21954 matches found
EUVD-2026-15331
In the Linux kernel, the following vulnerability has been resolved: drbd: fix "LOGIC BUG" in drbdalbeginiononblock Even though we check that we "should" be able to do lcgetcumulative while holding the device-allock spinlock, it may still fail, if some other code path decided to do lctrylock with...
EUVD-2026-15235
In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop When a standalone IPv6 nexthop object is created with a loopback device e.g., "ip -6 nexthop add id 100 dev lo", fib6nhinit misclassifies it as a reject route...
EUVD-2026-15230
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix refcount leak for tagsetrefcnt This leak will cause a hang when tearing down the SCSI host. For example, iscsid hangs with the following call trace: 130120.652718 scsiallocsdev: Allocation failure during SCSI...
EUVD-2026-15220
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: properly drop the usb interface reference on disconnect When the device is disconnected from the driver, there is a "dangling" reference count on the usb interface that was grabbed in the probe callback. Fix this up b...
EUVD-2026-15269
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a UAF issue in bpftrampolinelinkcgroupshim The root cause of this bug is that when 'bpflinkput' reduces the refcount of 'shimlink-link.link' to zero, the resource is considered released but may still be referenced via...
EUVD-2026-15206
In the Linux kernel, the following vulnerability has been resolved: regulator: fp9931: Fix PM runtime reference leak in fp9931hwmonread In fp9931hwmonread, if regmapread failed, the function returned the error code without calling pmruntimeputautosuspend, causing a PM reference leak...
CVE-2026-23394
In the Linux kernel, the following vulnerability has been resolved: afunix: Give up GC if MSGPEEK intervened. Igor Ushakov reported that GC purged the receive queue of an alive socket due to a race with MSGPEEK with a nice repro. This is the exact same issue previously fixed by commit cbcf01128d0...
CVE-2026-23380
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARNON in tracingbuffersmmapclose When a process forks, the child process copies the parent's VMAs but the usermapped reference count is not incremented. As a result, when both the parent and child processes exit,...
CVE-2026-23356
In the Linux kernel, the following vulnerability has been resolved: drbd: fix "LOGIC BUG" in drbdalbeginiononblock Even though we check that we "should" be able to do lcgetcumulative while holding the device-allock spinlock, it may still fail, if some other code path decided to do lctrylock with...
CVE-2026-23319
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a UAF issue in bpftrampolinelinkcgroupshim The root cause of this bug is that when 'bpflinkput' reduces the refcount of 'shimlink-link.link' to zero, the resource is considered released but may still be referenced via...
CVE-2026-23291
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: properly drop the usb interface reference on disconnect When the device is disconnected from the driver, there is a "dangling" reference count on the usb interface that was grabbed in the probe callback. Fix this up b...
CVE-2026-23296
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix refcount leak for tagsetrefcnt This leak will cause a hang when tearing down the SCSI host. For example, iscsid hangs with the following call trace: 130120.652718 scsiallocsdev: Allocation failure during SCSI...
CVE-2026-23284
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: Reset prog ptr to oldprog in case of error in mtkxdpsetup Reset eBPF program pointer to oldprog and do not decrease its ref-count if mtkopen routine in mtkxdpsetup fails...
CVE-2026-23283
In the Linux kernel, the following vulnerability has been resolved: regulator: fp9931: Fix PM runtime reference leak in fp9931hwmonread In fp9931hwmonread, if regmapread failed, the function returned the error code without calling pmruntimeputautosuspend, causing a PM reference leak...
CVE-2026-23356
In the Linux kernel, the following vulnerability has been resolved: drbd: fix "LOGIC BUG" in drbdalbeginiononblock Even though we check that we "should" be able to do lcgetcumulative while holding the device-allock spinlock, it may still fail, if some other code path decided to do lctrylock with...
CVE-2026-23394
In the Linux kernel, the following vulnerability has been resolved: afunix: Give up GC if MSGPEEK intervened. Igor Ushakov reported that GC purged the receive queue of an alive socket due to a race with MSGPEEK with a nice repro. This is the exact same issue previously fixed by commit cbcf01128d0...
UBUNTU-CVE-2026-23356
In the Linux kernel, the following vulnerability has been resolved: drbd: fix "LOGIC BUG" in drbdalbeginiononblock Even though we check that we "should" be able to do lcgetcumulative while holding the device-allock spinlock, it may still fail, if some other code path decided to do lctrylock with...
UBUNTU-CVE-2026-23394
In the Linux kernel, the following vulnerability has been resolved: afunix: Give up GC if MSGPEEK intervened. Igor Ushakov reported that GC purged the receive queue of an alive socket due to a race with MSGPEEK with a nice repro. This is the exact same issue previously fixed by commit cbcf01128d0...
UBUNTU-CVE-2026-23380
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARNON in tracingbuffersmmapclose When a process forks, the child process copies the parent's VMAs but the usermapped reference count is not incremented. As a result, when both the parent and child processes exit,...
UBUNTU-CVE-2026-23291
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: properly drop the usb interface reference on disconnect When the device is disconnected from the driver, there is a "dangling" reference count on the usb interface that was grabbed in the probe callback. Fix this up b...