CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.13)
A vulnerability in the Linux kernel has been resolved that allowed out-of-bounds (OOB) reads when parsing IB in the drm/amdgpu/vcn4 module. The IB parsing has been rewritten to use amdgpu_ib_get_value(), which handles bounds checks.
A vulnerability in the Linux kernel related to unclocked register access during driver unbind has been fixed. The issue involves ensuring the controller is runtime resumed before disabling it.
In the Linux kernel, a vulnerability related to dma-buf attachment leak in the function xe_gem_prime_import() has been fixed. The issue occurs when xe_dma_buf_init_obj() fails, and the attachment is not detached.
A vulnerability in the Linux kernel has been resolved that allowed out-of-bounds (OOB) reads when parsing decoder messages in the amdgpu vcn4 module. Boundary checks have been implemented to prevent such reads.
A vulnerability related to integer overflow in the batman-adv module has been fixed in the Linux kernel. The issue concerns the batadv_iv_ogm_send_to_if function, where the size check was performed using the int type, while the buff_pos variable uses the s16 type, potentially leading to an out-of-bounds read.
A vulnerability in the Linux kernel has been resolved, concerning the validation of the nattr field in the SVM ioctl against the buffer size. This prevents out-of-bounds buffer access via user-controlled attribute count.
A vulnerability has been identified in the Linux kernel related to out-of-bounds access to the font buffer during console rotation failure. The fbcon_rotate_font() function does not clear the font buffer, which may lead to buffer overflow when printing to the rotated console.
A vulnerability has been identified in the Linux kernel that allows for an out-of-bounds read in the spi_nor_params_show() function. The issue arises from incorrect size calculations of an array of pointers, leading to improper bounds checking in the spi_nor_print_flags() function.
In the Linux kernel, a double free vulnerability was found in the RDMA/vmw_pvrdma driver on the error path of pvrdma_alloc_ucontext(). The pvrdma_uar_free() function is called twice: once directly and then again inside pvrdma_dealloc_ucontext(), causing a double free.
A vulnerability has been identified in the Linux kernel that allows users to read and write to the damon_sysfs_quot_goal->path structure without proper protection. This can lead to situations where a user reads an already freed buffer, posing a risk to system stability.
In the Linux kernel, the RDMA/mlx4 driver misuses RCU in mlx4_srq_event(). The radix_tree is RCU-safe, but the mlx4_srq struct is never freed with RCU and is not accessed within an RCU critical section. Delivering an event before the srq object is fully initialized can cause a system crash.
A vulnerability in the Linux kernel related to a potential use-after-free issue when stopping the watchdog task has been resolved.
A vulnerability in the Linux kernel related to resource leak in mlx4_ib_create_srq() has been fixed. The issue was that mlx4_srq_free() was not called during error unwind, leading to resource leaks.
A vulnerability in the Linux kernel related to limits on event and message requests has been resolved. The driver could continuously fetch events, potentially causing issues with BMCs that never signal completion. A limit of 10 fetches at a time has been introduced.
In the Linux kernel RDMA/mlx5 driver, a bug in mlx5_ib_dev_res_srq_init() causes fall-through after a failed SRQ allocation (s1). The error path frees s0 but then assigns the freed s0 and an ERR_PTR to devr->s0 and devr->s1, leading to use-after-free and invalid pointer dereferences.
A vulnerability has been identified in the Linux kernel related to node block migration in the f2fs filesystem, which may lead to misinterpretation of data as fsync-written. This issue occurs during FGGC node block migration, potentially resulting in errors in the fsck tool.
A vulnerability has been identified in the Linux kernel regarding improper isolation of shared resources in the op cache of AMD Zen2 processors. This issue could lead to instruction corruption.
A vulnerability has been identified in the Linux kernel that allows preemption of a TASK_DEAD task during its exit. This can lead to serious memory issues, such as use-after-free or double-free of the task's stack.
In the Linux kernel, a vulnerability was found in the mac80211 subsystem due to unsafe list iteration in the radar detect work function. Calling ieee80211_dfs_cac_cancel can free and remove the iterated chanctx from the list, leading to a slab-use-after-free error.
A vulnerability has been identified in the Linux kernel that leads to a double free in the create_space_info_sub_group() function on error. The issue occurs when kobject_init_and_add() fails, resulting in the sub_group object being freed twice.

