CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.13)
A vulnerability has been identified in the Linux kernel related to the ext4 filesystem, concerning the caching of extents during the splitting process. Caching issues may lead to stale extents remaining in the status tree, resulting in space management errors.
A vulnerability has been identified in the Linux kernel that occurs during role switching in the cdns3 driver during resume. Switching to host mode in this context leads to a NULL pointer dereference.
A vulnerability has been identified in the Linux kernel related to a memory leak in the amdxdna_ubuf_map() function. This function allocates memory for sg and internal sg table structures but fails to free it if subsequent operations fail.
A vulnerability in the Linux kernel was identified that led to deadlocks between devlink and netdev instance locks. The issue stemmed from incorrect lock ordering during the recovery process, which could cause system failures.
A vulnerability has been identified in the Linux kernel within the icmp_route_lookup function, which may lead to incorrect routing of ICMP messages. The issue occurs when the destination address becomes local between the check and the ip_route_input call, resulting in a call to the ip_rt_bug function.
A vulnerability has been identified in the Linux kernel related to improper lock management in EEH event handling. Changes made to the EEH driver inadvertently moved the pci_lock_rescan_remove() function outside its intended scope, leading to issues with PCI error reporting and improper EEH event triggering.
A vulnerability has been identified in the Linux kernel related to the use of commit_mutex in the reset path in netfilter. This issue leads to a circular lock dependency between commit_mutex, nfnl_subsys_ipset, and nlk_cb_mutex when nft reset, ipset list, and iptables-nft with '-m set' rule are run simultaneously.
A vulnerability has been identified in the Linux kernel related to a memory leak in the CAAM module. The issue occurs during the allocation of the net_device structure when the initialization process encounters an error, leading to memory not being freed.
In the Linux kernel, a vulnerability in the ext4 filesystem was found where stale extent entries may remain in the extent status tree when splitting an extent fails, leading to data inconsistency.
In the Linux kernel, a vulnerability was found in the netfilter nft_counter module that allowed concurrent counter reset operations without proper synchronization. The lack of locking caused two parallel dumps and resets to read the same counter values and then subtract them twice, leading to underflow.
In the Linux kernel, a livelock vulnerability was found between quotactl operations and filesystem freezing (freeze_super). When the filesystem is frozen, the quotactl_block() function enters a retry loop waiting for thawing, which on non-preemptible kernels can block the RCU synchronization process, causing the freezer process to hang and the quota process to consume 100% CPU.
In the Linux kernel ext4 filesystem, a vulnerability was found where a stale unwritten extent entry remains in the extent status tree after a failed split of an unwritten extent with PARTIAL_VALID1 and MAY_ZEROOUT flags. This causes inconsistency between on-disk and in-memory extent states.
In the Linux kernel, the xen-netback driver is vulnerable to a malicious or buggy Xen guest setting the 'multi-queue-num-queues' xenbus key to 0. The lack of lower bound validation causes a memory allocation with size 0, triggering a WARN_ON_ONCE and potentially leading to a denial of service (DoS) on systems with panic_on_warn enabled.
In the Linux kernel, accounting for out-of-order (OoO) packets at the MPTCP level in mptcp_rcvbuf_grow() has been removed. MPTCP-level OoO is physiological when multiple subflows are active and does not cause retransmissions or drops. This accounting caused the receive buffer to drift towards tcp_rmem[2]. The fix also closes a subtle race condition with rcvspace init that could lead to a divide-by-zero Oops.
In the Linux kernel md/raid1 driver, a memory leak was found in the raid1_run() function. When setup_conf() registers a thread via md_register_thread() and then raid1_set_limits() fails, the previously registered thread is not unregistered, causing a leak of the md_thread structure and thread resources.
A memory leak was found in the Linux kernel's unix_stream_connect() function for AF_UNIX sockets. When prepare_peercred() fails, unix_release_sock() is not called for the new socket (newsk), causing a memory leak.
In the Linux kernel, a vulnerability was found in the BPF helper function `bpf_xdp_store_bytes`. The expected argument type was incorrectly defined as `ARG_PTR_TO_UNINIT_MEM` with the `MEM_WRITE` flag, causing the BPF verifier to reject valid calls with read-only maps (BPF_F_RDONLY_PROG) and potentially allowing reads from uninitialized memory.
In the Linux kernel, a vulnerability was found in the AppArmor module where the per-CPU counter in aa_get_buffer can underflow. When the hold counter reaches zero while count is non-zero, it wraps to UINT_MAX, preventing buffer return to the global list and causing starvation on other CPUs and excessive memory allocations.
In the Linux kernel, a resource leak was found in the SCA3000 IIO driver. The sca3000_probe() function does not release the IRQ (spi->irq) registered via request_threaded_irq() when iio_device_register() fails.
In the Linux kernel, a memory leak was detected in the svs_enable_debug_write() function in the MediaTek SVS driver. The buffer allocated by memdup_user_nul() is not freed if kstrtoint() fails.

