CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.13)
A vulnerability has been identified in the Linux kernel related to duplicate resource teardown in the epf_ntb_epc_destroy() function. This may lead to system errors when the .allow_link operation fails or during the .drop_link execution.
A vulnerability has been identified in the Linux kernel that may lead to deadlocks in the damos_walk() function due to a race condition with the kdamond_fn() function. The issue arises from improper context management, potentially resulting in infinite waiting for request handling.
A vulnerability has been identified in the Linux kernel related to cacheline sharing for DMA buffers in the hwmon module. This issue may occur depending on the architecture when the transfer buffer shares a cacheline with a mutex.
In the Linux kernel, a vulnerability related to a resource leak in the xfs_alloc_buftarg() function has been fixed. In the error path, fs_put_dax() is called to drop the DAX device reference.
A vulnerability has been identified in the Linux kernel that allows for unlimited node registration by the nameserver. This can lead to memory exhaustion if a malicious client starts registering random nodes.
A vulnerability has been identified in the ext2 filesystem of the Linux kernel that allows for the introduction of a corrupted inode with zero link count and non-zero mode. This case, which should be rejected, can lead to improper filesystem behavior.
A vulnerability related to RESPONSE packet handling at the connection level has been fixed in the Linux kernel. Security issues could lead to decrypted packet data being exposed to packet sniffers.
A vulnerability in the Linux kernel has been fixed related to the missing put_disk() call when device_add(&disk_dev) fails. This bug resulted in the scsi_disk being freed while the gendisk remained referenced.
A vulnerability has been identified in the Linux kernel related to the LoongArch architecture, concerning the syscall dispatch table. The lack of an array_index_nospec() boundary allows access to syscall function pointers beyond the allowed range.
A vulnerability has been identified in the Linux kernel's krealloc() function that may lead to data loss and buffer overflow during object resizing. These issues arise from improper size management during NUMA migration and when shrinking objects.
A vulnerability has been identified in the Linux kernel related to KVM, concerning the synchronization of interrupt state in nested virtual machines. The issue arises when KVM_SET_VCPU_EVENTS is called before KVM_SET_NESTED_STATE, potentially leading to a hang of the vCPU in L2.
A vulnerability related to a memory leak in the cc_mac_digest() function has been identified in the Linux kernel. A fix has been implemented that adds the cc_unmap_result() function in case cc_map_hash_request_final() fails.
A vulnerability has been identified in the ext4 filesystem within the Linux kernel that occurs during block allocation in DIO mode. The issue arises from improper setting of the EXT4_GET_BLOCKS_CONVERT flag, which may lead to stale data problems.
A vulnerability has been identified in the Linux kernel related to NFSv4 request handling. Delays in idmap upcall responses can lead to request rejections, resulting in client session errors.
In the Linux kernel, a vulnerability related to NULL pointer dereference in the acpi_ev_address_space_dispatch() function has been fixed. A new check has been added to cover a missed execution path.
A vulnerability in the Linux kernel related to device lifecycle handling in the `css_alloc_subchannel()` function has been fixed. The issue was that in case of a DMA mask setup failure, the subchannel structure was freed without proper reference management to the device model.
A vulnerability in the Linux kernel related to amdgpu has been resolved, which occurred under low memory conditions. In such situations, the kmalloc function could fail, requiring the mutex to be unlocked for a clean exit.
A vulnerability has been identified and resolved in the Linux kernel. The issue concerns the gb_lights_light_config() function, which stores the channel count before allocating the channels array, potentially leading to a NULL pointer dereference.
A vulnerability has been identified in the Linux kernel within the fbnic module, concerning a race condition between logging functions and the teardown process. This issue may lead to dereferencing a freed or null variable, posing a risk of system errors.
A vulnerability related to a memory leak in the amdgpu_ras_init() function has been identified in the Linux kernel. If the amdgpu_nbio_ras_sw_init() function fails, the allocated con structure is not freed, leading to a memory leak.

