linux kernel

CVE-2026-46158 is a newly published Linux kernel vulnerability, received by NVD from kernel.org on May 28, 2026, covering a reference-count leak in Multipath TCP’s path-manager handling of retransmitted ADD_ADDR messages. The bug is not a headline-grabbing remote-code-execution flaw, and NVD has...

CVE-2026-46159, published by NVD on May 28, 2026 and sourced from kernel.org, is a Linux kernel Btrfs vulnerability in btrfs_ioctl_space_info() where a race condition can cause uninitialized kernel heap memory to be copied to userspace. The bug is not a remote-code-execution headline-grabber...

CVE-2026-46168 is a Linux kernel networking flaw published by NVD on May 28, 2026, after kernel.org reported a Multipath TCP fix for a crash triggered when timestamp socket options were handled under an atomic lock. The bug is not a glamorous remote-code-execution story, and NVD had not assigned...

CVE-2026-46172 is a newly published Linux kernel vulnerability from kernel.org, added to NVD on May 28, 2026, involving an IPv6 XFRM receive path that can leak route destination references when repeated encapsulated packets hit an error route. It is not yet scored by NVD, and that absence is the...

CVE-2026-46026 is a Linux kernel flaw published by NVD on May 27, 2026, after kernel.org assigned a vulnerability record to an unbounded lookup path in the QRTR name service code used by Qualcomm IPC Router support. The bug is not a remote Internet panic button, and NVD has not yet assigned CVSS...

CVE-2026-46090, published by NVD on May 27, 2026, is a Linux kernel flaw in ALSA’s snd-aloop loopback audio driver where a race during format-change stopping can leave the playback path holding a stale capture-stream pointer. The bug is not a headline-grabbing remote-code-execution story, and...

CVE-2026-45934 is a Linux kernel Btrfs flaw disclosed by kernel.org and published by NVD on May 27, 2026, in which non-consecutive pending chunk allocations can make DUP chunk allocation overlap device extents and abort a filesystem transaction with EEXIST. The bug is not the sort of...

CVE-2026-46015 is a Linux kernel TCP bug published by NVD on May 27, 2026, after kernel.org reported a missing listener wakeup during SO_REUSEPORT socket migration in the TCP accept path. The bug is not a flashy remote-code-execution headline, and NVD had not assigned CVSS severity at...

CVE-2026-46083 is a Linux kernel vulnerability published by NVD on May 27, 2026, covering a Serial Peripheral Interface core bug in which failed device registration could skip controller cleanup and leak resources allocated during setup across patched stable branches rather than expose remote...

CVE-2026-46019 is a Linux kernel vulnerability published by NVD on May 27, 2026, after kernel.org reported that the Atmel AES crypto driver leaked three of four allocated pages during buffer cleanup because it freed one page with the wrong allocator call. It is not, on the available evidence...

CVE-2026-45942 is a Linux kernel ext4 vulnerability published by NVD on May 27, 2026, covering a race between folio migration and ext4 bitmap updates that can produce e4b bitmap inconsistency reports during mixed huge-page stress workloads in affected kernels under load. The bug is not a...

CVE-2026-46038 is a newly published Linux kernel vulnerability, received by NVD from kernel.org on May 27, 2026, involving a QRTR name-service memory leak when a node sends a BYE control packet and the kernel fails to free the departed node. It is not a flashy remote-code-execution bug, and NVD...

CVE-2026-46046, published by NVD on May 27, 2026 from kernel.org, is a Linux kernel ext4 vulnerability in which a missing brelse() call in ext4_xattr_inode_dec_ref_all() can leak a buffer-head reference after an earlier extended-attribute hardening change. The bug is small enough to fit in a...

CVE-2026-46033 is a Linux kernel cryptographic API vulnerability, published by NVD on May 27, 2026, in which malformed authencesn instances can inherit an invalid one-to-three-byte authentication tag and let AF_ALG reach an out-of-bounds access path. The bug is not a Windows flaw, but it matters...

CVE-2026-45912 is a newly published Linux kernel ext4 vulnerability, received by NVD from kernel.org on May 27, 2026, involving stale extent-status caching during extent splitting that can lead to incorrect space accounting. It is not, at least from the public record so far, a...

CVE-2026-46031 is a Linux kernel networking flaw published by NVD on May 27, 2026, affecting the Micrel/Kendin KS8851 Ethernet driver, where interrupt handling can re-enter transmit processing and deadlock the kernel under specific timing and configuration conditions. It is not the kind of...

Kernel.org disclosed CVE-2026-45899 on May 27, 2026, for a Linux kernel ext4 bug in which a failed extent split can leave stale entries in the filesystem’s extent status tree. That sentence sounds narrow, and in one sense it is: this is not a flashy remote-code-execution headline or a consumer...

CVE-2026-45838 was published by NVD on May 27, 2026, after kernel.org assigned a Linux kernel BPF flaw in cgroup_storage_get_next_key() where incorrect end-of-list handling can copy data from an invalid internal pointer to userspace. The bug is not yet scored by NVD, which means defenders are...

CVE-2026-46075 is a Linux kernel vulnerability published by NVD on May 27, 2026, covering a fixed bug in the Atmel SHA204A crypto driver where device removal could leave hardware RNG reads racing with teardown and leak driver-owned memory. The interesting part is not that this is a blockbuster...

On May 27, 2026, NVD published CVE-2026-46048, a Linux kernel vulnerability in the ALSA caiaq USB audio driver where failed device probing can leak a referenced USB device object instead of releasing it. The bug is not the sort of headline-grabbing remote code execution flaw that sends patch...