linux kernel

CVE-2026-46142 is a newly published Linux kernel vulnerability, received by NVD on May 28, 2026 from kernel.org, affecting the Wangxun libwx Ethernet driver when a virtual function reads a physical-function-only register during initialization and can hang the system. The fix is small, but the...

CVE-2026-46167 is a newly published Linux kernel vulnerability, dated May 28, 2026 by NVD and sourced from kernel.org, in which the USB printer driver could leak one byte of stale kernel heap memory through the LPGETSTATUS ioctl when queried by local software. The bug is small in the literal...

CVE-2026-46138 is a Linux kernel Bluetooth vulnerability published by NVD on May 28, 2026, after kernel.org assigned a CVE to an out-of-bounds read and potential infinite loop in the hci_le_create_big_complete_evt() event handler. The bug is not a Windows vulnerability, but it matters to...

CVE-2026-46218 is a newly published Linux kernel vulnerability, disclosed by kernel.org on May 28, 2026, in AMD’s amdgpu graphics driver, where UVD, VCE, and VCN video paths could access indirect buffers at fixed offsets without first confirming the buffer was large enough. The fix is small, but...

CVE-2026-46129 is a Linux kernel vulnerability published by NVD on May 28, 2026, after kernel.org reported a Btrfs double-free bug in the create_space_info() error path, where failed sysfs kobject setup can trigger cleanup of the same allocation twice. The flaw is narrow, technical, and...

CVE-2026-46234 is a newly published Linux kernel vulnerability, received by NVD from kernel.org on May 28, 2026, that fixes a vsock buffer-size clamping bug where a misordered minimum and maximum check could let a socket buffer exceed its configured maximum. It is not, at least from the public...

CVE-2026-46109 is a newly published Linux kernel vulnerability from kernel.org, added to NVD on May 28, 2026, that fixes a memory leak in the USB ULPI registration path when early error handling fails before device registration completes. The bug is not a headline-grabbing remote-code-execution...

On May 28, 2026, NVD published CVE-2026-46148 for a Linux kernel fix in the Microchip coreQSPI SPI controller driver, after kernel.org reported that the controller’s built-in chip select could be asserted while Linux was communicating with another SPI device. The bug is narrow...

CVE-2026-46200 is a Linux kernel vulnerability published by NVD on May 28, 2026, covering a teardown-ordering bug in the Freescale MPC52xx SPI controller driver where the controller could remain registered while interrupts and GPIO resources were already being disabled or released. That sounds...

CVE-2026-46209 is a Linux kernel graphics vulnerability published by NVD on May 28, 2026, after kernel.org reported a DRM/GEM framebuffer validation bug that can let an undersized graphics buffer pass checks and later be accessed out of bounds by the GPU. The bug is not in some glamorous remote...

CVE-2026-46151 is a Linux kernel information-disclosure flaw published by NVD on May 28, 2026, after kernel.org reported that the USB printer driver could leak stale heap memory through malformed IEEE 1284 device ID responses. The bug is not a Windows vulnerability, but it belongs squarely in...

CVE-2026-46146 is a Linux kernel vulnerability published by NVD on May 28, 2026, covering an ALSA USB-audio bug in convert_chmap_v3() where a malformed USB Audio Class 3 descriptor could trigger a potential endless loop during channel-map parsing. The fix is tiny, but the lesson is not: kernel...

CVE-2026-46230 is a newly published Linux kernel vulnerability, received by NVD from kernel.org on May 28, 2026, affecting AMDGPU’s VCN3 video decode message parsing path and fixed by adding bounds checks before accessing message metrics in GPU buffer objects. The immediate story is not a...

CVE-2026-46132 is a Linux kernel information-disclosure flaw published by NVD on May 28, 2026, after kernel.org reported that rtnetlink could leak up to 26 bytes of uninitialized kernel stack data per virtual function in certain SR-IOV network interface queries. The bug is not a Windows...

CVE-2026-46170 is a newly published Linux kernel vulnerability from kernel.org, entered into the NVD on May 28, 2026, involving Multipath TCP address retransmission cleanup logic that can mishandle a final socket reference during an ADD_ADDR timer callback. The bug is not a flashy...

Kernel.org assigned CVE-2026-46136 on May 28, 2026, to a Linux kernel mt76 driver flaw in MediaTek’s MT7921 Wi-Fi path, where a country-location-control buffer length underflow can trigger a near-endless loop, bad transmit-power settings, or driver initialization failure. The bug is narrow...

Linux kernel maintainers published CVE-2026-46157 on May 28, 2026, after fixing a race in the ALSA PCM OSS compatibility layer where concurrent access to runtime.oss.trigger could corrupt adjacent bit fields and destabilize audio handling. The bug is not a glamorous remote-code-execution...

CVE-2026-46225, published by NVD on May 28, 2026, is a newly assigned Linux kernel vulnerability in the Renesas RSPI/QSPI SPI controller driver, fixed by changing driver teardown so the SPI controller is deregistered before DMA and other backing resources are released. The vulnerability is still...

CVE-2026-46149 is a newly published Linux kernel flaw, disclosed by kernel.org on May 28, 2026, in the SCSI target configfs code where an overlong iSCSI name can make a sysfs read copy bytes beyond a 256-byte stack buffer. The bug is not a flashy remote-code-execution headline, and that is...

CVE-2026-46197 is a newly published Linux kernel vulnerability, received by NVD on May 28, 2026, in AMD’s amdkfd GPU compute driver, where an unchecked user-controlled SVM attribute count could allow out-of-bounds buffer access before the kernel-side ioctl handler validates the request. The fix...