225809 matches found
UBUNTU-CVE-2026-53108
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix unmap race with PMD migration entries The following race is possible with migration swap entries or device-private THP entries. e.g. when movepages is called on a PMD THP page, then there maybe an intermediate...
UBUNTU-CVE-2026-53094
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stale offload-prog pointer after constant blinding When a dev-bound-only BPF program BPFFXDPDEVBOUNDONLY undergoes JIT compilation with constant blinding enabled bpfjitharden = 2, bpfjitblindconstants clones the program...
UBUNTU-CVE-2026-52986
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: don't use simplestrtoul Replace unsafe port parsing in epaddrlen, ctsipparseheaderuri, and ctsipparserequest with a new sipparseport helper that validates each digit against the buffer limit, eliminatin...
UBUNTU-CVE-2026-52960
In the Linux kernel, the following vulnerability has been resolved: ceph: put folios not suitable for writeback The batch holds references to the folios see filemapgetfolios, foliobatchrelease, so we need to folioput the folios we remove. Tested on v6.18...
UBUNTU-CVE-2026-52987
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid double drmexecfini in userq validate When newaddition is true, amdgpuuserqvmvalidate calls drmexecfini&exec before iterating over the collected HMM ranges and calling amdgputtmttgetuserpages. If...
UBUNTU-CVE-2026-53072
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix locking in hciconnrequestevt with HCIPROTODEFER When protocol sets HCIPROTODEFER, hciconnrequestevt calls hciconnectcfmconn without hdev-lock. Generally hciconnectcfm assumes it is held, and if conn is deleted...
UBUNTU-CVE-2026-52999
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix out-of-bounds read on option matching In nfosfmatch, the nfosfhdrctx structure is initialized once and passed by reference to nfosfmatchone for each fingerprint checked. During TCP option parsing,...
UBUNTU-CVE-2026-53079
In the Linux kernel, the following vulnerability has been resolved: netsched: fix skb memory leak in deferred qdisc drops When the network stack cleans up the deferred list via qdiscrunend, it operates on the root qdisc. If the root qdisc do not implement the TCQFDEQUEUEDROPS flag the packets que...
UBUNTU-CVE-2026-53040
In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate bgbits during freefrag scan BUG A crafted filesystem can trigger an out-of-bounds bitmap walk when OCFS2IOCINFO is issued with OCFS2INFOFLNONCOHERENT. BUG: KASAN: use-after-free in instrumentatomicread...
UBUNTU-CVE-2026-52956
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in cephxdecrypt In cephxdecrypt, a part of the buffer p is interpreted as a cephxencryptheader, and the magic field of this struct is accessed. This happens without any guarantee that t...
UBUNTU-CVE-2026-52950
In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: fix UAF with retry loop Retry doesn't work here, since bo will be freed on error, leading to UAF. However, now that we do the alloc & init before the attach, we can now combine this as one unit and have the init d...
UBUNTU-CVE-2026-53060
In the Linux kernel, the following vulnerability has been resolved: dm cache metadata: fix memory leak on metadata abort retry When failing to acquire the rootlock in dmcachemetadataabort because the blockmanager is read-only, the temporary blockmanager created outside the rootlock is not properl...
UBUNTU-CVE-2026-52980
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Clear reldeadline when initializing forked entities A yield-triggered crash can happen when a newly forked schedentity enters the fair class with se-reldeadline unexpectedly set. The failing sequence is: 1. A task is...
UBUNTU-CVE-2026-53099
In the Linux kernel, the following vulnerability has been resolved: bpf: Switch CONFIGCFICLANG to CONFIGCFI This was renamed in commit 23ef9d439769 "kcfi: Rename CONFIGCFICLANG to CONFIGCFI" as it is now a compiler-agnostic option. Using the wrong name results in the code getting compiled out...
UBUNTU-CVE-2026-52988
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: join hook list via splicelistrcu in commit phase Publish new hooks in the list into the basechain/flowtable using splicelistrcu to ensure netlink dump list traversal via rcu is safe while concurrent ruleset...
UBUNTU-CVE-2026-52958
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in osdmapdecode When decoding osdstate and osdweight from an incoming osdmap in osdmapdecode, both are decoded for each osd, i.e., map-maxosd times. The cephdecodeneed check only accoun...
UBUNTU-CVE-2026-53052
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: qdsp6: topology: check widget type before accessing data Check widget type before accessing the private data, as this could a virtual widget which is no associated with a dsp graph, container and module. Accessing...
UBUNTU-CVE-2026-53070
In the Linux kernel, the following vulnerability has been resolved: sctp: disable BH before calling udptunnelxmitskb udptunnelxmitskb / udptunnel6xmitskb are expected to run with BH disabled. After commit 6f1a9140ecda "add xmit recursion limit to tunnel xmit functions", on the path:...
UBUNTU-CVE-2026-53125
In the Linux kernel, the following vulnerability has been resolved: md: fix arraystate=clear sysfs deadlock When "clear" is written to arraystate, mdattrstore breaks sysfs active protection so the array can delete itself from its own sysfs store method. However, mdattrstore currently drops the...
UBUNTU-CVE-2026-53008
In the Linux kernel, the following vulnerability has been resolved: ice: fix race condition in TX timestamp ring cleanup Fix a race condition between icefreetxtstampring and icetxmap that can cause a NULL pointer dereference. icefreetxtstampring currently clears the ICETXFLAGSTXTIME flag after...