linux kernel

CVE-2026-46200 is a Linux kernel vulnerability published by NVD on May 28, 2026, covering a teardown-ordering bug in the Freescale MPC52xx SPI controller driver where the controller could remain registered while interrupts and GPIO resources were already being disabled or released. That sounds...

CVE-2026-46209 is a Linux kernel graphics vulnerability published by NVD on May 28, 2026, after kernel.org reported a DRM/GEM framebuffer validation bug that can let an undersized graphics buffer pass checks and later be accessed out of bounds by the GPU. The bug is not in some glamorous remote...

CVE-2026-46151 is a Linux kernel information-disclosure flaw published by NVD on May 28, 2026, after kernel.org reported that the USB printer driver could leak stale heap memory through malformed IEEE 1284 device ID responses. The bug is not a Windows vulnerability, but it belongs squarely in...

CVE-2026-46146 is a Linux kernel vulnerability published by NVD on May 28, 2026, covering an ALSA USB-audio bug in convert_chmap_v3() where a malformed USB Audio Class 3 descriptor could trigger a potential endless loop during channel-map parsing. The fix is tiny, but the lesson is not: kernel...

CVE-2026-46230 is a newly published Linux kernel vulnerability, received by NVD from kernel.org on May 28, 2026, affecting AMDGPU’s VCN3 video decode message parsing path and fixed by adding bounds checks before accessing message metrics in GPU buffer objects. The immediate story is not a...

CVE-2026-46132 is a Linux kernel information-disclosure flaw published by NVD on May 28, 2026, after kernel.org reported that rtnetlink could leak up to 26 bytes of uninitialized kernel stack data per virtual function in certain SR-IOV network interface queries. The bug is not a Windows...

CVE-2026-46170 is a newly published Linux kernel vulnerability from kernel.org, entered into the NVD on May 28, 2026, involving Multipath TCP address retransmission cleanup logic that can mishandle a final socket reference during an ADD_ADDR timer callback. The bug is not a flashy...

Kernel.org assigned CVE-2026-46136 on May 28, 2026, to a Linux kernel mt76 driver flaw in MediaTek’s MT7921 Wi-Fi path, where a country-location-control buffer length underflow can trigger a near-endless loop, bad transmit-power settings, or driver initialization failure. The bug is narrow...

Linux kernel maintainers published CVE-2026-46157 on May 28, 2026, after fixing a race in the ALSA PCM OSS compatibility layer where concurrent access to runtime.oss.trigger could corrupt adjacent bit fields and destabilize audio handling. The bug is not a glamorous remote-code-execution...

CVE-2026-46225, published by NVD on May 28, 2026, is a newly assigned Linux kernel vulnerability in the Renesas RSPI/QSPI SPI controller driver, fixed by changing driver teardown so the SPI controller is deregistered before DMA and other backing resources are released. The vulnerability is still...

CVE-2026-46149 is a newly published Linux kernel flaw, disclosed by kernel.org on May 28, 2026, in the SCSI target configfs code where an overlong iSCSI name can make a sysfs read copy bytes beyond a 256-byte stack buffer. The bug is not a flashy remote-code-execution headline, and that is...

CVE-2026-46197 is a newly published Linux kernel vulnerability, received by NVD on May 28, 2026, in AMD’s amdkfd GPU compute driver, where an unchecked user-controlled SVM attribute count could allow out-of-bounds buffer access before the kernel-side ioctl handler validates the request. The fix...

CVE-2026-46158 is a newly published Linux kernel vulnerability, received by NVD from kernel.org on May 28, 2026, covering a reference-count leak in Multipath TCP’s path-manager handling of retransmitted ADD_ADDR messages. The bug is not a headline-grabbing remote-code-execution flaw, and NVD has...

CVE-2026-46159, published by NVD on May 28, 2026 and sourced from kernel.org, is a Linux kernel Btrfs vulnerability in btrfs_ioctl_space_info() where a race condition can cause uninitialized kernel heap memory to be copied to userspace. The bug is not a remote-code-execution headline-grabber...

CVE-2026-46168 is a Linux kernel networking flaw published by NVD on May 28, 2026, after kernel.org reported a Multipath TCP fix for a crash triggered when timestamp socket options were handled under an atomic lock. The bug is not a glamorous remote-code-execution story, and NVD had not assigned...

CVE-2026-46172 is a newly published Linux kernel vulnerability from kernel.org, added to NVD on May 28, 2026, involving an IPv6 XFRM receive path that can leak route destination references when repeated encapsulated packets hit an error route. It is not yet scored by NVD, and that absence is the...

CVE-2026-46026 is a Linux kernel flaw published by NVD on May 27, 2026, after kernel.org assigned a vulnerability record to an unbounded lookup path in the QRTR name service code used by Qualcomm IPC Router support. The bug is not a remote Internet panic button, and NVD has not yet assigned CVSS...

CVE-2026-46090, published by NVD on May 27, 2026, is a Linux kernel flaw in ALSA’s snd-aloop loopback audio driver where a race during format-change stopping can leave the playback path holding a stale capture-stream pointer. The bug is not a headline-grabbing remote-code-execution story, and...

CVE-2026-45934 is a Linux kernel Btrfs flaw disclosed by kernel.org and published by NVD on May 27, 2026, in which non-consecutive pending chunk allocations can make DUP chunk allocation overlap device extents and abort a filesystem transaction with EEXIST. The bug is not the sort of...

CVE-2026-46015 is a Linux kernel TCP bug published by NVD on May 27, 2026, after kernel.org reported a missing listener wakeup during SO_REUSEPORT socket migration in the TCP accept path. The bug is not a flashy remote-code-execution headline, and NVD had not assigned CVSS severity at...