CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-53064
Unknown

A vulnerability has been identified in the Linux kernel that leads to a NULL pointer dereference in passthrough mode during concurrent writes. The issue occurs when an attempt to invalidate a cache entry fails due to a lock, resulting in an error in the invalidate_complete() function.

CVE-2026-53063
Unknown

A vulnerability has been identified in the Linux kernel within the invalidate_remove() function, leading to write operation hangs in passthrough mode. The issue arises from incomplete logic for handling write hit bios after cache invalidation.

CVE-2026-53062
High

In the Linux kernel, the dm-cache policy SMQ lacks proper locking when invalidating cache blocks in passthrough mode. The invalidate_mapping operation is called concurrently from multiple workers without protection, leading to data races on the allocated blocks counter and potential use-after-free issues in internal data structures.

CVE-2026-53061
Unknown

A vulnerability has been identified in the Linux kernel's dm-cache mechanism that may lead to data loss. The issue arises from incorrect checking of dirty mappings in passthrough mode during table reload, potentially resulting in the loading of dirty mappings.

CVE-2026-53060
Unknown

A vulnerability has been identified in the Linux kernel that leads to a memory leak in the dm_cache_metadata_abort function when the root_lock cannot be acquired due to the block_manager being read-only. This issue occurs during multiple calls to the function under specific conditions, resulting in improper resource release.

CVE-2026-53059
Medium

In the Linux kernel, a vulnerability in the dm log module allows an out-of-bounds write due to a 32-bit unsigned int overflow in region_count when using dm_sector_div_up() which returns 64-bit sector_t. This results in undersized heap buffers and subsequent heap memory corruption.

CVE-2026-53058
Unknown

A vulnerability in the Linux kernel related to the incorrect setting of the mhdp pointer in the atomic_enable() function has been resolved. If errors occur in cdns_mhdp_link_up() or cdns_mhdp_reg_read(), it may lead to a NULL pointer dereference, causing a crash.

CVE-2026-53057
High

In the Linux kernel, the RISC-V IOMMU subsystem lacked required TLB and context cache invalidations after updating DDT/PDT entries. The riscv_iommu_iodir_iotinval() function was added to comply with the RISC-V IOMMU specification.

CVE-2026-53056
Unknown

A vulnerability has been identified in the Linux kernel related to a mismatch between voltage and clock frequency during DPU suspend and resume. The call to dev_pm_opp_set_rate(dev, 0) causes a drop in voltage, potentially leading to system instability.

CVE-2026-53055
Critical

In the Linux kernel's hisilicon/sec2 crypto driver, a use-after-free vulnerability was found. Under heavy system load, hardware may complete packet processing and free the request memory (req) before the transmission function finishes, causing an error. The fix replaces the req pointer with the qp_ctx structure, which persists throughout the packet sending process.

CVE-2026-53054
High

In the Linux kernel, a locking bug was found in the drm/msm driver's VM_BIND UNMAP operation. An incorrect argument caused objects involved in UNMAP operations not to be consistently locked, potentially leading to synchronization issues.

CVE-2026-53053
High

In the Linux kernel, a vulnerability was found in the AMD IOMMU subsystem's clone_alias() function. It incorrectly assumed the first argument (pdev) always points to the original device, while it could be an alias device. This caused the wrong devid to be used when copying DTE entries, leading to incorrect or stale entries being propagated to the alias device.

CVE-2026-53052
Unknown

A vulnerability has been identified in the Linux kernel that has been resolved. It concerns the ASoC component in the qcom system, where failing to check the widget type before accessing private data may lead to incorrect memory access.

CVE-2026-53051
Unknown

A vulnerability has been identified in the Linux kernel related to CBB timeout caused by accessing the DBI register before powering on the controller core. The issue occurs when the PERST# signal is deasserted twice, leading to errors in accessing DBI registers.

CVE-2026-53050
High

A race condition in the Linux kernel's dquot_scan_active() function during quota deactivation can lead to use-after-free, potentially causing system instability.

CVE-2026-53049
Critical

In the Linux kernel, the GFS2 filesystem lacked proper log locking in the gfs2_logd() function. Log flushing functions were called without holding the required sdp->sd_log_flush_lock, potentially causing conflicts with concurrent transactions. A new __gfs2_log_flush() function and proper locking were added.

CVE-2026-53048
Unknown

A vulnerability has been identified in the Linux kernel that may lead to a NULL pointer dereference during the unmounting of the gfs2 filesystem. This issue has been resolved by adding appropriate checks in the gfs2_log_flush function and fixing the dereference in gfs2_log_release.

CVE-2026-53047
Unknown

A vulnerability has been identified in the Linux kernel related to incorrect allocation size in the krealloc() function for cap_info->phys. This issue may lead to insufficient memory allocation, which on 32-bit PAE systems can result in a heap buffer overflow.

CVE-2026-53046
Critical

In the Linux kernel, a use-after-free vulnerability was found in the ksmbd module related to the Qualcomm Crypto Engine (QCE). The ksmbd_crypt_message() function does not properly handle the -EINPROGRESS return code from the hardware crypto engine, leading to premature memory freeing and a system crash.

CVE-2026-53045
Critical

In the Linux kernel, the memory driver for Tegra124-EMC had a reversed logic check for whether DLL is enabled in the EMRS register. The fix corrects the condition to properly check if bit A0 is low (indicating DLL enabled).

PreviousPage 207 of 4562Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS