Linux Kernel vulnerabilities

CVE-2026-46128 CWE-390 kernel: ipmi: Check event message buffer response for bad data kernel: ipmi: Check event message buffer response for bad data A flaw was found in the Linux kernel's Intelligent Platform Management Interface (IPMI) subsystem. This vulnerability occurs when the kernel processes event message buffer responses from Baseboard Management Controllers (BMCs). Some BMCs may return an empty message instead of an expected error, which the kernel did not properly handle. This could l

CVE-2026-46226 CWE-826 kernel: spi: fsl: fix controller deregistration kernel: spi: fsl: fix controller deregistration A flaw was found in the Linux kernel's `spi: fsl` driver. This vulnerability arises from improper sequencing of controller deregistration before releasing underlying resources, such as Direct Memory Access (DMA), during the driver unbind process. This could potentially lead to system instability or a denial of service (DoS) condition. Package: kernel (Red Hat Enterprise Linux

CVE-2026-46199 CWE-125 kernel: drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg kernel: drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg A flaw was found in the Linux kernel's `drm/amdgpu/vcn4` component. This vulnerability allows an attacker to trigger an out-of-bounds (OOB) read when parsing decoder messages due to insufficient bounds checking. This could lead to information disclosure, potentially revealing sensitive data from memory. Package: kernel (Red Hat Enterprise Linux

CVE-2026-46194 CWE-367 kernel: f2fs: fix node_cnt race between extent node destroy and writeback kernel: f2fs: fix node_cnt race between extent node destroy and writeback A flaw was found in the Linux kernel's f2fs filesystem. A race condition exists between the f2fs_destroy_extent_node() function and concurrent writeback operations. This occurs because f2fs_destroy_extent_node() does not properly set a flag (FI_NO_EXTENT) before clearing extent nodes, allowing new extent nodes to be inserted d

CVE-2026-46197 CWE-1284 kernel: drm/amdkfd: validate SVM ioctl nattr against buffer size kernel: drm/amdkfd: validate SVM ioctl nattr against buffer size A flaw was found in the Linux kernel. A local attacker could exploit an out-of-bounds buffer access vulnerability in the AMDGPU kernel driver by providing a specially crafted attribute count during SVM ioctl operations. This improper validation could allow the attacker to cause a system crash, leading to a denial of service (DoS). Package: ke

CVE-2026-46205 CWE-267 kernel: staging: media: atomisp: Disallow all private IOCTLs kernel: staging: media: atomisp: Disallow all private IOCTLs A flaw was found in the Linux kernel's `atomisp` driver, located in the `staging: media` subsystem. This vulnerability involves the unsafe handling of private Input/Output Control (IOCTL) operations. While specific exploitation details are not provided, the presence of unsafe IOCTL handlers could potentially allow a local attacker to compromise the sys

CVE-2026-46237 CWE-190 kernel: drm/amdgpu/vcn3: Avoid overflow on msg bound check kernel: drm/amdgpu/vcn3: Avoid overflow on msg bound check No description is available for this CVE. Package: kernel (Red Hat Enterprise Linux 10) - Not affected Package: kernel (Red Hat Enterprise Linux 6) - Not affected Package: kernel (Red Hat Enterprise Linux 7) - Not affected Package: kernel-rt (Red Hat Enterprise Linux 7) - Not affected Package: kernel (Red Hat Enterprise Linux 8) - Not affected Packag

CVE-2026-46200 CWE-459 kernel: spi: mpc52xx: fix controller deregistration kernel: spi: mpc52xx: fix controller deregistration A flaw was found in the Linux kernel's spi: mpc52xx driver. This vulnerability occurs because the controller is not properly deregistered before its underlying resources, such as interrupts and General Purpose Input/Output (GPIO) pins, are disabled and released during the driver unbind process. This improper resource management could lead to system instability or resour

CVE-2026-46230 CWE-125 kernel: drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msg kernel: drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msg A flaw was found in the Linux kernel's `drm/amdgpu/vcn3` component. This vulnerability, an Out-of-Bounds (OOB) read, occurs when parsing decoder messages without proper boundary checks. A local attacker could potentially exploit this to read sensitive information from memory or cause system instability, leading to a denial of service. Package: k

CVE-2026-46208 CWE-366 kernel: batman-adv: stop tp_meter sessions during mesh teardown kernel: batman-adv: stop tp_meter sessions during mesh teardown A flaw was found in the Linux kernel's `batman-adv` module. When a mesh interface is removed, the `batadv_mesh_free()` function does not properly stop `tp_meter` sessions. This oversight allows active `tp_meter` sender threads or late incoming packets to continue processing against a mesh instance that is in the process of shutting down. This can

