CVE-2026-53148

In the Linux kernel Thunderbolt code, tb_xdp_properties_request derives per-packet copy length from the response header and may exceed the previously allocated data buffer, allowing memcpy to write past the kcalloc allocation. The fix clamps the per-packet copy length so that the cumulative offse...

CVE-2026-53147 thunderbolt: Validate XDomain request packet size before type cast

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request packet size before type cast tbxdphandlerequest casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for the target type. A peer...

EUVD-2026-39238

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request packet size before type cast tbxdphandlerequest casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for the target type. A peer...

CVE-2026-53147

The CVE-2026-53147 issue affects the Linux kernel Thunderbolt XDomain handling. tb_xdp_handle_request() casts the received packet buffer to protocol-specific structs without confirming that the allocation is large enough for the target type. A peer could send a minimal XDomain packet that passes ...

CVE-2026-53147

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request packet size before type cast tbxdphandlerequest casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for the target type. A peer...

CVE-2026-53095

A flaw was found in the Linux kernel. This vulnerability allows for the abuse of the kprobewritectx mechanism through freplace in Berkeley Packet Filter BPF kprobe programs. A local attacker could exploit this by attaching a freplace program to a kprobe program that is attached to a kernel...

Linux Distros Unpatched Vulnerability : CVE-2026-52984

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/sched: netem: fix queue limit check to include reordered packets The queue limit check in netemenqueue uses q-tlen which only counts packets in the internal...

Linux Distros Unpatched Vulnerability : CVE-2026-53070

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sctp: disable BH before calling udptunnelxmitskb udptunnelxmitskb / udptunnel6xmitskb are expected to run with BH disabled. After commit 6f1a9140ecda add xmit...

CVE-2026-52928

A flaw was found in the Linux kernel's afunix component. This vulnerability involves the incorrect handling of the SIOCATMARK operation when used with non-stream sockets, such as SOCKDGRAM and SOCKSEQPACKET. These socket types did not properly reject SIOCATMARK, an operation intended only for...

EUVD-2026-38901

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Take state lock for afunix iter When a BPF iterator program updates a sockmap, there is a race condition in unixstreambpfupdateproto where the peer pointer can become stale1 during a state transition TCPESTABLISHED ...

EUVD-2026-38904

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix off-by-one in checkimm signed range check checkimmbits, imm is used in the arm64 BPF JIT to verify that a branch displacement in arm64 instruction units fits into the signed N-bit immediate field of a B, B.cond or...

EUVD-2026-38900

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix NULL deref in mapkptrmatchtype for scalar regs Commit ab6c637ad027 "bpf: Fix a bpfkptrxchg issue with local kptr" refactored mapkptrmatchtype to branch on btfiskernel before checking basetype. A scalar register stored in...

EUVD-2026-38862

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix MSGZEROCOPY pinned-pages accounting virtiotransportinitzcopyskb uses iter-count as the size argument for msgzerocopyrealloc, which in turn passes it to mmaccountpinnedpages for RLIMITMEMLOCK accounting. However,...

EUVD-2026-38813

In the Linux kernel, the following vulnerability has been resolved: Revert "wireguard: device: enable threaded NAPI" This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit db9ae3b6b43c79b1ba87eea849fd65efa05b4b2e upstream. We have had three independent production user report...

CVE-2026-12760

The CVE-2026-12760 vulnerability affects TP-Link Tapo C200 (v3) in the network packet handling path. It arises from improper handling of IPv4 fragmented packets, allowing an unauthenticated adjacent attacker to send crafted fragments to cause excessive resource usage, leading to a temporary DoS c...

CVE-2026-53081

In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce regsafe base id consistency for BPFADDCONST scalars When regsafe compares two scalar registers that both carry BPFADDCONST, checkscalarids maps their full compound id aka base | BPFADDCONST flag as one idmap entry...

CVE-2026-53055

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec2 - prevent req used-after-free for sec During packet transmission, if the system is under heavy load, the hardware might complete processing the packet and free the request memory req before the transmission...

CVE-2026-53036

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix off-by-one in checkimm signed range check checkimmbits, imm is used in the arm64 BPF JIT to verify that a branch displacement in arm64 instruction units fits into the signed N-bit immediate field of a B, B.cond or...

EUVD-2026-38978

In the Linux kernel, the following vulnerability has been resolved: s390/bpf: Zero-extend bpf prog return values and kfunc arguments s390x ABI requires callers to zero-extend unsigned arguments and sign-extend signed arguments, and callees to zero-extend unsigned return values and sign-extend...

CVE-2026-53096 bpf: Use RCU-safe iteration in dev_map_redirect_multi() SKB path

In the Linux kernel, the following vulnerability has been resolved: bpf: Use RCU-safe iteration in devmapredirectmulti SKB path The DEVMAPHASH branch in devmapredirectmulti uses hlistforeachentrysafe to iterate hash buckets, but this function runs under RCU protection called from...