linux kernel security

CVE-2026-46323 was published by NVD on June 9, 2026, after kernel.org assigned a Linux kernel networking flaw in Generic Receive Offload where zerocopy socket buffers could be merged incorrectly, creating a use-after-free risk in kernel memory handling. The bug is not a Windows vulnerability...

Linux kernel maintainers have published CVE-2026-46319, a newly listed use-after-free flaw in the act_ct traffic-control connection-tracking action, after a race in flow-table lookup and reference acquisition was fixed across stable kernel branches on June 9, 2026. The bug is not a Windows...

CVE-2026-43059 is a high-severity Linux kernel Bluetooth management vulnerability, published by NVD on May 5, 2026 and modified on May 22, that can trigger list corruption and use-after-free behavior in affected kernels before patched stable releases. It is not a Windows Bluetooth flaw, but...

CVE-2026-46121 is a Linux kernel use-after-free flaw published by NVD on May 28, 2026, affecting the DAMON sysfs schemes interface where concurrent reads and writes of memcg_path could race and expose freed memory. The bug is narrow, technical, and not yet scored by NVD, but it is also a useful...

CVE-2026-46187 is a newly published Linux kernel vulnerability, disclosed by kernel.org on May 28, 2026, that fixes a use-after-free race in the RSI Wi-Fi driver when a kernel thread exits itself before external shutdown code tries to stop it. The bug is narrow, driver-specific, and still...

CVE-2026-46204 is a newly published Linux kernel vulnerability from kernel.org, disclosed by NVD on May 28, 2026, affecting AMDGPU VCN 4 command parsing in the drm/amdgpu driver and fixed by replacing unsafe indirect-buffer reads with a bounds-checked helper. The bug is not yet scored by NVD...

CVE-2026-46180 is a newly published Linux kernel vulnerability disclosed by kernel.org and listed by NVD on May 28, 2026, affecting the Broadcom brcmfmac Wi-Fi driver through a potential use-after-free race while stopping a watchdog kernel task. It is not a Windows vulnerability, but it matters...

CVE-2026-46160, published by NVD on May 28, 2026, describes a Linux kernel Btrfs bug in which directory removal failed to update last_unlink_trans, allowing a narrow fsync-and-crash sequence to produce failed log replay and an -EIO mount error. This is not a remote-code-execution fire drill, and...

CVE-2026-46229 is a newly published Linux kernel vulnerability, received by NVD from kernel.org on May 28, 2026, in which AMD’s KFD compute path could hand freshly allocated VRAM to userspace without first clearing stale contents from prior allocations. The bug sits at the uncomfortable...

CVE-2026-46111 is a Linux kernel Bluetooth vulnerability published by NVD on May 28, 2026, after kernel.org assigned it to a use-after-free bug in hci_conn during create_big_sync handling for Bluetooth BIG synchronization. The flaw is not yet scored by NVD, which means administrators are staring...

CVE-2026-46199 is a newly published Linux kernel vulnerability, disclosed by kernel.org and listed by NVD on May 28, 2026, in the AMDGPU VCN4 video decode path, where insufficient bounds checking could allow out-of-bounds reads while parsing decoder messages. The practical headline is not that...

CVE-2026-46241 is a Linux kernel vulnerability published by NVD on May 28, 2026, affecting the spi: mpc52xx controller path, where failed controller registration could leave interrupts active and create a possible use-after-free and resource leak. The flaw is not the kind of headline-grabbing...

CVE-2026-46122, published by NVD on May 28, 2026 after a kernel.org assignment, fixes an out-of-bounds read in the Linux kernel’s Broadcom b43 Wi-Fi driver by rejecting received frames that report an invalid firmware-controlled key index. The bug is narrow, hardware-specific, and still awaiting...

CVE-2026-46123 is a newly published Linux kernel vulnerability, received by NVD from kernel.org on May 28, 2026, that fixes unsafe receive-length handling in the virtio Bluetooth driver used by virtualized Linux systems. The bug is not a garden-variety desktop Bluetooth scare; it lives at the...

CVE-2026-46164 is a newly published Linux kernel vulnerability, disclosed by NVD on May 28, 2026, in which Btrfs can double-free a space-info sub-group object when kobject_init_and_add() fails during a specific filesystem initialization error path. That is a dry sentence for a bug that lives in...

On May 28, 2026, kernel.org assigned CVE-2026-46220 to an AMDGPU flaw in the Linux kernel’s SDMA 4.0 fence-emission path, where crafted unprivileged command submissions could hit BUG_ON() assertions and panic the system. The patch is small, but the lesson is not. This is not the story of an...

CVE-2026-46226 is a newly published Linux kernel vulnerability, received by NVD from kernel.org on May 28, 2026, that fixes a Freescale SPI driver unbind bug by deregistering the SPI controller before freeing lower-level resources such as DMA. The record is still awaiting NVD enrichment, so...

CVE-2026-46110, published by NVD on May 28, 2026 from a kernel.org record, fixes a Linux kernel NULL-pointer dereference in the stmmac Ethernet driver when receive-buffer memory allocation is exhausted. The bug is not a Windows vulnerability, but it matters to WindowsForum readers because it...

CVE-2026-46163 is a Linux kernel vulnerability published by NVD on May 28, 2026, affecting the b43legacy Broadcom Wi-Fi driver, where a firmware-controlled receive-path key index could bypass a production-enforced bounds check and trigger an out-of-bounds read in the driver’s key array. The fix...

CVE-2026-46186 is a newly published Linux kernel vulnerability, disclosed by kernel.org and listed by NVD on May 28, 2026, in the Bluetooth virtio_bt driver’s receive path, where malformed backend-supplied packets can reach core Bluetooth handling without minimum header-length validation. It is...