CVE-2026-46222 CWE-166 kernel: media: rockchip: rkcif: Add missing MUST_CONNECT flag to pads kernel: media: rockchip: rkcif: Add missing MUST_CONNECT flag to pads A flaw was found in the Linux kernel, specifically within the `rockchip: rkcif` media driver. This vulnerability occurs because the driver's pads do not properly check for connected devices, which can lead to a null pointer dereference when a media stream is enabled. A local attacker could exploit this flaw to cause a system crash, re

CVE-2026-46218 CWE-131 kernel: drm/amdgpu: Add bounds checking to ib_{get,set}_value kernel: drm/amdgpu: Add bounds checking to ib_{get,set}_value A flaw was found in the Linux kernel's drm/amdgpu driver. The uvd/vce/vcn code accesses the Instruction Buffer (IB) without sufficient bounds checking, which could allow an attacker to trigger an out-of-bounds memory access. This vulnerability may lead to system instability or a denial of service. Package: kernel (Red Hat Enterprise Linux 10) - Not

CVE-2026-46141 CWE-763 kernel: powerpc/xive: fix kmemleak caused by incorrect chip_data lookup kernel: powerpc/xive: fix kmemleak caused by incorrect chip_data lookup A flaw was found in the Linux kernel's powerpc/xive interrupt controller. This vulnerability, identified as a kernel memory leak (kmemleak), occurs when allocating Message Signaled Interrupts eXtended (MSI-X) vectors for NVMe devices. Due to an incorrect lookup of interrupt data, the `xive_irq_data` structure is not properly freed

CVE-2026-46238 CWE-825 kernel: batman-adv: stop caching unowned originator pointers in BAT IV kernel: batman-adv: stop caching unowned originator pointers in BAT IV A flaw was found in the `batman-adv` module of the Linux kernel. The BAT IV protocol was caching unowned originator pointers, which could become invalid after purge handling. This could lead to the use of stale data, potentially causing unexpected system behavior or information corruption within the kernel. Package: kernel (Red Hat

CVE-2026-46112 CWE-413 kernel: RDMA/hns: Fix unlocked call to hns_roce_qp_remove() kernel: RDMA/hns: Fix unlocked call to hns_roce_qp_remove() A flaw was found in the Linux kernel's RDMA/hns component. An issue exists where the `hns_roce_qp_remove()` function is called without proper locking during an error handling process. This can lead to memory corruption, potentially causing system instability or a denial of service (DoS) condition. A local attacker could exploit this vulnerability. Packa

CVE-2026-46177 CWE-835 kernel: ipmi: Add limits to event and receive message requests kernel: ipmi: Add limits to event and receive message requests A flaw was found in the Linux kernel's Intelligent Platform Management Interface (IPMI) driver. This vulnerability allows a malfunctioning Baseboard Management Controller (BMC) to cause the IPMI driver to continuously fetch events and messages, or become stuck if the attention bit remains active. This can lead to the driver becoming unresponsive, p

CVE-2026-46236 CWE-131 kernel: media: rc: xbox_remote: heed DMA restrictions kernel: media: rc: xbox_remote: heed DMA restrictions A flaw was found in the Linux kernel's media: rc: xbox_remote driver. This vulnerability arises from incorrect handling of Direct Memory Access (DMA) buffers, where the buffer for I/O operations is improperly part of the device structure. This violation of DMA coherency rules could lead to data corruption or system instability. Package: kernel (Red Hat Enterprise L

CVE-2026-46233 CWE-476 kernel: batman-adv: bla: only purge non-released claims kernel: batman-adv: bla: only purge non-released claims A flaw was found in the Linux kernel's batman-adv module. This vulnerability allows a local attacker to trigger a NULL-pointer dereference within the `batadv_bla_purge_claims()` function. This issue arises from a timing conflict when a claim is being released simultaneously, causing a critical pointer to become invalid. Successful exploitation of this flaw can l

CVE-2026-46228 CWE-772 kernel: spi: ch341: fix devres lifetime kernel: spi: ch341: fix devres lifetime A flaw was found in the Linux kernel, specifically within the `spi: ch341` driver. This vulnerability arises from incorrect management of device resources (devres) lifetime. When a Universal Serial Bus (USB) driver is unbound, the associated resources are not properly released, which can lead to memory leaks. This issue can occur during scenarios such as probe deferral or configuration changes

CVE-2026-46179 CWE-369 kernel: ASoC: SOF: Don't allow pointer operations on unconfigured streams kernel: ASoC: SOF: Don't allow pointer operations on unconfigured streams A flaw was found in the Linux kernel's Advanced Linux Sound Architecture (ALSA) System on Chip (ASoC) Sound Open Firmware (SOF) subsystem. This vulnerability occurs when reporting the pointer for a compressed stream, where the I/O frame position is divided by values that can be zero if the stream parameters are unconfigured. A