linux kernel security

CVE-2026-46137 was published by NVD on May 28, 2026, for a Linux kernel Multipath TCP path-manager race in the ADD_ADDR retransmission timer, fixed upstream by taking the socket lock in softirq context and retrying shortly when user context owns the socket. The terse advisory makes it look like...

CVE-2026-46094 is a newly published Linux kernel ext4 vulnerability, disclosed by NVD on May 27, 2026, in which a faulty extended-attribute bounds check could allow a four-byte read past the valid xattr region during filesystem metadata validation. The fix is almost comically small: one changed...

CVE-2026-45858 is a Linux kernel ext4 vulnerability disclosed by kernel.org and published by NVD on May 27, 2026, involving stale data exposure when unwritten extents are split and converted under a temporary space shortage. The bug is not a Windows vulnerability, but it matters to WindowsForum...

Linux kernel maintainers disclosed CVE-2026-46099 on May 27, 2026, describing an IPv6 lightweight-tunnel race in Segment Routing and RPL paths that can turn a no-reference destination cache entry into a use-after-free on real-time kernels. The bug is not the sort of branded, screenshot-friendly...

CVE-2026-46092 is a newly published Linux kernel vulnerability, disclosed by kernel.org and added to NVD on May 27, 2026, that fixes a crash in the Realtek rtw88 Wi-Fi PCI driver when an RTL8821CE device sits directly on a PCI root bus. The bug is not a glamorous remote-code-execution headline...

CVE-2026-46103 is a newly published Linux kernel vulnerability, disclosed by NVD on May 27, 2026, in the ucan USB CAN driver, where a device-managed control message buffer was tied to the parent USB device instead of the bound USB interface. The fix is almost comically small: one device pointer...

CVE-2026-45996, published by NVD on May 27, 2026, is a Linux kernel vulnerability in the i.MX SPI controller driver where unbinding the device could leave driver code using controller data already freed during deregistration. That sounds narrow, and in one sense it is. But it is also the sort of...

CVE-2026-45988 is a newly published Linux kernel vulnerability, disclosed by kernel.org and received by NVD on May 27, 2026, that fixes RxRPC handling of partially decrypted RESPONSE packets by discarding failed packets instead of requeuing them for another processing attempt. The short version...

Linux kernel maintainers assigned CVE-2026-45958 on May 27, 2026, to a flaw in the Exynos DRM VIDI driver where vidi_connection_ioctl() directly dereferenced a user-supplied EDID pointer instead of first copying it into kernel memory. The bug is narrow, hardware-specific, and still awaiting NVD...

CVE-2026-46049 is a newly published Linux kernel vulnerability from kernel.org, disclosed by NVD on May 27, 2026, affecting the ALSA ctxfi driver’s S/PDIF passthrough path for Creative Sound Blaster X-Fi–class PCI audio hardware. The bug is not a remote-code-execution scare story, and it is not...

CVE-2026-46000 is a newly published Linux kernel vulnerability, disclosed by kernel.org and published by NVD on May 27, 2026, that fixes rxrpc connection-level RESPONSE packet handling after security verification code could decrypt shared packet buffers in place. The bug is narrow, technical...

CVE-2026-45892 is a newly published Linux kernel ext4 vulnerability, disclosed by NVD on May 27, 2026, involving stale extent-cache state after a partial zeroout during unwritten-extent conversion. It is not yet scored by NVD, and the public record reads less like a finished exploit advisory...

CVE-2026-45998 is a newly published Linux kernel vulnerability from kernel.org, added to NVD on May 27, 2026, that fixes a potential use-after-free crash path in the RxRPC networking code when skb_unshare() fails during packet handling. The bug is not yet scored by NVD, and that absence of a...

CVE-2026-46068 is a newly published Linux kernel vulnerability, received by NVD on May 27, 2026, in which IBM Power NX 842 crypto compression context cleanup used free_page() instead of matching free_pages() for order-2 bounce-buffer allocations. It is not the kind of flaw that should send...

CVE-2026-45956, published by NVD on May 27, 2026, covers a Linux kernel flaw in the Exynos DRM VIDI driver where an ioctl path could look up the wrong device context and potentially trigger crashes or memory-safety failures. The bug is obscure, hardware-specific, and still awaiting NVD...

CVE-2026-46056 is a newly published Linux kernel Bluetooth vulnerability, disclosed by kernel.org and added to NVD on May 27, 2026, involving a potential use-after-free in Secure Simple Pairing passkey event handlers. The fix is small, but the lesson is not: Bluetooth remains one of the kernel’s...

CVE-2026-46077, published by NVD on May 27, 2026, covers a Linux kernel fix in the Atmel TDES crypto driver where DMA output was synchronized in the wrong direction before CPU consumption. The bug is narrow, hardware-specific, and still awaiting NVD enrichment, but it is exactly the kind of...

CVE-2026-46098 is a Linux kernel flaw disclosed by kernel.org and published in the NVD on May 27, 2026, affecting the CAIF networking code where a stale service-layer pointer can be dereferenced during repeated socket teardown after remote shutdown. It is not, on present evidence, the sort of...

Linux kernel maintainers assigned CVE-2026-45845 on May 27, 2026, to a TAPRIO traffic-control flaw that can let a local user crash affected systems through a NULL pointer dereference in the class-dump path. The bug is not a remote network break-in, and it is not a privilege-escalation story on...

CVE-2026-45986 is a newly published Linux kernel vulnerability from kernel.org, recorded by NVD on May 27, 2026, covering a memory leak in the ccree crypto driver’s cc_mac_digest() path when final hash request mapping fails. It is not yet scored by NVD, and that absence matters almost as much as...