CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.13)
A vulnerability in the Linux kernel related to the SPI interface in microchips has been resolved, which occurred during emulated read-only dual/quad operations. The issue involved unnecessary data transmission that could lead to transfer failure.
A vulnerability has been identified in the Linux kernel due to a lack of NULL checks after calling the napi_build_skb() function. In case of allocation failure, the result can lead to a NULL pointer dereference.
A vulnerability has been identified in the Linux kernel related to a race condition in thread management. The issue occurs when kthread_complete_and_exit() is called before kthread_stop(), leading to the use of a kthread object after it has been freed.
A vulnerability has been identified in the Linux kernel's Bluetooth packet handling that allows invalid data to be passed to the hci_recv_frame() function. This issue arises when the packet length is not properly verified before further processing, potentially leading to the reading of uninitialized data from the buffer.
A vulnerability in the Linux kernel related to division by zero in USB handling functions has been fixed. A missing sanity check for bNrChannels in detect_usb_format() could lead to a kernel crash.
A vulnerability in the Linux kernel was identified that allowed uninitialized stack memory bytes to leak to userspace. The issue was related to the papr_hvpipe_hdr structure, where not all fields were initialized, potentially leading to data exposure.
A vulnerability has been identified in the Linux kernel that allows pointer operations on unconfigured streams. The issue arises from dividing the I/O frame position by values that default to 0, potentially leading to a divide by zero error.
A vulnerability has been identified in the Linux kernel in the xfrm6_rcv_encap() function, which improperly manages references to dst entries in case of errors during IPv6 route lookups. As a result, repeated packets can lead to dst entry leaks.
A vulnerability has been identified in the Linux kernel related to a memory leak in the KVM vector context for RISC-V architecture. If the second memory allocation fails, the first allocation is not freed, leading to a leak.
A vulnerability has been identified in the Linux kernel within the mptcp module that occurs during the retransmission of ADD_ADDR. The issue involves improper timer management, which can lead to resource blocking.
A vulnerability has been identified in the Linux kernel's hfsplus module, related to the lack of validation of catalog record size, leading to the reading of uninitialized data. This issue may occur when mounting a corrupted filesystem, resulting in partial data reads.
A vulnerability has been identified in the Linux kernel related to the use of lock_sock_fast() in atomic context when setting timestamps. This change can lead to system panic due to scheduling while atomic.
A vulnerability has been identified in the Linux kernel within the usblp driver, leading to an uninitialized heap leak via the LPGETSTATUS ioctl. The issue arises because the device's response may contain invalid data, resulting in the transmission of stale, unsafe data to the user.
A vulnerability has been identified in the Linux kernel that leads to self-deadlock when removing tunnel ports in openvswitch. The issue arises from improper management of RCU and RTNL contexts during device removal.
A vulnerability has been identified in the Linux kernel that leads to a divide-by-zero error in the setup_geo() function when the far_copies parameter is zero. This issue has been resolved by implementing validation of nc and fc values after extraction.
A vulnerability has been identified in the Linux kernel related to the missing last_unlink_trans update when removing a directory. This can lead to incorrect fsync behavior when the directory is removed and then synced by an open file descriptor.
A vulnerability has been identified in the Linux kernel within the btrfs_ioctl_space_info() function, which can lead to information leakage. The issue involves a TOCTOU race condition between two passes over the block group RAID type lists, resulting in the copying of uninitialized bytes to user space.
A vulnerability has been identified in the Linux kernel related to the retransmission of ADD_ADDR in the MPTCP protocol, where the socket reference (sk) was not properly released. This issue has been resolved by ensuring that the reference is always decreased at the end of the operation.
A vulnerability has been identified in the Linux kernel within the loongson_gpu_fixup_dma_hang() function, which may lead to improper memory access. The issue occurs when a platform installs a discrete GPU, resulting in access to a random memory address.
A vulnerability has been identified in the Linux kernel related to the management of egress QoS priority mappings in the 8021q protocol. The issue is that cleared priority mappings are kept as 'tombstones', leading to memory leaks during set/clear cycles.

