Linux Kernel vulnerabilities

CVE-2026-45952 CWE-1284 kernel: eth: fbnic: Add validation for MTU changes kernel: eth: fbnic: Add validation for MTU changes A flaw was found in the Linux kernel's fbnic driver. This vulnerability allows a local user to cause a Denial of Service (DoS) by increasing the Maximum Transmission Unit (MTU) beyond the hardware's threshold while an eXpress Data Path (XDP) program is attached. This improper validation of MTU changes leads to the driver dropping all multi-fragmented network frames, effe

CVE-2026-45865 CWE-908 kernel: mctp i2c: initialise event handler read bytes kernel: mctp i2c: initialise event handler read bytes A flaw was found in the Linux kernel's Message Control Transport Protocol (MCTP) over I2C (Inter-Integrated Circuit) implementation. A local attacker could exploit this vulnerability by performing I2C reads on an MCTP-I2C device. This could lead to the disclosure of uninitialized stack memory, potentially revealing sensitive information. Package: kernel (Red Hat En

CVE-2026-45937 CWE-911 kernel: crypto: inside-secure/eip93 - fix kernel panic in driver detach kernel: crypto: inside-secure/eip93 - fix kernel panic in driver detach A flaw was found in the Linux kernel's inside-secure/eip93 cryptographic driver. This vulnerability occurs during the driver detachment process, where a programming error leads to the same hash algorithm being unregistered multiple times. This issue can cause a kernel panic, resulting in a Denial of Service (DoS) for the system. A

CVE-2026-45879 CWE-364 kernel: power: supply: bq25980: Fix use-after-free in power_supply_changed() kernel: power: supply: bq25980: Fix use-after-free in power_supply_changed() A flaw was found in the Linux kernel's bq25980 power supply driver. A race condition during interrupt handling can lead to a use-after-free vulnerability, where the system attempts to access memory that has already been released. This can be triggered when an interrupt fires after the power supply handle is freed but bef

CVE-2026-46020 CWE-1285 kernel: mm/damon/core: validate damos_quota_goal->nid for node_mem_{used,free}_bp kernel: mm/damon/core: validate damos_quota_goal->nid for node_mem_{used,free}_bp A flaw was found in the Linux kernel's DAMON (Data Access MONitor) core. A privileged local user can exploit this vulnerability by providing an invalid node ID to `damos_quota_goal->nid` for `node_mem_{used,free}_bp` via the DAMON user-space tool. This improper validation can lead to an out-of-bounds memory ac

CVE-2026-45926 CWE-772 kernel: rust: pwm: Fix potential memory leak on init error kernel: rust: pwm: Fix potential memory leak on init error A flaw was found in the Linux kernel. When initializing a Pulse Width Modulation (PWM) chip, a memory leak can occur if the pwmchip_alloc() function fails. This happens because the allocated pwm_chip's initial reference is not properly released, leading to unmanaged memory consumption. This vulnerability could potentially impact system stability and resour

CVE-2026-45938 CWE-364 kernel: power: supply: pm8916_lbc: Fix use-after-free in power_supply_changed() kernel: power: supply: pm8916_lbc: Fix use-after-free in power_supply_changed() A flaw was found in the Linux kernel's `pm8916_lbc` power supply module. A race condition exists during interrupt handling where an interrupt can fire after the `power_supply` handle is freed but before the interrupt handler is unregistered. This use-after-free vulnerability can lead to a system crash or silent mem

CVE-2026-45979 CWE-772 kernel: drm/amdgpu: clean up the amdgpu_cs_parser_bos kernel: drm/amdgpu: clean up the amdgpu_cs_parser_bos A flaw was found in the Linux kernel's amdgpu graphics driver. When the system experiences low memory conditions, a specific cleanup routine within the amdgpu_cs_parser_bos function may fail to properly unlock a mutex. This oversight can lead to resource contention, potentially causing a denial of service where the system becomes unresponsive. Package: kernel (Red

CVE-2026-45850 CWE-354 kernel: ipvs: skip ipv6 extension headers for csum checks kernel: ipvs: skip ipv6 extension headers for csum checks A flaw was found in the Linux kernel's IP Virtual Server (IPVS) component. A remote attacker could send specially crafted IPv6 packets with extension headers, causing the system to fail protocol checksum validation. This could lead to incorrect packet processing or a denial of service (DoS), impacting network service availability. Package: kernel (Red Hat E

CVE-2025-71303 CWE-367 kernel: accel/amdxdna: Fix race condition when checking rpm_on kernel: accel/amdxdna: Fix race condition when checking rpm_on A flaw was found in the Linux kernel. Specifically, within the `accel/amdxdna` component, a timing issue, known as a race condition, exists during device power management. A local application could submit commands while the device is in an inconsistent state due to an incomplete resume operation. This could lead to unexpected system behavior or ins

CVE-2026-45874 CWE-476 kernel: phy: freescale: imx8qm-hsio: fix NULL pointer dereference kernel: phy: freescale: imx8qm-hsio: fix NULL pointer dereference A flaw was found in the Linux kernel, within the `phy: freescale: imx8qm-hsio` component. This vulnerability occurs when a specific pointer, `refclk_pad`, is not properly initialized and is later used without validation. This can lead to a NULL pointer dereference, which may cause the system to crash. Such a crash results in a Denial of Servi

CVE-2026-45867 CWE-364 kernel: power: supply: act8945a: Fix use-after-free in power_supply_changed() kernel: power: supply: act8945a: Fix use-after-free in power_supply_changed() A flaw was found in the Linux kernel, specifically within the power supply subsystem. This vulnerability, a use-after-free, occurs due to a race condition during the removal or initialization of a power supply device. An interrupt can fire after the associated memory for a power supply handle has been released, or befo

CVE-2026-45935 CWE-805 kernel: fs/ntfs3: Fix slab-out-of-bounds read in DeleteIndexEntryRoot kernel: fs/ntfs3: Fix slab-out-of-bounds read in DeleteIndexEntryRoot A flaw was found in the Linux kernel's NTFS3 filesystem driver. Insufficient bounds checking when processing log records in the `DeleteIndexEntryRoot` function allows a local attacker to provide a maliciously large entry size. This can lead to a heap buffer overflow, a type of memory corruption, which may result in a denial of service

CVE-2026-46013 CWE-681 kernel: mm/memfd_luo: fix physical address conversion in put_folios cleanup kernel: mm/memfd_luo: fix physical address conversion in put_folios cleanup A flaw was found in the Linux kernel. An issue in the `memfd_luo` component, specifically within the `put_folios` cleanup path of `memfd_luo_retrieve_folios()`, leads to incorrect physical address conversion and a missing check for sparse file holes. This could result in incorrect memory handling, potentially causing syste

CVE-2026-45993 CWE-1285 kernel: LoongArch: Add spectre boundry for syscall dispatch table kernel: LoongArch: Add spectre boundry for syscall dispatch table A flaw was found in the Linux kernel, specifically affecting the LoongArch architecture. The system call (syscall) dispatch table, which handles requests from user programs, does not properly validate the syscall number provided by userspace. This missing boundary check could allow a local attacker to access memory outside the intended sysca

CVE-2026-46072 CWE-1284 kernel: ntfs3: add buffer boundary checks to run_unpack() kernel: ntfs3: add buffer boundary checks to run_unpack() A flaw was found in the Linux kernel's `ntfs3` module. A local attacker, by mounting a specially crafted NTFS (New Technology File System) image containing truncated run data, could trigger an out-of-bounds heap read. This vulnerability allows for the disclosure of sensitive information from kernel memory. Package: kernel (Red Hat Enterprise Linux 10) - No

CVE-2025-71312 CWE-763 kernel: fs/ntfs3: fix ntfs_mount_options leak in ntfs_fill_super() kernel: fs/ntfs3: fix ntfs_mount_options leak in ntfs_fill_super() A flaw was found in the Linux kernel's NTFS3 file system driver. A local user could exploit this vulnerability by mounting a specially crafted file. This issue leads to a memory leak, a type of resource management error, which can cause system instability or a denial of service (DoS) by exhausting available memory resources. Package: kerne

CVE-2026-46085 CWE-1284 kernel: rxrpc: Fix rxkad crypto unalignment handling kernel: rxrpc: Fix rxkad crypto unalignment handling A flaw was found in the Linux kernel's rxrpc subsystem, specifically in the rxkad crypto unalignment handling. A remote attacker could send a specially crafted packet with a misaligned crypto length. This improper handling could lead to system instability or a denial of service (DoS) due to incorrect decryption error handling and the removal of a remotely triggerable

CVE-2026-45869 CWE-824 kernel: power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed() kernel: power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed() A flaw was found in the Linux kernel, specifically within the wm97xx power supply driver. A timing issue, known as a race condition, can occur during the driver's setup. If an interrupt is triggered at a precise moment, it can cause the system to attempt to use an uninitialized memory pointer, leading t

CVE-2026-45924 CWE-772 kernel: ksmbd: call ksmbd_vfs_kern_path_end_removing() on some error paths kernel: ksmbd: call ksmbd_vfs_kern_path_end_removing() on some error paths A flaw was found in ksmbd, a component of the Linux kernel. This vulnerability occurs because `ksmbd_vfs_kern_path_end_removing()` is not called on certain error paths, leading to unbalanced inode locks and references. This can result in potential deadlocks and unbalanced locks, which may cause system instability or a Denial