CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.16)

CVE-2026-46219
High

A vulnerability related to use-after-free has been fixed in the Linux kernel in the spi: mpc52xx component. The issue occurred in the state machine work scheduled by the interrupt handler, which could lead to unsafe memory access.

CVE-2026-46218
High

A vulnerability in the Linux kernel related to bounds checking in the uvd/vce/vcn code has been resolved, which accesses the IB at predefined offsets.

CVE-2026-46215
High

A race condition was found in the Linux kernel DRM driver in the change_handle function. During handle swap, a single object briefly had two IDR entries, allowing a concurrent gem_close to delete the object and leave a dangling handle, leading to a use-after-free.

CVE-2026-46213
High

A vulnerability related to use-after-free (UAF) in the inactivity timer cleanup path in the HID appletb-kbd driver has been identified in the Linux kernel. Issues occur in two time windows that may lead to accessing freed memory.

CVE-2026-46212
High

A vulnerability has been identified in the Linux kernel within the batman-adv module, concerning improper memory management during the deletion of claims. The issue can lead to a use-after-free situation, potentially resulting in unpredictable system behavior.

CVE-2026-46210
High

A vulnerability has been identified in the Linux kernel related to the use-after-free of the fmt_src object during Macro Blocks Per Frame (MBPF) checks. The issue occurs when multiple instances run in parallel, leading to a race condition between threads.

CVE-2026-46209
High

A vulnerability has been identified in the Linux kernel related to inconsistent plane dimension calculations in the drm_gem_fb_init_with_funcs() function. This flaw leads to incorrect GEM object size validation, potentially resulting in memory access beyond the object's bounds.

CVE-2026-46208
High

A vulnerability has been identified in the Linux kernel's batman-adv module, allowing tp_meter sessions to continue after the netlink request has finished. During the removal of the mesh interface, these sessions are not properly stopped, potentially leading to synchronization issues.

CVE-2026-46206
High

A vulnerability in the Linux kernel related to batman-adv has been resolved, preventing new tp_meter sessions from starting after leaving the BATADV_MESH_ACTIVE state.

CVE-2026-46205
High

A vulnerability in the Linux kernel has been resolved by disallowing all private IOCTLs. IOCTLs are not as safe as one might assume, hence they have been temporarily disabled.

CVE-2026-46204
High

A vulnerability in the Linux kernel has been resolved that allowed out-of-bounds (OOB) reads when parsing IB in the drm/amdgpu/vcn4 module. The IB parsing has been rewritten to use amdgpu_ib_get_value(), which handles bounds checks.

CVE-2026-46203
High

A vulnerability in the Linux kernel related to unclocked register access during driver unbind has been fixed. The issue involves ensuring the controller is runtime resumed before disabling it.

CVE-2026-46201
High

In the Linux kernel, a vulnerability related to dma-buf attachment leak in the function xe_gem_prime_import() has been fixed. The issue occurs when xe_dma_buf_init_obj() fails, and the attachment is not detached.

CVE-2026-46199
High

A vulnerability in the Linux kernel has been resolved that allowed out-of-bounds (OOB) reads when parsing decoder messages in the amdgpu vcn4 module. Boundary checks have been implemented to prevent such reads.

CVE-2026-46198
High

A vulnerability related to integer overflow in the batman-adv module has been fixed in the Linux kernel. The issue concerns the batadv_iv_ogm_send_to_if function, where the size check was performed using the int type, while the buff_pos variable uses the s16 type, potentially leading to an out-of-bounds read.

CVE-2026-46197
High

A vulnerability in the Linux kernel has been resolved, concerning the validation of the nattr field in the SVM ioctl against the buffer size. This prevents out-of-bounds buffer access via user-controlled attribute count.

CVE-2026-46191
High

A vulnerability has been identified in the Linux kernel related to out-of-bounds access to the font buffer during console rotation failure. The fbcon_rotate_font() function does not clear the font buffer, which may lead to buffer overflow when printing to the rotated console.

CVE-2026-46190
High

A vulnerability has been identified in the Linux kernel that allows for an out-of-bounds read in the spi_nor_params_show() function. The issue arises from incorrect size calculations of an array of pointers, leading to improper bounds checking in the spi_nor_print_flags() function.

CVE-2026-46189
High

In the Linux kernel's RDMA driver for VMware virtual machines (vmw_pvrdma), a double free vulnerability was found on the error path of pvrdma_alloc_ucontext(). The pvrdma_uar_free() function is called both before and inside pvrdma_dealloc_ucontext(), causing a double free.

CVE-2026-46183
High

A vulnerability has been identified in the Linux kernel that allows users to read and write to the damon_sysfs_quot_goal->path structure without proper protection. This can lead to situations where a user reads an already freed buffer, posing a risk to system stability.

PreviousPage 280 of 3414Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS