CVE-2026-53291

CVE-2026-53291 (Linux kernel: ALSA HDA/Conexant) is about a missing error check in cx_probe() for snd_hda_jack_detect_enable_callback(). The function can return an error pointer on failure (e.g., memory allocation), and the code was ignoring this return value. If registration fails, jack-detectio...

EUVD-2026-39896

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/conexant: Fix missing error check for jack detection In cxprobe, the return value of sndhdajackdetectenablecallback is ignored. This function returns a pointer, and if it fails e.g., due to memory allocation failure, it...

EUVD-2026-39895

In the Linux kernel, the following vulnerability has been resolved: drm/xe/eustall: Fix drmdevput called before stream disable in close In xeeustallstreamclose, drmdevput is called before the stream is disabled and its resources are freed. If this drops the last reference, the device structures...

CVE-2026-53289

In the Linux kernel ice driver, CVE-2026-53289 describes a NULL pointer dereference in ice_reset_all_vfs caused by ignoring the return value of ice_vf_rebuild_vsi(). If a VSI rebuild fails (e.g., during NVM firmware update), ice_vsi_rebuild_vsi leaves txq_map/rxq_map NULL and ice_vf_post_vsi_rebu...

EUVD-2026-39892

In the Linux kernel, the following vulnerability has been resolved: audit: fix incorrect inheritable capability in CAPSET records auditlogcapset records the effective capability set into the inheritable field due to a copy-paste error. Every CAPSET audit record therefore reports cappi process...

CVE-2026-53287

The CVE-2026-53287 issue affects the Linux kernel’s audit CAPSET handling. __audit_log_capset() incorrectly records the effective capability (cap_effective) into the inheritable field, due to a copy-paste error, causing CAPSET audit records to report cap_pi (process inheritable) with the value of...

EUVD-2026-39890

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wrap DCN32 phantom-plane allocation in DCRUNWITHPREEMPTIONENABLED Why dcn32validatebandwidth wraps dcn32internalvalidatebw with DCFPSTART/DCFPEND. In x86 non-RT, DCFPSTART takes fpregslock, which disables local...

CVE-2026-53282

The CVE concerns the Linux kernel x86/kexec purgatory code used by kexec-tools. The issue arises when, in non-kjump kexec, the code looks above the top of the stack to locate a return address for kjump. A fix previously changed behavior to stop pushing an unused return address, but that change ca...

CVE-2026-53281

CVE-2026-53281 concerns the Linux kernel IOMMU VT-d path. The issue could trigger a NULL pointer dereference or refcount corruption during teardown if dev_pasid is not found in the dev_pasids list (remains NULL) or if the domain is never attached (info is NULL). The fix returns early when dev_pas...

EUVD-2026-39887

In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Push kjump return address even for non-kjump kexec The version of purgatory code shipped by kexec-tools attempts to look above the top of its stack to find a return address for a kjump, even in a non-kjump kexec. After...

EUVD-2026-39886

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid NULL pointer dereference or refcount corruption Commit 60f030f7418d "iommu/vt-d: Avoid use of NULL after WARNONONCE" fixed a NULL pointer dereference in an unlikely situation partly. If devpasid is not found in...

CVE-2026-53279

The CVE-2026-53279 entry concerns the Linux kernel component drm/gma500/oaktrail_lvds. The LVDS init path first calls i2c_get_adapter() to read EDID and may then allocate/register its own adapter. The error handling previously treated these paths indistinguishably, so a late init failure could tr...

EUVD-2026-39883

In the Linux kernel, the following vulnerability has been resolved: armmpam: Check whether the config array is allocated before destroying it destroycomponentcfg is called to free the configuration array. It uses the embedded 'garbage' structure, which means the array has to be allocated. If...

CVE-2026-53090

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF verifier. When ldabs,ind instructions are used in BPF subprograms, the verifier fails to correctly simulate the abnormal exit path if packet data loading fails. This oversight could lead to unexpected behavior or bypass of security...

CVE-2026-52952

A flaw was found in the Linux kernel's Input/Output Memory Management Unit IOMMU subsystem, which manages how devices access system memory. A race condition, a situation where multiple operations occur in an unpredictable order, exists during device recovery when multiple memory domains are being...

New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets

DirtyClone is a new Linux kernel privilege escalation in the DirtyFrag family. JFrog Security Research published a working exploit walkthrough for the flaw on June 25, the first public demonstration for this variant. Tracked as CVE-2026-43503 CVSS 8.8, it lets a local user corrupt file-backed...

CVE-2026-52990

A flaw was found in the Linux kernel. A local attacker could exploit a race condition in the fsnotifyrecalcmask function, which fails to properly handle an inode reference. This improper handling can lead to an inode reference leak, causing tasks to hang and resulting in a Denial of Service DoS f...

CVE-2026-52992

A flaw was found in the Linux kernel's Advanced Disc Filing System ADFS component. This vulnerability allows a local attacker to cause an out-of-bounds write by providing a specially crafted ADFS disc record with a zero zone count. This can lead to memory corruption, potentially resulting in a...

CVE-2026-53060

A flaw was found in the Linux kernel's device-mapper dm cache metadata. This memory leak vulnerability occurs when the dmcachemetadataabort function fails to acquire the root lock because the block manager is read-only, leading to the improper release of a temporary block manager. A local attacke...

CVE-2026-53194

A flaw was found in the Linux kernel's kl5kusb105 USB serial driver. This buffer overflow vulnerability allows a local attacker to write data beyond the intended memory boundary. By sending a specially crafted input to the USB serial port, an attacker can trigger an out-of-bounds write, which may...