CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.16)
A vulnerability has been identified in the Linux kernel that allows users to read and write to the damon_sysfs_quot_goal->path structure without proper protection. This can lead to situations where a user reads an already freed buffer, posing a risk to system stability.
In the Linux kernel, the RDMA/mlx4 driver misuses RCU in mlx4_srq_event(). The radix_tree is RCU-safe, but the mlx4_srq struct is never freed with RCU and is not accessed within an RCU critical section. Delivering an event before the srq object is fully initialized can cause a kernel crash.
A vulnerability in the Linux kernel related to a potential use-after-free issue when stopping the watchdog task has been resolved.
A vulnerability in the Linux kernel related to resource leak in mlx4_ib_create_srq() has been fixed. The issue was that mlx4_srq_free() was not called during error unwind, leading to resource leaks.
A vulnerability in the Linux kernel related to limits on event and message requests has been resolved. The driver could continuously fetch events, potentially causing issues with BMCs that never signal completion. A limit of 10 fetches at a time has been introduced.
In the Linux kernel's mlx5 driver, a bug in mlx5_ib_dev_res_srq_init() causes fall-through after s1 allocation failure, assigning freed s0 and an ERR_PTR to data structures. This leads to use-after-free, ERR_PTR dereference, and double-free.
A vulnerability has been identified in the Linux kernel related to node block migration in the f2fs filesystem, which may lead to misinterpretation of data as fsync-written. This issue occurs during FGGC node block migration, potentially resulting in errors in the fsck tool.
In the Linux kernel, a vulnerability was found in AMD Zen2 processors due to improper isolation of shared resources in the op cache. This can lead to instruction corruption and potential security breaches.
A vulnerability has been identified in the Linux kernel that allows preemption of a TASK_DEAD task during its exit. This can lead to serious memory issues, such as use-after-free or double-free of the task's stack.
In the Linux kernel, a vulnerability was found in the mac80211 subsystem due to unsafe list iteration in the radar detect work function. Calling ieee80211_dfs_cac_cancel can free and remove the iterated chanctx from the list, leading to a slab-use-after-free error.
A vulnerability has been identified in the Linux kernel that leads to a double free in the create_space_info_sub_group() function on error. The issue occurs when kobject_init_and_add() fails, resulting in the sub_group object being freed twice.
A vulnerability has been identified in the Linux kernel within the b43legacy module, allowing the firmware-controlled key index in the RX path to exceed the allowed range. The fix enforces a bounds check to prevent out-of-bounds reads.
A vulnerability has been identified in the Linux kernel that leads to a double free in the ice_sf_eth_activate() function on error. The issue occurs when the auxiliary_device_add() call fails, resulting in improper resource deallocation.
A vulnerability has been identified in the Linux kernel related to concurrent access to the runtime.oss.trigger field in ALSA, which may lead to a data race. This issue can result in overwriting other bit fields, causing confusion in operations.
A vulnerability has been identified in the Linux kernel regarding the reading of the scx_root pointer in the context of cgroup operations. The issue arises because the pointer may become stale by the time the operation is executed, potentially leading to use-after-free conditions.
In the Linux kernel's mac80211 module, a vulnerability was found where the 'rx_result' variable in ieee80211_invoke_fast_rx() was incorrectly declared as static. This causes concurrent callers to share the same variable, potentially overwriting each other's result between ieee80211_rx_mesh_data() and the switch statement. This leads to incorrect packet routing, such as packets being queued or consumed incorrectly.
A vulnerability has been identified in the Linux kernel that could lead to false positives in permission events related to fanotify. The issue was that fsnotify_get_mark_safe() could return false for a mark on an unrelated group, resulting in bypassing the permission check.
A vulnerability has been identified in the Linux kernel within the tg_pt_gp_members_show() function, which may lead to reading data beyond the allocated stack buffer. The issue arises from an improper length check on the data returned by snprintf(), potentially resulting in copying adjacent stack data.
In the Linux kernel, the RDMA/mana driver lacked validation of the rx_hash_key_len value from userspace. This allowed unbounded memcpy, potentially causing kernel memory corruption.
In the Linux kernel, the Bluetooth btmtk driver lacks validation of WMT event response SKB length before accessing its structure. A short firmware response can cause out-of-bounds reads from the SKB tailroom.

