By weakness (CWE)
CWE-476: related vulnerabilities
CVEs classified under CWE-476. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
5 published vulnerabilities
- CVE-2026-46110HIGH 7.5
CVE-2026-46110 is a NULL pointer dereference vulnerability in the Linux kernel's stmmac network driver that can crash a system when memory becomes exhausted during packet reception. The driver manages a circular ring of descriptors to coordinate DMA transfers between the CPU and network hardware. When the driver runs out of memory to allocate new receive buffers, it can incorrectly process already-used descriptors as if they were fresh, leading to a kernel panic. This occurs because the driver doesn't properly distinguish between descriptors that are waiting to be refilled versus those that have already been processed.
- CVE-2026-46114HIGH 7.5
A memory leak vulnerability exists in the Linux kernel's RDMA over Converged Ethernet (RoCE) driver. An attacker on the network can send specially crafted RDMA ATOMIC_WRITE requests with zero-length payloads to trigger the responder into reading uninitialized kernel memory and inadvertently leaking it back to the attacker. The vulnerability specifically affects how the kernel validates packet lengths before dereferencing memory, allowing 8 bytes of sensitive kernel data (including kernel strings and pointer information) to be extracted per malicious probe.
- CVE-2026-46118MEDIUM 5.5
A flaw in the Linux kernel's PAPR hypervisor pipe driver can cause the kernel to crash when attempting to create a device handle. The issue stems from a recent code refactoring that changed how the driver manages memory allocation and cleanup. When the driver tries to reuse a data structure after it has been cleared, the kernel attempts to access invalid memory, leading to a null pointer dereference and system panic. An unprivileged local user with ioctl access can trigger this crash, resulting in a denial of service.
- CVE-2026-46127MEDIUM 5.5
A local memory safety issue exists in the Linux kernel's RDMA over Converged Ethernet (OCRDMA) driver. During certain error conditions in the protection domain setup function, the code attempts to dereference a null pointer instead of using a valid reference, potentially crashing the system. The vulnerability requires local access and specific user privileges to trigger, making it a moderate-severity issue affecting system stability rather than confidentiality or integrity.
- CVE-2026-46134MEDIUM 5.5
A Linux kernel vulnerability in the Chrome OS Embedded Controller (cros_ec) Thunderbolt registration code fails to initialize a mutex lock, causing the system to crash when the uninitialized lock is later accessed. This affects devices that use the affected kernel code path during Thunderbolt device registration and mode switching. An unprivileged local user can trigger the crash by interacting with Thunderbolt/USB-C functionality, resulting in a denial of service.