DEBIAN-CVE-2026-23458

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: fix use-after-free in ctnetlinkdumpexpct ctnetlinkdumpexpct stores a conntrack pointer in cb-data for the netlink dump callback ctnetlinkexpctdumptable, but drops the conntrack reference immediately after...

DEBIAN-CVE-2026-23453

In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: Fix memory leak in XDPDROP for non-zero-copy mode Page recycling was removed from the XDPDROP path in emacrunxdp to avoid conflicts with AFXDP zero-copy mode, which uses xskbufffree instead. However, this...

DEBIAN-CVE-2026-23449

In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: Fix double-free in teqlmasterxmit Whenever a TEQL devices has a lockless Qdisc as root, qdiscreset should be called using the seqlock to avoid racing with the datapath. Failure to do so may cause crashes like the...

DEBIAN-CVE-2026-23454

In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free in manahwcdestroychannel by reordering teardown A potential race condition exists in manahwcdestroychannel where hwc-callerctx is freed before the HWC's Completion Queue CQ and Event Queue EQ are...

DEBIAN-CVE-2026-23448

In the Linux kernel, the following vulnerability has been resolved: net: usb: cdcncm: add ndpoffset to NDP16 nframes bounds check cdcncmrxverifyndp16 validates that the NDP header and its DPE entries fit within the skb. The first check correctly accounts for ndpoffset: if ndpoffset + sizeofstruct...

DEBIAN-CVE-2026-23431

In the Linux kernel, the following vulnerability has been resolved: spi: amlogic-spisg: Fix memory leak in amlspisgprobe In amlspisgprobe, ctlr is allocated by spialloctarget/spiallochost, but fails to call spicontrollerput in several error paths. This leads to a memory leak whenever the driver...

DEBIAN-CVE-2026-23434

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: serialize lock/unlock against other NAND operations nandlock and nandunlock call into chip-ops.lockarea/unlockarea without holding the NAND device lock. On controllers that implement SETFEATURES via multiple low-lev...

DEBIAN-CVE-2026-23424

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Validate command buffer payload count The count field in the command header is used to determine the valid payload size. Verify that the valid payload does not exceed the remaining buffer space...

MINI-F9HP-QM5W-RRV7

Bulletin has no description...

BELL-CVE-2025-13763

Bulletin has no description...

MINI-5G48-P755-PJMF

Bulletin has no description...

MINI-64H2-Q2X3-G776

Bulletin has no description...

OSV-2026-518 Use-of-uninitialized-value in ne_read_block

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=498498500 Crash type: Use-of-uninitialized-value Crash state: nereadblock nesteggreadpacket fuzz.cc...

DEBIAN-CVE-2026-23408

In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix double free of nsname in aareplaceprofiles if nsname is NULL after 1071 error = aaunpackudata, &lh, &nsname; and if ent-nsname contains an nsname in 1089 else if ent-nsname then nsname is assigned the ent-nsname 109...

DEBIAN-CVE-2026-23409

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix differential encoding verification Differential encoding allows loops to be created if it is abused. To prevent this the unpack should verify that a diff-encode chain terminates. Unfortunately the differential encod...

BELL-CVE-2026-5201

Bulletin has no description...

DEBIAN-CVE-2026-5280

Use after free in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2026-0396

An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI...

ECHO-511D-493A-869E

Bulletin has no description...

DEBIAN-CVE-2026-5107

A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function processtype2route of the file bgpd/bgpevpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to ha...