1055 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-23385
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nftables: clone set on flush only Syzbot with fault injection triggered a failing memory allocation with GFPKERNEL which results in a WARN splat:...
UBUNTU-CVE-2026-23249
In the Linux kernel, the following vulnerability has been resolved: xfs: check for deleted cursors when revalidating two btrees The free space and inode btree repair functions will rebuild both btrees at the same time, after which it needs to evaluate both btrees to confirm that the corruptions a...
CVE-2026-23252
In the Linux kernel, the following vulnerability has been resolved: xfs: get rid of the xchkxfiledescr calls The xchkxfiledescr macros call kasprintf, which can fail to allocate memory if the formatted string is larger than 16 bytes or whatever the nofail guarantees are nowadays. Some of them cou...
CVE-2026-23249
Summary (CVE-2026-23249) : In Linux kernel XFS, during free-space and inode btree repair, revalidation calls xchk_allocbt for BNOBT and CNTBT can race: the first call nullifies the CNTBT cursor, causing a NULL dereference on the second revalidation. The fix changes the control flow so CNTBT curso...
UBUNTU-CVE-2025-71237
In the Linux kernel, the following vulnerability has been resolved: nilfs2: Fix potential block overflow that cause system hang When a user executes the FITRIM command, an underflow can occur when calculating nblocks if endblock is too small. Since nblocks is of type sectort, which is u64, a...
Linux Distros Unpatched Vulnerability : CVE-2026-23167
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfc: nci: Fix race between rfkill and nciunregisterdevice. syzbot reported the splat below 0 without a repro. It indicates that struct ncidev.cmdwq had been...
CVE-2026-23199
In the Linux kernel, the following vulnerability has been resolved: procfs: avoid fetching build ID while holding VMA lock Fix PROCMAPQUERY to fetch optional build ID only after dropping mmaplock or per-VMA lock, whichever was used to lock VMA under question, to avoid deadlock reported by syzbot:...
CVE-2026-23199 procfs: avoid fetching build ID while holding VMA lock
In the Linux kernel, the following vulnerability has been resolved: procfs: avoid fetching build ID while holding VMA lock Fix PROCMAPQUERY to fetch optional build ID only after dropping mmaplock or per-VMA lock, whichever was used to lock VMA under question, to avoid deadlock reported by syzbot:...
CVE-2026-23199
In the Linux kernel, the following vulnerability has been resolved: procfs: avoid fetching build ID while holding VMA lock Fix PROCMAPQUERY to fetch optional build ID only after dropping mmaplock or per-VMA lock, whichever was used to lock VMA under question, to avoid deadlock reported by syzbot:...
CVE-2026-23167
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix race between rfkill and nciunregisterdevice. syzbot reported the splat below 0 without a repro. It indicates that struct ncidev.cmdwq had been destroyed before nciclosedevice was called via rfkill. ncidev.cmdwq is...
CVE-2026-23119
In the Linux kernel, the following vulnerability has been resolved: bonding: provide a net pointer to skbflowdissect After 3cbf4ffba5ee "net: plumb network namespace into skbflowdissect" we have to provide a net pointer to skbflowdissect, either via skb-dev, skb-sk, or a user provided pointer. In...
CVE-2026-23119
In the Linux kernel, the following vulnerability has been resolved: bonding: provide a net pointer to skbflowdissect After 3cbf4ffba5ee "net: plumb network namespace into skbflowdissect" we have to provide a net pointer to skbflowdissect, either via skb-dev, skb-sk, or a user provided pointer. In...
CVE-2026-23119
The CVE-2026-23119 issue in the Linux kernel concerns the bonding driver where a net pointer was not always provided to __skb_flow_dissect() after plumbing the network namespace. The lack of a valid net pointer (via skb->dev, skb->sk, or a user pointer) allowed a syzbot-created bare skb to...
CVE-2026-23113 io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop
In the Linux kernel, the following vulnerability has been resolved: iouring/io-wq: check IOWQBITEXIT inside work run loop Currently this is checked before running the pending work. Normally this is quite fine, as work items either end up blocking which will create a new worker for other items, or...
CVE-2026-23113
CVE-2026-23113 affects the Linux kernel io-uring/io-wq component. The issue stems from not checking IO_WQ_BIT_EXIT in the io_worker_handle_work() loop, causing long exits when processing large pending reads (e.g., 2GB reads from /dev/msr* with >16MB per read). Evidence in the advisory shows th...
UBUNTU-CVE-2026-23072
In the Linux kernel, the following vulnerability has been resolved: l2tp: Fix memleak in l2tpudpencaprecv. syzbot reported memleak of struct l2tpsession, l2tptunnel, sock, etc. 0 The cited commit moved down the validation of the protocol version in l2tpudpencaprecv. The new place requires an extr...
UBUNTU-CVE-2026-23036
In the Linux kernel, the following vulnerability has been resolved: btrfs: release path before igetfailed in btrfsreadlockedinode In btrfsreadlockedinode if we fail to lookup the inode, we jump to the 'out' label with a path that has a read locked leaf and then we call igetfailed. This can result...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005091)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005091 advisory. In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: fix possible infinite loop in tcfidrcheckalloc syzbot found hanging tasks...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005004)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005004 advisory. In the Linux kernel, the following vulnerability has been resolved: can: j1939: fix Use-after-Free, hold skb ref while in use This patch fixes a Use-after-Free found...
SUSE CVE-2026-23011
In the Linux kernel, the following vulnerability has been resolved: ipv4: ipgre: make ipgreheader robust Analog to commit db5b4e39c4e6 "ip6gre: make ip6greheader robust" Over the years, syzbot found many ways to crash the kernel in ipgreheader 1. This involves team or bonding drivers ability to...