory allocations c

CVE-2026-45847 [LOW] CWE-1284 kernel: net: remove WARN_ON_ONCE when accessing forward path array kernel: net: remove WARN_ON_ONCE when accessing forward path array A flaw was found in the Linux kernel's network component, specifically related to handling Internet Protocol over Internet Protocol (IPIP) tunnels. A local user could potentially craft a network configuration with a very long forward path, which could lead to an unexpected condition within the kernel. This condition could potentially