CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.16)
A vulnerability has been identified in the Linux kernel related to the wifi: mt76: mt7921 component, concerning a potential clc buffer length underflow. This underflow may lead to an almost infinite loop or an invalid power setting, resulting in driver initialization failure.
A vulnerability has been identified in the Linux kernel that allows a system panic to be triggered by receiving an unauthorized UDP packet with an unknown opcode. This issue affects the processing of packets in the Soft RoCE driver, where insufficient checks lead to out-of-bounds memory reads.
A vulnerability has been identified in the Linux kernel within the dm-verity-fec function, which incorrectly assumes that parity bytes are not split across blocks. As a result, during decoding, it may read data outside the allocated buffer, potentially leading to unexpected system behavior.
A vulnerability has been identified in the Linux kernel that leads to a double free in the create_space_info() function on error. The issue occurs when kobject_init_and_add() fails, resulting in improper memory management.
In the Linux kernel's mac80211 subsystem, a vulnerability was found where a station is not removed after a failed MLO connection preparation. When MLO connection preparation fails, the interface is reset to non-MLD mode, but the existing station associated with the removed link is not deleted, leading to a use-after-free in debugfs.
A vulnerability has been identified in the Linux kernel within the isofs_fh_to_dentry() and isofs_fh_to_parent() functions, which pass an attacker-controlled block number from the NFS file handle to isofs_export_iget(). Although block 0 is rejected, an attacker can force the read of any in-range block, leading to the exposure of unrelated data in dentry metadata.
A vulnerability has been identified in the Linux kernel's Bluetooth module that allows improper processing of buffer length, potentially leading to exposure of uninitialized kernel memory. The issue occurs in the virtbt_rx_work() function, where the buffer length is not properly validated.
A vulnerability has been identified in the Linux kernel within the wifi b43 module, allowing the firmware-controlled key index in b43_rx() to exceed the size of the dev->key[] array. Changes have been made to enforce bounds checking to prevent out-of-bounds reads.
A vulnerability has been identified in the Linux kernel that allows a race condition between reading and writing the 'memcg_path' and 'path' files in the DAMON sysfs interface, leading to a use-after-free situation. A patch has been introduced to protect these operations from concurrent access.
A vulnerability has been identified in the Linux kernel within the ip6erspan_changelink() function, which uses an outdated network context, leading to memory-related errors. This issue can result in use-after-free conditions reported by KASAN.
In the Linux kernel, the RDMA/mana driver removed a user-triggerable WARN_ON() call. Specifying multiple work queues (WQs) sharing the same completion queue (CQ) via uAPI triggered the warning and could corrupt the kernel.
A use-after-free vulnerability was found in the Linux kernel's __xfrm_state_delete() function during xfrm state cleanup. The issue stems from inconsistent list membership checks on byseq/byspi hash chains, potentially leading to double deletion and write via LIST_POISON pointer.
In the Linux kernel's RDMA/rxe driver, a vulnerability was found due to missing validation of ATOMIC_WRITE payload length. A remote attacker can send a zero-length request, causing 8 bytes beyond the packet end to be read and written to the victim's memory, leading to kernel data leak.
A vulnerability in the Linux kernel related to KVM has been fixed, concerning use-after-free in shadow paging. The issue occurred when guest page tables were modified between VM entries, leading to memory management errors.
A vulnerability has been identified in the Linux kernel related to the hns_roce_qp_remove() function, which requires the caller to hold locks. In the error flow of hns_roce_create_qp_common(), these locks are not held, risking memory corruption.
A vulnerability related to Bluetooth in the Linux kernel has been fixed, which could lead to a use-after-free error in the create_big_sync function. An additional check, hci_conn_valid(), was introduced to detect stale connections before BIG creation.
A vulnerability has been identified in the Linux kernel within the stmmac driver that may lead to a NULL pointer dereference when RX memory is exhausted. The issue arises from improper management of the lifecycle of descriptors, which can result in incorrect data processing.
In the Linux kernel's dm-thin module, a bug was found in the rebalance_children function where reference counts for grandchild nodes are not incremented when a shared child node is processed. This leads to metadata refcount underflow and 'unable to decrement block' errors.
In the Linux kernel mpt3sas driver, a vulnerability was found due to missing limit of NVMe request size to 2 MiB. The HBA reports MDTS based on drive capability, but the driver allocates a fixed 4K buffer for the PRP list, allowing at most 512 entries, i.e., 2 MiB transfer. Lack of limit may lead to oversized I/O and kernel oops.
A path traversal vulnerability was found in KubeVirt's virt-exportserver component. An attacker with namespace-level access can place a symbolic link in an exported PVC pointing outside its mount root, allowing arbitrary file reads from the exporter pod's filesystem.

