CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-53219
Medium

In the Linux kernel netfilter/x_tables subsystem, a vulnerability allows leaking percpu counter pointers. During rule copy to userspace, a page fault may leave the raw percpu pointer in the user buffer before the sanitized counter is written.

CVE-2026-53218
Medium

In the Linux kernel, a vulnerability in the netfilter nft_exthdr module causes the register bitmap to mark more bytes as initialized than actually written when the F_PRESENT flag is set. If priv->len exceeds 4 bytes, registers beyond the first retain uninitialized stack data, leading to information disclosure.

CVE-2026-53214
Medium

A vulnerability was found in the Linux kernel's cleanup_prefix_route() function for IPv6. The addrconf_get_prefix_route() function can return the fib6_null_entry sentinel with a NULL fib6_table pointer, causing a NULL pointer dereference (NPD) when setting the route expiration time. The fix adds a check before operating on the entry.

CVE-2026-53213
Medium

In the Linux kernel DRM vc4 driver, a memory leak was discovered due to improper use of krealloc(). Overwriting the original pointer without checking for NULL return value loses the reference to previously allocated memory if reallocation fails.

CVE-2026-53211
Medium

In the Linux kernel, a vulnerability in the netfilter nft_meta_bridge module causes the IIFHWADDR register to declare 8 bytes but copy only 6 bytes of MAC address, leaving 2 bytes uninitialized on the stack. This can leak stack data to userspace.

CVE-2026-53210
Medium

A shared memory (shm) leak was found in the register_shm_helper() function of the TEE driver in the Linux kernel. When iov_iter_npages() returns 0, the function jumps to err_ctx_put, skipping the deallocation of previously allocated shm. The issue can be triggered by TEE_IOC_SHM_REGISTER with zero data length.

CVE-2026-53208
Medium

In the Linux kernel's Bluetooth L2CAP subsystem, a vulnerability allows an unauthenticated BR/EDR peer within radio range to send a signaling packet larger than the allowed MTU (MTUsig). Such a packet can contain multiple ECHO_REQ commands, forcing the target device to send many ECHO_RSP responses, potentially leading to overload.

CVE-2026-53207
Medium

A deadlock vulnerability (AA deadlock) was found in the Linux kernel's memory failure handling. Two concurrent madvise(MADV_HWPOISON) calls on the same hugetlb page can cause a recursive spinlock self-deadlock on hugetlb_lock when racing with a concurrent unmap.

CVE-2026-53206
Medium

In the Linux kernel, the accel/ivpu driver now validates firmware runtime memory bounds. Missing bounds check could cause memory allocation and image transfer errors.

CVE-2026-53204
Medium

In the Linux kernel, a NULL pointer dereference vulnerability was found in the stratix10-rsu driver. The issue occurs when rsu_send_msg() returns -ETIMEDOUT and the code continues processing on a channel whose scl structure has already been cleared, leading to a NULL dereference in the svc kthread.

CVE-2026-53197
Medium

An ABBA deadlock was found in the Linux kernel's iptfs_destroy_state() function in the IPTFS (IPsec) implementation. The issue occurs when the function calls hrtimer_cancel() while holding a spinlock also required by the timer callback, leading to a deadlock on SMP systems.

CVE-2026-53196
Medium

A heap overflow vulnerability was found in the io_ti USB serial driver in the Linux kernel. The get_manuf_info() function reads a Size field from the USB device that can be set up to 16377 bytes, while the destination buffer is only 10 bytes, causing a heap overflow of up to 16367 bytes. The fix adds validation of the descriptor length before reading.

CVE-2026-53190
Medium

In the Linux kernel, a dma_fence refcount leak was found in the virtio-gpu driver. The function virtio_gpu_dma_fence_wait() fails to release the chain reference on early return from the loop on error, causing a memory leak.

CVE-2026-53181
Medium

In the Linux kernel, a leak of the sk_ack_backlog counter was found in the vsock/vmci driver during a failed handshake. This causes the counter to increase permanently, eventually blocking all new connections when the limit is reached.

CVE-2026-53152
Medium

In the Linux kernel MMC driver for old Rockchip controllers (rk2928, rk3066, rk3188), missing private data structure caused NULL-pointer dereference after adding memory clock auto-gating support. This affects Linux kernel.

CVE-2026-53150
Medium

In the Linux kernel, the Thunderbolt driver's validator accepts property entries with zero length, causing a buffer underflow when null-terminating the text. This can lead to out-of-bounds memory write.

CVE-2026-53140
Medium

A vulnerability in the Linux kernel's DRM V3D driver causes a virtual address (vaddr) mapping leak when processing indirect CSD buffers. If the workgroup count read from the buffer is zero, the v3d_rewrite_csd_job_wg_counts_from_indirect() function exits early without releasing the mappings of both buffers.

CVE-2026-53139
Medium

In the Linux kernel, a vulnerability was found in the DRM V3D driver due to missing validation of zero workgroup counts in indirect CSD jobs. Submitting a dispatch with a zero count in any dimension is invalid and may cause unexpected hardware behavior.

CVE-2026-46751
Medium

A vulnerability in Apache Kvrocks affects versions from 2.2.0 through 2.15.0, and users are recommended to upgrade to version 2.16.0 to fix the issue.

CVE-2026-56129
Medium

The generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user without administrative privileges may access physical memory.

PreviousPage 51 of 526Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS