CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.13)
A vulnerability has been identified in the Linux kernel related to memory leaks in the weighted_interleave_auto_store() function. These issues occur when a user inputs 'true' or 'false', leading to memory not being freed.
A vulnerability has been identified in the Linux kernel related to the hdlc_tx_frames() function, which calls usleep_range() in an atomic context, which is illegal. The issue has been resolved by moving the buffer-space wait outside the spinlock context.
A vulnerability has been identified in the Linux kernel related to a watch count leak in inotify when the fsnotify_add_inode_mark_locked() function fails. In this case, the dec_inotify_watches() function is not called, leading to a watch count leak and potentially reaching the max_user_watches limit.
A vulnerability has been identified in the Linux kernel related to memory management concerning the BYE packet sent by a node. The nameserver does not free the node memory after processing the packet, leading to a memory leak.
A vulnerability has been identified in the Linux kernel that allows re-entry into the rmqueue() function from NMI context in UP systems, leading to corruption of the free page lists. This issue occurs when spin_trylock() always returns success, even when the lock is already held.
A vulnerability has been identified in the Linux kernel that allows for a NULL pointer dereference in the interrupt trigger path. This issue has been resolved by adding validation to ensure that MSI is configured before accessing the cdx_irqs array.
A vulnerability has been identified in the Linux kernel within KVM that occurs during nested #VMEXIT when loading L1's CR3 fails. In this case, the nested_svm_vmexit() function returns an error code that is ignored by most callers, leading to L1 continuing to run in a corrupted state.
A vulnerability has been identified in the Linux kernel related to a device_node leak in the mc_probe() function. The original code did not free the r5_core_node reference, leading to a memory leak.
A vulnerability has been identified in the Linux kernel related to the algif_aead algorithm, affecting asynchronous AEAD requests. The issue arises from the use of a socket-wide IV buffer, which can lead to inconsistent IV handling due to later socket activity.
A vulnerability in the Linux kernel was identified that allowed unlimited queries by local clients. A limit of 64 queries has been introduced to prevent potential flood attacks.
A vulnerability in the Linux kernel has been fixed that could lead to memory leaks or deadlocks due to a race condition between damon_call() and kdamond_fn(). The introduction of an additional field in damon_ctx and proper mutex locks helps avoid these issues.
A vulnerability has been identified in the Linux kernel related to integer overflow in the create_dirty_log() function. It allows bypassing argument validation, leading to out-of-bounds reads on the argv array.
A vulnerability has been identified in the Linux kernel related to improper management of thermal zones. Issues with thermal governor cleanup may lead to memory leaks and use-after-free errors.
A vulnerability has been identified in the Linux kernel related to a memory leak in the atmel_aes_buff_cleanup function. This function only frees one page of memory while leaving three pages unreturned, leading to a memory leak.
A vulnerability has been identified in the Linux kernel within the ALSA usb-audio module, concerning the parsing of UAC2 sample rate ranges. The issue is that upon reaching the maximum number of samples, the parsing is not halted, leading to improper processing of additional triplets.
A vulnerability in the Linux kernel related to race conditions in the split queue during migration has been fixed. The issue involved improper management of the queue state, which could lead to incorrect marking of memory as partially mapped.
A vulnerability in the Linux kernel has been resolved, affecting the remoteproc component in the context of xlnx. The issue was the lack of a check for NULL messages, which could lead to crashes due to NULL pointer dereferencing.
A vulnerability has been identified in the Linux kernel related to KVM's handling of LBR MSRs, which were not properly saved and restored. This issue has been resolved by adding the appropriate MSRs to the list and allowing writes from userspace when LBR virtualization is enabled.
A vulnerability has been identified in the Linux kernel within the put_folios function that may lead to incorrect processing of physical addresses. The issue arises from an incorrect PFN to physical address conversion and missing checks in the cleanup loop.
A vulnerability in the Linux kernel that led to memory leaks in the rxkad_verify_response() function has been fixed. The changes ensure proper resource deallocation in all circumstances, preventing leaks.

