CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.15)

CVE-2026-53089
Low risk· EPSS 4%

A use-after-free vulnerability was found in the Linux kernel in functions that fill info for offloaded BPF maps or programs. During info queries, the functions obtained a network namespace reference that could already be freed, leading to memory corruption.

CVE-2026-53088
Critical

In the Linux kernel, an off-by-one error was found in the bcmgenet driver's bcmgenet_put_txcb function. The write_ptr points to the next free tx_cb, but the function returned the wrong element, causing incorrect cleanup of transmission buffers.

CVE-2026-53087
High

In the Linux kernel, a vulnerability in the bcmgenet driver causes a leak of free buffer descriptors (free_bds) during TX queue reclaim. Fast-forwarding the write pointer drops frames without returning them to the free pool, leading to resource exhaustion.

CVE-2026-53086
Critical

In the Linux kernel, a vulnerability was found in the bcmgenet driver's timeout handler. The bcmgenet_timeout handler aggressively stopped all transmit queues when only a single queue timed out, causing numerous race conditions with other queues that were still operating normally.

CVE-2026-53085
High

In the Linux kernel, a vulnerability was found in the open-coded task_vma iterator in BPF. The iterator reads task->mm without locking and does not increment the mm_struct reference count, leading to a use-after-free when the task exits concurrently.

CVE-2026-53084
Low risk· EPSS 5%

A vulnerability in the Linux kernel's BPF task_vma iterator causes a lock ordering issue between vm_lock, i_rwsem, and mmap_lock. The fix snapshots the VMA under the per-VMA lock and releases the lock before returning data to the BPF program.

CVE-2026-53083
Low risk· EPSS 5%

A vulnerability in the Linux kernel causes an RCU stall in bpf_fd_array_map_clear(). Missing cond_resched() in the loop processing PROG_ARRAY maps with many entries leads to system hangs under load.

CVE-2026-53082
Low risk· EPSS 6%

In the Linux kernel's 6pack (hamradio) driver, an uninit-value read vulnerability was found in the sixpack_receive_buf function. The function fails to properly skip bytes with TTY error flags, causing processing of data that should have been discarded.

CVE-2026-53081
High

A vulnerability in the Linux kernel's BPF verifier allows incorrect state comparison for scalar registers with the BPF_ADD_CONST flag due to missing base ID consistency checks. This can lead to state pruning succeeding erroneously, potentially bypassing security checks.

CVE-2026-53080
Low risk· EPSS 7%

In the Linux kernel, a vulnerability in the cls_fw classifier allows a filter to be published to the datapath before its change() function is called, leading to a NULL pointer dereference when an invalid old-style filter is used.

CVE-2026-53079
Low risk· EPSS 4%

A vulnerability in the Linux kernel causes a memory leak of socket buffers (skb) during deferred packet drops in qdiscs. The issue occurs when the root qdisc does not implement the TCQ_F_DEQUEUE_DROPS flag, leaving packets stranded on the child's local to_free list without being freed.

CVE-2026-53078
High

In the Linux kernel, a vulnerability in the BPF sock_ops mechanism causes the SOCK_OPS_GET_SK() and SOCK_OPS_GET_FIELD() macros to fail to zero the destination register when dst_reg equals src_reg. This results in stack out-of-bounds reads and kernel pointer leaks.

CVE-2026-53077
High

A vulnerability in the Linux kernel's RDS/IB module prevents it from functioning correctly in network namespaces other than the initial one. This restricts RDS/IB usage to the initial network namespace only.

CVE-2026-53076
High

An out-of-bounds read occurs in the Linux kernel when copying data from a BPF_MAP_TYPE_CGROUP_STORAGE map to another per-CPU map with the same value_size that is not rounded up to 8 bytes. The pcpu_initValue function incorrectly assumes the source data is 8-byte aligned, leading to OOB access.

CVE-2026-53075
High

In the Linux kernel, a vulnerability in the PPP driver allows a local unprivileged user to perform administrative ioctls (such as PPPIOCNEWUNIT, PPPIOCATTACH, PPPIOCATTCHAN) in an inherited network namespace while only having CAP_NET_ADMIN in a newly created user namespace. The fix requires CAP_NET_ADMIN in the user namespace that owns the target network namespace.

CVE-2026-53074
Low risk· EPSS 6%

A vulnerability in the Linux kernel's bpf_prog_test_run_skb function allowed access to IP headers even when test input contained only an Ethernet header. Lack of IPv4/IPv6 header length checks could lead to out-of-bounds read.

CVE-2026-53073
Low risk· EPSS 7%

In the Linux kernel Bluetooth HCI UART driver, a vulnerability exists where the HCI_UART_PROTO_INIT flag is not cleared after a failed HCI device registration. This allows incoming UART data to be processed by the protocol handler after resources are freed, leading to a null pointer dereference.

CVE-2026-53072
High

In the Linux kernel, a vulnerability was found in the Bluetooth stack where hci_conn_request_evt() calls hci_connect_cfm() without holding the hdev->lock, potentially leading to a use-after-free (UAF) if the connection is deleted concurrently.

CVE-2026-53071
High

In the Linux kernel, the Bluetooth L2CAP subsystem lacked a channel lock in the l2cap_ecred_reconf_rsp() function. A remote BLE device can send a crafted ECRED reconfiguration response, corrupting the channel list while another thread iterates it.

CVE-2026-53070
High

A vulnerability in the Linux kernel's SCTP over UDP implementation causes functions udp_tunnel_xmit_skb() to run without disabling bottom halves (BH), potentially moving context between CPUs and breaking recursion counters. This leads to incorrect recursion detection and packet drops, severely degrading SCTP throughput.

PreviousPage 274 of 4649Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS