CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.15)
An AB-BA deadlock was discovered in the Linux kernel during PHY LED trigger registration. The issue occurs when both LEDS_TRIGGER_NETDEV and LED_TRIGGER_PHY are enabled, causing mutual blocking when accessing the trigger list and the RTNL mutex.
In the Linux kernel, the kalmia USB driver lacks validation of USB endpoints. A malicious USB device without the expected endpoints can cause a kernel crash when the driver blindly accesses them.
A vulnerability has been identified in the Linux kernel in the ioremap_prot() function, which may lead to memory read errors from the kernel level on arm64 systems with PAN enabled. The issue lies in returning a new user mapping that is inaccessible to the kernel.
In the Linux kernel irdma driver, a kernel stack leak was found in irdma_create_user_ah(). The reserved field of the response structure is not zeroed before being sent to userspace, leaking 4 bytes of stack memory.
A vulnerability was found in the Linux kernel's MPTCP (Multipath TCP) endpoint management. It triggers a warning when removing an endpoint with both 'signal' and 'subflow' flags while the MPTCP subflow limit is set to 0. The issue stems from incorrectly marking the endpoint as used, leading to state inconsistency.
A vulnerability in the Linux kernel allows changing the transmission hash policy to vlan+srcmac while an XDP program is loaded on a bond in 802.3ad or balance-xor mode. This can lead to incompatibility and errors when destroying bonds.
A NULL pointer dereference vulnerability was found in the Linux kernel's ip6_rt_get_dev_rcu() function. It occurs when a slave device is being un-slaved from a VRF, causing l3mdev_master_dev_rcu() to return NULL and leading to a system crash.
A data race vulnerability was found in the Linux kernel around the sk->sk_data_ready and sk->sk_write_space pointers. The skmsg layer (and possibly others) modifies these pointers while other CPUs may read them concurrently, leading to undefined behavior.
A vulnerability in the Linux kernel causes a system panic when an IPv4 route references an IPv6 nexthop object configured on a loopback interface. The issue stems from misclassifying such an object as a reject route, skipping initialization of the nhc_pcpu_rth_output structure, leading to a NULL pointer dereference.
W jądrze Linuxa zidentyfikowano podatność związaną z błędami w kolejce socketów Bluetooth. Gdy włączone jest znacznik czasu TX, pakiety mogą utknąć w kolejce błędów, co prowadzi do ich wycieku, jeśli nie zostaną odczytane przez użytkownika lub kontroler zostanie niespodziewanie usunięty.
W jądrze Linuxa zidentyfikowano i naprawiono podatność związaną z wyciekiem pamięci struktury cred w funkcji nfsd_nl_threads_set_doit(). Problem polegał na tym, że referencja do cred była przekazywana, ale nie była odpowiednio zwalniana, co prowadziło do wycieku pamięci.
W jądrze Linuxa zidentyfikowano podatność, która prowadzi do zakleszczenia podczas wstrzymywania i wznawiania aplikacji. Problem występuje, gdy aplikacja wydaje zapytanie IOCTL w trakcie automatycznego wstrzymywania, co prowadzi do blokady zasobów.
A vulnerability in the Linux kernel's VXLAN driver causes a NULL pointer dereference in the IPv6 neighbor table (nd_tbl) when booting with the 'ipv6.disable=1' parameter. An attacker can send a crafted IPv6 packet to a VXLAN interface, triggering route_shortcircuit() and leading to a kernel Oops and potential system crash.
The pegasus USB driver in the Linux kernel lacks validation of USB endpoints. A malicious USB device can crash the driver by not providing the expected endpoints.
In the Linux kernel, the irqchip/sifive-plic driver has a vulnerability causing interrupt freezing. The issue occurs when changing interrupt affinity while a hart is still handling the interrupt, leading the PLIC controller to ignore the completion message. This results in a complete stall of interrupts for the affected device.
In the Linux kernel, a vulnerability was found in the mtk_eth_soc driver where the eBPF program pointer in mtk_xdp_setup() is not reset to old_prog on error in mtk_open, and its ref-count is incorrectly decreased.
A logic issue in Safari and Apple systems was fixed with improved state management, preventing malicious websites from accessing script message handlers intended for other origins. The patch is included in Safari 26.4, iOS 18.7.7, iPadOS 18.7.7, iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, and visionOS 26.4.
A vulnerability in Safari and related Apple system components allows a malicious website to process restricted web content outside the sandbox. The issue was addressed with improved memory handling.
A vulnerability in WebKit may lead to an unexpected process crash when processing maliciously crafted web content. The issue was addressed with improved memory handling. The fix is included in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, and visionOS 26.4.
A vulnerability in WebKit may lead to an unexpected process crash when processing maliciously crafted web content. The issue was fixed by improving memory handling in Safari 26.4, iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, and visionOS 26.4.

