CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.13)

CVE-2026-45890
Medium

In the Linux kernel, the xen-netback driver is vulnerable to a malicious or buggy Xen guest setting the 'multi-queue-num-queues' xenbus key to 0. The lack of lower bound validation causes a memory allocation with size 0, triggering a WARN_ON_ONCE and potentially leading to a denial of service (DoS) on systems with panic_on_warn enabled.

CVE-2026-45889
Medium

In the Linux kernel, accounting for out-of-order (OoO) packets at the MPTCP level in mptcp_rcvbuf_grow() has been removed. MPTCP-level OoO is physiological when multiple subflows are active and does not cause retransmissions or drops. This accounting caused the receive buffer to drift towards tcp_rmem[2]. The fix also closes a subtle race condition with rcvspace init that could lead to a divide-by-zero Oops.

CVE-2026-45888
Medium

In the Linux kernel md/raid1 driver, a memory leak was found in the raid1_run() function. When setup_conf() registers a thread via md_register_thread() and then raid1_set_limits() fails, the previously registered thread is not unregistered, causing a leak of the md_thread structure and thread resources.

CVE-2026-45887
Medium

A memory leak was found in the Linux kernel's unix_stream_connect() function for AF_UNIX sockets. When prepare_peercred() fails, unix_release_sock() is not called for the new socket (newsk), causing a memory leak.

CVE-2026-45886
Medium

In the Linux kernel, a vulnerability was found in the BPF helper function `bpf_xdp_store_bytes`. The expected argument type was incorrectly defined as `ARG_PTR_TO_UNINIT_MEM` with the `MEM_WRITE` flag, causing the BPF verifier to reject valid calls with read-only maps (BPF_F_RDONLY_PROG) and potentially allowing reads from uninitialized memory.

CVE-2026-45884
Medium

In the Linux kernel, a vulnerability was found in the AppArmor module where the per-CPU counter in aa_get_buffer can underflow. When the hold counter reaches zero while count is non-zero, it wraps to UINT_MAX, preventing buffer return to the global list and causing starvation on other CPUs and excessive memory allocations.

CVE-2026-45883
Medium

In the Linux kernel, a resource leak was found in the SCA3000 IIO driver. The sca3000_probe() function does not release the IRQ (spi->irq) registered via request_threaded_irq() when iio_device_register() fails.

CVE-2026-45881
Medium

In the Linux kernel, a memory leak was detected in the svs_enable_debug_write() function in the MediaTek SVS driver. The buffer allocated by memdup_user_nul() is not freed if kstrtoint() fails.

CVE-2026-45880
Medium

In the Linux kernel, a vulnerability was found in the PCI/P2PDMA mechanism. When vm_insert_page() fails in p2pmem_alloc_mmap(), the per-CPU pgmap reference is not released, causing memunmap_pages() to hang forever when trying to remove the PCI device.

CVE-2026-45877
Medium

In the Linux kernel HID intel-ish-hid driver, a NULL pointer dereference vulnerability was found in the ishtp_bus_remove_all_clients function. The issue occurs during a warm reset when the cl->device pointer may be NULL, leading to a kernel panic.

CVE-2026-45876
Medium

In the Linux kernel, a vulnerability was found in the arch_set_shadow_stack_status() function for ARM64 architecture. The alloc_gcs() function returns an error-encoded pointer on failure, not NULL. The previous NULL check failed to detect errors, which could lead to using an invalid GCS address.

CVE-2026-45875
Medium

In the Linux kernel, a vulnerability was found in the mfd: arizona driver where the wm5102_clear_write_sequencer() function may return an error, bypassing the cleanup sequence and causing a regulator resource leak. Regulators remain enabled, leading to resource exhaustion.

CVE-2026-45874
Medium

In the Linux kernel PHY driver for i.MX8QM HSIO, a NULL pointer dereference vulnerability was found. During probe, the refclk_pad pointer is set to NULL if the 'fsl,refclk-pad-mode' property is not defined in the device tree. The function imx_hsio_configure_clk_pad() uses this pointer unconditionally, which could lead to a system crash.

CVE-2026-45873
Medium

In the Linux kernel, a vulnerability was found in the netfilter packet filtering mechanism, specifically in red-black tree based sets (nft_set_rbtree). The issue is the lack of checking for partially overlapping intervals in anonymous sets, which can lead to incorrect filtering rule behavior.

CVE-2026-45872
Medium

A memory leak was detected in the Linux kernel in the pqi_report_phys_luns() function of the smartpqi driver for SCSI controllers. When encountering an unsupported data format or failing to allocate the rpl_16byte_wwid_list buffer, the function returned an error without freeing the previously allocated rpl_list buffer, leading to memory leaks.

CVE-2026-45871
Medium

In the Linux kernel, a vulnerability in the st33zp24 TPM driver was found where the locality is not released after a get_burstcount() error. When get_burstcount() returns -EBUSY due to timeout, st33zp24_send() exits without proper cleanup.

CVE-2026-45870
Medium

In the Linux kernel, memory leaks were found in XDR decoding functions in the auth_gss module of the SUNRPC protocol. The gssx_dec_ctx(), gssx_dec_status(), and gssx_dec_name() functions allocate memory via gssx_dec_buffer() but fail to free it when a subsequent decode operation fails, leading to memory leaks. The leak in gssx_dec_ctx() is particularly critical because the caller initializes buffer length fields to non-zero values, forcing memory allocation.

CVE-2026-45869
Medium

In the Linux kernel, a NULL pointer dereference vulnerability was found in the wm97xx power supply driver. The issue occurs when an interrupt (IRQ) is registered before the power_supply structure is initialized, potentially leading to the use of an uninitialized pointer in the power_supply_changed() function.

CVE-2026-45868
Medium

In the Linux kernel, a reference leak was detected in the pcs_add_gpio_func() function in the pinctrl-single driver. The of_parse_phandle_with_args() function increments the reference count for the gpiospec.np node, but the loop iterating through all handles never releases these references, leading to a memory leak. The issue was detected by a static analysis tool and confirmed during code review.

CVE-2026-45865
Medium

In the Linux kernel, the MCTP I2C driver did not initialize the event handler read buffer, causing uninitialized stack data to be returned. For i2c-aspeed and i2c-npcm7xx drivers this led to leakage of uninitialized values.

PreviousPage 234 of 565Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS