kernel: Linux kernel: Use-After-Free vulnerability in ATM subsystem

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM subsystem. An authenticated local attacker could exploit a Use-After-Free UAF vulnerability in the /proc/net/atm/lec handling. This flaw occurs due to improper devput calls without prior devhold calls, leading to an imbalance i...

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

kernel: Linux kernel: Use-After-Free vulnerability in ATM subsystem

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM subsystem. An authenticated local attacker could exploit a Use-After-Free UAF vulnerability in the /proc/net/atm/lec handling. This flaw occurs due to improper devput calls without prior devhold calls, leading to an imbalance i...

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

kernel: Linux kernel: Use-After-Free vulnerability in ATM subsystem

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM subsystem. An authenticated local attacker could exploit a Use-After-Free UAF vulnerability in the /proc/net/atm/lec handling. This flaw occurs due to improper devput calls without prior devhold calls, leading to an imbalance i...

kernel: Linux kernel: Use-After-Free vulnerability in ATM subsystem

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM subsystem. An authenticated local attacker could exploit a Use-After-Free UAF vulnerability in the /proc/net/atm/lec handling. This flaw occurs due to improper devput calls without prior devhold calls, leading to an imbalance i...

RHEL 9 : kernel (RHSA-2026:6986)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6986 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Use-After-Free...

freerdp: FreeRDP has a Heap-use-after-free in play_thread

A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...

RLSA-2026:6036 Moderate: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Linux kernel: Use-After-Free vulnerability in ATM subsystem CVE-2025-38180 kernel: macvlan: fix error recovery in...

kernel security update

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

USN-8152-1 linux-oem-6.17 vulnerabilities

It was discovered that some AMD Zen 5 processors supporting RDSEED instruction did not properly handle entropy, potentially resulting in the consumption of insufficiently random values. A local attacker could possibly use this issue to influence the values returned by the RDSEED instruction causi...

RockyLinux 8 : kernel-rt (RLSA-2026:6036)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:6036 advisory. kernel: Linux kernel: Use-After-Free vulnerability in ATM subsystem CVE-2025-38180 kernel: macvlan: fix error recovery in macvlancommonnewlink...

SUSE CVE-2026-23447

In the Linux kernel, the following vulnerability has been resolved: net: usb: cdcncm: add ndpoffset to NDP32 nframes bounds check The same bounds-check bug fixed for NDP16 in the previous patch also exists in cdcncmrxverifyndp32. The DPE array size is validated against the total skb length withou...

CVE-2026-23434

A flaw was found in the mtd: rawnand subsystem of the Linux kernel. This vulnerability occurs because the nandlock and nandunlock functions do not properly coordinate with other NAND operations. This can lead to a race condition where concurrent Universal Block Image UBI or UBIFS background...

EUVD-2026-18784

In the Linux kernel, the following vulnerability has been resolved: HID: bpf: prevent buffer overflow in hidhwrequest right now the returned value is considered to be always valid. However, when playing with HID-BPF, the return value can be arbitrary big, because it's the return value of...

EUVD-2026-18726

In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: fix race condition in qmandestroyfq When QMANFQFLAGDYNAMICFQID is set, there's a race condition between fqtablefq-idx state and freeing/allocating from the pool and WARNONfqtablefq-idx in qmancreatefq gets...

CVE-2026-31389

A flaw was found in the Linux kernel's Serial Peripheral Interface SPI subsystem. During controller registration, a use-after-free vulnerability can occur if the allocation of per-CPU statistics fails. This could allow a local attacker to cause system instability or a denial of service by accessi...

CVE-2026-23444

A flaw was found in the Linux kernel's mac80211 Wi-Fi subsystem. This vulnerability occurs because a specific error path within the ieee80211txprepareskb function fails to properly release a network buffer, known as a socket buffer skb. This inconsistency can lead to a double-free condition, wher...

CVE-2026-23429

In the Linux kernel, the following vulnerability has been resolved: iommu/sva: Fix crash in iommusvaunbinddevice domain-mm-iommumm can be freed by iommudomainfree: iommudomainfree mmdrop mmdrop mmpasiddrop After iommudomainfree returns, accessing domain-mm-iommumm may dereference a freed mm...

CVE-2026-23463

The CVE-2026-23463 issue concerns a race condition in the Linux kernel’s QMAN/FQ handling (qbman) where fq_table[fq->idx] may be freed and reallocated concurrently when QMAN_FQ_FLAG_DYNAMIC_FQID is set. The root cause is a race between qman_destroy_fq() releasing the fqid and qman_create_fq() ...