CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
A vulnerability in the Linux kernel related to the task_vma iterator has been resolved, which could lead to lock ordering issues. A VMA snapshot is now taken under the per-VMA lock, allowing the lock to be safely released before accessing the snapshot.
A vulnerability related to RCU in the bpf_fd_array_map_clear() function has been fixed in the Linux kernel. A missing cond_resched() in the loop can lead to RCU stalls under load, especially for PROG_ARRAY maps with many entries.
A vulnerability has been identified in the Linux kernel within the sixpack_receive_buf() function, which improperly skips bytes with TTY error flags. This leads to processing bytes that should have been skipped, resulting in an uninitialized value read.
A vulnerability in the Linux kernel's BPF verifier allows incorrect state comparison due to missing base ID consistency checks for scalar registers with BPF_ADD_CONST flag. This can lead to bypassing security checks.
A vulnerability in the Linux kernel has been fixed that led to a NULL pointer dereference in 'old' filters before their change. This issue occurred in the cls_fw module, where an invalid filter could classify packets before being destroyed by the validation logic.
A vulnerability has been identified in the Linux kernel related to a memory leak in the network stack during the removal of packets from the deferred list. The issue occurs when the root qdisc does not implement the TCQ_F_DEQUEUE_DROPS flag, leading to packets being stranded in the local to_free list.
In the Linux kernel BPF subsystem, a vulnerability was found in the SOCK_OPS_GET_SK() and SOCK_OPS_GET_FIELD() macros for sock_ops programs. When the destination register equals the source register and the socket is not full or locked, the destination register is not zeroed, leading to a kernel pointer leak and out-of-bounds stack read.
A vulnerability in the Linux kernel's RDS/IB module prevents proper operation in network namespaces other than the initial one. This restricts RDS/IB usage to the initial network namespace only.
An out-of-bounds read vulnerability in the Linux kernel occurs when copying data from a BPF_MAP_TYPE_CGROUP_STORAGE map to another per-CPU map with the same value_size not aligned to 8 bytes. This leads to reading beyond the allocated buffer.
In the Linux kernel, a vulnerability in the PPP driver allows a local unprivileged user to perform administrative ioctls (such as PPPIOCNEWUNIT, PPPIOCATTACH, PPPIOCATTCHAN) in an inherited network namespace while only having CAP_NET_ADMIN in a newly created user namespace. The fix requires CAP_NET_ADMIN in the user namespace that owns the target network namespace.
A vulnerability has been identified in the Linux kernel related to the bpf_prog_test_run_skb function. The issue is that this function may access IP headers even when the provided test input only contains an Ethernet header.
A vulnerability has been identified in the Linux kernel that occurs when hci_register_dev() fails in hci_uart_register_dev(). In this case, HCI_UART_PROTO_INIT is not cleared before calling hu->proto->close(hu), which may lead to improper processing of UART data.
In the Linux kernel, a vulnerability was found in the Bluetooth stack where hci_conn_request_evt() calls hci_connect_cfm() without holding the hdev->lock. This can lead to a use-after-free (UAF) if the connection is deleted concurrently.
In the Linux kernel, the Bluetooth L2CAP subsystem lacked a channel lock in the l2cap_ecred_reconf_rsp() function. A remote BLE device can send a crafted ECRED reconfiguration response, corrupting the channel list while another thread iterates it.
A vulnerability in the Linux kernel's SCTP over UDP implementation fails to disable BH before calling tunnel transmit functions, causing unbalanced recursion counters and potential packet drops.
A null-pointer dereference vulnerability was found in the Linux kernel's xdp_master_redirect() function when redirecting XDP traffic to a master interface (bond) that has not been brought up. The issue occurs when a bond interface in round-robin mode lacks the rr_tx_counter because it never went through bond_open().
In the Linux kernel, a vulnerability was found in the komeda DRM driver where the AFBC framebuffer size validation did not check for integer overflow. Adding the AFBC payload size to the framebuffer offset could overflow, allowing the size check to pass incorrectly and accept an undersized GEM object. This could lead to out-of-bounds memory access.
A vulnerability related to the allocation of the doorbell message array in PCI has been fixed in the Linux kernel. In case of MSI allocation failure, pointers may reference freed memory, leading to potential errors.
A vulnerability has been identified in the Linux kernel in the function drm_atomic_get_plane_state(), which can return an error pointer that is not checked. A fix has been implemented to add error pointer checking.
A vulnerability has been identified in the Linux kernel related to the allocation of regmap_field objects that are not freed after the driver is removed, potentially leading to resource leaks.

