CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.16)
In the Linux kernel SCTP stack, a vulnerability was found due to improper revalidation of the list cursor in sctp_sendmsg() for the SCTP_SENDALL path. While iterating over associations, the list can be modified by another thread, leading to use-after-free or type confusion.
A vulnerability related to use-after-free has been fixed in the Linux kernel in the spi: mpc52xx component. The issue occurred in the state machine work scheduled by the interrupt handler, which could lead to unsafe memory access.
A vulnerability in the Linux kernel related to bounds checking in the uvd/vce/vcn code has been resolved, which accesses the IB at predefined offsets.
A race condition was found in the Linux kernel DRM driver in the change_handle function. During handle swap, a single object briefly had two IDR entries, allowing a concurrent gem_close to delete the object and leave a dangling handle, leading to a use-after-free.
A vulnerability related to use-after-free (UAF) in the inactivity timer cleanup path in the HID appletb-kbd driver has been identified in the Linux kernel. Issues occur in two time windows that may lead to accessing freed memory.
A vulnerability has been identified in the Linux kernel within the batman-adv module, concerning improper memory management during the deletion of claims. The issue can lead to a use-after-free situation, potentially resulting in unpredictable system behavior.
A vulnerability has been identified in the Linux kernel related to the use-after-free of the fmt_src object during Macro Blocks Per Frame (MBPF) checks. The issue occurs when multiple instances run in parallel, leading to a race condition between threads.
A vulnerability has been identified in the Linux kernel related to inconsistent plane dimension calculations in the drm_gem_fb_init_with_funcs() function. This flaw leads to incorrect GEM object size validation, potentially resulting in memory access beyond the object's bounds.
A vulnerability has been identified in the Linux kernel's batman-adv module, allowing tp_meter sessions to continue after the netlink request has finished. During the removal of the mesh interface, these sessions are not properly stopped, potentially leading to synchronization issues.
A vulnerability in the Linux kernel related to batman-adv has been resolved, preventing new tp_meter sessions from starting after leaving the BATADV_MESH_ACTIVE state.
A vulnerability in the Linux kernel has been resolved by disallowing all private IOCTLs. IOCTLs are not as safe as one might assume, hence they have been temporarily disabled.
A vulnerability in the Linux kernel has been resolved that allowed out-of-bounds (OOB) reads when parsing IB in the drm/amdgpu/vcn4 module. The IB parsing has been rewritten to use amdgpu_ib_get_value(), which handles bounds checks.
A vulnerability in the Linux kernel related to unclocked register access during driver unbind has been fixed. The issue involves ensuring the controller is runtime resumed before disabling it.
In the Linux kernel, a vulnerability related to dma-buf attachment leak in the function xe_gem_prime_import() has been fixed. The issue occurs when xe_dma_buf_init_obj() fails, and the attachment is not detached.
A vulnerability in the Linux kernel has been resolved that allowed out-of-bounds (OOB) reads when parsing decoder messages in the amdgpu vcn4 module. Boundary checks have been implemented to prevent such reads.
A vulnerability related to integer overflow in the batman-adv module has been fixed in the Linux kernel. The issue concerns the batadv_iv_ogm_send_to_if function, where the size check was performed using the int type, while the buff_pos variable uses the s16 type, potentially leading to an out-of-bounds read.
A vulnerability in the Linux kernel has been resolved, concerning the validation of the nattr field in the SVM ioctl against the buffer size. This prevents out-of-bounds buffer access via user-controlled attribute count.
A vulnerability has been identified in the Linux kernel related to out-of-bounds access to the font buffer during console rotation failure. The fbcon_rotate_font() function does not clear the font buffer, which may lead to buffer overflow when printing to the rotated console.
A vulnerability has been identified in the Linux kernel that allows for an out-of-bounds read in the spi_nor_params_show() function. The issue arises from incorrect size calculations of an array of pointers, leading to improper bounds checking in the spi_nor_print_flags() function.
In the Linux kernel's RDMA driver for VMware virtual machines (vmw_pvrdma), a double free vulnerability was found on the error path of pvrdma_alloc_ucontext(). The pvrdma_uar_free() function is called both before and inside pvrdma_dealloc_ucontext(), causing a double free.

