linux kernel

CVE-2026-46033 is a Linux kernel cryptographic API vulnerability, published by NVD on May 27, 2026, in which malformed authencesn instances can inherit an invalid one-to-three-byte authentication tag and let AF_ALG reach an out-of-bounds access path. The bug is not a Windows flaw, but it matters...

CVE-2026-45912 is a newly published Linux kernel ext4 vulnerability, received by NVD from kernel.org on May 27, 2026, involving stale extent-status caching during extent splitting that can lead to incorrect space accounting. It is not, at least from the public record so far, a...

CVE-2026-46031 is a Linux kernel networking flaw published by NVD on May 27, 2026, affecting the Micrel/Kendin KS8851 Ethernet driver, where interrupt handling can re-enter transmit processing and deadlock the kernel under specific timing and configuration conditions. It is not the kind of...

Kernel.org disclosed CVE-2026-45899 on May 27, 2026, for a Linux kernel ext4 bug in which a failed extent split can leave stale entries in the filesystem’s extent status tree. That sentence sounds narrow, and in one sense it is: this is not a flashy remote-code-execution headline or a consumer...

CVE-2026-45838 was published by NVD on May 27, 2026, after kernel.org assigned a Linux kernel BPF flaw in cgroup_storage_get_next_key() where incorrect end-of-list handling can copy data from an invalid internal pointer to userspace. The bug is not yet scored by NVD, which means defenders are...

CVE-2026-46075 is a Linux kernel vulnerability published by NVD on May 27, 2026, covering a fixed bug in the Atmel SHA204A crypto driver where device removal could leave hardware RNG reads racing with teardown and leak driver-owned memory. The interesting part is not that this is a blockbuster...

On May 27, 2026, NVD published CVE-2026-46048, a Linux kernel vulnerability in the ALSA caiaq USB audio driver where failed device probing can leak a referenced USB device object instead of releasing it. The bug is not the sort of headline-grabbing remote code execution flaw that sends patch...

CVE-2026-46003 is a newly published Linux kernel denial-of-service flaw, disclosed by NVD on May 27, 2026, in the QRTR nameserver code used around Qualcomm IPC Router networking, where unbounded node registration could allow memory exhaustion. The fix is almost comically small: cap the total...

CVE-2026-46006 is a newly published Linux kernel vulnerability, disclosed by NVD on May 27, 2026, affecting Nouveau’s DRM graphics driver where a 32-bit integer overflow could undermine a relocation bounds check in push buffer handling. The bug is small enough to fit in a one-line patch, but it...

Linux kernel maintainers disclosed CVE-2026-46102 on May 27, 2026, after fixing a stream parser bug in which aborted message assembly could leave a partially built socket buffer referenced and repeatedly leak memory. The flaw is not a flashy remote-code-execution headline, and NVD had not yet...

CVE-2026-45844 is a Linux kernel netfilter flaw, published by NVD on May 27, 2026, in which arptables mishandles IPv4-over-IEEE1394 ARP packets, causing incorrect rule matching and potentially unsafe packet mangling on FireWire network interfaces. It is not the sort of bug that will send most...

CVE-2026-46065 is a newly published Linux kernel vulnerability, disclosed by kernel.org and listed by NVD on May 27, 2026, that fixes a framebuffer deferred-I/O lifetime bug triggered when graphics memory remains mapped after device hot-unplug. The dry wording hides a familiar class of kernel...

Kernel.org assigned CVE-2026-46086 on May 27, 2026, to a Linux bridge forwarding database race in which concurrent local FDB updates can let RCU readers dereference a stale or NULL destination pointer. The bug is not a remote-code-execution thunderclap, and the National Vulnerability Database...

CVE-2026-45859, published by NVD on May 27, 2026, tracks a Linux kernel netfilter nfnetlink_queue regression in which certain UDP GSO packets tied to unconfirmed conntrack entries could be dropped instead of queued for userspace inspection. That sentence sounds narrow because the bug is narrow...

CVE-2026-46069 is a Linux kernel Wi-Fi driver vulnerability, published by NVD on May 27, 2026, in the Marvell mwifiex adapter cleanup path, where a wakeup timer callback can keep running after driver teardown and touch memory that may already have been freed. The bug is small in code but large...

CVE-2026-46047 is a newly published Linux kernel flaw, received by NVD from kernel.org on May 27, 2026, affecting the QRTR nameservice removal path where late-arriving packets can trigger a use-after-free after workqueue teardown. The bug is narrow, technical, and not yet scored by NVD, but it...

CVE-2026-45997 is a Linux kernel storage-driver vulnerability published by NVD on May 27, 2026, after kernel.org assigned a CVE to a fixed SCSI disk error path that failed to release a gendisk reference when device registration failed. The bug is not the kind of headline-grabbing...

CVE-2026-45897, published by NVD on May 27, 2026, covers a Linux kernel netfilter bug in nft_counter where concurrent dump-and-reset operations could subtract the same packet and byte counts twice, causing counter values to underflow. The fix is not glamorous: a global static spinlock serializes...

CVE-2026-45940 is a Linux kernel networking flaw published by NVD on May 27, 2026, after kernel.org reported a resolved crash in the stmmac Ethernet driver when GMAC4 split-header receive handling miscalculates packet buffer length. The bug is not yet scored by NVD, but its shape is already...

CVE-2026-45836 is a newly published Linux kernel Bluetooth vulnerability, disclosed by kernel.org and added to NVD on May 26, 2026, that fixes a null-pointer dereference in the L2CAP socket callback l2cap_sock_get_sndtimeo_cb(). The important part is not that this is a spectacular...