CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-46172
Medium

A vulnerability has been identified in the Linux kernel in the xfrm6_rcv_encap() function, which improperly manages references to dst entries in case of errors during IPv6 route lookups. As a result, repeated packets can lead to dst entry leaks.

CVE-2026-46171
Medium

A vulnerability has been identified in the Linux kernel related to a memory leak in the KVM vector context for RISC-V architecture. If the second memory allocation fails, the first allocation is not freed, leading to a leak.

CVE-2026-46170
Medium

A vulnerability has been identified in the Linux kernel within the mptcp module that occurs during the retransmission of ADD_ADDR. The issue involves improper timer management, which can lead to resource blocking.

CVE-2026-46169
Medium

A vulnerability has been identified in the Linux kernel's hfsplus module, related to the lack of validation of catalog record size, leading to the reading of uninitialized data. This issue may occur when mounting a corrupted filesystem, resulting in partial data reads.

CVE-2026-46168
Medium

A vulnerability has been identified in the Linux kernel related to the use of lock_sock_fast() in atomic context when setting timestamps. This change can lead to system panic due to scheduling while atomic.

CVE-2026-46167
Medium

A vulnerability has been identified in the Linux kernel within the usblp driver, leading to an uninitialized heap leak via the LPGETSTATUS ioctl. The issue arises because the device's response may contain invalid data, resulting in the transmission of stale, unsafe data to the user.

CVE-2026-46165
Medium

A vulnerability has been identified in the Linux kernel that leads to self-deadlock when removing tunnel ports in openvswitch. The issue arises from improper management of RCU and RTNL contexts during device removal.

CVE-2026-46161
Medium

A vulnerability has been identified in the Linux kernel that leads to a divide-by-zero error in the setup_geo() function when the far_copies parameter is zero. This issue has been resolved by implementing validation of nc and fc values after extraction.

CVE-2026-46160
Medium

A vulnerability has been identified in the Linux kernel related to the missing last_unlink_trans update when removing a directory. This can lead to incorrect fsync behavior when the directory is removed and then synced by an open file descriptor.

CVE-2026-46159
Medium

A vulnerability has been identified in the Linux kernel within the btrfs_ioctl_space_info() function, which can lead to information leakage. The issue involves a TOCTOU race condition between two passes over the block group RAID type lists, resulting in the copying of uninitialized bytes to user space.

CVE-2026-46158
Medium

A vulnerability has been identified in the Linux kernel related to the retransmission of ADD_ADDR in the MPTCP protocol, where the socket reference (sk) was not properly released. This issue has been resolved by ensuring that the reference is always decreased at the end of the operation.

CVE-2026-46156
Medium

A vulnerability has been identified in the Linux kernel within the loongson_gpu_fixup_dma_hang() function, which may lead to improper memory access. The issue occurs when a platform installs a discrete GPU, resulting in access to a random memory address.

CVE-2026-46153
Medium

A vulnerability has been identified in the Linux kernel related to the management of egress QoS priority mappings in the 8021q protocol. The issue is that cleared priority mappings are kept as 'tombstones', leading to memory leaks during set/clear cycles.

CVE-2026-46151
Medium

A vulnerability has been identified in the usblp driver in the Linux kernel, leading to a heap leak in controlling IEEE 1284 devices. The issue arises when a faulty printer can leave stale data in memory due to improper data transfer.

CVE-2026-46148
Medium

A vulnerability has been identified in the Linux kernel's QSPI controller, which automatically manages the chip select. The issue arises when two devices are connected to the controller, potentially leading to malfunction when one device uses GPIO for chip select.

CVE-2026-46147
Medium

A vulnerability in the Linux kernel related to vCPU initialization in KVM for arm64 has been fixed. Issues regarding pin leaks and vCPU publication ordering have been addressed by implementing appropriate safeguards in the code.

CVE-2026-46146
Medium

A vulnerability has been identified in the Linux kernel in the convert_chmap_v3() function, which may lead to a potential endless loop due to a lack of validation of the descriptor length. A proper size check has been added to prevent this situation.

CVE-2026-46144
Medium

A vulnerability in the Linux kernel related to the mana_ib_create_qp_rss() function has been fixed, which could lead to a leak in mana_ib_cfg_vport_steering().

CVE-2026-46143
Medium

A vulnerability has been identified in the Linux kernel affecting the ASoC: qcom: q6apm-lpass-dai component. The issue allows multiple graph openings for the playback path, leading to memory leaks.

CVE-2026-46142
Medium

A vulnerability related to illegal access to the WX_CFG_PORT_ST register by VF has been fixed in the Linux kernel. Attempting to read this register during VF initialization leads to a system hang.

PreviousPage 211 of 560Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS