Linux Kernel vulnerabilities

CVE-2026-45941 [LOW] CWE-772 kernel: tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure kernel: tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure A flaw was found in the Linux kernel's `tpm_i2c_infineon` module. This vulnerability occurs when the `get_burstcount()` function fails due to a timeout, causing the system to not release an acquired locality. An attacker could potentially exploit this to cause a resource exhaustion, leading to a Denial of Service (

CVE-2026-45895 [LOW] CWE-835 kernel: quota: fix livelock between quotactl and freeze_super kernel: quota: fix livelock between quotactl and freeze_super A flaw was found in the Linux kernel. A local attacker could exploit a livelock condition between the `quotactl` and `freeze_super` operations. This occurs when a filesystem is frozen and the `quotactl_block()` function enters a retry loop, preventing the system from reaching an RCU (Read-Copy Update) quiescent state. This can lead to a system

CVE-2026-46061 [LOW] CWE-833 kernel: jbd2: fix deadlock in jbd2_journal_cancel_revoke() kernel: jbd2: fix deadlock in jbd2_journal_cancel_revoke() A flaw was found in the Linux kernel's journaling block device (jbd2) subsystem. A lock ordering issue within the jbd2_journal_cancel_revoke() function can lead to a deadlock under specific conditions, particularly when the filesystem blocksize is smaller than the pagesize. This vulnerability could allow a local user or process to trigger a system ha

CVE-2026-46101 [LOW] CWE-1335 kernel: netfilter: reject zero shift in nft_bitwise kernel: netfilter: reject zero shift in nft_bitwise A flaw was found in the Linux kernel's Netfilter subsystem. Specifically, the `nft_bitwise` expression incorrectly handles zero shift operands during initialization. This can lead to undefined behavior within the kernel, potentially causing system instability. An attacker could exploit this by crafting malformed Netfilter rules, preventing the system from process

CVE-2026-45880 [LOW] CWE-911 kernel: PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails kernel: PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails A flaw was found in the Linux kernel's PCI/P2PDMA subsystem. When the `vm_insert_page()` function fails during memory allocation, the system does not properly release a per-CPU reference for the page map. This oversight can lead to a resource leak, causing the `memunmap_pages()` function to hang indefinitely when attempt

CVE-2026-46103 [LOW] CWE-772 kernel: can: ucan: fix devres lifetime kernel: can: ucan: fix devres lifetime A flaw was found in the Linux kernel's `can: ucan` USB driver. This vulnerability arises from incorrect management of device resource lifetimes, where resources are tied to the parent USB device instead of the USB interface. This can lead to memory leaks when drivers are unbound without the associated devices being physically disconnected, such as during probe deferral or configuration cha

CVE-2026-45887 [LOW] CWE-772 kernel: af_unix: Fix memleak of newsk in unix_stream_connect() kernel: af_unix: Fix memleak of newsk in unix_stream_connect() A flaw was found in the Linux kernel's `af_unix` subsystem. This vulnerability, a memory leak, occurs in the `unix_stream_connect()` function when a specific internal operation fails to release allocated memory. Over time, this unreleased memory could accumulate, potentially leading to system instability or a Denial of Service (DoS) condition

CVE-2026-45997 [LOW] CWE-772 kernel: scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails kernel: scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails A flaw was found in the Linux kernel's SCSI disk (sd) driver. When adding a new device, a failure in `device_add()` can lead to a resource leak where a gendisk remains referenced but is not properly freed. This missing cleanup, specifically the `put_disk()` call, can result in resource exhaustion. A local attacker co

CVE-2026-45868 [LOW] CWE-911 kernel: pinctrl: single: fix refcount leak in pcs_add_gpio_func() kernel: pinctrl: single: fix refcount leak in pcs_add_gpio_func() A flaw was found in the Linux kernel's `pinctrl: single` subsystem. The `pcs_add_gpio_func()` function does not properly release a device node reference after parsing, causing a reference count leak. This continuous leak of resources can lead to system instability and a denial of service (DoS) condition. Package: kernel (Red Hat Enterp

CVE-2026-45873 [LOW] CWE-1288 kernel: netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets kernel: netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets No description is available for this CVE. Package: kernel (Red Hat Enterprise Linux 10) - Fix deferred Package: kernel (Red Hat Enterprise Linux 6) - Not affected Package: kernel (Red Hat Enterprise Linux 7) - Not affected Package: kernel-rt (Red Hat Enterprise Linux 7) - Not affected Package: kernel (R

