CVE-2026-31614

A flaw was found in the Linux kernel's Server Message Block SMB client. An untrusted server can exploit an out-of-bounds read vulnerability within the checkwsleas function. This flaw allows the server to read up to 8 bytes beyond the intended memory boundary, leading to information disclosure. Th...

CVE-2026-31587

A flaw was found in the Linux kernel, specifically within the ASoC ALSA System on Chip qcom q6apm component. This vulnerability arises from incorrect memory management during the dynamic registration of digital audio interface DAI components. When both the component and its associated DAIs are...

CVE-2026-31582

A flaw was found in the Linux kernel's hwmon subsystem. A local attacker, by disconnecting a USB device, could trigger a use-after-free vulnerability in the powerz driver. This occurs when the driver attempts to access a Universal Serial Bus Request Block URB after it has been freed during the...

CVE-2026-31551

A flaw was found in the mac80211 Wi-Fi subsystem of the Linux kernel. A local user could exploit a race condition in the aqlenablewrite function, which does not properly handle concurrent write operations to the debug file system. This could lead to a staticbranchdec underflow, resulting in a...

CVE-2026-31548

A flaw was found in the Linux kernel's cfg80211 Wi-Fi subsystem. When a Wi-Fi interface is shut down, a scheduled work item pmsrfreewk may not be properly cancelled. This can lead to the work item attempting to operate on an already removed interface, resulting in undefined behavior and potential...

CVE-2026-31545

A flaw was found in the Linux kernel's NFC Near Field Communication subsystem, specifically within the nxp-nci driver. This flaw prevented General Purpose Input/Output GPIO pins from entering a sleep state, leading to a kernel WARNON condition. This issue could potentially cause system instabilit...

CVE-2026-31473

A flaw was found in the Linux kernel's media, mc, and v4l2 subsystems. A race condition can occur when MEDIAREQUESTIOCREINIT runs concurrently with VIDIOCREQBUFS0 queue teardown paths, leading to a use-after-free vulnerability. This flaw could allow a local attacker to cause a system crash denial...

DEBIAN-CVE-2026-31667

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - fix circular locking dependency with ff-core A lockdep circular locking dependency warning can be triggered reproducibly when using a force-feedback gamepad with uinput for example, playing ELDEN RING under Wine...

CVE-2026-31614

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix off-by-8 bounds check in checkwsleas The bounds check uses u8 ea + nlen + 1 + vlen as the end of the EA name and value, but eadata sits at offset sizeofstruct smb2filefulleainfo = 8 from ea, not at offset 0. The...

DEBIAN-CVE-2026-31548

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel pmsrfreewk in cfg80211pmsrwdevdown When the nl80211 socket that originated a PMSR request is closed, cfg80211releasepmsr sets the request's nlportid to zero and schedules pmsrfreewk to process the abort...

CVE-2026-31548

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel pmsrfreewk in cfg80211pmsrwdevdown When the nl80211 socket that originated a PMSR request is closed, cfg80211releasepmsr sets the request's nlportid to zero and schedules pmsrfreewk to process the abort...

CVE-2026-31667

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - fix circular locking dependency with ff-core A lockdep circular locking dependency warning can be triggered reproducibly when using a force-feedback gamepad with uinput for example, playing ELDEN RING under Wine...

CVE-2026-31667

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - fix circular locking dependency with ff-core A lockdep circular locking dependency warning can be triggered reproducibly when using a force-feedback gamepad with uinput for example, playing ELDEN RING under Wine...

CVE-2026-31664

The CVE-2026-31664 issue resides in the Linux kernel xfrm subsystem: build_polexpire() fails to clear trailing padding in struct xfrm_user_polexpire, leaving uninitialized heap bytes that are sent to userspace via netlink multicast (XFRMNLGRP_EXPIRE). The consequence is potential leakage of kerne...

CVE-2026-31663

In the Linux kernel, the following vulnerability has been resolved: xfrm: hold dev ref until after transportfinish NFHOOK After async crypto completes, xfrminputresume calls devput immediately on re-entry before the skb reaches transportfinish. The skb-dev pointer is then used inside NFHOOK and i...

CVE-2026-31620

In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0 A malicious USB device with the TASCAM US-144MKII device id can have a configuration containing bInterfaceNumber=1 but no interface 0. USB configuration descriptors ar...

CVE-2026-31614

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix off-by-8 bounds check in checkwsleas The bounds check uses u8 ea + nlen + 1 + vlen as the end of the EA name and value, but eadata sits at offset sizeofstruct smb2filefulleainfo = 8 from ea, not at offset 0. The...

EUVD-2026-25480

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6apm: move component registration to unmanaged version q6apm component registers dais dynamically from ASoC toplology, which are allocated using device managed version apis. Allocating both component and dynamic dais...

CVE-2026-31587

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6apm: move component registration to unmanaged version q6apm component registers dais dynamically from ASoC toplology, which are allocated using device managed version apis. Allocating both component and dynamic dais...

CVE-2026-31587

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6apm: move component registration to unmanaged version q6apm component registers dais dynamically from ASoC toplology, which are allocated using device managed version apis. Allocating both component and dynamic dais...