CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.13)

CVE-2026-53171
High

In the Linux kernel, the accel/ethosu driver contains arithmetic issues in the dma_length() function. Incorrect arithmetic operations can cause integer overflows, bypassing GEM buffer access validation.

CVE-2026-53170
High

In the Linux kernel, the accel/ethosu driver has a vulnerability due to uninitialized DMA length. If userspace omits setting the DMA length before starting a transfer, the driver uses an uninitialized value (U64_MAX), leading to bypass of bounds checks and execution of DMA with stale physical addresses.

CVE-2026-53169
Medium

In the Linux kernel's accel/ethosu driver, the NPU_OP_RESIZE command, which is U85-only, is not yet implemented. When userspace submits this command via DRM_IOCTL_ETHOSU_GEM_CREATE, it triggers a WARN_ON(1), causing unbounded kernel log spam. If panic_on_warn is set, the kernel panics, giving any unprivileged user with access to the DRM device a trivial denial-of-service primitive.

CVE-2026-53168
Medium

A vulnerability was found in the Linux kernel's FUSE filesystem, allowing the FUSE daemon to perform pagecache write/read operations on directories. The FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE operations were accepted for directories, potentially triggering WARN_ON() in fuse_parse_cache() when bogus data is present in the cache. The fix rejects these operations for anything other than regular files with -EINVAL.

CVE-2026-53167
Medium

In the Linux kernel, a vulnerability was found in the FUSE filesystem where FUSE_NOTIFY_RETRIEVE requests could return data from non-uptodate folios containing uninitialized data. This affects systems without automatic zero-initialization of page allocations (CONFIG_INIT_ON_ALLOC_DEFAULT_ON or init_on_alloc=1).

CVE-2026-53166
Low risk· EPSS 3%

This CVE has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-53165
High

In the Linux kernel, a race condition in iomap error handling for buffered reads can cause a NULL pointer dereference. Decrementing read_bytes_pending before error reporting allows another thread to complete the folio and detach it, leading to a crash.

CVE-2026-53164
Medium

In the Linux kernel, a vulnerability in the IOMMU/DMA subsystem causes iommu_dma_iova_link_swiotlb() to attempt mapping a zero-length region, leading to iommu_map() failure and mapping corruption. This is frequently triggered by Thunderbolt NVMe drives forcing SWIOTLB for unaligned memory.

CVE-2026-53163
Medium

A vulnerability was found in the Linux kernel's rtmutex locking mechanism, where remove_waiter() can be called for a non-enqueued waiter, leading to a NULL pointer dereference. The issue occurs during FUTEX_CMP_REQUEUE_PI operations when the waiter is not properly registered in the wait queue.

CVE-2026-53162
High

In the Linux kernel, a vulnerability in memcg's refill_stock uses get_random_u32_below() which is unsafe in NMI context, potentially corrupting the ChaCha batch state. The fix replaces random selection with a per-CPU round-robin counter.

CVE-2026-53161
High

A use-after-free vulnerability was found in the Linux kernel's fastrpc driver. When the user closes the file descriptor, the fastrpc_user structure is freed, but a workqueue may still access the freed memory, leading to a security issue.

CVE-2026-53160
High

A use-after-free vulnerability was found in the Linux kernel's fastrpc driver. The fastrpc_map_lookup function returns a raw pointer after releasing the lock, and the caller fastrpc_map_create attempts to increment the reference count on this unprotected pointer. A concurrent MEM_UNMAP operation can free the map between the lock release and the increment, leading to use-after-free.

CVE-2026-53159
Medium

In the Linux kernel, the misc: fastrpc driver has a vulnerability due to misuse of find_vma(). When a user pointer falls in a gap before the returned VMA, the DMA address offset calculation underflows, corrupting the DMA address sent to the DSP.

CVE-2026-53158
Medium

A NULL pointer dereference was found in the Linux kernel's fastrpc driver during an rpmsg callback. The issue occurs when the DSP sends a message before fastrpc_channel_ctx initialization completes, causing a system crash.

CVE-2026-53157
High

In the Linux kernel, a vulnerability in the Phonet subsystem was found where phonet_device_destroy() removes a phonet_device from the per-net list using list_del_rcu() but frees it immediately, while RCU readers may still hold a pointer, leading to a slab-use-after-free.

CVE-2026-53156
High

A use-after-free vulnerability was found in the Linux kernel's NVMEM subsystem. Error handling paths incorrectly use the nvmem structure after freeing its memory, potentially leading to security breaches.

CVE-2026-53155
Medium

A vulnerability was found in the Linux kernel's set_pmd_migration_entry() function in mm/huge_memory.c. The function incorrectly uses pmd_write(), pmd_soft_dirty(), and pmd_uffd_wp() flags for device-private PMD entries, leading to incorrect marking of migration entries as writable. The issue was observed in the hmm.hmm_device_private.anon_write_child test, causing rmap state corruption and assertion failures.

CVE-2026-53154
Medium

A vulnerability in the Linux kernel's hugetlb reservation management was found. During hugetlb folio copy operations (e.g., UFFDIO_COPY or fork), error handling fails to restore the VMA reservation, causing a leak that can lead to SIGBUS on previously reserved addresses.

CVE-2026-53153
High

In the Linux kernel, a vulnerability in the list_lru mechanism during memcg reparenting was found. The xarray entry for a dying memcg is cleared before draining its per-node lists, allowing concurrent list_lru_del() operations to modify the same list nodes under different locks, leading to data structure corruption.

CVE-2026-53152
Medium

In the Linux kernel MMC driver for old Rockchip controllers (rk2928, rk3066, rk3188), missing private data structure caused NULL-pointer dereference after adding memory clock auto-gating support. This affects Linux kernel.

PreviousPage 183 of 4549Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS