CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.13)

CVE-2026-46042
Medium

A vulnerability has been identified in the Linux kernel related to memory leaks in the weighted_interleave_auto_store() function. These issues occur when a user inputs 'true' or 'false', leading to memory not being freed.

CVE-2026-46041
Medium

A vulnerability has been identified in the Linux kernel related to the hdlc_tx_frames() function, which calls usleep_range() in an atomic context, which is illegal. The issue has been resolved by moving the buffer-space wait outside the spinlock context.

CVE-2026-46040
Medium

A vulnerability has been identified in the Linux kernel related to a watch count leak in inotify when the fsnotify_add_inode_mark_locked() function fails. In this case, the dec_inotify_watches() function is not called, leading to a watch count leak and potentially reaching the max_user_watches limit.

CVE-2026-46038
Medium

A vulnerability has been identified in the Linux kernel related to memory management concerning the BYE packet sent by a node. The nameserver does not free the node memory after processing the packet, leading to a memory leak.

CVE-2026-46035
Medium

A vulnerability has been identified in the Linux kernel that allows re-entry into the rmqueue() function from NMI context in UP systems, leading to corruption of the free page lists. This issue occurs when spin_trylock() always returns success, even when the lock is already held.

CVE-2026-46034
Medium

A vulnerability has been identified in the Linux kernel that allows for a NULL pointer dereference in the interrupt trigger path. This issue has been resolved by adding validation to ensure that MSI is configured before accessing the cdx_irqs array.

CVE-2026-46032
Medium

A vulnerability has been identified in the Linux kernel within KVM that occurs during nested #VMEXIT when loading L1's CR3 fails. In this case, the nested_svm_vmexit() function returns an error code that is ignored by most callers, leading to L1 continuing to run in a corrupted state.

CVE-2026-46030
Medium

A vulnerability has been identified in the Linux kernel related to a device_node leak in the mc_probe() function. The original code did not free the r5_core_node reference, leading to a memory leak.

CVE-2026-46028
Medium

A vulnerability has been identified in the Linux kernel related to the algif_aead algorithm, affecting asynchronous AEAD requests. The issue arises from the use of a socket-wide IV buffer, which can lead to inconsistent IV handling due to later socket activity.

CVE-2026-46026
Medium

A vulnerability in the Linux kernel was identified that allowed unlimited queries by local clients. A limit of 64 queries has been introduced to prevent potential flood attacks.

CVE-2026-46025
Medium

A vulnerability in the Linux kernel has been fixed that could lead to memory leaks or deadlocks due to a race condition between damon_call() and kdamond_fn(). The introduction of an additional field in damon_ctx and proper mutex locks helps avoid these issues.

CVE-2026-46023
Medium

A vulnerability has been identified in the Linux kernel related to integer overflow in the create_dirty_log() function. It allows bypassing argument validation, leading to out-of-bounds reads on the argv array.

CVE-2026-46021
Medium

A vulnerability has been identified in the Linux kernel related to improper management of thermal zones. Issues with thermal governor cleanup may lead to memory leaks and use-after-free errors.

CVE-2026-46019
Medium

A vulnerability has been identified in the Linux kernel related to a memory leak in the atmel_aes_buff_cleanup function. This function only frees one page of memory while leaving three pages unreturned, leading to a memory leak.

CVE-2026-46018
Medium

A vulnerability has been identified in the Linux kernel within the ALSA usb-audio module, concerning the parsing of UAC2 sample rate ranges. The issue is that upon reaching the maximum number of samples, the parsing is not halted, leading to improper processing of additional triplets.

CVE-2026-46017
Medium

A vulnerability in the Linux kernel related to race conditions in the split queue during migration has been fixed. The issue involved improper management of the queue state, which could lead to incorrect marking of memory as partially mapped.

CVE-2026-46016
Medium

A vulnerability in the Linux kernel has been resolved, affecting the remoteproc component in the context of xlnx. The issue was the lack of a check for NULL messages, which could lead to crashes due to NULL pointer dereferencing.

CVE-2026-46014
Medium

A vulnerability has been identified in the Linux kernel related to KVM's handling of LBR MSRs, which were not properly saved and restored. This issue has been resolved by adding the appropriate MSRs to the list and allowing writes from userspace when LBR virtualization is enabled.

CVE-2026-46013
Medium

A vulnerability has been identified in the Linux kernel within the put_folios function that may lead to incorrect processing of physical addresses. The issue arises from an incorrect PFN to physical address conversion and missing checks in the cleanup loop.

CVE-2026-46012
Medium

A vulnerability in the Linux kernel that led to memory leaks in the rxkad_verify_response() function has been fixed. The changes ensure proper resource deallocation in all circumstances, preventing leaks.

PreviousPage 214 of 557Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS