CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.13)

CVE-2026-45912
Medium

A vulnerability has been identified in the Linux kernel related to the ext4 filesystem, concerning the caching of extents during the splitting process. Caching issues may lead to stale extents remaining in the status tree, resulting in space management errors.

CVE-2026-45911
Medium

A vulnerability has been identified in the Linux kernel that occurs during role switching in the cdns3 driver during resume. Switching to host mode in this context leads to a NULL pointer dereference.

CVE-2026-45908
Medium

A vulnerability has been identified in the Linux kernel related to a memory leak in the amdxdna_ubuf_map() function. This function allocates memory for sg and internal sg table structures but fails to free it if subsequent operations fail.

CVE-2026-45907
Medium

A vulnerability in the Linux kernel was identified that led to deadlocks between devlink and netdev instance locks. The issue stemmed from incorrect lock ordering during the recovery process, which could cause system failures.

CVE-2026-45905
Medium

A vulnerability has been identified in the Linux kernel within the icmp_route_lookup function, which may lead to incorrect routing of ICMP messages. The issue occurs when the destination address becomes local between the check and the ip_route_input call, resulting in a call to the ip_rt_bug function.

CVE-2026-45904
Medium

A vulnerability has been identified in the Linux kernel related to improper lock management in EEH event handling. Changes made to the EEH driver inadvertently moved the pci_lock_rescan_remove() function outside its intended scope, leading to issues with PCI error reporting and improper EEH event triggering.

CVE-2026-45901
Medium

A vulnerability has been identified in the Linux kernel related to the use of commit_mutex in the reset path in netfilter. This issue leads to a circular lock dependency between commit_mutex, nfnl_subsys_ipset, and nlk_cb_mutex when nft reset, ipset list, and iptables-nft with '-m set' rule are run simultaneously.

CVE-2026-45900
Medium

A vulnerability has been identified in the Linux kernel related to a memory leak in the CAAM module. The issue occurs during the allocation of the net_device structure when the initialization process encounters an error, leading to memory not being freed.

CVE-2026-45899
Medium

In the Linux kernel, a vulnerability in the ext4 filesystem was found where stale extent entries may remain in the extent status tree when splitting an extent fails, leading to data inconsistency.

CVE-2026-45897
Medium

In the Linux kernel, a vulnerability was found in the netfilter nft_counter module that allowed concurrent counter reset operations without proper synchronization. The lack of locking caused two parallel dumps and resets to read the same counter values and then subtract them twice, leading to underflow.

CVE-2026-45895
Medium

In the Linux kernel, a livelock vulnerability was found between quotactl operations and filesystem freezing (freeze_super). When the filesystem is frozen, the quotactl_block() function enters a retry loop waiting for thawing, which on non-preemptible kernels can block the RCU synchronization process, causing the freezer process to hang and the quota process to consume 100% CPU.

CVE-2026-45892
Medium

In the Linux kernel ext4 filesystem, a vulnerability was found where a stale unwritten extent entry remains in the extent status tree after a failed split of an unwritten extent with PARTIAL_VALID1 and MAY_ZEROOUT flags. This causes inconsistency between on-disk and in-memory extent states.

CVE-2026-45890
Medium

In the Linux kernel, the xen-netback driver is vulnerable to a malicious or buggy Xen guest setting the 'multi-queue-num-queues' xenbus key to 0. The lack of lower bound validation causes a memory allocation with size 0, triggering a WARN_ON_ONCE and potentially leading to a denial of service (DoS) on systems with panic_on_warn enabled.

CVE-2026-45889
Medium

In the Linux kernel, accounting for out-of-order (OoO) packets at the MPTCP level in mptcp_rcvbuf_grow() has been removed. MPTCP-level OoO is physiological when multiple subflows are active and does not cause retransmissions or drops. This accounting caused the receive buffer to drift towards tcp_rmem[2]. The fix also closes a subtle race condition with rcvspace init that could lead to a divide-by-zero Oops.

CVE-2026-45888
Medium

In the Linux kernel md/raid1 driver, a memory leak was found in the raid1_run() function. When setup_conf() registers a thread via md_register_thread() and then raid1_set_limits() fails, the previously registered thread is not unregistered, causing a leak of the md_thread structure and thread resources.

CVE-2026-45887
Medium

A memory leak was found in the Linux kernel's unix_stream_connect() function for AF_UNIX sockets. When prepare_peercred() fails, unix_release_sock() is not called for the new socket (newsk), causing a memory leak.

CVE-2026-45886
Medium

In the Linux kernel, a vulnerability was found in the BPF helper function `bpf_xdp_store_bytes`. The expected argument type was incorrectly defined as `ARG_PTR_TO_UNINIT_MEM` with the `MEM_WRITE` flag, causing the BPF verifier to reject valid calls with read-only maps (BPF_F_RDONLY_PROG) and potentially allowing reads from uninitialized memory.

CVE-2026-45884
Medium

In the Linux kernel, a vulnerability was found in the AppArmor module where the per-CPU counter in aa_get_buffer can underflow. When the hold counter reaches zero while count is non-zero, it wraps to UINT_MAX, preventing buffer return to the global list and causing starvation on other CPUs and excessive memory allocations.

CVE-2026-45883
Medium

In the Linux kernel, a resource leak was found in the SCA3000 IIO driver. The sca3000_probe() function does not release the IRQ (spi->irq) registered via request_threaded_irq() when iio_device_register() fails.

CVE-2026-45881
Medium

In the Linux kernel, a memory leak was detected in the svs_enable_debug_write() function in the MediaTek SVS driver. The buffer allocated by memdup_user_nul() is not freed if kstrtoint() fails.

PreviousPage 218 of 557Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS