CVE-2026-46164 is a newly published Linux kernel vulnerability, disclosed by NVD on May 28, 2026, in which Btrfs can double-free a space-info sub-group object when kobject_init_and_add() fails during a specific filesystem initialization error path. That is a dry sentence for a bug that lives in...
On May 28, 2026, kernel.org assigned CVE-2026-46220 to an AMDGPU flaw in the Linux kernel’s SDMA 4.0 fence-emission path, where crafted unprivileged command submissions could hit BUG_ON() assertions and panic the system. The patch is small, but the lesson is not. This is not the story of an...
CVE-2026-46226 is a newly published Linux kernel vulnerability, received by NVD from kernel.org on May 28, 2026, that fixes a Freescale SPI driver unbind bug by deregistering the SPI controller before freeing lower-level resources such as DMA. The record is still awaiting NVD enrichment, so...
CVE-2026-46110, published by NVD on May 28, 2026 from a kernel.org record, fixes a Linux kernel NULL-pointer dereference in the stmmac Ethernet driver when receive-buffer memory allocation is exhausted. The bug is not a Windows vulnerability, but it matters to WindowsForum readers because it...
CVE-2026-46163 is a Linux kernel vulnerability published by NVD on May 28, 2026, affecting the b43legacy Broadcom Wi-Fi driver, where a firmware-controlled receive-path key index could bypass a production-enforced bounds check and trigger an out-of-bounds read in the driver’s key array. The fix...
CVE-2026-46186 is a newly published Linux kernel vulnerability, disclosed by kernel.org and listed by NVD on May 28, 2026, in the Bluetooth virtio_bt driver’s receive path, where malformed backend-supplied packets can reach core Bluetooth handling without minimum header-length validation. It is...
CVE-2026-46137 was published by NVD on May 28, 2026, for a Linux kernel Multipath TCP path-manager race in the ADD_ADDR retransmission timer, fixed upstream by taking the socket lock in softirq context and retrying shortly when user context owns the socket. The terse advisory makes it look like...
CVE-2026-46094 is a newly published Linux kernel ext4 vulnerability, disclosed by NVD on May 27, 2026, in which a faulty extended-attribute bounds check could allow a four-byte read past the valid xattr region during filesystem metadata validation. The fix is almost comically small: one changed...
CVE-2026-45858 is a Linux kernel ext4 vulnerability disclosed by kernel.org and published by NVD on May 27, 2026, involving stale data exposure when unwritten extents are split and converted under a temporary space shortage. The bug is not a Windows vulnerability, but it matters to WindowsForum...
Linux kernel maintainers disclosed CVE-2026-46099 on May 27, 2026, describing an IPv6 lightweight-tunnel race in Segment Routing and RPL paths that can turn a no-reference destination cache entry into a use-after-free on real-time kernels. The bug is not the sort of branded, screenshot-friendly...
CVE-2026-46092 is a newly published Linux kernel vulnerability, disclosed by kernel.org and added to NVD on May 27, 2026, that fixes a crash in the Realtek rtw88 Wi-Fi PCI driver when an RTL8821CE device sits directly on a PCI root bus. The bug is not a glamorous remote-code-execution headline...
CVE-2026-46103 is a newly published Linux kernel vulnerability, disclosed by NVD on May 27, 2026, in the ucan USB CAN driver, where a device-managed control message buffer was tied to the parent USB device instead of the bound USB interface. The fix is almost comically small: one device pointer...
CVE-2026-45996, published by NVD on May 27, 2026, is a Linux kernel vulnerability in the i.MX SPI controller driver where unbinding the device could leave driver code using controller data already freed during deregistration. That sounds narrow, and in one sense it is. But it is also the sort of...
CVE-2026-45988 is a newly published Linux kernel vulnerability, disclosed by kernel.org and received by NVD on May 27, 2026, that fixes RxRPC handling of partially decrypted RESPONSE packets by discarding failed packets instead of requeuing them for another processing attempt. The short version...
Linux kernel maintainers assigned CVE-2026-45958 on May 27, 2026, to a flaw in the Exynos DRM VIDI driver where vidi_connection_ioctl() directly dereferenced a user-supplied EDID pointer instead of first copying it into kernel memory. The bug is narrow, hardware-specific, and still awaiting NVD...
CVE-2026-46049 is a newly published Linux kernel vulnerability from kernel.org, disclosed by NVD on May 27, 2026, affecting the ALSA ctxfi driver’s S/PDIF passthrough path for Creative Sound Blaster X-Fi–class PCI audio hardware. The bug is not a remote-code-execution scare story, and it is not...
CVE-2026-46000 is a newly published Linux kernel vulnerability, disclosed by kernel.org and published by NVD on May 27, 2026, that fixes rxrpc connection-level RESPONSE packet handling after security verification code could decrypt shared packet buffers in place. The bug is narrow, technical...
CVE-2026-45892 is a newly published Linux kernel ext4 vulnerability, disclosed by NVD on May 27, 2026, involving stale extent-cache state after a partial zeroout during unwritten-extent conversion. It is not yet scored by NVD, and the public record reads less like a finished exploit advisory...
CVE-2026-45998 is a newly published Linux kernel vulnerability from kernel.org, added to NVD on May 27, 2026, that fixes a potential use-after-free crash path in the RxRPC networking code when skb_unshare() fails during packet handling. The bug is not yet scored by NVD, and that absence of a...
CVE-2026-46068 is a newly published Linux kernel vulnerability, received by NVD on May 27, 2026, in which IBM Power NX 842 crypto compression context cleanup used free_page() instead of matching free_pages() for order-2 bounce-buffer allocations. It is not the kind of flaw that should send...