CVE-2026-31437

A flaw was found in the Linux kernel's netfs component. When a write operation is retried, the netfsunbufferedwrite function can attempt to access a non-existent function, leading to a NULL pointer dereference. This vulnerability can be triggered by specific filesystem configurations, such as 9P,...

CVE-2026-31434

A flaw was found in the Linux kernel's btrfs filesystem. When sub-groups for space information are created, associated kobject names are allocated. However, these names are not properly released when the sub-groups are removed, leading to a memory leak. A local user could exploit this vulnerabili...

CVE-2026-35365 uutils coreutils mv Denial of Service and Data Duplication via Improper Symlink Expansion

The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to...

CVE-2026-35365

The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to...

CVE-2026-35365

The CVE concerns the mv utility in uutils coreutils. The issue is that during moves across filesystem boundaries, the mv implementation does not preserve symbolic links; instead, it expands them and copies the linked targets as real files/directories at the destination. According to the provided ...

CVE-2026-35351

The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and...

CVE-2026-35351 uutils coreutils mv Silent Ownership Loss in Cross-Device Operations

The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and...

CVE-2026-35344 uutils coreutils dd Silent Data Corruption via Unconditional Truncation Error Suppression

The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directorie...

CVE-2026-35344 uutils coreutils dd Silent Data Corruption via Unconditional Truncation Error Suppression

The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directorie...

CVE-2026-35344

The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directorie...

CVE-2026-35338 uutils coreutils chmod Path Traversal Bypass of --preserve-root

A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbol...

CVE-2026-35338

Summary: CVE-2026-35338 affects the chmod utility in the uutils coreutils package. The vulnerability arises because the implementation only checks if the target path is exactly “/” and does not canonicalize the path, allowing path variants like “/../” or symbolic links to bypass --preserve-root. ...

EUVD-2026-24868

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackexpect: skip expectations in other netns via proc Skip expectations that do not reside in this netns. Similar to e77e6ff502ea "netfilter: conntrack: do not dump other netns's conntrack entries via proc"...

EUVD-2026-24788

In the Linux kernel, the following vulnerability has been resolved: ext4: publish jinode after initialization ext4inodeattachjinode publishes ei-jinode to concurrent users. It used to set ei-jinode before jbd2journalinitjbdinode, allowing a reader to observe a non-NULL jinode with ivfsinode still...

EUVD-2026-24786

In the Linux kernel, the following vulnerability has been resolved: ext4: validate pidx bounds in ext4extcorrectindexes ext4extcorrectindexes walks up the extent tree correcting index entries when the first extent in a leaf is modified. Before accessing pathk.pidx-eiblock, there is no validation...

EUVD-2026-24790

In the Linux kernel, the following vulnerability has been resolved: ext4: replace BUGON with proper error handling in ext4readinlinefolio Replace BUGON with proper error handling when inline data size exceeds PAGESIZE. This prevents kernel panic and allows the system to continue running while...

EUVD-2026-24758

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix read abandonment during retry Under certain circumstances, all the remaining subrequests from a read request will get abandoned during retry. The abandonment process expects the 'subreq' variable to be set to the place...

EUVD-2026-24782

In the Linux kernel, the following vulnerability has been resolved: ext4: reject mount if bigalloc with sfirstdatablock != 0 bigalloc with sfirstdatablock != 0 is not supported, reject mounting it...

CVE-2026-31465

In the Linux kernel, the following vulnerability has been resolved: writeback: don't block sync for filesystems with no data integrity guarantees Add a SBINODATAINTEGRITY superblock flag for filesystems that cannot guarantee data persistence on sync eg fuse. For superblocks with this flag set, sy...

CVE-2026-31451

In the Linux kernel, the following vulnerability has been resolved: ext4: replace BUGON with proper error handling in ext4readinlinefolio Replace BUGON with proper error handling when inline data size exceeds PAGESIZE. This prevents kernel panic and allows the system to continue running while...