CVE-2026-31710

A flaw was found in the Linux kernel's Server Message Block SMB client. When mounting SMB1 UNIX shares, the system may incorrectly handle directory separators. This issue arises because flags related to POSIX Access Control Lists ACLs and paths are not properly updated, leading to the use of an...

CVE-2026-31701

A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA caiaq driver. This vulnerability arises from improper handling of Universal Serial Bus USB device references. When a USB device is disconnected, the driver may attempt to access memory that has already been freed, a...

CVE-2026-31698

A flaw was found in the Linux kernel's crypto subsystem, specifically within the ccp driver. A local user could exploit this vulnerability when attempting to retrieve the Platform DH PDH certificate. If a firmware command fails due to an invalid length, the driver may attempt to copy data to...

CVE-2026-31697

A flaw was found in the Linux kernel's crypto: ccp driver. A local user could exploit this vulnerability by attempting to retrieve the CPU ID when a firmware command fails due to an invalid length. This can cause an overflow of a kernel-allocated buffer, leading to the disclosure of sensitive...

CVE-2026-31695

A flaw was found in the Linux kernel's virtwifi component. A local user can exploit a race condition during the unregistration of a virtwifi network device, where its parent pointer might refer to freed memory during ethtool operations. This use-after-free vulnerability can lead to system...

CVE-2026-43051

A flaw was found in the Linux kernel's Wacom Human Interface Device HID driver. This vulnerability allows a remote attacker to trigger an out-of-bounds read by sending a specially crafted, short Bluetooth HID report. This can lead to the disclosure of sensitive information from the system's memor...

CVE-2026-43050

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM LAN Emulation Client LEC module. A race condition exists where the priv-lecd pointer can be set to NULL while other threads are still accessing it. This can lead to a use-after-free memory corruption vulnerability when the...

CVE-2026-43036

A flaw was found in the Linux kernel's networking subsystem. An attacker injecting specially crafted packets through PFPACKET paths could trigger an uninitialized value read when processing TCPv4 Generic Segmentation Offload GSO packets. This vulnerability, specifically in the gsofeaturescheck...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 — Copy Fail Linux Privilege Escalation Ov...

CVE-2026-43022

A flaw was found in the Bluetooth Host Controller Interface HCI synchronization component of the Linux kernel. The hcicmdsyncqueueonce function did not properly signal when a command was already queued, which could lead to resource leaks. An attacker could potentially exploit this to cause a Deni...

CVE-2026-43018

A flaw was found in the Linux kernel's Bluetooth component. This Use-After-Free UAF vulnerability arises from insufficient locking during hciconn lookup and access within the hcileremoteconnparamreqevt function. An attacker could potentially exploit this to cause a system crash or execute arbitra...

CVE-2026-43014

A flaw was found in the Linux kernel's macb network driver. The driver improperly handles the unregistration of fixed rate clocks, causing a resource leak. This issue can lead to resource exhaustion, potentially allowing a local attacker to cause a Denial of Service DoS by making the system...

CVE-2026-43013

A flaw was found in the Linux kernel's net/mlx5 driver. An error in the mlx5lagdevaddmdev function can lead to the creation of debugfs entries without a valid LAG Link Aggregation Group context. This exposes interfaces that rely on a valid pointer, potentially leading to a NULL pointer dereferenc...

CVE-2026-43011

A flaw was found in the Linux kernel's X.25 networking component. This vulnerability, a double free, occurs when a socket buffer skb allocation fails in x25queuerxframe, causing the same skb to be freed twice. This improper memory handling can lead to a system crash, resulting in a Denial of...

CVE-2026-43010

A flaw was found in the Linux kernel. A local user could attach a sleepable BPF kprobemulti program, which allows sleepable helper functions, such as bpfcopyfromuser, to be invoked from a non-sleepable context. This incorrect handling can lead to a system crash, resulting in a Denial of Service D...

CVE-2026-43008

A flaw was found in the Linux kernel's qixis-fpga driver. This vulnerability is due to incorrect error handling when initializing memory-mapped I/O Input/Output regions. An attacker could potentially exploit this flaw by triggering an error condition, which may lead to an invalid pointer...

CVE-2026-43009

A flaw was found in the Linux kernel's BPF Berkeley Packet Filter verifier. The verifier, responsible for ensuring the safety of BPF programs, incorrectly tracks the precision of atomic fetch operations. This error can lead to the verifier pruning execution paths that should not be considered...

CVE-2026-43044

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix DMA corruption on long hmac keys When a key longer than block size is supplied, it is copied and then hashed into the real key. The memory allocated for the copy needs to be rounded to DMA cache alignment, as...

CVE-2026-31785

In the Linux kernel, the following vulnerability has been resolved: drm/xe/xepagefault: Disallow writes to read-only VMAs The page fault handler should reject write/atomic access to read only VMAs. Add code to handle this in xepagefaultservice after the VMA lookup. v2: - Apply max line length...

CVE-2026-31784

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pxp: Clear restart flag in pxpstart after jumping back If we don't clear the flag we'll keep jumping back at the beginning of the function once we reach the end. cherry picked from commit...