Linux Kernel vulnerabilities

CVE-2026-46137 [MEDIUM] CWE-821 kernel: mptcp: pm: ADD_ADDR rtx: fix potential data-race kernel: mptcp: pm: ADD_ADDR rtx: fix potential data-race A flaw was found in the Linux kernel, specifically within the Multipath TCP (MPTCP) implementation. The mptcp_pm_add_timer() helper, which is executed as a timer callback, does not properly hold the socket lock when operating in a softirq context. This oversight can lead to a potential data race, which may result in unpredictable system behavior or in

CVE-2026-46149 [MEDIUM] CWE-120 kernel: scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show() kernel: scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show() A flaw was found in the Linux kernel's SCSI target subsystem. This vulnerability, a buffer overflow, occurs in the `tg_pt_gp_members_show()` function when processing long iSCSI IQN names. An attacker could potentially exploit this by providing a specially crafted input, leading to the disclosure of s

CVE-2026-46144 [LOW] CWE-772 kernel: RDMA/mana: Fix error unwind in mana_ib_create_qp_rss() kernel: RDMA/mana: Fix error unwind in mana_ib_create_qp_rss() A flaw was found in the Linux kernel's Remote Direct Memory Access (RDMA) subsystem, specifically within the mana driver. During an error unwind in the `mana_ib_create_qp_rss()` function, a resource leak occurs where `mana_ib_cfg_vport_steering()` is not properly cleaned up. This vulnerability could lead to resource exhaustion over time, pote

CVE-2026-46136 [LOW] CWE-124 kernel: wifi: mt76: mt7921: fix a potential clc buffer length underflow kernel: wifi: mt76: mt7921: fix a potential clc buffer length underflow A flaw was found in the Linux kernel's wifi: mt76: mt7921 component. A buffer length underflow in the CLC (Country Logic Control) mechanism can occur due to changes in the power table. This issue may lead to an almost infinite loop or an invalid power setting, resulting in a Denial of Service (DoS) by causing driver initiali

CVE-2026-46224 [LOW] CWE-772 kernel: drm/xe: Fix bo leak in xe_dma_buf_init_obj() on allocation failure kernel: drm/xe: Fix bo leak in xe_dma_buf_init_obj() on allocation failure A flaw was found in the Linux kernel's drm/xe driver. When a buffer object allocation fails within the `xe_dma_buf_init_obj()` function, a pre-allocated storage buffer is not correctly released. This oversight can lead to a resource leak, potentially causing system instability or a denial of service (DoS) for affected

CVE-2026-46196 [LOW] CWE-459 kernel: tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func() kernel: tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func() A flaw was found in the Linux kernel. When a tracepoint (a mechanism for dynamic instrumentation) is registered, a failure during the probe installation process can lead to the registration's side effects persisting without a corresponding probe. This can cause a Denial of Service (DoS) by leaving s

CVE-2026-46140 [LOW] CWE-125 kernel: Bluetooth: btmtk: validate WMT event SKB length before struct access kernel: Bluetooth: btmtk: validate WMT event SKB length before struct access A flaw was found in the Linux kernel's Bluetooth subsystem, specifically within the `btmtk` driver. A remote attacker could exploit this vulnerability by sending a specially crafted Wireless Management Terminal (WMT) event response. The system processes these responses without properly validating the length of inco

CVE-2026-46235 [LOW] CWE-252 kernel: media: saa7164: add ioremap return checks and cleanups kernel: media: saa7164: add ioremap return checks and cleanups A flaw was found in the `saa7164` media driver in the Linux kernel. This vulnerability occurs due to missing return value checks for `ioremap` calls within the `saa7164_dev_setup()` function. If `ioremap` fails for BAR0 or BAR2, it can lead to null pointer dereferences and improper cleanup of PCI memory regions. This could allow a local attac

CVE-2026-46126 [LOW] CWE-459 kernel: RDMA/mana: Fix mana_destroy_wq_obj() cleanup in mana_ib_create_qp_rss() kernel: RDMA/mana: Fix mana_destroy_wq_obj() cleanup in mana_ib_create_qp_rss() A flaw was found in the Linux kernel's RDMA/mana component. This issue occurs during the error unwind flow in the `mana_ib_create_qp_rss()` function, specifically related to the Work Queue (WQ) table cleanup. Incorrect handling of the cleanup process, including a double decrement and an undone operation, coul

CVE-2026-46203 [LOW] CWE-826 kernel: spi: cadence-quadspi: fix unclocked access on unbind kernel: spi: cadence-quadspi: fix unclocked access on unbind A flaw was found in the Linux kernel, specifically within the `spi: cadence-quadspi` driver. This vulnerability occurs when the controller is not properly runtime resumed before being disabled during driver unbind, leading to unclocked register access. A local attacker could potentially exploit this to cause system instability or a denial of serv

CVE-2026-46153 [LOW] CWE-772 kernel: 8021q: delete cleared egress QoS mappings kernel: 8021q: delete cleared egress QoS mappings A flaw was found in the Linux kernel's 8021q VLAN module. This vulnerability occurs because cleared egress Quality of Service (QoS) mappings are not properly deleted, leading to an accumulation of mapping nodes. An attacker could repeatedly set and clear egress priority mappings, causing a memory leak. This memory leak could eventually lead to a Denial of Service (DoS

CVE-2026-46167 [LOW] CWE-824 kernel: usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl kernel: usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl A flaw was found in the Linux kernel's `usblp` driver. A local user, interacting with a malicious printer, could exploit this vulnerability. When the `LPGETSTATUS` ioctl is used and a printer responds with zero bytes, the driver may return uninitialized kernel memory. This leads to information disclosure, potentially exposing se

CVE-2026-46131 [LOW] CWE-266 kernel: KVM: x86: check for nEPT/nNPT in slow flush hypercalls kernel: KVM: x86: check for nEPT/nNPT in slow flush hypercalls A flaw was found in the Linux kernel's KVM (Kernel-based Virtual Machine) x86 virtualization module. An incorrect check for nested EPT/NPT (Nested Extended Page Tables/Nested Nested Page Tables) in slow flush hypercalls could lead to improper handling of L2 guests. This vulnerability arises because the `is_guest_mode(vcpu)` check was not suff

CVE-2026-46161 [LOW] CWE-369 kernel: md/raid10: fix divide-by-zero in setup_geo() with zero far_copies kernel: md/raid10: fix divide-by-zero in setup_geo() with zero far_copies A flaw was found in the Linux kernel's md/raid10 module. This vulnerability allows a local user to trigger a divide-by-zero error within the `setup_geo()` function by supplying a malformed layout parameter where the `far_copies` value is set to zero. Successful exploitation of this flaw can lead to a system crash, causin

CVE-2026-46216 [LOW] CWE-476 kernel: drm/xe/hdcp: Add NULL check for media_gt in intel_hdcp_gsc_check_status() kernel: drm/xe/hdcp: Add NULL check for media_gt in intel_hdcp_gsc_check_status() A flaw was found in the Linux kernel's drm/xe/hdcp module. When media Graphics Translation (GT) is disabled via configfs, a NULL pointer dereference can occur in the intel_hdcp_gsc_check_status() function. This can lead to a kernel pagefault error, resulting in a system crash and a Denial of Service (DoS)

CVE-2026-46178 [LOW] CWE-772 kernel: RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq() kernel: RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq() A flaw was found in the Linux kernel. This vulnerability, located in the RDMA/mlx4 component, is due to a resource leak during error handling in the `mlx4_ib_create_srq()` function. An attacker could potentially exploit this flaw to cause a denial of service by exhausting system resources. Package: kernel (Red Hat Enterprise Li

CVE-2026-46184 [LOW] CWE-369 kernel: sound: ua101: fix division by zero at probe kernel: sound: ua101: fix division by zero at probe A flaw was found in the Linux kernel's `ua101` USB audio driver. A local attacker, by connecting a specially crafted USB audio device, could trigger a division-by-zero error. This occurs because the driver fails to validate the `bNrChannels` field, leading to a kernel crash. This vulnerability results in a Denial of Service (DoS) for the affected system. Package:

CVE-2026-46201 [LOW] CWE-772 kernel: drm/xe: Fix dma-buf attachment leak in xe_gem_prime_import() kernel: drm/xe: Fix dma-buf attachment leak in xe_gem_prime_import() A flaw was found in the Linux kernel's `drm/xe` subsystem. When handling dma-buf attachments, a resource leak occurs if the initialization of a dma-buf object fails, as the attachment is not properly detached. This oversight can lead to resource exhaustion, potentially allowing a local attacker to cause a Denial of Service (DoS) b

CVE-2026-46165 [LOW] CWE-833 kernel: openvswitch: vport: fix self-deadlock on release of tunnel ports kernel: openvswitch: vport: fix self-deadlock on release of tunnel ports A flaw was found in the Linux kernel's openvswitch vport component. This vulnerability arises during the release of tunnel ports, where a self-deadlock can occur. This prevents the vport from being properly freed and its references released, leading to a system deadlock during device removal. Such a deadlock can negatively

CVE-2026-46156 CWE-823 kernel: LoongArch: Fix potential ADE in loongson_gpu_fixup_dma_hang() kernel: LoongArch: Fix potential ADE in loongson_gpu_fixup_dma_hang() A flaw was found in the Linux kernel's LoongArch architecture. An issue in the `loongson_gpu_fixup_dma_hang()` function, specifically with incorrect handling of device IDs when a discrete GPU is inserted, can lead to an Address Data Error (ADE). This flaw may allow a local attacker to trigger a kernel panic, resulting in a Denial of S