CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.13)

CVE-2026-53251
Medium

In the Linux kernel Bluetooth ISO subsystem, a reference leak of the hci_dev structure was found. The iso_conn_big_sync function fails to release the reference obtained by hci_get_route(), leading to memory exhaustion.

CVE-2026-53250
High

A TOCTOU vulnerability was found in the Linux kernel's xsk_skb_metadata() function related to TX metadata processing in the XSK mechanism. A malicious userspace application can race to overwrite csum_start and csum_offset values between two reads, bypassing bounds validation and causing out-of-bounds memory access during checksum computation.

CVE-2026-53249
Medium

In the Linux kernel, the ability to set IP LSRR and SSRR options has been restricted to users with CAP_NET_RAW capability. This prevents unprivileged applications from forcing packet routing through attacker-controlled nodes to leak TCP ISN and other protocol information.

CVE-2026-53248
High

In the Linux kernel's airoha network driver, a use-after-free vulnerability was found in metadata dst teardown. The metadata_dst_free() function freed memory directly via kfree(), bypassing the RCU grace period, allowing access to freed memory through noref pointers in the RX path.

CVE-2026-53247
Critical

In the Linux kernel's mtk_eth_soc network driver, a use-after-free vulnerability was found. The mtk_free_dev() function calls metadata_dst_free() which immediately frees the metadata_dst memory, bypassing the RCU grace period. In the RX path, skb_dst_set_noref() sets a non-refcounted pointer, which can lead to accessing freed memory if any skb still holds that pointer during driver teardown.

CVE-2026-53246
Critical

In the Linux kernel SCTP stack, the length of a cached INIT chunk in COOKIE_ECHO processing was not validated. Missing validation can lead to out-of-bounds reads and potential memory corruption.

CVE-2026-53245
Medium

In the Linux kernel MRP subsystem, a vulnerability was found in the mrp_pdu_parse_vecattr() function. Parsing errors in vector attributes can lead to incorrect packet processing, including spurious events, skipped FirstValue fields, and incorrect attribute value incrementation.

CVE-2026-53244
High

In the Linux kernel, a vulnerability in nfsd4_create_file() can cause a failure to release a lock on the parent directory due to improper error handling from dentry_create(). This occurs when an exported filesystem uses atomic_create() and returns an error.

CVE-2026-53243
Medium

A vulnerability in the Linux kernel uses an uninitialized stack variable in rseq_exit_user_update(). The issue stems from undefined initialization order in C structure fields, causing kernel information leak.

CVE-2026-53242
High

A vulnerability was found in the Linux kernel's ALSA PCM driver, where snd_pcm_drain() can corrupt wait queues when handling linked streams. The bug stems from improper wait entry management, potentially leading to a NULL pointer dereference and kernel panic.

CVE-2026-53241
Medium

In the Linux kernel, the ALSA seq dummy driver has a vulnerability involving a stack overread when processing UMP events. Copying an event into a temporary structure smaller than struct snd_seq_ump_event causes out-of-bounds reads when delivering to subscribers.

CVE-2026-53240
High

A use-after-free vulnerability was found in the Linux kernel's xfrm IPsec module in the __input_process_payload function. The issue occurs when first_skb is stored in xtfs->ra_newskb without a lock, allowing another thread to free it, leading to use-after-free.

CVE-2026-53239
High

A use-after-free vulnerability was found in the Linux kernel's XFRM policy mechanism. The bug occurs in xfrm_policy_bysel_ctx() when deleting a policy, as the xfrm_policy_lock is released before pruning the inexact bin, leading to a race condition and use of freed memory.

CVE-2026-53238
Medium

A vulnerability was found in the Linux kernel's netlabel subsystem. The netlbl_unlabel_addrinfo_get() function did not validate the length of the mask attribute for unlabeled addresses, allowing a crafted Generic Netlink request with a valid IPv4/IPv6 address but a shorter mask. This caused incomplete data to be read as a full address structure, potentially leading to incorrect behavior or security issues.

CVE-2026-53237
Medium

A NULL pointer dereference vulnerability was found in the Linux kernel's GPIO driver for Marvell Armada. The suspend/resume functions are called for all GPIO banks, but only some support PWM. Accessing the mvpwm structure in a bank without PWM causes a kernel panic.

CVE-2026-53236
Medium

In the Linux kernel, a patch restricts the use of SO_ATTACH_FILTER (cBPF) on TCP sockets to users with CAP_NET_ADMIN capability. This prevents side-channel attacks where an unprivileged application could leak TCP sequence numbers.

CVE-2026-53235
High

A vulnerability was found in the Linux kernel's skb_gro_receive_list() function, which calls skb_pull() without first ensuring data is in the linear area via pskb_may_pull(). For packets arriving via napi_gro_frags(), this can trigger a BUG_ON assertion failure and system crash.

CVE-2026-53234
High

A use-after-free vulnerability was found in the IBM EMAC network driver for the Linux kernel during device removal. Using devm_register_netdev() caused delayed unregister_netdev(), leading to access to freed hardware resources by interrupt handlers.

CVE-2026-53233
High

A double-free vulnerability was found in the Linux kernel's netdev_nl_bind_rx_doit() function. The error path incorrectly calls nlmsg_free(rsp) after genlmsg_reply() has already consumed the skb, causing a double-free. The fix propagates the error to the user instead of attempting to unbind.

CVE-2026-53232
High

In the Linux kernel, a vulnerability was found where sfp_bus_del_upstream() is not called in the probe failure path of the PHY driver. This leaves a dangling 'upstream' pointer in the sfp-bus structure, which may be used later during SFP events.

PreviousPage 179 of 4550Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS