DEBIAN-CVE-2026-45970

In the Linux kernel, the following vulnerability has been resolved: bonding: alb: fix UAF in rlbarprecv during bond up/down The ALB RX path may access rxhashtbl concurrently with bond teardown. During rapid bond up/down cycles, rlbdeinitialize frees rxhashtbl while RX handlers are still running,...

DEBIAN-CVE-2026-45958

In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: fix to avoid directly dereferencing user pointer In vidiconnectionioctl, vidi-ediduser pointer is directly dereferenced in the kernel. This allows arbitrary kernel memory access from the user space, so instead o...

DEBIAN-CVE-2026-45959

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree Annotating a local pointer variable, which will be assigned with the kmalloc-family functions, with the cleanupkfree attribute will make the address of the local...

DEBIAN-CVE-2026-45949

In the Linux kernel, the following vulnerability has been resolved: hwrng: core - use RCU and workstruct to fix race condition Currently, hwrngfill is not cleared until the hwrngfillfn thread exits. Since hwrngunregister reads hwrngfill outside the rngmutex lock, a concurrent hwrngunregister may...

DEBIAN-CVE-2026-45942

In the Linux kernel, the following vulnerability has been resolved: ext4: fix e4b bitmap inconsistency reports A bitmap inconsistency issue was observed during stress tests under mixed huge-page workloads. Ext4 reported multiple e4b bitmap check failures like: ext4mbcomplexscangroup:2508: group...

DEBIAN-CVE-2026-45941

In the Linux kernel, the following vulnerability has been resolved: tpm: tpmi2cinfineon: Fix locality leak on getburstcount failure getburstcount can return -EBUSY on timeout. When this happens, the function returns directly without releasing the locality that was acquired at the beginning of...

DEBIAN-CVE-2026-45944

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clear Present bit before tearing down context entry When tearing down a context entry, the current implementation zeros the entire 128-bit entry using multiple 64-bit writes. This creates a window where the hardware c...

DEBIAN-CVE-2026-45929

In the Linux kernel, the following vulnerability has been resolved: ovpn: fix possible use-after-free in ovpnnetxmit When building the skblist in ovpnnetxmit, skbsharecheck will free the original skb if it is shared. The current implementation continues to use the stale skb pointer for subsequent...

DEBIAN-CVE-2026-45921

In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: Fix memory leak in mtdparsertplinksafeloaderparse The function mtdparsertplinksafeloaderparse allocates buf via mtdparsertplinksafeloaderreadtable. If the allocation for partsidx.name fails inside the loop, the code...

DEBIAN-CVE-2026-45901

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: revert commitmutex usage in reset path It causes circular lock dependency between commitmutex, nfnlsubsysipset and nlkcbmutex when nft reset, ipset list, and iptables-nft with '-m set' rule run at the same...

DEBIAN-CVE-2026-45895

In the Linux kernel, the following vulnerability has been resolved: quota: fix livelock between quotactl and freezesuper When a filesystem is frozen, quotactlblock enters a retry loop waiting for the filesystem to thaw. It acquires sumount, checks the freeze state, drops sumount and uses...

DEBIAN-CVE-2026-45891

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix double free issue for tx spare buffer In hns3setringparam, a temporary copy tmprings of the ring structure is created for rollback. However, the txspare pointer in the original ring handle is incorrectly left...

DEBIAN-CVE-2026-45880

In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Release per-CPU pgmap ref when vminsertpage fails When vminsertpage fails in p2pmemallocmmap, p2pmemallocmmap doesn't invoke percpurefput to free the per-CPU ref of pgmap acquired after genpoolallocowner, and...

DEBIAN-CVE-2026-45867

In the Linux kernel, the following vulnerability has been resolved: power: supply: act8945a: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...

DEBIAN-CVE-2026-45871

In the Linux kernel, the following vulnerability has been resolved: tpm: st33zp24: Fix missing cleanup on getburstcount error getburstcount can return -EBUSY on timeout. When this happens, st33zp24send returns directly without releasing the locality acquired earlier. Use goto outerr to ensure...

DEBIAN-CVE-2026-45872

In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix memory leak in pqireportphysluns pqireportphysluns fails to release the rpllist buffer when encountering an unsupported data format or when the allocation for rpl16bytewwidlist fails. These early returns bypas...

DEBIAN-CVE-2026-45870

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: authgss: fix memory leaks in XDR decoding error paths The gssxdecctx, gssxdecstatus, and gssxdecname functions allocate memory via gssxdecbuffer, which calls kmemdup. When a subsequent decode operation fails, these...

DEBIAN-CVE-2026-45857

In the Linux kernel, the following vulnerability has been resolved: scsi: csiostor: Fix dereference of null pointer rn The error exit path when rn is NULL ends up deferencing the null pointer rn via the use of the macro CSIOINCSTATS. Fix this by adding a new error return path label after the use ...

DEBIAN-CVE-2026-45856

In the Linux kernel, the following vulnerability has been resolved: RDMA/uverbs: Validate wqesize before using it in ibuverbspostsend ibuverbspostsend uses cmd.wqesize from userspace without any validation before passing it to kmalloc and using the allocated buffer as struct ibuverbssendwr. If a...

DEBIAN-CVE-2026-45847

In the Linux kernel, the following vulnerability has been resolved: net: remove WARNONONCE when accessing forward path array Although unlikely, recent support for IPIP tunnels increases chances of reaching this WARNONONCE if userspace manages to build a sufficiently long forward path. Remove it...