CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.16)
A vulnerability has been identified in the Linux kernel within the tg_pt_gp_members_show() function, which may lead to reading data beyond the allocated stack buffer. The issue arises from an improper length check on the data returned by snprintf(), potentially resulting in copying adjacent stack data.
In the Linux kernel, the RDMA/mana driver lacked validation of the rx_hash_key_len value from userspace. This allowed unbounded memcpy, potentially causing kernel memory corruption.
In the Linux kernel, the Bluetooth btmtk driver lacks validation of WMT event response SKB length before accessing its structure. A short firmware response can cause out-of-bounds reads from the SKB tailroom.
A vulnerability has been identified in the Linux kernel related to Bluetooth event handling, which may lead to out-of-bounds reads and an infinite loop. The issue occurs in the hci_le_create_big_complete_evt() function, which does not check if the index remains within the bounds of the array during iteration.
A vulnerability has been identified in the Linux kernel related to the wifi: mt76: mt7921 component, concerning a potential clc buffer length underflow. This underflow may lead to an almost infinite loop or an invalid power setting, resulting in driver initialization failure.
A vulnerability has been identified in the Linux kernel that allows a system panic to be triggered by receiving an unauthorized UDP packet with an unknown opcode. This issue affects the processing of packets in the Soft RoCE driver, where insufficient checks lead to out-of-bounds memory reads.
A vulnerability has been identified in the Linux kernel within the dm-verity-fec function, which incorrectly assumes that parity bytes are not split across blocks. As a result, during decoding, it may read data outside the allocated buffer, potentially leading to unexpected system behavior.
A vulnerability has been identified in the Linux kernel that leads to a double free in the create_space_info() function on error. The issue occurs when kobject_init_and_add() fails, resulting in improper memory management.
In the Linux kernel's mac80211 subsystem, a vulnerability was found where a station is not removed after a failed MLO connection preparation. When MLO connection preparation fails, the interface is reset to non-MLD mode, but the existing station associated with the removed link is not deleted, leading to a use-after-free in debugfs.
A vulnerability has been identified in the Linux kernel within the isofs_fh_to_dentry() and isofs_fh_to_parent() functions, which pass an attacker-controlled block number from the NFS file handle to isofs_export_iget(). Although block 0 is rejected, an attacker can force the read of any in-range block, leading to the exposure of unrelated data in dentry metadata.
A vulnerability has been identified in the Linux kernel's Bluetooth module that allows improper processing of buffer length, potentially leading to exposure of uninitialized kernel memory. The issue occurs in the virtbt_rx_work() function, where the buffer length is not properly validated.
A vulnerability has been identified in the Linux kernel within the wifi b43 module, allowing the firmware-controlled key index in b43_rx() to exceed the size of the dev->key[] array. Changes have been made to enforce bounds checking to prevent out-of-bounds reads.
A vulnerability has been identified in the Linux kernel that allows a race condition between reading and writing the 'memcg_path' and 'path' files in the DAMON sysfs interface, leading to a use-after-free situation. A patch has been introduced to protect these operations from concurrent access.
A vulnerability has been identified in the Linux kernel within the ip6erspan_changelink() function, which uses an outdated network context, leading to memory-related errors. This issue can result in use-after-free conditions reported by KASAN.
In the Linux kernel, the RDMA/mana driver removed a user-triggerable WARN_ON() call. Specifying multiple work queues (WQs) sharing the same completion queue (CQ) via uAPI triggered the warning and could corrupt the kernel.
A use-after-free vulnerability was found in the Linux kernel's __xfrm_state_delete() function during xfrm state cleanup. The issue stems from inconsistent list membership checks on byseq/byspi hash chains, potentially leading to double deletion and write via LIST_POISON pointer.
In the Linux kernel's RDMA/rxe driver, a vulnerability was found due to missing validation of ATOMIC_WRITE payload length. A remote attacker can send a zero-length request, causing 8 bytes beyond the packet end to be read and written to the victim's memory, leading to kernel data leak.
A vulnerability in the Linux kernel related to KVM has been fixed, concerning use-after-free in shadow paging. The issue occurred when guest page tables were modified between VM entries, leading to memory management errors.
A vulnerability has been identified in the Linux kernel related to the hns_roce_qp_remove() function, which requires the caller to hold locks. In the error flow of hns_roce_create_qp_common(), these locks are not held, risking memory corruption.
A vulnerability related to Bluetooth in the Linux kernel has been fixed, which could lead to a use-after-free error in the create_big_sync function. An additional check, hci_conn_valid(), was introduced to detect stale connections before BIG creation.

