CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-53312
Medium

In the Linux kernel, a vulnerability was found in the IOMMU driver for RISC-V architecture on the invalidation path. When gather->end reaches ULONG_MAX, an overflow causes an infinite loop. Additionally, incorrect length calculation (moving +1 to the other side of <) may lead to operational errors.

CVE-2026-53311
Medium

In the Linux kernel, a vulnerability was found in the FUSE filesystem where fuse_dentry_revalidate() may be called with a dentry having uninitialized ->d_time field. The issue was discovered by KMSAN and could lead to reading uninitialized memory.

CVE-2026-53310
Medium

In the Linux kernel, a vulnerability in the SoC Tegra CBB subsystem uses an incorrect base address when looking up the target timeout for an error occurring on a different fabric, causing a kernel page fault and potential system crash.

CVE-2026-53309
Critical

In the Linux kernel, an off-by-one vulnerability was found in the OCFS2 filesystem's dlm_match_regions() function. The local-vs-remote region comparison loop uses '<=' instead of '<', causing it to read one entry past the valid range of the qr_regions array. Other loops in the same function correctly use '<'.

CVE-2026-53308
Medium

In the Linux kernel, the max77705 driver leaks memory by not destroying the workqueue on remove() and has a flawed resource release order. Interrupt handlers registered via devm may schedule work on a freed workqueue, leading to use-after-free.

CVE-2026-53307
Medium

In the Linux kernel pinctrl subsystem (pinconf-generic), a vulnerability was found due to incomplete validation of the 'pinmux' property in the device tree. The pinconf_generic_parse_dt_pinmux() function assumes the 'pinmux' property is not empty when present, which can cause the allocator to return a special value instead of NULL, leading to a crash when accessing invalid memory.

CVE-2026-53306
Medium

In the Linux kernel's hvc_iucv driver, an off-by-one vulnerability was found in the number of supported devices. When the hvc_iucv_devices counter reaches 8, the code may access hvc_iucv_table[8], which is out of bounds (the array has 8 elements indexed 0-7).

CVE-2026-53305
Medium

A bug in the Linux kernel's USB Type-C PS883X driver causes an Oops when unbinding the device. The issue is due to missing i2c_set_clientdata() in the probe function, leading to a NULL pointer dereference in the remove function.

CVE-2026-53304
Medium

A vulnerability in the Linux kernel's SCSI sg driver allows a soft lockup by setting a negative value for the def_reserved_size parameter via sysfs. The issue stems from missing validation when the parameter is modified directly through /sys/module/sg/parameters/def_reserved_size.

CVE-2026-53303
High

In the Linux kernel, a vulnerability in the F2FS filesystem was found where f2fs_sbi_show() reads extension_list, extension_count, and hot_ext_count without holding sb_lock. Concurrent modification via sysfs can lead to inconsistent reads, potentially causing out-of-bounds access or displaying stale data.

CVE-2026-53302
Medium

In the Linux kernel, the EIP93 crypto driver's eip93_hmac_setkey() function allocated a temporary ahash transform using the CRYPTO_ALG_ASYNC mask, which excludes async algorithms. Since EIP93 algorithms are inherently async, the lookup always failed, leaving digest fields uninitialized and causing a NULL pointer dereference and kernel panic.

CVE-2026-53301
Medium

In the Linux kernel, a vulnerability was found in the reset driver for Amlogic T7 SoCs. Missing reset operations cause a null pointer dereference in the kernel, potentially leading to system crashes. Currently, reset is not used on this SoC.

CVE-2026-53300
High

A use-after-free vulnerability was found in the Linux kernel's enetc network driver, related to DMA buffer handling in the NTMP mechanism. The bug can lead to silent memory corruption when a freed DMA buffer is reused by hardware.

CVE-2026-53299
Medium

In the Linux kernel, a vulnerability was found in the airoha network driver. Early initialization of the ndesc variable in airoha_qdma_init_tx_queue() causes a NULL pointer dereference in airoha_qdma_cleanup_tx_queue() when queue entry list allocation fails.

CVE-2026-53298
Medium

In the Linux kernel network driver for Airoha chips, a NULL pointer dereference vulnerability was found. It occurs when queue entry or DMA descriptor list allocation fails in airoha_qdma_init_rx_queue(), and then airoha_qdma_cleanup() tries to delete RX queue NAPI even though netif_napi_add() was never called. The issue is caused by early initialization of the ndesc variable, which is used to check if the queue is properly initialized.

CVE-2026-53297
Medium

In the Linux kernel, the MANA network driver is vulnerable to a double invocation of mana_remove(). If PM resume fails, mana_probe() calls mana_remove(), which nullifies context pointers. On subsequent driver unbind, a second mana_remove() call dereferences a NULL pointer, causing a kernel panic.

CVE-2026-53296
High

In the Linux kernel, the mailbox-test driver fails to free channels on probe error, causing a memory leak and potential use-after-free (UAF) scenarios because the client structure is removed automatically by devm.

CVE-2026-53295
Medium

A sanity check for the channel array was added in the Linux kernel mailbox driver. Without it, a missing channel array could cause a NULL pointer dereference and kernel OOPS, especially during early initialization.

CVE-2026-53294
High

In the Linux kernel, the mailbox-test driver has a double-free vulnerability when the RX channel is aliased to the TX channel with different MMIO. Freeing both channels triggers the bug.

CVE-2026-53293
Medium

In the Linux kernel, multiple bugs were found in the amdgpu driver's AMDGPU_INFO_READ_MMR_REG function. Issues include incorrect lock ordering (reset semaphore and mm_lock), memory allocation while holding the reset semaphore, and using down_read_trylock() instead of waiting for reset completion.

PreviousPage 157 of 4563Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS