CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.13)
A vulnerability has been identified in the Linux kernel related to a memory leak in the amdgpu_acpi_enumerate_xcc() function. If amdgpu_acpi_dev_init() returns -ENOMEM, the function does not free the allocated xcc_info memory, leading to a memory leak.
A vulnerability has been identified in the Linux kernel related to the get_burstcount() function, which can return -EBUSY on timeout. In this case, the function does not release the locality, potentially leading to locality leaks.
A vulnerability has been identified and resolved in the Linux kernel. The issue affects GMAC4, where in rare cases, with split header enabled, the hardware does not fill buf2 of the first descriptor with payload, leading to incorrect length calculations for buf2 of the second descriptor.
A vulnerability has been identified in the Linux kernel related to a memory leak in the ni_usb_init() function. If ni_usb_setup_init() fails, the function returns -EFAULT without freeing the allocated buffer, leading to a memory leak.
A vulnerability has been identified in the Linux kernel that has been resolved. The issue involved multiple unregistrations of the same hash algorithm during driver detach due to a wrong iterator.
A vulnerability has been identified in the Linux kernel within the Btrfs filesystem that leads to system aborts during chunk allocation due to non-consecutive gaps. This issue can occur with DUP chunk allocations, resulting in an EEXIST error.
A vulnerability has been identified in the Linux kernel regarding improper initialization of data in nlmsg responses. The issue occurs with the RTM_GETNEIGH message, which may return uninitialized data in the pad bytes.
A vulnerability has been identified in the Linux kernel that leads to a memory leak on codec_info allocation failure. The functions wave5_vpu_open_enc() and wave5_vpu_open_dec() do not free the previously allocated instance, resulting in a memory leak.
A vulnerability has been identified in the Linux kernel's BPF mechanism, allowing the hash of a map to be calculated and cached regardless of its frozen state. This can lead to a TOCTOU bug where a user can modify the map's contents before freezing it.
A vulnerability in the Linux kernel related to a potential memory leak during PWM chip initialization has been resolved. If __pinned_init() fails, the allocated pwm_chip would leak due to not calling pwmchip_put() on the error path.
A vulnerability has been identified in the Linux kernel related to a reference leak in the thermal_of_cm_lookup() function. The tr_np value is obtained via of_parse_phandle() but is never released, leading to a memory leak.
A vulnerability has been identified in the Linux kernel within the ksmbd module, requiring the call to ksmbd_vfs_kern_path_end_removing() in two places to balance removal operations. Failure to do so may lead to potential deadlocks and unbalanced locks.
A vulnerability has been identified in the Linux kernel within the USB catc module, due to a lack of endpoint descriptor verification. As a result, malformed USB devices can present incorrect transfer types, potentially leading to unexpected behavior.
A vulnerability has been identified in the Linux kernel related to a memory leak in the GET_DATA_DIRECT_SYSFS_PATH function. If the length of the device path exceeds the output buffer length, memory is not freed, leading to a memory leak.
A vulnerability has been identified in the Linux kernel related to a memory leak in the mtd_parser_tplink_safeloader_parse() function. The issue occurs when buffer allocation fails, and the buffer is not freed, leading to a memory leak.
A vulnerability has been identified in the Linux kernel that leads to an infinite self-interrupt loop on CPU0 when overloaded. The issue occurs during RT task load balancing, potentially causing CPU lockup.
A vulnerability has been identified in the Linux kernel within the OpenVPN module that may lead to system crashes. The issue occurs when removing a peer from the list during keepalive expiration while the socket is being closed simultaneously.
A vulnerability has been identified in the Linux kernel related to route management for closing network devices. The issue involves a race condition between the event notification and the code that caches route information, potentially leading to leaked device references.
A vulnerability has been identified in the Linux kernel related to directory removal in FAT file systems. The flaw may lead to incorrect decrementing of the parent link count, resulting in filesystem errors.
A vulnerability has been identified in the Linux kernel related to updating the number of mdb entries in VLAN contexts. The issue arises from conditionally increasing the entry count, leading to situations where this count is not properly updated, potentially resulting in warnings during bridge operations.

