CVE-2026-46262

CVE-2026-46262 concerns the Linux kernel ASoC fsl_xcvr module. The issue stems from a deadlock: a read lock is acquired while a write lock is already held in the same thread within fsl_xcvr_mode_put(), which is invoked by the upper ALSA core via snd_ctl_elem_write(). This caused a hung task. The ...

CVE-2026-42321

CVE-2026-42321 affects GLPI before 10.0.25 and 11.0.7, where a technician can store a stored XSS payload in the asset locked tab. The vulnerability is mitigated by upgrading to GLPI 10.0.25 or 11.0.7, which contain the patch. The connected sources confirm the affected versions and the fix version...

CVE-2026-42321 GLPI has stored XSS in asset locks

GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

CVE-2026-42321 GLPI has stored XSS in asset locks

GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

CVE-2026-45283

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before 33.0.1, the fileslock app did not properly validate the ownership of files when processing DAV lock and unlock requests. An authenticated user could lock or...

SUSE CVE-2026-46154

In the Linux kernel, the following vulnerability has been resolved: schedext: Read scxroot under scxcgroupopsrwsem in cgroup setters scxgroupsetweight,idle,bandwidth cache scxroot before acquiring scxcgroupopsrwsem, so the pointer can be stale by the time the op runs. If the loaded scheduler is...

UBUNTU-CVE-2026-46168

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix scheduling with atomic in timestamp sockopt Using locksockfast atomic context around socksettimestamp and socksettimestamping is unsafe, as both helpers can sleep. Replace locksockfast with sleepable locksock/releaseso...

EUVD-2026-32795

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix scheduling with atomic in timestamp sockopt Using locksockfast atomic context around socksettimestamp and socksettimestamping is unsafe, as both helpers can sleep. Replace locksockfast with sleepable locksock/releaseso...

CVE-2026-46168 mptcp: fix scheduling with atomic in timestamp sockopt

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix scheduling with atomic in timestamp sockopt Using locksockfast atomic context around socksettimestamp and socksettimestamping is unsafe, as both helpers can sleep. Replace locksockfast with sleepable locksock/releaseso...

CVE-2026-46168

The CVE-2026-46168 issue affects the Linux kernel's multipath TCP (mptcp) scheduling around timestamp sockopts. The root cause is using lock_sock_fast() (atomic context) around sock_set_timestamp() and sock_set_timestamping(), which can sleep and cause atomic-context issues. The published fixes r...

CVE-2026-46112

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix unlocked call to hnsroceqpremove Sashiko points out that hnsroceqpremove requires the caller to hold locks. The error flow in hnsrocecreateqpcommon doesn't hold those locks for the error unwind so it risks corruptin...

SUSE CVE-2025-71309

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix deadlock in nireadfoliocmpr Syzbot reported a task hung in nireadpagecmpr now nireadfoliocmpr. This is caused by a lock inversion deadlock involving the inode mutex nilock and page locks. Scenario: 1. Task A enters...

CVE-2026-45924

A flaw was found in ksmbd, a component of the Linux kernel. This vulnerability occurs because ksmbdvfskernpathendremoving is not called on certain error paths, leading to unbalanced inode locks and references. This can result in potential deadlocks and unbalanced locks, which may cause system...

Canonical Ubuntu Linux 安全漏洞

Canonical Ubuntu Linux is a Linux operating system developed by the British company Canonical. The Canonical Ubuntu Linux 6.8, 6.17, and 7.0 versions contain security vulnerabilities. These vulnerabilities stem from incorrect sleep behavior when holding spin locks, which may lead to kernel panic ...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from eventfs failing to properly hold the eventfsmutex and SRCU locks during re-mounting of events. Th...

PT-2026-44235

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A memory corruption issue exists in the RDMA hns component. The function hns roce qp remove is called without the required locks during the error unwind process within the hns roce create q...

PT-2026-44291

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the Multipath TCP mptcp implementation where the use of lock sock fast an atomic context around the sock...

CVE-2026-24182

NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could leak held driver locks. A successful exploit of this vulnerability might lead to denial of service...

GHSA-39VQ-49QM-R2MC Kirby CMS's content locks disclose IDs and emails of inaccessible users from `users.access/list` permissions

TL;DR This vulnerability affects all Kirby sites that restrict the visibility of users for certain roles via the users.access or users.list permissions. A site is affected if users of a particular role are not allowed to see other users in the Panel, for example because the role's blueprint sets...

Kirby CMS's content locks disclose IDs and emails of inaccessible users from `users.access/list` permissions

TL;DR This vulnerability affects all Kirby sites that restrict the visibility of users for certain roles via the users.access or users.list permissions. A site is affected if users of a particular role are not allowed to see other users in the Panel, for example because the role's blueprint sets...