CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.13)

CVE-2026-46163
High

A vulnerability has been identified in the Linux kernel within the b43legacy module, allowing the firmware-controlled key index in the RX path to exceed the allowed range. The fix enforces a bounds check to prevent out-of-bounds reads.

CVE-2026-46162
High

A vulnerability has been identified in the Linux kernel that leads to a double free in the ice_sf_eth_activate() function on error. The issue occurs when the auxiliary_device_add() call fails, resulting in improper resource deallocation.

CVE-2026-46157
High

A vulnerability has been identified in the Linux kernel related to concurrent access to the runtime.oss.trigger field in ALSA, which may lead to a data race. This issue can result in overwriting other bit fields, causing confusion in operations.

CVE-2026-46154
High

A vulnerability has been identified in the Linux kernel regarding the reading of the scx_root pointer in the context of cgroup operations. The issue arises because the pointer may become stale by the time the operation is executed, potentially leading to use-after-free conditions.

CVE-2026-46152
High

In the Linux kernel's mac80211 subsystem, a vulnerability was found due to an incorrect use of a static 'rx_result' variable in ieee80211_invoke_fast_rx(). When multiple threads process packets concurrently, results can be overwritten, leading to incorrect packet routing.

CVE-2026-46150
High

A vulnerability has been identified in the Linux kernel that could lead to false positives in permission events related to fanotify. The issue was that fsnotify_get_mark_safe() could return false for a mark on an unrelated group, resulting in bypassing the permission check.

CVE-2026-46149
High

A vulnerability has been identified in the Linux kernel within the tg_pt_gp_members_show() function, which may lead to reading data beyond the allocated stack buffer. The issue arises from an improper length check on the data returned by snprintf(), potentially resulting in copying adjacent stack data.

CVE-2026-46145
High

In the Linux kernel, the RDMA/mana driver lacked validation of the rx_hash_key_len value from userspace. This allowed unbounded memcpy, potentially causing kernel memory corruption.

CVE-2026-46140
High

In the Linux kernel, the Bluetooth btmtk driver lacks validation of WMT event response SKB length before accessing its structure. A short firmware response can cause out-of-bounds reads from the SKB tailroom.

CVE-2026-46138
High

A vulnerability has been identified in the Linux kernel related to Bluetooth event handling, which may lead to out-of-bounds reads and an infinite loop. The issue occurs in the hci_le_create_big_complete_evt() function, which does not check if the index remains within the bounds of the array during iteration.

CVE-2026-46136
High

A vulnerability has been identified in the Linux kernel related to the wifi: mt76: mt7921 component, concerning a potential clc buffer length underflow. This underflow may lead to an almost infinite loop or an invalid power setting, resulting in driver initialization failure.

CVE-2026-46133
High

A vulnerability has been identified in the Linux kernel that allows a system panic to be triggered by receiving an unauthorized UDP packet with an unknown opcode. This issue affects the processing of packets in the Soft RoCE driver, where insufficient checks lead to out-of-bounds memory reads.

CVE-2026-46130
High

A vulnerability has been identified in the Linux kernel within the dm-verity-fec function, which incorrectly assumes that parity bytes are not split across blocks. As a result, during decoding, it may read data outside the allocated buffer, potentially leading to unexpected system behavior.

CVE-2026-46129
High

A vulnerability has been identified in the Linux kernel that leads to a double free in the create_space_info() function on error. The issue occurs when kobject_init_and_add() fails, resulting in improper memory management.

CVE-2026-46125
High

In the Linux kernel's mac80211 subsystem, a vulnerability was found where a station is not removed after a failed MLO connection preparation. This leads to a use-after-free or double-free in debugfs when the interface is reset from MLD mode.

CVE-2026-46124
High

A vulnerability has been identified in the Linux kernel within the isofs_fh_to_dentry() and isofs_fh_to_parent() functions, which pass an attacker-controlled block number from the NFS file handle to isofs_export_iget(). Although block 0 is rejected, an attacker can force the read of any in-range block, leading to the exposure of unrelated data in dentry metadata.

CVE-2026-46123
High

A vulnerability has been identified in the Linux kernel's Bluetooth module that allows improper processing of buffer length, potentially leading to exposure of uninitialized kernel memory. The issue occurs in the virtbt_rx_work() function, where the buffer length is not properly validated.

CVE-2026-46122
High

A vulnerability has been identified in the Linux kernel within the wifi b43 module, allowing the firmware-controlled key index in b43_rx() to exceed the size of the dev->key[] array. Changes have been made to enforce bounds checking to prevent out-of-bounds reads.

CVE-2026-46121
High

A vulnerability has been identified in the Linux kernel that allows a race condition between reading and writing the 'memcg_path' and 'path' files in the DAMON sysfs interface, leading to a use-after-free situation. A patch has been introduced to protect these operations from concurrent access.

CVE-2026-46120
High

A vulnerability has been identified in the Linux kernel within the ip6erspan_changelink() function, which uses an outdated network context, leading to memory-related errors. This issue can result in use-after-free conditions reported by KASAN.

PreviousPage 229 of 3355Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS