CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.13)

CVE-2026-53151
Critical

In the Linux kernel's AF_RXRPC subsystem, a vulnerability was found in the ACK parser due to improper access to the SACK buffer in received UDP packets. The rxrpc_input_soft_acks() function modifies the skbuff and may incorrectly read data in case of packet fragmentation, potentially leading to parsing errors.

CVE-2026-53150
Medium

In the Linux kernel, the Thunderbolt driver's validator accepts property entries with zero length, causing a buffer underflow when null-terminating the text. This can lead to out-of-bounds memory write.

CVE-2026-53149
High

In the Linux kernel's Thunderbolt driver, a vulnerability was found due to missing bounds check for root directory content offset and length against block size. This can cause out-of-bounds memory read when processing properties.

CVE-2026-53148
High

In the Linux kernel Thunderbolt driver, a vulnerability exists where the per-packet copy length derived from the XDomain response header is not validated against the allocated buffer size. A malicious peer can set a length field larger than the declared data_length, causing memcpy to write past the kcalloc allocation.

CVE-2026-53147
High

In the Linux kernel, a vulnerability in the Thunderbolt driver allows out-of-bounds reads because tb_xdp_handle_request() casts received packet buffers to protocol-specific structs without verifying the allocation is large enough. An attacker can send a minimal XDomain packet that passes the generic header length check but is shorter than the target struct.

CVE-2026-53146
High

In the Linux kernel Thunderbolt subsystem, a vulnerability was found where tb_xdomain_copy() copies data from the XDomain response buffer without checking the actual frame size. A short response can cause reading beyond the valid DMA buffer area, exposing stale data from previous transactions.

CVE-2026-53145
High

A vulnerability was found in the Linux kernel's DRM GEM driver related to the change_handle ioctl operation. The issue stems from race condition bugs in the implementation, potentially leading to data races between GEM object close and handle change operations.

CVE-2026-53144
Medium

In the Linux kernel, a NULL pointer dereference vulnerability was found in the DRM AMD KFD driver. The get_queue_ids() function returns NULL when usr_queue_id_array is NULL and num_queues is non-zero, causing a kernel panic.

CVE-2026-53143
High

A buffer overflow vulnerability was found in the Linux kernel's amdkfd driver during SDMA queue checkpoint/restore on GFX11. The bug is caused by incorrect assignment of checkpoint/restore functions for SDMA MQD type, using a structure size of 2048 bytes instead of 512, leading to data leaks or memory corruption.

CVE-2026-53142
Medium

In the Linux kernel, a bug in the DRM/XE driver causes an oops during suspend or shutdown when the display is absent. The issue stems from improper handling of the probe_display flag, which is not reset after detecting missing display via fuses, leading to display code being called on uninitialized mode config.

CVE-2026-53141
Medium

In the Linux kernel DRM driver for V3D, a reference counting issue was found in the global performance monitor. Functions SET_GLOBAL, CLEAR_GLOBAL, and perfmon deletion fail to release references properly, causing memory leaks.

CVE-2026-53140
Medium

A vulnerability in the Linux kernel's DRM V3D driver causes a virtual address (vaddr) mapping leak when processing indirect CSD buffers. If the workgroup count read from the buffer is zero, the v3d_rewrite_csd_job_wg_counts_from_indirect() function exits early without releasing the mappings of both buffers.

CVE-2026-53139
Medium

In the Linux kernel, a vulnerability was found in the DRM V3D driver due to missing validation of zero workgroup counts in indirect CSD jobs. Submitting a dispatch with a zero count in any dimension is invalid and may cause unexpected hardware behavior.

CVE-2026-53138
High

In the Linux kernel graphics driver (drm/amd/display), a vulnerability was found due to unbounded iteration in VBIOS record-chain walk loops. A malformed VBIOS image missing the terminator record can cause infinite loops during probe, potentially leading to out-of-bounds memory reads.

CVE-2026-53137
High

In the Linux kernel, the AMD Display driver lacks clamping of the ReceiverID list read size during HDCP 2.x authentication over HDMI. A malicious HDMI repeater can advertise a message size larger than the destination buffer, causing an out-of-bounds write.

CVE-2026-53136
High

In the Linux kernel drm/amd/display driver, a vulnerability was found due to missing validation of HdmiRegNum and Hdmi6GRegNum fields in VBIOS tables. A malformed VBIOS can set these values up to 255, causing an out-of-bounds heap write during driver initialization.

CVE-2026-53135
Medium

In the Linux kernel, the AMD Display driver has a vulnerability involving NULL pointer dereference and buffer over-read in the dp_sdp_message_debugfs_write() function. The issue occurs when a connector is connected but not bound to a CRTC (e.g., after hot-plug before atomic commit), causing a kernel crash. Additionally, the function ignores the user-provided size and always copies 36 bytes, potentially reading past the user buffer.

CVE-2026-53134
Medium

A vulnerability in the Linux kernel's netfilter nft_fib module causes a leak of uninitialized kernel stack data to userspace. The issue occurs when the OIFNAME result register is declared with IFNAMSIZ length but only one register is written on lookup failure, leaving three registers stale. Additionally, the NFTA_FIB_F_PRESENT flag was accepted for incorrect result types, also leading to data leaks.

CVE-2026-53133
High

In the Linux kernel, a vulnerability in RDMA/umem was found where using iommu with large mapping blocks (>=4G) split across multiple SG entries caused overflow of 32-bit stack values, leading to incorrect DMA address calculation for blocks after truncation.

CVE-2026-53132
High

A vulnerability in the Linux kernel's vsock/virtio driver allows unbounded packet queuing. An attacker can send zero-length packets with the VIRTIO_VSOCK_SEQ_EOM flag, keeping rx_bytes at 0 and allowing the skb queue to grow indefinitely.

PreviousPage 184 of 4549Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS