By vendor
Linux vulnerabilities
Known CVEs affecting Linux products, prioritized by severity, with SEC.co remediation and detection guidance.
160 published vulnerabilities · page 2 of 2
- CVE-2026-46133HIGH 7.5
A flaw in the Linux kernel's RDMA/rxe (Soft RoCE) driver allows an unauthenticated attacker to crash the system by sending a specially crafted UDP packet with an invalid opcode. The vulnerability exists in how the driver validates incoming packets before processing checksums. When a packet uses an undefined opcode value, the driver fails to properly validate packet length, leading to an out-of-bounds memory read that triggers a kernel panic. An attacker needs only network access to the RDMA port and can exploit this without authentication, credentials, or any prior connection setup.
- CVE-2026-46130HIGH 7.1
A bug in the Linux kernel's dm-verity-fec (forward error correction) component can cause it to read data from outside the intended memory buffer. This occurs when parity bytes used to verify disk integrity are split across storage blocks in a specific way. Under certain non-default configurations and low-memory conditions, the code attempts to access more data than is available, leading to potential information disclosure or system instability. The issue only manifests with particular combinations of error correction parameters and buffer allocation scenarios.
- CVE-2026-46140HIGH 7.1
A flaw in the Linux kernel's Bluetooth driver (btmtk) fails to verify that incoming firmware responses contain sufficient data before reading from them. If a Bluetooth device sends a truncated or malformed response, the kernel code will read beyond the valid data boundaries, potentially exposing sensitive kernel memory. A local attacker with Bluetooth access could exploit this to leak information or crash the system.
- CVE-2026-46149HIGH 7.1
A vulnerability in the Linux kernel's SCSI target subsystem allows a local attacker with low privileges to read sensitive kernel memory and potentially crash the system. The issue occurs in the configfs interface where storage path group membership information is displayed. When a storage fabric's name is unusually long, the kernel writes more data than expected to a temporary buffer, and then copies that overrun data to a user-readable sysfs file. On systems with fortify checks enabled, this causes a kernel panic; on others, it leaks kernel memory to unprivileged users.
- CVE-2026-46150HIGH 7.1
A flaw in the Linux kernel's fanotify file monitoring subsystem can allow a local user with minimal privileges to bypass permission checks on file access events. The vulnerability stems from a logic error where the kernel incorrectly returns false for marks belonging to unrelated monitoring groups, causing permission event validation to be skipped. An attacker with local access could exploit this to circumvent intended file access restrictions.
- CVE-2026-46154HIGH 7.0
A race condition exists in the Linux kernel's scheduler extension (sched_ext) cgroup interface that can lead to use-after-free memory access. When system administrators adjust cgroup scheduling parameters like weight, idle status, or bandwidth, the kernel reads a pointer to the scheduler without proper synchronization. If another process simultaneously disables and re-enables a different scheduler, the cached pointer becomes stale and points to freed memory. When the original operation tries to use this pointer, it dereferences already-freed kernel memory, potentially allowing local privilege escalation.
- CVE-2026-46164HIGH 7.0
A memory management bug in the Linux kernel's Btrfs filesystem can cause the same memory region to be freed twice when a sysfs initialization step fails. This double-free condition can lead to memory corruption and potentially allow an attacker with local access to crash the system or execute code with elevated privileges. The issue occurs in error handling code that wasn't properly coordinated between two layers of the filesystem's initialization logic.
- CVE-2026-10004MEDIUM 6.5
Google Chrome versions before 148.0.7778.216 contain a flaw in how they validate user input within the password-handling component. An attacker can craft a malicious HTML page that, when visited by a user, tricks the browser into displaying fake password prompts or other UI elements that appear legitimate. This is a spoofing attack—the attacker doesn't steal data directly, but deceives users into believing they're interacting with genuine Chrome interface elements, potentially leading them to enter credentials or take other unintended actions.
- CVE-2026-10018MEDIUM 6.5
CVE-2026-10018 is a medium-severity integer overflow vulnerability in ANGLE (Almost Native Graphics Layer Engine), Google's graphics abstraction layer used in Chrome. An attacker can craft a malicious webpage that, when visited, causes Chrome to mishandle memory calculations in its graphics pipeline. This flaw allows the attacker to read sensitive data from the browser's process memory—potentially including cached credentials, session tokens, or other confidential information—without modifying or crashing the system. The vulnerability requires user interaction (visiting the malicious page) but does not require special privileges to exploit.
- CVE-2026-10912MEDIUM 6.5
A flaw in Google Chrome's extension handling allows an attacker who has already compromised the renderer process to bypass the browser's same-origin policy—a core security boundary that prevents JavaScript from one website accessing data from another. An attacker would need to trick a user into visiting a specially crafted webpage to exploit this. The vulnerability affects Chrome versions prior to 149.0.7827.53 across Windows, macOS, and Linux.
- CVE-2026-11006MEDIUM 6.5
A memory safety flaw in Google Chrome's Dawn graphics component (used for GPU rendering) allows attackers to read sensitive data from a user's memory by tricking them into visiting a specially crafted webpage. The vulnerability does not enable code execution or system crashes, but confidentiality is at risk. Chrome versions prior to 149.0.7827.53 are affected.
- CVE-2026-11008MEDIUM 6.5
A flaw in Google Chrome's web app installation feature fails to properly validate user input, allowing an attacker who has already compromised Chrome's renderer process to extract sensitive data from other websites through a malicious webpage. The attacker would need to trick a user into visiting a crafted HTML page, but once the renderer is compromised, the vulnerability creates a pathway to leak cross-origin information that should remain isolated.
- CVE-2026-11013MEDIUM 6.5
Google Chrome versions before 149.0.7827.53 contain a flaw in how the browser validates user-supplied input within its networking code. An attacker who has already compromised Chrome's renderer process—the sandboxed component that executes web content—can craft a malicious HTML page to leak sensitive data from the renderer's memory. This is a post-compromise attack vector; the attacker must first gain code execution in the renderer sandbox, but once there, they can extract information that should remain private.
- CVE-2026-11014MEDIUM 6.5
Google Chrome versions before 149.0.7827.53 contain a vulnerability where insufficient policy enforcement in the extension system allows a malicious extension to circumvent Site Isolation—Chrome's security boundary that prevents one website from accessing another's data. An attacker must first convince a user to install the malicious extension, but once installed, the extension can read or modify data across websites that the user visits, potentially exposing sensitive information.
- CVE-2026-11016MEDIUM 6.5
Google Chrome versions before 149.0.7827.53 contain a flaw where insufficient validation of network input allows a remote attacker who has already compromised the browser's renderer process to bypass the same-origin policy. An attacker could craft a malicious HTML page to force the compromised renderer to access resources or data from a different origin, violating the security boundary that normally prevents cross-origin access. This requires initial renderer process compromise—the attacker cannot trigger the vulnerability from an unauthenticated network position alone.
- CVE-2026-11017MEDIUM 6.5
Google Chrome versions before 149.0.7827.53 contain a flaw in how the Link Preview feature handles navigation restrictions. If an attacker first compromises Chrome's renderer process—the component that displays web content—they can craft a malicious HTML page to bypass restrictions that normally prevent unauthorized navigation. The vulnerability requires prior renderer compromise, limiting its immediate attack surface, but it does allow an attacker with that foothold to navigate to restricted locations without proper authorization.
- CVE-2026-11018MEDIUM 6.5
Google Chrome versions before 149.0.7827.53 contain a flaw in how the browser enforces navigation policies. An attacker can craft a malicious HTML page that, when visited, tricks Chrome into allowing navigation to restricted destinations that should normally be blocked. The vulnerability requires user interaction—a person must visit the hostile page—but no special privileges are needed on the attacker's side. The core risk is integrity: an attacker can redirect you to unwanted sites, potentially enabling phishing, malware distribution, or social engineering attacks.
- CVE-2026-11020MEDIUM 6.5
Google Chrome versions prior to 149.0.7827.53 contain a flaw in how the browser handles extensions that process XML files. An attacker can craft a malicious XML file that, when processed by a vulnerable extension, leaks sensitive data from other websites the user has visited. The vulnerability requires user interaction—specifically, the user must open or interact with the malicious file—but does not require the attacker to have special privileges or bypass additional security controls. This is a cross-origin data leak, meaning information intended to be isolated between websites can be extracted by an attacker.
- CVE-2026-11022MEDIUM 6.5
CVE-2026-11022 is a same-origin policy bypass vulnerability in Google Chrome's DevTools that requires an attacker to have already compromised the renderer process. An attacker could then use a specially crafted HTML page to escape origin restrictions, potentially accessing or modifying data from other websites in the same browser session. This is not a remote code execution vector but rather a privilege escalation within an already-compromised rendering context.
- CVE-2026-11023MEDIUM 6.5
Google Chrome versions prior to 149.0.7827.53 contain a flaw in how the browser handles web app installation that allows an attacker who has already compromised the browser's renderer process to bypass the same-origin policy. This means a specially crafted web page could be used to access or modify content from other websites in ways the browser is supposed to prevent. The attacker needs prior renderer compromise, limiting the immediate threat to users, but the bypass itself is reliable once that initial foothold exists.
- CVE-2026-11026MEDIUM 6.5
Google Chrome versions prior to 149.0.7827.53 contain a flaw in how extensions are handled that allows an attacker to bypass built-in navigation restrictions. The vulnerability requires social engineering—an attacker must trick a user into installing a malicious Chrome extension. Once installed, the extension can circumvent the browser's navigation safeguards, potentially redirecting users to unintended destinations or enabling other attack chains. This is classified as a Medium severity issue by Chromium's security team.
- CVE-2026-11027MEDIUM 6.5
A vulnerability in Google Chrome's Glic component fails to properly validate untrusted input, allowing an attacker who has already compromised Chrome's renderer process to extract sensitive data across website boundaries using a specially crafted webpage. The attacker needs initial renderer process compromise but then gains the ability to read data from sites the user visits, bypassing normal browser security boundaries.
- CVE-2026-11032MEDIUM 6.5
Google Chrome's Password Manager contained a flaw that could allow an attacker to trick users into visiting a malicious webpage and leak sensitive data from other websites the user visits. The vulnerability requires user interaction—visiting a crafted HTML page—but once triggered, could expose cross-origin information that should remain isolated between websites. This affects Chrome on Windows, macOS, and Linux systems.
- CVE-2026-10916MEDIUM 6.1
CVE-2026-10916 is a cross-site scripting vulnerability in Google Chrome's developer tools that allows an attacker to inject malicious scripts or HTML content into a webpage. The attack requires two conditions: first, the attacker must have already compromised Chrome's renderer process (the component that executes web content), and second, the user must be tricked into visiting a specially crafted HTML page. While the initial compromise is a significant prerequisite, once achieved, this vulnerability enables the attacker to execute arbitrary code with the privileges of the browser session, potentially stealing sensitive data or performing actions on behalf of the user.
- CVE-2025-71313MEDIUM 5.5
A memory allocation failure in the Linux kernel's PCI endpoint driver could cause the system to crash. When the kernel tries to create a work queue for handling PCI endpoint-to-endpoint communication, it doesn't properly check whether that operation succeeded. If memory is scarce and the allocation fails, the driver continues anyway and later attempts to use the non-existent queue, triggering a NULL pointer dereference that halts the affected system. The fix is straightforward: check whether the allocation succeeded before proceeding.
- CVE-2025-71314MEDIUM 5.5
A vulnerability in the Linux kernel's Panthor GPU driver can cause the graphics system to hang indefinitely when memory subsystem operations fail to complete. The issue arises because the driver lacks proper recovery mechanisms for stuck cache-flush operations. When a GPU memory flush times out, the driver now schedules a reset and recovers gracefully instead of hanging. This affects systems using Panthor-based GPUs (primarily ARM Mali GPUs in certain SoCs).
- CVE-2026-46104MEDIUM 5.5
A flaw exists in how the Linux kernel's SELinux security module accesses socket security data when multiple security modules are stacked together. The vulnerability occurs because SELinux directly reads socket security information from a hardcoded memory location, assuming it will always find its own data there. When another security module is loaded first, SELinux reads the wrong data instead, potentially using invalid security identifiers in permission checks. This can cause the kernel to crash due to invalid memory access or improper security decisions.
- CVE-2026-46106MEDIUM 5.5
A race condition in the Linux kernel's eventfs subsystem can cause memory corruption or system crashes when users simultaneously remount the tracefs filesystem (which hosts performance monitoring tools) while creating or deleting tracepoints. The vulnerability arises because the kernel walks through a list of event structures during remount without proper synchronization, allowing concurrent operations to corrupt data structures or access freed memory. This is a local issue affecting only users with permission to remount filesystems and modify tracing events.
- CVE-2026-46108MEDIUM 5.5
A flaw in the Linux kernel's IPMI serial interface (SI) driver can leave the system in an abnormal state when message allocation fails. Normally, failed operations trigger cleanup routines that reset the driver to a ready state. This vulnerability occurs because certain error paths skip that reset logic, potentially causing the driver to remain hung or unresponsive. An attacker with local system access could trigger memory allocation failures under specific conditions, degrading system availability until the driver is manually restarted or the system reboots.
- CVE-2026-46109MEDIUM 5.5
A memory leak exists in the Linux kernel's USB ULPI (UTMI Low Pin Interface) driver registration code. When certain initialization steps fail early in the device registration process, allocated memory is not properly freed, allowing memory to accumulate over repeated failures. This is a residual issue from a prior fix that addressed a different memory safety problem. The vulnerability requires local access and elevated privileges to trigger.
- CVE-2026-46118MEDIUM 5.5
A flaw in the Linux kernel's PAPR hypervisor pipe driver can cause the kernel to crash when attempting to create a device handle. The issue stems from a recent code refactoring that changed how the driver manages memory allocation and cleanup. When the driver tries to reuse a data structure after it has been cleared, the kernel attempts to access invalid memory, leading to a null pointer dereference and system panic. An unprivileged local user with ioctl access can trigger this crash, resulting in a denial of service.
- CVE-2026-46126MEDIUM 5.5
CVE-2026-46126 is a memory cleanup bug in the Linux kernel's RDMA/mana driver that occurs during queue pair creation with RSS (Receive Side Scaling) support. When certain operations fail during setup, the kernel fails to properly release allocated work queue objects, leaving dangling resources. An unprivileged local user can trigger this condition to cause a denial of service by exhausting kernel resources or crashing the system.
- CVE-2026-46127MEDIUM 5.5
A local memory safety issue exists in the Linux kernel's RDMA over Converged Ethernet (OCRDMA) driver. During certain error conditions in the protection domain setup function, the code attempts to dereference a null pointer instead of using a valid reference, potentially crashing the system. The vulnerability requires local access and specific user privileges to trigger, making it a moderate-severity issue affecting system stability rather than confidentiality or integrity.
- CVE-2026-46128MEDIUM 5.5
A vulnerability in the Linux kernel's IPMI (Intelligent Platform Management Interface) subsystem allows local authenticated users to cause a denial of service. The issue stems from insufficient validation of event message buffer responses from Baseboard Management Controllers (BMCs). Some BMCs may return empty or malformed event messages instead of proper error responses, which the kernel fails to validate immediately. This can lead to kernel crashes or hangs when processing these invalid responses. The vulnerability requires local access and authenticated privileges to trigger, limiting its immediate blast radius but requiring attention in environments where untrusted local users have system access.
- CVE-2026-46131MEDIUM 5.5
A flaw exists in the Linux kernel's virtualization layer (KVM) where the hypervisor incorrectly validates guest memory operations in nested virtual machines. The vulnerability occurs when checking whether a guest is running nested virtualization—the code currently checks only whether an L2 guest exists, but fails to verify that nested EPT (Extended Page Tables) or NPT (Nested Page Tables) is actually enabled. This mismatch allows a local process running inside a nested guest to trigger denial-of-service conditions by invoking hypercalls that attempt invalid memory translations. The impact is limited to availability; an attacker cannot read or modify data.
- CVE-2026-46132MEDIUM 5.5
CVE-2026-46132 is a kernel memory leak in the Linux networking subsystem that allows unprivileged local users to read up to 26 bytes of uninitialized kernel stack memory per virtual function (VF) per request. The vulnerability exists in the rtnetlink interface handler that reports virtual NIC configuration. When a user requests virtual function information, the kernel fails to zero-initialize a buffer before partially filling it with MAC broadcast data, leaving residual stack contents exposed to userspace. An attacker needs only basic local network namespace access to trigger repeated information leaks.
- CVE-2026-46134MEDIUM 5.5
A Linux kernel vulnerability in the Chrome OS Embedded Controller (cros_ec) Thunderbolt registration code fails to initialize a mutex lock, causing the system to crash when the uninitialized lock is later accessed. This affects devices that use the affected kernel code path during Thunderbolt device registration and mode switching. An unprivileged local user can trigger the crash by interacting with Thunderbolt/USB-C functionality, resulting in a denial of service.
- CVE-2026-46139MEDIUM 5.5
A flaw in the Linux kernel's SMB client code leaves a security descriptor buffer partially uninitialized when building access control lists. Specifically, a 2-byte reserved field in the ACL structure—which must be zero according to the SMB protocol specification—is left containing whatever garbage data happened to be in that heap memory. When Samba or other SMB servers validate the descriptor, they reject it if those bytes are non-zero, causing file permission operations like chmod to fail with an invalid argument error. The fix is straightforward: replace the memory allocation function with one that zeroes the buffer before use.
- CVE-2026-46141MEDIUM 5.5
A memory leak vulnerability exists in the Linux kernel's PowerPC XIVE interrupt handling code. When allocating MSI-X interrupt vectors for NVMe devices, the kernel creates interrupt data structures but fails to properly clean them up when the interrupt domain is freed. This occurs because the code looks for the data in the wrong place during cleanup, causing allocated memory to be abandoned. While this is a localized memory management issue, repeated device allocation and deallocation cycles could gradually consume system memory and degrade performance.
- CVE-2026-46142MEDIUM 5.5
A flaw in the Linux kernel's libwx network driver allows a virtual machine or container running as a non-privileged user to trigger a system hang by reading a hardware register that should only be accessible to the physical device owner. During virtual function (VF) initialization, the driver incorrectly attempts to access a restricted register (WX_CFG_PORT_ST), causing the system to hang. The issue stems from the driver not properly distinguishing between physical function (PF) and virtual function device contexts when accessing low-level hardware state.
- CVE-2026-46143MEDIUM 5.5
CVE-2026-46143 is a memory leak vulnerability in the Linux kernel's QCOM audio subsystem. The issue occurs in the ASoC (ALSA System on Chip) driver for QCOM Q6APM LPASS audio interfaces, where the prepare function can be invoked multiple times. Each invocation opens a new graph for the playback path without checking if one is already open, resulting in cumulative resource exhaustion. While the vulnerability requires local access and low-privilege execution context, the impact is availability disruption through memory exhaustion.
- CVE-2026-46144MEDIUM 5.5
A memory cleanup issue exists in the Linux kernel's RDMA/mana driver when creating RSS (Receive-Side Scaling) queue pairs. If an error occurs during queue pair creation, a virtual port steering configuration is not properly freed, leading to a resource leak. While this is a memory management issue rather than a direct data breach risk, it can degrade system stability under error conditions or be exploited to exhaust kernel memory resources on systems with RDMA/mana network adapters.
- CVE-2026-46146MEDIUM 5.5
A vulnerability exists in the Linux kernel's USB audio driver that could cause the system to hang indefinitely when processing a specially crafted USB device descriptor. The flaw is in the convert_chmap_v3() function, which processes audio channel mapping information without properly validating the descriptor size field. An attacker with local access could trigger this endless loop, causing a denial of service. The issue affects multiple versions of the Linux kernel and requires local access to exploit.
- CVE-2026-46147MEDIUM 5.5
A flaw in the Linux kernel's ARM64 KVM (virtualization) implementation can cause system resource leaks and expose partially initialized virtual CPU objects to concurrent access. When vCPU initialization encounters an error partway through, cleanup code fails to release pinned memory references, accumulating leak over time. Additionally, the vCPU object is published to shared state without proper synchronization barriers, risking observers seeing an incompletely initialized structure. This affects hypervisor deployments using ARM64-based KVM virtualization.
- CVE-2026-46148MEDIUM 5.5
A flaw in the Linux kernel's Microchip CoreQSPI SPI controller driver causes incorrect chip select (CS) line management when multiple SPI devices are connected. The hardware's built-in CS is automatically controlled by design, but this automatic behavior conflicts with proper operation when GPIO-based chip selects are also in use. The driver was modified to manually control the CS line instead, allowing correct behavior for both active-low and active-high devices, and preventing the built-in CS from being asserted while other GPIO-controlled devices are being accessed.
- CVE-2026-46151MEDIUM 5.5
A flaw in the Linux kernel's USB printer driver (usblp) allows a malicious or malfunctioning printer to leak uninitialized kernel memory to local users. When a printer responds to a device ID request with fewer bytes than claimed in its length header, the driver fails to zero out the remaining buffer before exposing it via sysfs or an ioctl. An attacker with local access could craft a printer (or intercept USB traffic) to trigger this and read sensitive kernel memory.
- CVE-2026-46153MEDIUM 5.5
A memory leak exists in the Linux kernel's VLAN (802.1Q) network driver. When network administrators repeatedly configure and then clear egress QoS priority mappings on VLAN interfaces, the kernel fails to properly delete the cleared mappings. Instead, it retains them as empty placeholders (tombstones) in memory. Over time, this causes memory to accumulate and leak, eventually exhausting system resources when the VLAN device is torn down. The fix involves properly deleting these cleared mappings after a safe grace period rather than leaving them in place.
- CVE-2026-46156MEDIUM 5.5
A flaw in the Linux kernel's Loongson GPU driver can cause a system crash when the code attempts to read from an invalid memory address during hardware initialization. The vulnerability occurs in the `loongson_gpu_fixup_dma_hang()` function, which uses incorrect logic to identify and configure GPU devices on certain Loongarch-based systems. When a discrete GPU is present in a non-standard PCI slot configuration, the driver may try to access memory at a random address, triggering a kernel panic. This is a local issue that requires prior system access and affects the stability and availability of affected systems.
- CVE-2026-46158MEDIUM 5.5
CVE-2026-46158 is a resource leak in the Linux kernel's MPTCP (Multipath TCP) protocol implementation. When the kernel retransmits an ADD_ADDR control message, it fails to properly release a reference to a socket object in certain error paths, allowing the socket's memory to remain allocated longer than necessary. This leak occurs only when specific unlikely conditions are met during ADD_ADDR retransmission, making it a localized but real availability concern on systems handling MPTCP traffic.
- CVE-2026-46160MEDIUM 5.5
A flaw in the Linux kernel's Btrfs filesystem can corrupt the transaction log during recovery if a directory is removed while a process still holds an open file descriptor to it and performs an fsync operation. When the system crashes after this sequence, the filesystem becomes inconsistent and fails to mount, resulting in data loss or extended downtime. This is a local issue requiring user-level access and specific conditions to trigger.
- CVE-2026-46161MEDIUM 5.5
A divide-by-zero vulnerability exists in the Linux kernel's RAID10 disk management code. When a user configures RAID10 with a "far_copies" value of zero, the kernel crashes instead of rejecting the invalid configuration. This requires local access and root-level privileges to trigger, making it a local denial-of-service risk rather than a remote compromise threat.
