CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-53158
Medium

A NULL pointer dereference was found in the Linux kernel's fastrpc driver during an rpmsg callback. The issue occurs when the DSP sends a message before fastrpc_channel_ctx initialization completes, causing a system crash.

CVE-2026-53157
High

In the Linux kernel, a vulnerability in the Phonet subsystem was found where phonet_device_destroy() removes a phonet_device from the per-net list using list_del_rcu() but frees it immediately, while RCU readers may still hold a pointer, leading to a slab-use-after-free.

CVE-2026-53156
High

A use-after-free vulnerability was found in the Linux kernel's NVMEM subsystem. Error handling paths incorrectly use the nvmem structure after freeing its memory, potentially leading to security breaches.

CVE-2026-53155
Medium

A vulnerability was found in the Linux kernel's set_pmd_migration_entry() function in mm/huge_memory.c. The function incorrectly uses pmd_write(), pmd_soft_dirty(), and pmd_uffd_wp() flags for device-private PMD entries, leading to incorrect marking of migration entries as writable. The issue was observed in the hmm.hmm_device_private.anon_write_child test, causing rmap state corruption and assertion failures.

CVE-2026-53154
Medium

A vulnerability in the Linux kernel's hugetlb reservation management was found. During hugetlb folio copy operations (e.g., UFFDIO_COPY or fork), error handling fails to restore the VMA reservation, causing a leak that can lead to SIGBUS on previously reserved addresses.

CVE-2026-53153
High

In the Linux kernel, a vulnerability in the list_lru mechanism during memcg reparenting was found. The xarray entry for a dying memcg is cleared before draining its per-node lists, allowing concurrent list_lru_del() operations to modify the same list nodes under different locks, leading to data structure corruption.

CVE-2026-53152
Medium

In the Linux kernel MMC driver for old Rockchip controllers (rk2928, rk3066, rk3188), missing private data structure caused NULL-pointer dereference after adding memory clock auto-gating support. This affects Linux kernel.

CVE-2026-53151
Critical

In the Linux kernel's AF_RXRPC subsystem, a vulnerability was found in the ACK parser due to improper access to the SACK buffer in received UDP packets. The rxrpc_input_soft_acks() function modifies the skbuff and may incorrectly read data in case of packet fragmentation, potentially leading to parsing errors.

CVE-2026-53150
Medium

In the Linux kernel, the Thunderbolt driver's validator accepts property entries with zero length, causing a buffer underflow when null-terminating the text. This can lead to out-of-bounds memory write.

CVE-2026-53149
High

In the Linux kernel's Thunderbolt driver, a vulnerability was found due to missing bounds check for root directory content offset and length against block size. This can cause out-of-bounds memory read when processing properties.

CVE-2026-53148
High

In the Linux kernel Thunderbolt driver, a vulnerability exists where the per-packet copy length derived from the XDomain response header is not validated against the allocated buffer size. A malicious peer can set a length field larger than the declared data_length, causing memcpy to write past the kcalloc allocation.

CVE-2026-53147
High

In the Linux kernel, a vulnerability in the Thunderbolt driver allows out-of-bounds reads because tb_xdp_handle_request() casts received packet buffers to protocol-specific structs without verifying the allocation is large enough. An attacker can send a minimal XDomain packet that passes the generic header length check but is shorter than the target struct.

CVE-2026-53146
High

In the Linux kernel Thunderbolt subsystem, a vulnerability was found where tb_xdomain_copy() copies data from the XDomain response buffer without checking the actual frame size. A short response can cause reading beyond the valid DMA buffer area, exposing stale data from previous transactions.

CVE-2026-53145
High

A vulnerability was found in the Linux kernel's DRM GEM driver related to the change_handle ioctl operation. The issue stems from race condition bugs in the implementation, potentially leading to data races between GEM object close and handle change operations.

CVE-2026-53144
Medium

In the Linux kernel, a NULL pointer dereference vulnerability was found in the DRM AMD KFD driver. The get_queue_ids() function returns NULL when usr_queue_id_array is NULL and num_queues is non-zero, causing a kernel panic.

CVE-2026-53143
High

A buffer overflow vulnerability was found in the Linux kernel's amdkfd driver during SDMA queue checkpoint/restore on GFX11. The bug is caused by incorrect assignment of checkpoint/restore functions for SDMA MQD type, using a structure size of 2048 bytes instead of 512, leading to data leaks or memory corruption.

CVE-2026-53142
Medium

In the Linux kernel, a bug in the DRM/XE driver causes an oops during suspend or shutdown when the display is absent. The issue stems from improper handling of the probe_display flag, which is not reset after detecting missing display via fuses, leading to display code being called on uninitialized mode config.

CVE-2026-53141
Medium

In the Linux kernel DRM driver for V3D, a reference counting issue was found in the global performance monitor. Functions SET_GLOBAL, CLEAR_GLOBAL, and perfmon deletion fail to release references properly, causing memory leaks.

CVE-2026-53140
Medium

A vulnerability in the Linux kernel's DRM V3D driver causes a virtual address (vaddr) mapping leak when processing indirect CSD buffers. If the workgroup count read from the buffer is zero, the v3d_rewrite_csd_job_wg_counts_from_indirect() function exits early without releasing the mappings of both buffers.

CVE-2026-53139
Medium

In the Linux kernel, a vulnerability was found in the DRM V3D driver due to missing validation of zero workgroup counts in indirect CSD jobs. Submitting a dispatch with a zero count in any dimension is invalid and may cause unexpected hardware behavior.

PreviousPage 192 of 4563Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS