CVE-2026-53310

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2026-53309

In CVE-2026-53309, the Linux kernel OCFS2 DLM region comparison had an off-by-one in dlm_match_regions(), where the local-vs-remote loop used <= instead of <, causing reading beyond the valid range of qr_regions. The fix changes the loop condition to < for consistency and correctness. Th...

EUVD-2026-39844

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dlmmatchregions region comparison The local-vs-remote region comparison loop uses '=' instead of '', causing it to read one entry past the valid range of qrregions. The other loops in the same functio...

EUVD-2026-39897

In the Linux kernel, the following vulnerability has been resolved: net: phonet: do not BUGON in pnsocketautobind on failed bind syzbot reported a kernel BUG triggered from pnsocketsendmsg via pnsocketautobind: kernel BUG at net/phonet/socket.c:213! RIP: 0010:pnsocketautobind...

EUVD-2026-39894

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM firmware update via nvmupdate64e, icevsirebuild tears down the VSI on its...

CVE-2026-53278

The CVE-2026-53278 issue in the Linux kernel affects the ARM MPAM component. A NULL dereference could occur in __destroy_component_cfg() if it is called from mpam_disable() before the configuration array had been allocated. The fix adds a guard to check whether the config array is allocated and r...

CVE-2026-53276

CVE-2026-53276 – Linux kernel Bluetooth ISO use-after-free : The issue occurs in iso_sock_rebind_bc() where a cached bis pointer (iso_pi(sk)->conn->hcon) is used after releasing the socket lock, allowing a concurrent close() to free the hci_conn structure. During the unlocked window, hci_de...

CVE-2026-53275

The CVE-2026-53275 entry describes a Linux kernel IPv6 multicast (mcast) use-after-free in MLD query processing. Specifically, while handling an MLD query, a pointer to the multicast group address is obtained during initial parsing but is later dereferenced after pskb_may_pull() may have realloca...

EUVD-2026-39217

In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: make ebtsnat ARP rewrite writable The ebtables SNAT target keeps the Ethernet source address rewrite behind skbensurewritableskb, 0. This is intentional: at the bridge ebtables hooks the Ethernet header is...

EUVD-2026-39197

In the Linux kernel, the following vulnerability has been resolved: sctp: validate cached peer INIT chunk length in COOKIEECHO processing When a listening SCTP server processes a COOKIEECHO chunk, the cached peer INIT chunk embedded after the cookie is parsed and its parameters are later walked b...

EUVD-2026-39309

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftexthdr: fix register tracking for FPRESENT flag nftexthdrinit passes user-controlled priv-len to nftparseregisterstore, which marks that many bytes in the register bitmap as initialized. However, when...

EUVD-2026-39291

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: nv: Fix handling of XN0 when !FEATXNX XN has already been extracted from its bitfield position so using FIELDPREP on the mask that clears XN0 is completely broken, having the effect of unconditionally granting execute...

CVE-2026-53191

The CVE affects the Linux kernel io_uring net path in bundle recv retries. The bug arises when merging cflags during io_recv_finish(): IORING_CQE_F_BUF_MORE was not included in CQE_F_MASK, so the buf-more flag could be dropped or mis-carryed across iterations, causing userspace to advance the rin...

EUVD-2026-39282

In the Linux kernel, the following vulnerability has been resolved: iouring/net: inherit IORINGCQEFBUFMORE across bundle recv retries When a bundle recv retries inside iorecvfinish, the merge logic OR the saved cflags from the previous iteration with the cflags returned by the new iteration: cfla...

EUVD-2026-39281

In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix dmafence refcount leak on error in virtiogpudmafencewait dmafenceunwrapforeach internally calls dmafenceunwrapfirst which does cursor-chain = dmafencegethead, taking an extra reference. On normal loop completion,...

CVE-2026-53185

CVE-2026-53185 concerns the Linux kernel zram subsystem. The issue is a use-after-free in zram_bvec_write_partial() where an asynchronous read path can continue after the buffer is freed. zram_read_page() selects the sync or async read path based on whether the parent bio is NULL; zram_bvec_write...

CVE-2026-53181

The CVE describes a Linux kernel issue in vsock/vmci where on failed handshake vmci_transport_recv_listen() could skip balancing sk_acceptq_added/removed, leaving sk_ack_backlog incremented and potentially causing ECONNREFUSED for new connections once the backlog limit is reached. Concrete detail...

CVE-2026-53172

The CVE-2026-53172 issue affects the Linux kernel’s accel/ethosu path where NPU_SET_IFM_REGION incorrectly used param & 0x7f, allowing an index up to 127 for region_size[]/output_region[] (sized to 8). This caused out-of-bounds writes (up to 1016 bytes) past region_size[] and potential kernel hea...

CVE-2026-53155

CVE-2026-53155 : In the Linux kernel, the issue lies in mm/huge_memory where device-private PMD entries were assigned incorrect flags due to the migration logic, causing misinterpretation of softdirty, writable, and uffd-wp states. The function set_pmd_migration_entry() used pmd_write(), pmd_soft...

EUVD-2026-38901

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Take state lock for afunix iter When a BPF iterator program updates a sockmap, there is a race condition in unixstreambpfupdateproto where the peer pointer can become stale1 during a state transition TCPESTABLISHED ...