CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-46313
Medium

In the Intel IPU6 driver for the Linux kernel, an error pointer dereference was detected in the ipu6_pci_probe() function. In an error path, isp->psys is confirmed to be an error pointer (ERR_PTR) not NULL, leading to dereferencing of an invalid pointer. The issue was reported by Smatch.

CVE-2026-46312
Medium

In the Linux kernel's videobuf2 subsystem, the vb2_dma_sg_mmap function was missing VMA flags (VM_DONTEXPAND and VM_DONTDUMP), causing a WARN_ON during mmap of dma-buf in the Apple ISP driver. The patch adds these flags to align with vb2_dma_contig behavior.

CVE-2026-46310
Medium

In the Linux kernel, a NULL pointer dereference occurs in the VSP1 driver for Renesas hardware when unloading the module on gen 4 platforms. The issue is caused by calling the wrong cleanup function (vsp1_drm_cleanup instead of vsp1_vspx_cleanup).

CVE-2026-46305
Medium

In the Linux kernel, the staging driver rtl8723bs has a vulnerability where the return value of kzalloc_flex() in rtw_cbuf_alloc is not checked, leading to a potential NULL pointer dereference if memory allocation fails.

CVE-2026-46302
Medium

In the Linux kernel, the restriction allowing only a single open of /sys/fs/selinux/policy has been removed. Previously, any process could block others from reading the SELinux policy, posing a security issue. The patch eliminates the policy_opened flag and shortens the critical section with the policy mutex.

CVE-2026-46298
Medium

A race condition was found in the Linux kernel's pseries/papr-hvpipe module between the ioctl/release handlers and interrupt handling. If an interrupt fires on the same CPU while these handlers are executing, a deadlock can occur.

CVE-2026-46297
Medium

In the Linux kernel, the libwx driver uses request_threaded_irq() with a primary handler but no threaded handler, while setting IRQF_ONESHOT flag, triggering a kernel warning since commit aef30c8d569c. The fix replaces it with request_irq() and removes the unnecessary flag.

CVE-2026-46296
Medium

In the Linux kernel, a vulnerability in the s3c64xx SPI driver was found. Moving DMA channel allocation from probe() to s3c64xx_spi_prepare_transfer() failed to remove the corresponding deallocation from remove(), causing a NULL-pointer dereference on driver unbind.

CVE-2026-46295
Medium

In the Linux kernel, a race condition in KVM x86's posted interrupt handling can cause the highest pending interrupt to be incorrectly reported. This occurs when the sender's atomic operations (setting PIR and PID.ON) interleave with the receiver's sync, leading to a spurious warning and unnecessary L2 VM-Enter/VM-Exit cycles.

CVE-2026-46292
Medium

In the Linux kernel, a vulnerability in the PM Domain (genpd) subsystem was found. The missing pm_runtime_disable() call when detaching virtual devices leaves runtime PM enabled, potentially causing critical errors like NULL pointer dereference.

CVE-2026-46291
Medium

In the Linux kernel, the CAAM cryptographic driver leaks HMAC key bytes via hex dumps in hash_digest_key(). Using print_hex_dump() instead of print_hex_dump_devel() exposes sensitive key material at runtime when CONFIG_DYNAMIC_DEBUG is enabled.

CVE-2026-46290
Medium

A vulnerability in the Linux kernel's EFI page fault handling was introduced by FPU changes (commit d02198550423). kernel_fpu_begin() now disables softirqs via local_bh_disable(), causing in_interrupt() to return true during EFI runtime calls. This makes efi_crash_gracefully_on_page_fault() always bail out, turning firmware page faults into a kernel panic and system freeze instead of graceful recovery.

CVE-2026-46287
Medium

In the txgbe driver for copper NICs with external PHY, a missing RTNL lock during PHY disconnection on module removal triggers an RTNL assertion warning in phylink_disconnect_phy().

CVE-2026-46286
Medium

In the qcom-lpg LED driver in the Linux kernel, array bounds checking was missing when selecting high resolution values. The FIELD_GET() macro extracted a 3-bit register value, but the array had only 5 entries, potentially causing out-of-bounds read.

CVE-2026-46284
Medium

In the Linux kernel, a vulnerability causes a system crash during early boot when kernel command-line parameters (hugepages, hugepagesz, default_hugepagesz) are specified without the '=' separator. The hugetlb_add_param() function calls strlen() on a NULL value, leading to a pointer dereference and crash.

CVE-2026-46283
Medium

In the Linux kernel TPM driver, a vulnerability was found where tpm_dev_release() uses plain kfree() instead of kfree_sensitive() to free the auth session structure. This leaves sensitive cryptographic material such as HMAC session keys, nonces, and passphrase data in non-zeroed memory.

CVE-2026-46282
Medium

In the Linux kernel, the admv1013 frequency driver has a NULL pointer dereference vulnerability. When device_property_read_string() fails, the str variable remains uninitialized, and the code proceeds to strcmp(str, ...), dereferencing garbage memory.

CVE-2026-46278
Medium

In the Linux kernel, a null pointer dereference was found in the Imagination (powervr) DRM driver when updating the ftrace trace mask. This causes a segfault and can lead to system crash.

CVE-2026-46276
Medium

In the Linux kernel amdgpu driver, a bug causes a system crash during initialization of RDNA4 GPUs (e.g., RX 9070 XT). The issue occurs when amdgpu_ttm_init_on_chip() calls ttm_range_man_init() with zero size for absent GDS, GWS, and OA resources, triggering a DRM_MM_BUG_ON assertion and kernel panic. The fix adds an early return when size is zero, skipping TTM resource manager registration for non-existent hardware.

CVE-2026-45581
Medium

In versions from 2.3.1 to before 2.5.10, when deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server logs include the TLS private key password in plaintext. This allows an attacker with access to the logs to recover the password.

PreviousPage 153 of 553Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS