UBUNTU-CVE-2026-45894

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clear Present bit before tearing down PASID entry The Intel VT-d Scalable Mode PASID table entry consists of 512 bits 64 bytes. When tearing down an entry, the current implementation zeros the entire 64-byte structure...

UBUNTU-CVE-2026-45953

In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix IO hang with degraded array with llbitmap When llbitmap bit state is still unwritten, any new write should force rcw, as bitmapops-blockssynced is checked in handlestripedirtying. However, later the same check is...

UBUNTU-CVE-2026-45903

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory access flags in helper prototypes After commit 37cce22dbd51 "bpf: verifier: Refactor helper access type tracking", the verifier started relying on the access type flags in helper function prototypes to perform...

UBUNTU-CVE-2026-46005

In the Linux kernel, the following vulnerability has been resolved: xfs: fix a resource leak in xfsallocbuftarg In the error path, call fsputdax to drop the DAX device reference...

UBUNTU-CVE-2026-46046

In the Linux kernel, the following vulnerability has been resolved: ext4: fix missing brelse in ext4xattrinodedecrefall The commit c8e008b60492 "ext4: ignore xattrs past end" introduced a refcount leak in when blockcsum is false. ext4xattrinodedecrefall calls ext4getinodeloc to get iloc.bh, but...

UBUNTU-CVE-2026-46089

In the Linux kernel, the following vulnerability has been resolved: zram: do not forget to endio for partial discard requests As reported by Qu Wenruo and Avinesh Kumar, the following getconf PAGESIZE 65536 blkdiscard -p 4k /dev/zram0 takes literally forever to complete. zram doesn't support...

UBUNTU-CVE-2026-45930

In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar @farazsth98 from Zellic, and Pumpkin @u1f383 from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTMGETNEIGH will return...

UBUNTU-CVE-2026-45879

In the Linux kernel, the following vulnerability has been resolved: power: supply: bq25980: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...

UBUNTU-CVE-2026-46094

In the Linux kernel, the following vulnerability has been resolved: ext4: fix bounds check in checkxattrs to prevent out-of-bounds access The bounds check for the next xattr entry in checkxattrs uses void next = end, which allows next to point within sizeofu32 bytes of end. On the next loop...

UBUNTU-CVE-2026-45996

In the Linux kernel, the following vulnerability has been resolved: spi: imx: fix use-after-free on unbind The SPI subsystem frees the controller and any subsystem allocated driver data as part of deregistration unless the allocation is device managed. Take another reference before deregistering...

UBUNTU-CVE-2026-45938

In the Linux kernel, the following vulnerability has been resolved: power: supply: pm8916lbc: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...

UBUNTU-CVE-2026-46034

In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Fix NULL pointer dereference in interrupt trigger path Add validation to ensure MSI is configured before accessing cdxirqs array in vfiocdxsetmsitrigger. Without this check, userspace can trigger a NULL pointer...

UBUNTU-CVE-2026-45967

In the Linux kernel, the following vulnerability has been resolved: bpf: Return proper address for non-zero offsets in insn array The mapdirectvalueaddr function of the instruction array map incorrectly adds offset to the resulting address. This is a bug, because later the resolvepseudoldimm64...

UBUNTU-CVE-2026-45921

In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: Fix memory leak in mtdparsertplinksafeloaderparse The function mtdparsertplinksafeloaderparse allocates buf via mtdparsertplinksafeloaderreadtable. If the allocation for partsidx.name fails inside the loop, the code...

UBUNTU-CVE-2026-45985

In the Linux kernel, the following vulnerability has been resolved: ext4: don't set EXT4GETBLOCKSCONVERT when splitting before submitting I/O When allocating blocks during within-EOF DIO and writeback with dioreadnolock enabled, EXT4GETBLOCKSPREIO was set to split an existing large unwritten...

UBUNTU-CVE-2026-46019

In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-aes - Fix 3-page memory leak in atmelaesbuffcleanup atmelaesbuffinit allocates 4 pages using getfreepages with ATMELAESBUFFERORDER, but atmelaesbuffcleanup frees only the first page using freepage, leaking the...

UBUNTU-CVE-2026-45922

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix memory leak in GETDATADIRECTSYSFSPATH handler The UVERBSHANDLERMLX5IBMETHODGETDATADIRECTSYSFSPATH function allocates memory for the device path using kobjectgetpath. If the length of the device path exceeds the...

UBUNTU-CVE-2026-46101

In the Linux kernel, the following vulnerability has been resolved: netfilter: reject zero shift in nftbitwise Reject zero shift operands for nftbitwise left and right shift expressions during initialization. The carry propagation logic computes the carry from the adjacent 32-bit word using...

UBUNTU-CVE-2026-46059

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN For guests with NRIPS disabled, L1 does not provide NextRIP when running an L2 with an injected soft interrupt, instead it advances the current RIP before...

UBUNTU-CVE-2026-45951

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free of BTF object Refcounting in the checkpseudobtfid function is incorrect: the checkpseudobtfid function might get called with a zero refcounted btf. Fix this, and patch related code accordingly...