CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-53078
High

In the Linux kernel BPF subsystem, a vulnerability was found in the SOCK_OPS_GET_SK() and SOCK_OPS_GET_FIELD() macros for sock_ops programs. When the destination register equals the source register and the socket is not full or locked, the destination register is not zeroed, leading to a kernel pointer leak and out-of-bounds stack read.

CVE-2026-53077
High

A vulnerability in the Linux kernel's RDS/IB module prevents proper operation in network namespaces other than the initial one. This restricts RDS/IB usage to the initial network namespace only.

CVE-2026-53076
High

An out-of-bounds read vulnerability in the Linux kernel occurs when copying data from a BPF_MAP_TYPE_CGROUP_STORAGE map to another per-CPU map with the same value_size not aligned to 8 bytes. This leads to reading beyond the allocated buffer.

CVE-2026-53075
High

In the Linux kernel, a vulnerability in the PPP driver allows a local unprivileged user to perform administrative ioctls (such as PPPIOCNEWUNIT, PPPIOCATTACH, PPPIOCATTCHAN) in an inherited network namespace while only having CAP_NET_ADMIN in a newly created user namespace. The fix requires CAP_NET_ADMIN in the user namespace that owns the target network namespace.

CVE-2026-53072
High

In the Linux kernel, a vulnerability was found in the Bluetooth stack where hci_conn_request_evt() calls hci_connect_cfm() without holding the hdev->lock. This can lead to a use-after-free (UAF) if the connection is deleted concurrently.

CVE-2026-53071
High

In the Linux kernel, the Bluetooth L2CAP subsystem lacked channel locking in l2cap_ecred_reconf_rsp(). A remote BLE device can send a crafted ECRED reconfiguration response, corrupting the channel list while another thread iterates it.

CVE-2026-53070
High

A vulnerability in the Linux kernel's SCTP over UDP implementation fails to disable BH before calling tunnel transmit functions, causing unbalanced recursion counters and potential packet drops.

CVE-2026-53069
High

A null-pointer dereference vulnerability was found in the Linux kernel's xdp_master_redirect() function when redirecting XDP traffic to a master interface (bond) that has not been brought up. The issue occurs when a bond interface in round-robin mode lacks the rr_tx_counter because it never went through bond_open().

CVE-2026-53068
High

In the Linux kernel, a vulnerability was found in the komeda DRM driver where the AFBC framebuffer size validation did not check for integer overflow. Adding the AFBC payload size to the framebuffer offset could overflow, allowing the size check to pass incorrectly and accept an undersized GEM object. This could lead to out-of-bounds memory access.

CVE-2026-53062
High

In the Linux kernel, the dm-cache policy SMQ lacks proper locking when invalidating cache blocks in passthrough mode. The invalidate_mapping operation is called concurrently from multiple workers without protection, leading to data races on the allocated blocks counter and potential use-after-free issues in internal data structures.

CVE-2026-53057
High

In the Linux kernel, the RISC-V IOMMU subsystem lacked required TLB and context cache invalidations after updating DDT/PDT entries. The riscv_iommu_iodir_iotinval() function was added to comply with the RISC-V IOMMU specification.

CVE-2026-53054
High

In the Linux kernel, a locking bug was found in the drm/msm driver's VM_BIND UNMAP operation. An incorrect argument caused objects involved in UNMAP operations not to be consistently locked, potentially leading to synchronization issues.

CVE-2026-53053
High

In the Linux kernel, a vulnerability was found in the AMD IOMMU subsystem's clone_alias() function. It incorrectly assumed the first argument (pdev) always points to the original device, while it could be an alias device. This caused the wrong devid to be used when copying DTE entries, leading to incorrect or stale entries being propagated to the alias device.

CVE-2026-53050
High

A race condition in the Linux kernel's dquot_scan_active() function during quota deactivation can lead to use-after-free, potentially causing system instability.

CVE-2026-53044
High

In the Linux kernel, a vulnerability was found in the Tegra CBB SoC subsystem due to incorrect use of the ARRAY_SIZE macro in fabric lookup tables. This flaw can cause out-of-bounds memory access during target timeout lookup.

CVE-2026-53041
High

In the Linux kernel, a bug was found in the OCFS2 filesystem's listxattr() function. When an inode has both inline and block-based extended attributes and the inline names exactly fill the caller's buffer, the function may return a size larger than the buffer, causing a kernel panic (BUG).

CVE-2026-53040
High

In the Linux kernel, a vulnerability in the OCFS2 filesystem lacks validation of the bg_bits field during freefrag scan in the non-coherent path. A crafted filesystem can cause an out-of-bounds memory read (use-after-free) when the OCFS2_IOC_INFO ioctl is called with the OCFS2_INFO_FL_NON_COHERENT flag.

CVE-2026-53036
High

In the Linux kernel, the BPF JIT for ARM64 has an off-by-one error in the check_imm macro that validates branch displacement fits into a signed N-bit immediate field. The error allows values one bit wider than intended, potentially causing incorrect instruction encoding and reversing branch direction.

CVE-2026-53033
High

A vulnerability was found in the Linux kernel's BPF sockmap mechanism for AF_UNIX sockets. During a sockmap update by a BPF iterator program, a race condition causes the `peer` pointer to become stale in `unix_stream_bpf_update_proto()`, leading to a use-after-free. The fix adds a state lock during iteration.

CVE-2026-53031
High

A vulnerability was found in the Linux kernel in the arena_alloc_pages() function of the BPF subsystem. The function accepts a node_id as a plain int and forwards it without any bounds checking. Lack of validation may lead to incorrect memory allocation behavior.

PreviousPage 69 of 3345Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS