linux kernel

CVE-2026-46047 is a newly published Linux kernel flaw, received by NVD from kernel.org on May 27, 2026, affecting the QRTR nameservice removal path where late-arriving packets can trigger a use-after-free after workqueue teardown. The bug is narrow, technical, and not yet scored by NVD, but it...

CVE-2026-45997 is a Linux kernel storage-driver vulnerability published by NVD on May 27, 2026, after kernel.org assigned a CVE to a fixed SCSI disk error path that failed to release a gendisk reference when device registration failed. The bug is not the kind of headline-grabbing...

CVE-2026-45897, published by NVD on May 27, 2026, covers a Linux kernel netfilter bug in nft_counter where concurrent dump-and-reset operations could subtract the same packet and byte counts twice, causing counter values to underflow. The fix is not glamorous: a global static spinlock serializes...

CVE-2026-45940 is a Linux kernel networking flaw published by NVD on May 27, 2026, after kernel.org reported a resolved crash in the stmmac Ethernet driver when GMAC4 split-header receive handling miscalculates packet buffer length. The bug is not yet scored by NVD, but its shape is already...

CVE-2026-45836 is a newly published Linux kernel Bluetooth vulnerability, disclosed by kernel.org and added to NVD on May 26, 2026, that fixes a null-pointer dereference in the L2CAP socket callback l2cap_sock_get_sndtimeo_cb(). The important part is not that this is a spectacular...

CVE-2026-45944, published by NVD on May 27, 2026 and sourced from kernel.org, fixes a Linux Intel VT-d IOMMU bug where the kernel could tear down a 128-bit context entry in pieces while hardware still considered it present. The immediate patch is small, but the lesson is not. This is the kind of...

Linux disclosed CVE-2026-45834 on May 26, 2026, for a Bluetooth L2CAP flaw in the kernel where l2cap_sock_state_change_cb() could dereference a NULL socket pointer, with fixes referenced across stable kernel commits and no NVD CVSS score assigned yet. The bug is small in code terms and large in...

CVE-2026-46053 is a Linux kernel vulnerability published by NVD on May 27, 2026, covering a Reliable Datagram Sockets RDMA cleanup bug in __rds_rdma_map() where a failed copy of an RDMA memory-region cookie back to user space could trigger incorrect duplicate resource cleanup. The bug is not a...

CVE-2026-46027 is a Linux kernel vulnerability published by NVD on May 27, 2026, after kernel.org reported a flaw in the SMC networking code where decline-message handling could touch link-group state before that link group existed. The fix is small, but the lesson is larger: kernel security is...

Linux kernel CVE-2026-45901 was published by NVD on May 27, 2026, after kernel.org assigned a security record to a netfilter nf_tables fix that removes commit_mutex locking from reset paths to avoid a circular lock dependency triggered by concurrent nft reset, ipset list, and iptables-nft -m set...

CVE-2026-46004, published by NVD on May 27, 2026, is a Linux kernel vulnerability in the ALSA caiaq USB audio driver where failed device probing could continue after cleanup and create a use-after-free condition in later initialization code. It is not the kind of bug that should send every...

CVE-2026-46037 is a newly published Linux kernel flaw disclosed by kernel.org and NVD on May 27, 2026, affecting IPv4 ICMP handling where extended echo replies could drive an out-of-range lookup in the kernel’s icmp_pointers table before validation. The bug is small in code and large in...

CVE-2026-46300 is a Linux kernel local privilege-escalation vulnerability published by NVD on May 23, 2026, last modified on May 26, and fixed through stable kernel patches that preserve a shared-fragment marker during socket-buffer coalescing in the networking stack. The bug is obscure in the...

CVE-2026-43503 is a Linux kernel networking vulnerability published by NVD on May 23, 2026, in which socket-buffer fragment-transfer paths failed to preserve the SKBFL_SHARED_FRAG marker, allowing later in-place writers to treat shared page-backed memory as private. The bug is not a Windows...

CVE-2026-43414 is a Linux kernel vulnerability published on May 8, 2026, affecting the qla2xxx SCSI Fibre Channel driver, where faulty error handling can free the same fcport object twice and kernel.org assigned it a CVSS 3.1 score of 9.8, Critical. The oddity is not that an obscure storage...

CVE-2026-43029 is a Linux kernel denial-of-service vulnerability, published by NVD on May 1, 2026, in which Multipath TCP receive handling can spin indefinitely when an application reads with MSG_PEEK | MSG_WAITALL, producing a soft lockup and high availability impact. The bug is not a...

CVE-2026-43496 is a newly published Linux kernel vulnerability, disclosed through kernel.org and added to NVD on May 21, 2026, that fixes a traffic-control crash in the RED queueing discipline when nested under schedulers such as TBF and paired with QFQ children. The bug is not a Windows...

CVE-2026-43501 is a newly published Linux kernel IPv6 vulnerability, disclosed through the kernel.org CVE process and added to NVD on May 21, 2026, involving an out-of-bounds write in the RPL Source Routing Header handling path. It is not a Windows bug, but it matters to WindowsForum readers...

CVE-2026-43502 is a newly published Linux kernel vulnerability, added to NVD on May 21, 2026, involving Reliable Datagram Sockets zerocopy send cleanup when pinned user pages are released before a message reaches the socket queue. The bug is not a Windows Remote Desktop Services issue, despite...

CVE-2026-43465 is a Linux kernel mlx5e network-driver flaw, published by NVD on May 8, 2026 and last modified on May 20, that affects Mellanox/NVIDIA mlx5 Ethernet receive paths when XDP multi-buffer programs reshape packet fragments under striding receive queues. The short version is less...