CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.16)
A vulnerability has been identified in the Linux kernel related to use-after-free in the driver removal function. The issue occurs when a packet arrives after destroy_workqueue() is called but before sock_release(), leading to a use-after-free error.
A vulnerability has been identified in the Linux kernel that allows reading bitmap data from spare disks that are not fully synchronized. The lack of an In_sync flag check may lead to reading stale or uninitialized bitmap data.
A vulnerability in the Linux kernel related to validating ICMP reply types before using ICMP pointers has been resolved. Extended echo replies use ICMP_EXT_ECHOREPLY, which is outside the range covered by icmp_pointers[].
A vulnerability has been identified in the Linux kernel within the vfio/cdx module, which involves a lack of synchronization during operations on the cdx_irqs array. This can lead to a use-after-free situation due to concurrent calls, posing a risk of system instability.
A vulnerability in the Linux kernel's authencesn cryptographic mechanism allows using an undersized hash digest (1-3 bytes) during instance creation, leading to an out-of-bounds memory access when handling the ESN sequence number.
A vulnerability has been identified in the ks8851 driver in the Linux kernel that leads to a deadlock when processing TX and RX packets simultaneously. The issue occurs when BH is enabled during the allocation of buffers for received packets.
A vulnerability has been identified in the Linux kernel that allows re-entry into the slab allocator in NMI context, leading to slab state corruption. This issue occurs in uniprocessor (UP) systems and can be triggered by the kmalloc_nolock() function.
A vulnerability in the Linux kernel has been resolved in the smc_clc_wait_msg function. The issue involved handling connection declines during the early handshake stage, which could lead to incorrect updates of the link group synchronization state.
A vulnerability has been identified in the Linux kernel within libceph that may lead to a null pointer dereference in the ceph_handle_auth_reply() function. The issue occurs when a CEPH_MSG_AUTH_REPLY message contains zero values for both protocol and result, which is not currently treated as an error.
A vulnerability has been identified in the Linux kernel that allows for out-of-bounds read in the ibmasm_handle_mouse_interrupt() function. The issue occurs when the reader or writer indices exceed the allowed queue size, potentially leading to unintended reads from device registers.
A vulnerability has been identified in the Linux kernel that allows improper memory access due to lack of validation of the node identifier in the si_meminfo_node() function. Privileged users can exploit the DAMON tool to trigger this error.
A vulnerability has been identified in the Linux kernel related to socket migration in the SO_REUSEPORT group, which may lead to blocking of waiting threads. After socket migration, the new listener does not notify waiters about the availability of a connection, potentially causing them to remain asleep indefinitely.
A vulnerability has been identified in the Linux kernel affecting the mtk_jpeg_release() function. The issue arises from freeing the context (ctx) without first canceling any pending or running work, leading to race conditions and potential access to freed memory.
A vulnerability in the Linux kernel related to error handling in the rxgk_extract_token() function has been fixed. If rxgk_decrypt_skb() returns -ENOMEM, the function should return that error instead of continuing, which could lead to an abort.
A vulnerability has been identified in the Linux kernel related to a u32 overflow in the relocation bounds check in drm/nouveau. The issue occurs during offset validation, potentially leading to system instability.
A vulnerability has been identified in the Linux kernel within the caiaq driver, concerning improper error handling during the probe procedure in the setup_card() function. Errors are not handled correctly, potentially leading to a use-after-free (UAF) situation in further calls.
A vulnerability in the Linux kernel has been fixed in the pt5161l_read_block_data() function, which could lead to buffer overrun and incorrect return values on length mismatch.
A vulnerability has been identified in the Linux kernel within the z_erofs_lz4_handle_overlap() function, which may lead to improper memory access during LZ4 decompression. Specifically crafted images can cause out-of-bounds access, resulting in data access errors.
In the Linux kernel, a use-after-free (UAF) vulnerability was found in the rxrpc module after a failed skb_unshare() call. If skb_unshare() fails to duplicate a packet due to an allocation error, the skb pointer in the parent function (rxrpc_io_thread()) is set to NULL, which may cause a system crash when trace_rxrpc_rx_done() is called.
A vulnerability related to use-after-free in the SPI subsystem has been fixed in the Linux kernel. The issue occurred during the deregistration of the controller, which could lead to improper freeing of driver data.

