CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
A vulnerability in the Linux kernel related to cgroup has been resolved, which could lead to system deadlock during the removal of a control group. The issue stemmed from improper management of tasks during their removal, potentially causing processes to be unable to terminate due to waiting for resource release.
A vulnerability has been identified in the Linux kernel due to missing checks for connected devices in pads, which may lead to a NULL pointer dereference when enabling the stream.
A vulnerability has been identified in the Linux kernel related to a memory leak of the device name. The device name allocated via kzalloc() in init_one_mc() is not freed on the normal removal path, leading to a memory leak.
A vulnerability in the Linux kernel has been resolved by replacing BUG_ON() calls in the sdma_v4_0_ring_emit_fence() function with WARN_ON() calls. This allowed unprivileged users to trigger a kernel panic through misaligned fence writeback addresses.
A vulnerability in the Linux kernel has been resolved by adding a NULL check for media_gt in the intel_hdcp_gsc_check_status() function. When media GT is disabled, the lack of allocation for media_gt leads to a kernel pagefault error.
A vulnerability has been identified in the Linux kernel related to the leak of the accepted connection count on transport mismatch. The issue occurs when the vsock_assign_transport() function fails or selects a different transport, leading to a permanent increment of sk_ack_backlog.
A vulnerability has been identified in the Linux kernel within the msm_ioctl_gem_info_get_metadata() function, which always returns 0, ignoring errors. This causes userspace to incorrectly interpret that the ioctl call succeeded when it did not.
A vulnerability has been identified in the Linux kernel related to improper data copying for non-linear buffers. The issue was that during the copying of the original payload to a new buffer, the copy length was set to zero, resulting in no data being copied.
A vulnerability has been identified in the Linux kernel's autodim code in the hid-appletb-kbd module, allowing blocking functions to be called in atomic context. This issue occurs in two locations, leading to mutex locking errors.
A vulnerability related to the deregistration of the SPI controller in mpc52xx has been fixed in the Linux kernel. The issue was that the controller was not properly deregistered before disabling and releasing resources such as interrupts and GPIOs.
A vulnerability has been identified in the Linux kernel related to tracepoints that occurs during the failure of the func_add() function in tracepoint_add_func(). In the event of an error, the function does not call the corresponding unregfunc(), leading to an incorrect reference state.
A vulnerability has been identified in the Linux kernel within the f2fs_destroy_extent_node() function, which does not set the FI_NO_EXTENT flag before clearing nodes. This can lead to a race condition between deletion and writeback operations, resulting in a f2fs_bug_on() error in the __destroy_extent_node() function.
A vulnerability has been identified in the Linux kernel's AH module that occurs during asynchronous operations. The issue involves incorrect handling of the high bits of ESN in callbacks, leading to data transmission errors in both IPv4 and IPv6 protocols.
A vulnerability in the Linux kernel related to the SPI interface in microchips has been resolved, which occurred during emulated read-only dual/quad operations. The issue involved unnecessary data transmission that could lead to transfer failure.
A vulnerability has been identified in the Linux kernel due to a lack of NULL checks after calling the napi_build_skb() function. In case of allocation failure, the result can lead to a NULL pointer dereference.
A vulnerability has been identified in the Linux kernel related to a race condition in thread management. The issue occurs when kthread_complete_and_exit() is called before kthread_stop(), leading to the use of a kthread object after it has been freed.
A vulnerability has been identified in the Linux kernel's Bluetooth packet handling that allows invalid data to be passed to the hci_recv_frame() function. This issue arises when the packet length is not properly verified before further processing, potentially leading to the reading of uninitialized data from the buffer.
A vulnerability in the Linux kernel related to division by zero in USB handling functions has been fixed. A missing sanity check for bNrChannels in detect_usb_format() could lead to a kernel crash.
A vulnerability in the Linux kernel was identified that allowed uninitialized stack memory bytes to leak to userspace. The issue was related to the papr_hvpipe_hdr structure, where not all fields were initialized, potentially leading to data exposure.
A vulnerability has been identified in the Linux kernel that allows pointer operations on unconfigured streams. The issue arises from dividing the I/O frame position by values that default to 0, potentially leading to a divide by zero error.

