CVE-2026-45967 bpf: Return proper address for non-zero offsets in insn array

In the Linux kernel, the following vulnerability has been resolved: bpf: Return proper address for non-zero offsets in insn array The mapdirectvalueaddr function of the instruction array map incorrectly adds offset to the resulting address. This is a bug, because later the resolvepseudoldimm64...

CVE-2026-45927

In the Linux kernel, the following vulnerability has been resolved: bpf: Require frozen map for calculating map hash Currently, bpfmapgetinfobyfd calculates and caches the hash of the map regardless of the map's frozen state. This leads to a TOCTOU bug where userspace can call BPFOBJGETINFOBYFD t...

CVE-2026-45927 bpf: Require frozen map for calculating map hash

In the Linux kernel, the following vulnerability has been resolved: bpf: Require frozen map for calculating map hash Currently, bpfmapgetinfobyfd calculates and caches the hash of the map regardless of the map's frozen state. This leads to a TOCTOU bug where userspace can call BPFOBJGETINFOBYFD t...

CVE-2026-45927

In CVE-2026-45927, the Linux kernel BPF path bpf_map_get_info_by_fd caches the map hash regardless of the map’s frozen state, enabling a TOCTOU where a loader could verify a stale hash before freezing contents. The fix returns -EPERM if the map is not frozen when the hash is requested, ensuring t...

CVE-2026-45908

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix memory leak in amdxdnaubufmap The amdxdnaubufmap function allocates memory for sg and internal sg table structures, but it fails to free them if subsequent operations sgalloctablefrompages or dmamapsgtable fail...

CVE-2026-45908

The CVE affects the Linux kernel’s accel/amdxdna path. The amdxdna_ubuf_map() function allocates memory for sg and internal sg table structures but fails to free them if subsequent operations (sg_alloc_table_from_pages or dma_map_sgtable) fail, causing a memory leak. The entry notes that this vul...

CVE-2026-45886 bpf: Fix bpf_xdp_store_bytes proto for read-only arg

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpfxdpstorebytes proto for read-only arg While making some maps in Cilium read-only from the BPF side, we noticed that the bpfxdpstorebytes proto is incorrect. In particular, the verifier was throwing the following error...

CVE-2026-45886

CVE-2026-45886 : Linux kernel fix for bpf_xdp_store_bytes argument type error when writing to read-only maps. The verifier flagged a MEM_WRITE on R3 (PTR_TO_MAP_VALUE from a read-only map) due to ARG_PTR_TO_UNINIT_MEM; the third argument’s type did not match bpf_skb_store_bytes. The patch aligns ...

CVE-2026-45880

In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Release per-CPU pgmap ref when vminsertpage fails When vminsertpage fails in p2pmemallocmmap, p2pmemallocmmap doesn't invoke percpurefput to free the per-CPU ref of pgmap acquired after genpoolallocowner, and...

CVE-2025-71304

The CVE-2025-71304 entry describes a Linux kernel Smack issue where /smack/doi could accept values that were previously written, causing decommissioned DOIs to linger and the default domain map to be unavailable. This behavior can disable networking for non-ambient labels because existing CIPSO/D...

CVE-2025-71304 smack: /smack/doi: accept previously used values

In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. cat /smack/doi 3 netlabelctl -p cipso list Configured...

PT-2026-43775

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix memory leak in amdxdna ubuf map The amdxdna ubuf map function allocates memory for sg and internal sg table structures, but it fails to free them if subsequent operations sg alloc table from pages or dma map...

CVE-2026-45908

accel/amdxdna: Fix memory leak in amdxdnaubufmap...

PT-2026-43743

In the Linux kernel, the following vulnerability has been resolved: arm64/gcs: Fix error handling in arch set shadow stack status alloc gcs returns an error-encoded pointer on failure, which comes from do mmap, not NULL. The current NULL check fails to detect errors, which could lead to using an...

CVE-2026-45880

PCI/P2PDMA: Release per-CPU pgmap ref when vminsertpage fails...

CVE-2026-36539

Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skkget.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...

PT-2026-43921

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The SELinux security model for overlayfs allows access if the current task can access the top-level user file and the mounter's credentials are sufficient for the lower-level backing fil...

PT-2026-43794

In the Linux kernel, the following vulnerability has been resolved: bpf: Require frozen map for calculating map hash Currently, bpf map get info by fd calculates and caches the hash of the map regardless of the map's frozen state. This leads to a TOCTOU bug where userspace can call BPF OBJ GET IN...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from bpfmapgetinfobyfd function in bpf. This function does not check the frozen state of maps during t...

CVE-2026-36539

Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skkget.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...