CVE-2026-43090

CVE-2026-43090 concerns a Linux kernel memory-leak in the XFRM subsystem. The root cause is a double call to xfrm_pol_hold_rcu() inside xfrm_migrate_policy_find(), even though the lookup function already returns a policy with a held reference. This leads to a refcount imbalance and memory leak of...

CVE-2026-43082

In the Linux kernel, the following vulnerability has been resolved: net: txgbe: leave space for null terminators on propertyentry Lists of struct propertyentry are supposed to be terminated with an empty property, this driver currently seems to be allocating exactly the amount of entry used. Chan...

CVE-2026-43080

In the Linux kernel, the following vulnerability has been resolved: l2tp: Drop large packets with UDP encap syzbot reported a WARN on my patch series 1. The actual issue is an overflow of 16-bit UDP length field, and it exists in the upstream code. My series added a debug WARN with an overflow...

CVE-2026-43074

In the Linux kernel, the following vulnerability has been resolved: eventpoll: defer struct eventpoll free to RCU grace period In certain situations, epfree in eventpoll.c will kfree the epi-ep eventpoll struct while it still being used by another concurrent thread. Defer the kfree to an RCU...

SUSE CVE-2026-31753

In the Linux kernel, the following vulnerability has been resolved: auxdisplay: line-display: fix NULL dereference in linedisprelease linedisprelease currently retrieves the enclosing struct linedisp via tolinedisp. That lookup depends on the attachment list, but the attachment may already have...

SUSE CVE-2026-31759

In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: fix double free in ulpiregisterinterface error path When deviceregister fails, ulpiregister calls putdevice on ulpi-dev. The device release callback ulpidevrelease drops the OF node reference and frees ulpi, but the...

SUSE CVE-2026-31773

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: derive legacy responder STK authentication from MITM state The legacy responder path in smprandom currently labels the stored STK as authenticated whenever pendingseclevel is BTSECURITYHIGH. That reflects what the...

SUSE CVE-2026-31783

In the Linux kernel, the following vulnerability has been resolved: spi: amlogic: spifc-a4: unregister ECC engine on probe failure and remove callback amlsfcprobe registers the on-host NAND ECC engine, but teardown was missing from both probe unwind and remove-time cleanup. Add a devm cleanup...

SUSE CVE-2026-43015

In the Linux kernel, the following vulnerability has been resolved: net: macb: fix clk handling on PCI glue driver removal platformdeviceunregister may still want to use the registered clks during runtime resume callback. Note that there is a commit d82d5303c4c5 "net: macb: fix use after free on...

SUSE CVE-2026-43059

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers Commit 302a1f674c00 "Bluetooth: MGMT: Fix possible UAFs" introduced mgmtpendingvalid, which not only validates the pending command but also unlinks it from...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper cloning of the atmelhlcdcplane state during the drmplanestate operation. This...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the rnbd-srv component does not clear the data buffer before sending a response,...

PT-2026-37402

In the Linux kernel, the following vulnerability has been resolved: xsk: validate MTU against usable frame size on bind AF XDP bind currently accepts zero-copy pool configurations without verifying that the device MTU fits into the usable frame space provided by the UMEM chunk. This becomes a...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the btrfssyncfile event. This event involves accessing the super block through dentry, without...

PT-2026-37421

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the HID Roccat component. The roccat report event function iterates over the device-readers list without holding the readers lock mutex. This allows a...

PT-2026-37400

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the Linux kernel due to a reference count imbalance. The issue occurs within the xfrm migrate policy find function, which performs a double call to the xfrm pol...

PT-2026-37544

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ASoC qcom q6asm component where DSP responses arriving after a data stream had been closed were still being handled. This failure to properly ignore these response...

PT-2026-37539

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query Fix a "scheduling while atomic" bug in mlx5e ipsec init macs by replacing mlx5 query mac address with ether addr copy to get the local MAC address directly from...

PT-2026-37610

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A reference leak exists in the Linux kernel within the mtk-mdp media component. The vpu get plat device function, called during mtk mdp probe, increases the reference count of the return...

PT-2026-37580

In the Linux kernel, the following vulnerability has been resolved: x86/kexec: add a sanity check on previous kernel's ima kexec buffer When the second-stage kernel is booted via kexec with a limiting command line such as "mem=", the physical range that contains the carried over IMA measurement...