UBUNTU-CVE-2026-46309

In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject cohnone PAT index for CPU cached memory in madvise Add validation in xevmmadviseioctl to reject PAT indices with XECOHNONE coherency mode when applied to CPU cached memory. Using cohnone with CPU cached buffer...

PT-2026-47699

DoS vulnerability in the browser kernel. Impact: Successful exploitation of this vulnerability may affect availability...

Linux Distros Unpatched Vulnerability : CVE-2026-46283

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tpm: Use kfreesensitive to free auth session in tpmdevrelease tpmdevrelease uses plain kfree to free chip-auth, which contains sensitive cryptographic material...

UBUNTU-CVE-2026-46301

In the Linux kernel, the following vulnerability has been resolved: spi: topcliff-pch: fix use-after-free on unbind Give the driver a chance to flush its queue before releasing the DMA buffers on driver unbind...

UBUNTU-CVE-2026-46315

In the Linux kernel, the following vulnerability has been resolved: iouring/waitid: clear waitid info before copying it to userspace IORINGOPWAITID stores its result fields in struct iowaitid::info and later copies them to userspace siginfo. The prep path initializes the request arguments, but it...

UBUNTU-CVE-2026-46282

In the Linux kernel, the following vulnerability has been resolved: iio: frequency: admv1013: fix NULL pointer dereference on str When devicepropertyreadstring fails, str is left uninitialized but the code falls through to strcmpstr, ..., dereferencing a garbage pointer. Replace manual read/strcm...

PT-2026-47909

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally...

PT-2026-47895

Name of the Vulnerable Software and Affected Versions Windows NT OS Kernel affected versions not specified Description An integer underflow wrap or wraparound in the kernel allows an authorized attacker to elevate privileges locally. This issue can be used as a post-breach maneuver to gain full...

PT-2026-47788

In the Linux kernel, the following vulnerability has been resolved: Revert "net/smc: Introduce TCP ULP support" This reverts commit d7cd421da9da2cc7b4d25b8537f66db5c8331c40. As reported by Al Viro, the TCP ULP support for SMC is fundamentally broken. The implementation attempts to convert an acti...

PT-2026-47760

In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skb gro receive can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFL MANAGED FRAG REFS flag. When SKBFL MANAGED FRAG REFS is...

PT-2026-47761

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf tables: use list del rcu for netlink hooks nft netdev unregister hooks and nft unregister flowtable net hooks need to use list del rcu, this list can be walked by concurrent dumpers. Add a new helper and use it...

Linux Distros Unpatched Vulnerability : CVE-2026-46307

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: ath5k: do not access array OOB Vincent reports: The ath5k driver seems to do an array-index-out- of-bounds access as shown by the UBSAN kernel message:...

Linux Distros Unpatched Vulnerability : CVE-2026-46323

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: gro: don't merge zcopy skbs skbgroreceive can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular...

Linux Distros Unpatched Vulnerability : CVE-2026-46314

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/v3d: Reject empty multisync extension to prevent infinite loop v3dgetextensions walks a userspace- provided singly-linked list of ioctl extensions without a...

Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50304)

The remote Oracle Linux 10 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50304 advisory. - arm64: errata: Mitigate TLBI errata on various Arm CPUs Mark Rutland Orabug: 39017589 CVE-2025-10263 Tenable has extracted the preceding description blo...

UBUNTU-CVE-2026-46302

In the Linux kernel, the following vulnerability has been resolved: selinux: allow multiple opens of /sys/fs/selinux/policy Currently there can only be a single open of /sys/fs/selinux/policy at any time. This allows any process to block any other process from reading the kernel policy. The...

UBUNTU-CVE-2026-46289

In the Linux kernel, the following vulnerability has been resolved: lib/scatterlist: fix length calculations in extractkvectosg Patch series "Fix bugs in extractitertosg", v3. Fix bugs in the kvec and user variants of extractitertosg. This series is growing due to useful remarks made by...

UBUNTU-CVE-2026-46288

In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in ofunittestchangeset The variable 'parent' is assigned the value of 'nchangeset' earlier in the function, meaning both point to the same struct devicenode. The call to ofnodeputnchangeset can...

PT-2026-47759

In the Linux kernel, the following vulnerability has been resolved: tun: free page on build skb failure in tun xdp one When build skb fails in tun xdp one, the function sets ret to -ENOMEM and jumps to the out label, which returns without freeing the page that vhost net build xdp allocated for th...

PT-2026-47757

In the Linux kernel, the following vulnerability has been resolved: tap: free page on error paths in tap get user xdp tap get user xdp rejects a frame shorter than ETH HLEN with -EINVAL, and returns -ENOMEM when build skb fails. Both paths jump to the err label without freeing the page that vhost...