CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
A vulnerability has been identified in the Linux kernel in the xfrm6_rcv_encap() function, which improperly manages references to dst entries in case of errors during IPv6 route lookups. As a result, repeated packets can lead to dst entry leaks.
A vulnerability has been identified in the Linux kernel related to a memory leak in the KVM vector context for RISC-V architecture. If the second memory allocation fails, the first allocation is not freed, leading to a leak.
A vulnerability has been identified in the Linux kernel within the mptcp module that occurs during the retransmission of ADD_ADDR. The issue involves improper timer management, which can lead to resource blocking.
A vulnerability has been identified in the Linux kernel's hfsplus module, related to the lack of validation of catalog record size, leading to the reading of uninitialized data. This issue may occur when mounting a corrupted filesystem, resulting in partial data reads.
A vulnerability has been identified in the Linux kernel related to the use of lock_sock_fast() in atomic context when setting timestamps. This change can lead to system panic due to scheduling while atomic.
A vulnerability has been identified in the Linux kernel within the usblp driver, leading to an uninitialized heap leak via the LPGETSTATUS ioctl. The issue arises because the device's response may contain invalid data, resulting in the transmission of stale, unsafe data to the user.
A vulnerability has been identified in the Linux kernel that leads to self-deadlock when removing tunnel ports in openvswitch. The issue arises from improper management of RCU and RTNL contexts during device removal.
A vulnerability has been identified in the Linux kernel that leads to a divide-by-zero error in the setup_geo() function when the far_copies parameter is zero. This issue has been resolved by implementing validation of nc and fc values after extraction.
A vulnerability has been identified in the Linux kernel related to the missing last_unlink_trans update when removing a directory. This can lead to incorrect fsync behavior when the directory is removed and then synced by an open file descriptor.
A vulnerability has been identified in the Linux kernel within the btrfs_ioctl_space_info() function, which can lead to information leakage. The issue involves a TOCTOU race condition between two passes over the block group RAID type lists, resulting in the copying of uninitialized bytes to user space.
A vulnerability has been identified in the Linux kernel related to the retransmission of ADD_ADDR in the MPTCP protocol, where the socket reference (sk) was not properly released. This issue has been resolved by ensuring that the reference is always decreased at the end of the operation.
A vulnerability has been identified in the Linux kernel within the loongson_gpu_fixup_dma_hang() function, which may lead to improper memory access. The issue occurs when a platform installs a discrete GPU, resulting in access to a random memory address.
A vulnerability has been identified in the Linux kernel related to the management of egress QoS priority mappings in the 8021q protocol. The issue is that cleared priority mappings are kept as 'tombstones', leading to memory leaks during set/clear cycles.
A vulnerability has been identified in the usblp driver in the Linux kernel, leading to a heap leak in controlling IEEE 1284 devices. The issue arises when a faulty printer can leave stale data in memory due to improper data transfer.
A vulnerability has been identified in the Linux kernel's QSPI controller, which automatically manages the chip select. The issue arises when two devices are connected to the controller, potentially leading to malfunction when one device uses GPIO for chip select.
A vulnerability in the Linux kernel related to vCPU initialization in KVM for arm64 has been fixed. Issues regarding pin leaks and vCPU publication ordering have been addressed by implementing appropriate safeguards in the code.
A vulnerability has been identified in the Linux kernel in the convert_chmap_v3() function, which may lead to a potential endless loop due to a lack of validation of the descriptor length. A proper size check has been added to prevent this situation.
A vulnerability in the Linux kernel related to the mana_ib_create_qp_rss() function has been fixed, which could lead to a leak in mana_ib_cfg_vport_steering().
A vulnerability has been identified in the Linux kernel affecting the ASoC: qcom: q6apm-lpass-dai component. The issue allows multiple graph openings for the playback path, leading to memory leaks.
A vulnerability related to illegal access to the WX_CFG_PORT_ST register by VF has been fixed in the Linux kernel. Attempting to read this register during VF initialization leads to a system hang.

