kernel: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit

In the Linux kernel, the following vulnerability has been resolved: net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit The following setup can trigger a WARNING in htbactivate due to the condition: !cl-leaf.q-q.qlen tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb...

kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service

A flaw was found in the Linux kernel's bonding driver. A local attacker with low privileges could exploit a use-after-free vulnerability in the bondxmitbroadcast function. This occurs due to a race condition during concurrent slave enslave/release operations, which can lead to the original socket...

kernel: md/bitmap: fix GPF in write_page caused by resize race

A flaw was found in the Linux kernel's md/bitmap component. This vulnerability involves a use-after-free race condition that occurs during array resize operations. When the bitmapdaemonwork and bitmapresize functions execute concurrently, they can access memory pages that have already been freed...

kernel: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach()

A flaw was found in the Linux kernel's IPv6 ICMP error generation. A remote attacker could send a specially crafted IPv4 ICMP error packet with a Common Internet Protocol Security Option CIPSO IP option. This could lead to incorrect handling of packet control block data when generating an IPv6 IC...

kernel: smb: client: validate the whole DACL before rewriting it in cifsacl

A flaw was found in the Linux kernel's Server Message Block SMB client, specifically within the cifsacl functionality. A malicious SMB server could provide a malformed Discretionary Access Control List DACL that claims to contain more Access Control Entries ACEs than are actually present. This...

kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation

A flaw was found in the Linux kernel. A use-after-free vulnerability exists in the traffic control actct path when it is incorrectly configured with non-ingress egress qdiscs queueing disciplines. This can allow a local user with specific privileges to trigger a kernel crash, leading to a denial ...

Important: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Exploit for Out-of-bounds Write in Linux Linux_Kernel

本地提权 CVE-2026-46300 使用方式： CGOENABLED=0 go build -ldflag...

Exploit for Write-what-where Condition in Linux Linux_Kernel

Local privilege escalation / Container escape: CVE-2026-43284 /...

Linux Distros Unpatched Vulnerability : CVE-2026-45967

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf: Return proper address for non- zero offsets in insn array The mapdirectvalueaddr functi...

PT-2026-46018

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-edma: don't explicitly disable clocks in .remove The clocks in fsl edma engine::muxclk are allocated and enabled with devm clk get enabled, which automatically cleans these resources up, but these clocks are also...

PT-2026-45985

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/panthor component where the memory subsystem can become blocked, causing flush operations to never complete. This state can be triggered by buggy GPU jobs...

PT-2026-46034

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A firmware crash occurs in the WCN7850 when Wake-on-Wireless WoW offloads are enabled on both primary and secondary links during a multi-link connection. This issue is specific to the...

Linux Distros Unpatched Vulnerability : CVE-2025-71312

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix ntfsmountoptions leak in ntfsfillsuper In ntfsfillsuper, the fc-fsprivate...

Linux Distros Unpatched Vulnerability : CVE-2025-71313

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PCI: endpoint: Add missing NULL check for allocworkqueue allocworkqueue can return NULL on memory allocation failure. Without proper error checking, this may le...

Linux Distros Unpatched Vulnerability : CVE-2026-46262

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ASoC: fslxcvr: Revert fix missing lock in fslxcvrmodeput This reverts commit f51424872760...

Linux Distros Unpatched Vulnerability : CVE-2026-46251

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: fix blockgrouptree dirtylist corruption When the incompat flag EXTENTTREEV2 is set, we unconditionally add the block group tree to the switchcommits list...

PT-2026-46032

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the k230 pinctrl driver during the probing process when parsing the devicetree. The issue arises within the k230 pinctrl parse functions function,...

Linux Distros Unpatched Vulnerability : CVE-2026-46141

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - powerpc/xive: fix kmemleak caused by incorrect chipdata lookup The kmemleak reports the following memory leak: Unreferenced object 0xc0000002a7fbc640 size 64:...

Linux Distros Unpatched Vulnerability : CVE-2026-45976

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu: Fix memory leak in amdgpurasinit When amdgpunbiorasswinit fails in amdgpurasinit, the function returns directly without freeing the allocated con...