- CVE-2026-46165MEDIUM 5.5
A self-deadlock vulnerability exists in the Linux kernel's Open vSwitch module when tunnel ports are released. The issue occurs because the code attempts to clean up network device references while holding locks that prevent the cleanup from completing, causing the system to hang during tunnel port deletion. This is a local denial-of-service condition that affects systems running vulnerable kernel versions with Open vSwitch configured.
- CVE-2026-46167MEDIUM 5.5
A flaw in the Linux kernel's USB printer driver (usblp) allows uninitialized kernel memory to leak to user-space applications through the LPGETSTATUS ioctl command. When a USB printer responds with fewer bytes than expected, the driver fails to initialize the response buffer properly, potentially exposing stale heap memory to callers. This can occur even with standard-behaving printers; the vulnerability is particularly concerning in multi-user environments where one user's application could inadvertently receive residual kernel memory from prior operations.
- CVE-2026-46168MEDIUM 5.5
A vulnerability in the Linux kernel's multipath TCP (MPTCP) implementation allows a local attacker with standard user privileges to trigger a denial-of-service condition. The issue stems from improper locking during socket option handling for timestamps. When the kernel attempts to set timestamp options, it uses a fast atomic lock that cannot safely call functions designed to sleep, resulting in a kernel panic. An unprivileged user can exploit this by making specific socket option calls, causing the system to crash or become unresponsive.
- CVE-2026-46169MEDIUM 5.5
CVE-2026-46169 is a memory initialization bug in the Linux kernel's HFS+ filesystem driver. When mounting a corrupted HFS+ filesystem, the kernel may read incomplete catalog records and fail to detect that the data is truncated. This leaves portions of a kernel data structure uninitialized. Later, when the filesystem code attempts to process the incomplete record—such as performing case-insensitive string comparison—it uses the uninitialized memory as array indices, triggering a kernel warning. An unprivileged local attacker with the ability to mount a crafted filesystem image could trigger this condition, potentially causing a denial of service or information disclosure.
- CVE-2026-46170MEDIUM 5.5
A flaw in the Linux kernel's MPTCP (Multipath TCP) path manager can cause a denial of service when certain network protocol messages are retransmitted. Specifically, when an ADD_ADDR message is resent, the kernel may mismanage internal reference counting for a socket object, potentially leading to a deadlock or crash. An unprivileged local user can trigger this condition, causing the affected system to become unresponsive.
- CVE-2026-11004MEDIUM 5.3
CVE-2026-11004 is a memory disclosure vulnerability in Google Chrome's ANGLE graphics library. An attacker who has already compromised Chrome's renderer process can craft a malicious HTML page to read sensitive data from the browser's memory. While this requires prior compromise of the renderer, the ability to extract potentially sensitive information makes it a meaningful security concern for organizations running Chrome.
- CVE-2026-46159MEDIUM 4.7
A race condition in the Linux kernel's btrfs filesystem driver can leak uninitialized kernel memory to unprivileged local users. The vulnerability exists in the ioctl handler that reports storage space information. When block groups are concurrently removed by the system during the space query operation, the kernel copies more data to userspace than it actually wrote, exposing sensitive kernel memory. An attacker with local access can exploit this timing window to read information that should not be accessible.
- CVE-2026-11031MEDIUM 4.3
Google Chrome's Password Manager fails to properly validate input from network traffic before displaying it to users. An attacker can craft malicious network data that tricks the Password Manager interface into showing fake or misleading information—for example, a phishing prompt that looks legitimate. This affects Chrome versions before 149.0.7827.53 on Windows, macOS, and Linux.
- CVE-2026-10998MEDIUM 4.0
CVE-2026-10998 is a memory safety issue in Google Chrome's media handling code that allows an attacker positioned on the same local network to read data from memory locations they shouldn't have access to. The vulnerability exists in Chrome versions before 149.0.7827.53. An attacker would need to send specially crafted network traffic to trigger an out-of-bounds read, which could potentially expose sensitive information resident in the browser's memory. This is a local-network-only threat, meaning the attacker must be on your network segment to exploit it.