CVE-2026-46088 [LOW] CWE-805 kernel: ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names() kernel: ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names() A flaw was found in the Linux kernel's Advanced Linux Sound Architecture (ALSA) control component. Improper validation of the buffer length before a string length operation in the `snd_ctl_elem_init_enum_names()` function can lead to a system panic. This vulnerability could allow a local

CVE-2026-45896 [LOW] CWE-909 kernel: mtd: intel-dg: Fix accessing regions before setting nregions kernel: mtd: intel-dg: Fix accessing regions before setting nregions A flaw was found in the Linux kernel's `mtd_intel_dg` driver. This vulnerability occurs because the `regions` array is accessed before its size (`nregions`) is properly set, leading to an out-of-bounds memory access. A local attacker could potentially exploit this issue to cause system instability or a denial of service (DoS). The

CVE-2026-45982 [LOW] CWE-476 kernel: ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch() kernel: ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch() A flaw was found in the Linux kernel. A NULL pointer dereference in the `acpi_ev_address_space_dispatch()` function could allow a local attacker to cause a denial of service (DoS) by triggering a missed execution path. This vulnerability arises from an incomplete check in the Advanced Configuration and Powe

CVE-2026-45888 [LOW] CWE-772 kernel: md/raid1: fix memory leak in raid1_run() kernel: md/raid1: fix memory leak in raid1_run() A flaw was found in the Linux kernel's md/raid1 module. This vulnerability occurs when the raid1_run() function calls setup_conf() to register a thread, but a subsequent failure in raid1_set_limits() prevents the proper unregistration of this thread. This oversight leads to a memory leak, consuming system resources over time. A local attacker could potentially exploit t

CVE-2026-46003 [LOW] CWE-770 kernel: net: qrtr: ns: Limit the total number of nodes kernel: net: qrtr: ns: Limit the total number of nodes A flaw was found in the Linux kernel's qrtr nameserver. A malicious client can exploit this vulnerability by registering an excessive number of random nodes. This uncontrolled resource consumption leads to memory exhaustion, resulting in a Denial of Service (DoS) for the system. Package: kernel (Red Hat Enterprise Linux 10) - Fix deferred Package: kernel (

CVE-2026-45877 [LOW] CWE-476 kernel: HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients kernel: HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients A flaw was found in the Linux kernel's Intel Integrated Sensor Hub (ISH) HID driver. During a warm reset, a NULL-pointer dereference can occur if clients are still being enumerated. This can lead to a kernel panic, causing the system to become unstable or unavailable, resulting in a Denial of Service (DoS). Pa

CVE-2026-45900 [LOW] CWE-772 kernel: crypto: caam - fix netdev memory leak in dpaa2_caam_probe kernel: crypto: caam - fix netdev memory leak in dpaa2_caam_probe A flaw was found in the Linux kernel's crypto: caam module. When the dpaa2_caam_probe function attempts to set up network devices (netdevs) and the dpaa2_dpseci_dpio_setup() function fails, the allocated netdevs are not properly freed. This oversight in the error handling can lead to memory leaks, potentially impacting system stability

CVE-2026-45871 [LOW] CWE-772 kernel: tpm: st33zp24: Fix missing cleanup on get_burstcount() error kernel: tpm: st33zp24: Fix missing cleanup on get_burstcount() error A flaw was found in the Linux kernel's Trusted Platform Module (TPM) subsystem. When the get_burstcount() function encounters an error, the st33zp24 driver fails to release a previously acquired resource. This oversight can lead to resource exhaustion, potentially allowing a local attacker to cause a Denial of Service (DoS) by mak

CVE-2026-46018 [LOW] CWE-606 kernel: ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES kernel: ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES A flaw was found in the Linux kernel's Advanced Linux Sound Architecture (ALSA) USB audio driver. A malicious Universal Serial Bus (USB) audio device could send a malformed Universal Audio Class 2 (UAC2) RANGE response. This could cause the system to repeatedly print error messages and potentially lead to a denial of service (DoS) by hold

CVE-2026-45956 CWE-466 kernel: drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl() kernel: drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl() A flaw was found in the Linux kernel's drm/exynos component. This vulnerability arises from an incorrect lookup of device information within the vidi_connection_ioctl() function, where the system uses an improper pointer to access data. This can lead to memory corruption, which means the system might