CVE-2026-43043

A flaw was found in the Linux kernel's af-alg subsystem. When the AFALG interface chains a new afalgtsgl structure, it fails to unmark the end of a Scatter/Gather List SGL. This can lead to a NULL pointer dereference during a subsequent sendmsg operation, causing a kernel panic and resulting in a...

CVE-2026-43036

A flaw was found in the Linux kernel's networking subsystem. An attacker injecting specially crafted packets through PFPACKET paths could trigger an uninitialized value read when processing TCPv4 Generic Segmentation Offload GSO packets. This vulnerability, specifically in the gsofeaturescheck...

CVE-2026-43022

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: hcicmdsyncqueueonce return -EEXIST if exists hcicmdsyncqueueonce needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid leaking resources. Change the...

CVE-2026-31776

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Fix missing SPDIFI1 index handling SPDIF1 DAIO type isn't properly handled in daiodeviceindex for hw20k2, and it returned -EINVAL, which ended up with the out-of-bounds array access. Follow the hw20k1 pattern and...

CVE-2026-31771

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: move wake reason storage into validated event handlers hcistorewakereason is called from hcieventpacket immediately after stripping the HCI event header but before hcieventfunc enforces the per-event minimum...

CVE-2026-31755

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: fix NULL pointer dereference in epqueue When the gadget endpoint is disabled or not yet configured, the ep-desc pointer can be NULL. This leads to a NULL pointer dereference when cdns3gadgetepqueue is called,...

CVE-2026-43010

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject sleepable kprobemulti programs at attach time kprobe.multi programs run in atomic/RCU context and cannot sleep. However, bpfkprobemultilinkattach did not validate whether the program being attached had the sleepable...

CVE-2026-31699

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed When retrieving the PEK CSR, don't attempt to copy the blob to userspace if the firmware command failed. If the failure was due to an invalid length, i.e...

CVE-2026-43048

In the Linux kernel, the following vulnerability has been resolved: HID: core: Mitigate potential OOB by removing bogus memset The memset in hidreportrawevent has the good intention of clearing out bogus data by zeroing the area from the end of the incoming data string to the assumed end of the...

CVE-2026-43043

In the Linux kernel, the following vulnerability has been resolved: crypto: af-alg - fix NULL pointer dereference in scatterwalk The AFALG interface fails to unmark the end of a Scatter/Gather List SGL when chaining a new afalgtsgl structure. If a sendmsg fills an SGL exactly to MAXSGLENTS, the...

CVE-2026-43030

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix regsafe for pointers to packet In case rold-reg-range == BEYONDPKTEND && rcur-reg-range == N regsafe may return true which may lead to current state with valid packet range not being explored. Fix the bug...

CVE-2026-31779

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwlmvmndmatchinfohandler The memcpy function assumes the dynamic array notif-matches is at least as large as the number of bytes to copy. Otherwise, results-matches may...

CVE-2026-31769

The CVE-2026-31769 issue in the Linux kernel gpib module is resolved by adding a kernel-only descriptor_busy reference count in struct gpib_descriptor to prevent use-after-free of gpib_descriptor objects during concurrent IO ioctl handling (IBRD, IBWRT, IBCMD, IBWAIT). Each IO path increments des...

EUVD-2026-26507

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed When retrieving the PDH cert, don't attempt to copy the blobs to userspace if the firmware command failed. If the failure was due to an invalid length...

CLSA-2026-1777633439 kernel: Fix of 142 CVEs

crypto: algifaead - Fix minimum RX size check for decryption CVE-2026-31431 - crypto: afalg - Fix page reassignment overflow in afalgpulltsgl CVE-2026-31431 - crypto: authencesn - reject too-short AAD assoclen8 to match ESP/ESN spec CVE-2026-31431 - crypto: authencesn - Fix src offset when...

Exploit for CVE-2026-31431

CVE-2026-31431 - Copy Fail - Je s'appelle ROOT ! !CVEhttp...

CLSA-2026-1777636990 Fix of 9 CVEs

CVE-2026-31431 - crypto: scatterwalk - Backport memcpysglist CVE-2026-31431 - crypto: algifaead - use memcpysglist instead of null skcipher CVE-2026-31431 - crypto: algifaead - Revert to operating out-of-place CVE-2026-31431 - crypto: algifaead - snapshot IV for async AEAD requests CVE-2026-31431...

Exploit for CVE-2026-31431

CVE-2026-31431 — Copy Fail Severity: Critical CVSS v3...

Vulnerability avoidance in the Linux kernel cryptographic subsystem

The Linux kernel has a vulnerability in the algifaead crypto module of the cryptographic subsystem. This vulnerability resides in the algifaead crypto module of the Linux kernel, where a mistake occurred during the in-place operation when the source and destination mappings differed. This allows ...

PT-2026-36397

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An interrupt request IRQ resource leak exists in the mpu3050 trigger probe function. The issue occurs when the interrupt handler is established, but a subsequent failure in the iio trigg...