CVE-2026-23299 Bluetooth: purge error queues in socket destructors

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: purge error queues in socket destructors When TX timestamping is enabled via SOTIMESTAMPING, SKBs may be queued into skerrorqueue and will stay there until consumed. If userspace never gets to read the timestamps, or i...

CVE-2026-23294 bpf: Fix race in devmap on PREEMPT_RT

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix race in devmap on PREEMPTRT On PREEMPTRT kernels, the per-CPU xdpdevbulkqueue bq can be accessed concurrently by multiple preemptible tasks on the same CPU. The original code assumes bqenqueue and devflush run atomically...

CVE-2026-23294

The CVE describes a race in the Linux kernel’s PREEMPT_RT path for the per-CPU xdp_dev_bulk_queue (bq). The vulnerability arises because bq_enqueue() and __dev_flush() were believed to run atomically on the same CPU, but PREEMPT_RT can preempt, leading to concurrent access to bq->count and bq-...

CVE-2026-23294 bpf: Fix race in devmap on PREEMPT_RT

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix race in devmap on PREEMPTRT On PREEMPTRT kernels, the per-CPU xdpdevbulkqueue bq can be accessed concurrently by multiple preemptible tasks on the same CPU. The original code assumes bqenqueue and devflush run atomically...

CVE-2026-23289 IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()

In the Linux kernel, the following vulnerability has been resolved: IB/mthca: Add missed mthcaunmapuserdb for mthcacreatesrq Fix a user triggerable leak on the system call failure path...

CVE-2026-23289

In the Linux kernel, the following vulnerability has been resolved: IB/mthca: Add missed mthcaunmapuserdb for mthcacreatesrq Fix a user triggerable leak on the system call failure path...

PT-2026-27720

In the Linux kernel, the following vulnerability has been resolved: ata: libata: cancel pending work after clearing deferred qc Syzbot reported a WARN ON in ata scsi deferred qc work, caused by ap-ops-qc defer returning non-zero before issuing the deferred qc. ata scsi schedule deferred qc is...

PT-2026-27749

In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic: Fix kernel stack leak in ionic create cq struct ionic cq resp resp u32 cqid2; // offset 0 - PARTIALLY SET see below u8 udma mask; // offset 8 - SET resp.udma mask = vcq-udma mask u8 rsvd7; // offset 9 - NEVER SET udma...

PT-2026-36438

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the Bluetooth component when the hci cmd sync queue once function returns an error. In such cases, the destroy callback is not triggered, leading to leaking...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to clear the error queue during the socket destruction function. This vulnerability m...

PT-2026-27659

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix race in devmap on PREEMPT RT On PREEMPT RT kernels, the per-CPU xdp dev bulk queue bq can be accessed concurrently by multiple preemptible tasks on the same CPU. The original code assumes bq enqueue and dev flush run...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from acquiring the wait queue lock under a performance context lock, potentially leading to an invalid...

PT-2026-36439

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth component where the hci cmd sync queue once function fails to indicate whether a queue item was added. This prevents the caller from knowing if callbacks...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, caused by an incorrect configuration of the XDP RxQ fragsize field, which may lead to negative tail space...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper release of old management queues when the controller is reset, potentially leading t...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to call fini when creating the execution queue, potentially leading to invalid memory...

PT-2026-27707

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix race in cpumap on PREEMPT RT On PREEMPT RT kernels, the per-CPU xdp bulk queue bq can be accessed concurrently by multiple preemptible tasks on the same CPU. The original code assumes bq enqueue and cpu map flush run...

Oracle Linux 7 : kernel (ELSA-2026-3685)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-3685 advisory. - ext4: fix use-after-free in ext4orphancleanup CVE-2022-50673 Orabug: 39036029 - Squashfs: check return result of sbminblocksize CVE-2025-38415 Orabug...

Linux Distros Unpatched Vulnerability : CVE-2026-23360

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nvme: fix admin queue leak on controller reset When nvmeallocadmintagset is called during a controller reset, a previous admin queue may still exist. Release it...

Linux Distros Unpatched Vulnerability : CVE-2026-23391

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: xtCT: drop pending enqueued packets on template removal Templates refer to objects that can go away while packets are sitting in nfqueue refer to: -...