CVE-2026-31689

In the Linux kernel, the following vulnerability has been resolved: EDAC/mc: Fix error path ordering in edacmcalloc When the mci-pvtinfo allocation in edacmcalloc fails, the error path will call putdevice which will end up calling the device's release function. However, the init ordering is wrong...

CVE-2026-31689

The CVE-2026-31689 issue affects the Linux kernel EDAC/mc path: edac_mc_alloc() may call put_device() during an error path before device_init completes, causing a kobject initialization/cleanup hazard and in-kernel MCE decoding symptoms. The fix reorders the initialization so the device (and its ...

CVE-2026-31687 gpio: omap: do not register driver in probe()

In the Linux kernel, the following vulnerability has been resolved: gpio: omap: do not register driver in probe Commit 11a78b794496 "ARM: OMAP: MPUIO wake updates" registers the omapmpuiodriver from omapmpuioinit, which is called from omapgpioprobe. However, it neither makes sense to register...

CVE-2026-41665

Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause incorrect memory initialization for large intermediate tensors. Affected version is prior to commit 1.30.0...

PT-2026-35495

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the EDAC/mc component where the error path ordering in the edac mc alloc function is incorrect. When the mci-pvt info allocation fails, the system calls put device,...

vfio/xe: Reorganize the init to decouple migration from reset

...

staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify()

...

SUSE CVE-2026-31676

In the Linux kernel, the following vulnerability has been resolved: rxrpc: only handle RESPONSE during service challenge Only process RESPONSE packets while the service connection is still in RXRPCCONNSERVICECHALLENGING. Check that state under statelock before running response verification and...

Unity Linux 20.1060a Security Update: kernel (UTSA-2026-014341)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014341 advisory. In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure sndnxt is properly initialized on connect Christoph reported a splat hinting at a...

Unity Linux 20.1060a Security Update: kernel (UTSA-2026-014351)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014351 advisory. In the Linux kernel, the following vulnerability has been resolved: HID: amdsfh: Fix potential NULL pointer dereference devmaddactionorreset can suddenly invoke...

CVE-2026-31621

A flaw was found in the Linux kernel's bnge driver. When an error occurs during device initialization, the driver fails to return after deallocating a device, leading to a null pointer dereference. This can cause system instability or a crash, resulting in a Denial of Service DoS for affected...

CVE-2026-31592

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine subsystem. A local user could exploit a concurrency issue by failing to properly protect the sevmemencregisterregion function with the kvm-lock. This can lead to an unstable state if KVM initialization fails, resulting in a...

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the StripeWebhook process. An attacker can gain unauthorized quota credits and perform financial fraud by forging webhook requests with a publicly computable signature when the webhook...

DEBIAN-CVE-2026-31669

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in inetlookupestablished The ehash table lookups are lockless and rely on SLABTYPESAFEBYRCU to guarantee socket memory stability during RCU read-side critical sections. Both tcpprot and tcpv6prot ha...

DEBIAN-CVE-2026-31645

In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix page pool leak in error paths lan966xfdmarxalloc creates a page pool but does not destroy it if the subsequent fdmaalloccoherent call fails, leaking the pool. Similarly, lan966xfdmainit frees the coherent DMA...

CVE-2026-31599

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix NULL pointer dereference in vidtvchannelpmtmatchsections syzbot reported a general protection fault in vidtvpsidescassign 1. vidtvpsipmtstreaminit can return NULL on memory allocation failure, but...

CVE-2026-31592

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Protect all of sevmemencregisterregion with kvm-lock Take and hold kvm-lock for before checking sevguest in sevmemencregisterregion, as sevguest isn't stable unless kvm-lock is held or KVM can guarantee KVMSEVINIT2 has...

CVE-2026-31577

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL iassocinode dereference in nilfsmdtsavetoshadowmap The DAT inode's btree node cache iassocinode is initialized lazily during btree operations. However, nilfsmdtsavetoshadowmap assumes iassocinode is already...

DEBIAN-CVE-2026-31572

In the Linux kernel, the following vulnerability has been resolved: i2c: designware: amdisp: Fix resume-probe race condition issue Identified resume-probe race condition in kernel v7.0 with the commit 38fa29b01a6a "i2c: designware: Combine the init functions",but this issue existed from the...

DEBIAN-CVE-2026-31562

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dsi: Store driver data before invoking mipidsihostregister The call to mipidsihostregister triggers a callback to mtkdsibind, which uses devgetdrvdata to retrieve the mtkdsi struct, so this structure needs to be...