CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.15)
In the Linux kernel, a vulnerability was found in the mm/vmalloc module where the decay_va_pool_node() function could be invoked concurrently from two paths: during pool purging and via the shrinker mechanism. The lack of serialization in the shrinker path leads to races and potential memory leaks. The fix introduces the vmap_purge_lock in the shrinker path to ensure proper serialization.
A vulnerability in the Linux kernel related to handling misaligned crypto length in rxrpc packets has been fixed. The changes include improving error handling during decryption and removing a warning that could be remotely triggered.
A vulnerability has been identified in the Linux kernel related to improper RX steering management after WQ objects are destroyed. After destroying the RSS QP, the RX steering configuration remains active, which may lead to errors in delivering RX completions to new TX objects.
A vulnerability has been identified in the Linux kernel in the acomp_save_req() function, which stores an incorrect pointer leading to memory corruption. The issue occurs during asynchronous request completion in hardware implementations like the QAT driver.
A vulnerability has been identified in the Linux kernel regarding the handling of nameoff pointers for trailing dirents in the EROFS filesystem. The issue arises from incorrect calculations that may lead to reading past the directory block.
A vulnerability in the Linux kernel has been resolved in KVM, which involved improper handling of VMMCALL calls when L1 did not want to intercept them. In such cases, KVM generates a #UD exception, allowing L2 to make hypercalls without L1's interaction.
A vulnerability in the Linux kernel related to potential use-after-free (UAF) and memory leak in the removal path for the atmel-sha204a component has been fixed.
A vulnerability has been identified in the Linux kernel regarding the validation of payload size before accessing journal metadata in RAID5. The functions r5c_recovery_analyze_meta_block() and r5l_recovery_verify_data_checksum_for_mb() do not validate payload sizes, which can lead to out-of-bounds reads.
A vulnerability has been identified in the Linux kernel within the mwifiex_adapter_cleanup() function that may lead to a use-after-free error. The issue arises when timer_delete() is called before the adapter structure is freed, potentially allowing access to freed adapter fields by an executing callback.
A vulnerability has been identified in the Linux kernel related to bounce buffer leaks in the nx842_crypto_{alloc,free}_ctx functions. The issue is due to improper buffer release, which should use free_pages() instead of free_page().
A vulnerability has been identified in the Linux kernel that allows users to set the 'damos_quota_goal->nid' value without proper validation. This can lead to unauthorized memory access outside the allocated range.
A vulnerability in the Linux kernel related to disconnecting deferred I/O from the lifecycle of the fb_info structure has been resolved. A new fb_deferred_io_state structure has been introduced to hold the state of deferred I/O, preventing issues with accessing graphics memory after device hot-unplug.
A vulnerability has been identified in the Linux kernel within the ibmasm_send_i2o_message() function, which may lead to a heap over-read. A root user can exploit unvalidated header fields, resulting in reading data beyond the allocated memory area.
A vulnerability in the Linux kernel related to integer overflow in the run_unpack() function during volume boundary checks has been resolved. This issue occurred due to the use of raw addition, which could bypass validation for large lcn and len values.
A vulnerability has been identified in the Linux kernel caused by a race condition between the m2m job_abort and device_run functions, leading to kernel panic. The issue occurs when v4l2_m2m_ctx_release() frees m2m_ctx while v4l2_m2m_try_run() attempts to call device_run with the same context.
A vulnerability related to Bluetooth event handling has been fixed in the Linux kernel, which could lead to a potential use-after-free (UAF) in SSP key handling.
A vulnerability related to string buffer overrun in the AppArmor module has been identified in the Linux kernel. The issue occurs when booting Ubuntu 26.04 on ARM64 architecture, leading to memory errors.
A vulnerability in the Linux kernel related to improper resource management in the __rds_rdma_map() function has been fixed. The issue occurred when copying the generated cookie back to user space failed, which could lead to improper resource freeing.
A vulnerability has been identified in the Linux kernel within the Ceph filesystem that allows unsafe re-adding of negative dentries to the hashed list. This issue can lead to data structure corruption, resulting in process hangs.
A vulnerability has been identified in the Linux kernel related to use-after-free in the driver removal function. The issue occurs when a packet arrives after destroy_workqueue() is called but before sock_release(), leading to a use-after-free error.

