CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-53227
Medium

In the Linux kernel, the Open vSwitch module has a vulnerability where kfree_skb can be called on an ERR_PTR pointer. This occurs when the reply buffer allocation happens after locking the mutex, and on failure the pointer is not cleared, leading to an attempt to free an invalid pointer.

CVE-2026-53226
Medium

In the Linux kernel GPIO driver for Rockchip, a memory leak of generic IRQ chips occurs on driver removal. The chips are not freed, potentially leading to use-after-free and kernel crash.

CVE-2026-53222
Medium

In the Linux kernel, the ptp_ocp driver has a vulnerability due to incorrect resource freeing order. Pin resources are freed before ptp_clock_unregister() is called, leading to a use-after-free condition during driver removal.

CVE-2026-53220
Medium

In the Linux kernel, a vulnerability was found in netfilter where ebt_redirect_tg() dereferences br_port_get_rcu() return without NULL check, causing kernel panic when the bridge port is removed between hook invocation and NFQUEUE reinject. Userspace could also move the device to a different virtual interface, requiring packet drop.

CVE-2026-53219
Medium

In the Linux kernel netfilter/x_tables subsystem, a vulnerability allows leaking percpu counter pointers. During rule copy to userspace, a page fault may leave the raw percpu pointer in the user buffer before the sanitized counter is written.

CVE-2026-53218
Medium

In the Linux kernel, a vulnerability in the netfilter nft_exthdr module causes the register bitmap to mark more bytes as initialized than actually written when the F_PRESENT flag is set. If priv->len exceeds 4 bytes, registers beyond the first retain uninitialized stack data, leading to information disclosure.

CVE-2026-53214
Medium

A vulnerability was found in the Linux kernel's cleanup_prefix_route() function for IPv6. The addrconf_get_prefix_route() function can return the fib6_null_entry sentinel with a NULL fib6_table pointer, causing a NULL pointer dereference (NPD) when setting the route expiration time. The fix adds a check before operating on the entry.

CVE-2026-53213
Medium

In the Linux kernel DRM vc4 driver, a memory leak was discovered due to improper use of krealloc(). Overwriting the original pointer without checking for NULL return value loses the reference to previously allocated memory if reallocation fails.

CVE-2026-53211
Medium

In the Linux kernel, a vulnerability in the netfilter nft_meta_bridge module causes the IIFHWADDR register to declare 8 bytes but copy only 6 bytes of MAC address, leaving 2 bytes uninitialized on the stack. This can leak stack data to userspace.

CVE-2026-53210
Medium

A shared memory (shm) leak was found in the register_shm_helper() function of the TEE driver in the Linux kernel. When iov_iter_npages() returns 0, the function jumps to err_ctx_put, skipping the deallocation of previously allocated shm. The issue can be triggered by TEE_IOC_SHM_REGISTER with zero data length.

CVE-2026-53208
Medium

In the Linux kernel's Bluetooth L2CAP subsystem, a vulnerability allows an unauthenticated BR/EDR peer within radio range to send a signaling packet larger than the allowed MTU (MTUsig). Such a packet can contain multiple ECHO_REQ commands, forcing the target device to send many ECHO_RSP responses, potentially leading to overload.

CVE-2026-53207
Medium

A deadlock vulnerability (AA deadlock) was found in the Linux kernel's memory failure handling. Two concurrent madvise(MADV_HWPOISON) calls on the same hugetlb page can cause a recursive spinlock self-deadlock on hugetlb_lock when racing with a concurrent unmap.

CVE-2026-53206
Medium

In the Linux kernel, the accel/ivpu driver now validates firmware runtime memory bounds. Missing bounds check could cause memory allocation and image transfer errors.

CVE-2026-53204
Medium

In the Linux kernel, a NULL pointer dereference vulnerability was found in the stratix10-rsu driver. The issue occurs when rsu_send_msg() returns -ETIMEDOUT and the code continues processing on a channel whose scl structure has already been cleared, leading to a NULL dereference in the svc kthread.

CVE-2026-53197
Medium

An ABBA deadlock was found in the Linux kernel's iptfs_destroy_state() function in the IPTFS (IPsec) implementation. The issue occurs when the function calls hrtimer_cancel() while holding a spinlock also required by the timer callback, leading to a deadlock on SMP systems.

CVE-2026-53196
Medium

A heap overflow vulnerability was found in the io_ti USB serial driver in the Linux kernel. The get_manuf_info() function reads a Size field from the USB device that can be set up to 16377 bytes, while the destination buffer is only 10 bytes, causing a heap overflow of up to 16367 bytes. The fix adds validation of the descriptor length before reading.

CVE-2026-53190
Medium

In the Linux kernel, a dma_fence refcount leak was found in the virtio-gpu driver. The function virtio_gpu_dma_fence_wait() fails to release the chain reference on early return from the loop on error, causing a memory leak.

CVE-2026-53181
Medium

In the Linux kernel, a leak of the sk_ack_backlog counter was found in the vsock/vmci driver during a failed handshake. This causes the counter to increase permanently, eventually blocking all new connections when the limit is reached.

CVE-2026-53177
Medium

In the Linux kernel, the bnxt_en driver has a NULL pointer dereference vulnerability. It occurs when PCIe error recovery runs on a closed network interface, and bnxt_io_error_detected() accesses the uninitialized bp->bnapi structure.

CVE-2026-53169
Medium

In the Linux kernel's accel/ethosu driver, the NPU_OP_RESIZE command, which is U85-only, is not yet implemented. When userspace submits this command via DRM_IOCTL_ETHOSU_GEM_CREATE, it triggers a WARN_ON(1), causing unbounded kernel log spam. If panic_on_warn is set, the kernel panics, giving any unprivileged user with access to the DRM device a trivial denial-of-service primitive.

PreviousPage 63 of 540Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS