CVE-2026-46213

In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: fix UAF in inactivity-timer cleanup path Commit 38224c472a03 "HID: appletb-kbd: fix slab use-after-free bug in appletbkbdprobe" added timerdeletesync&kbd-;inactivitytimer to both the probe closehw error path and...

EUVD-2026-32829

In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: run inactivity autodim from workqueues The autodim code in hid-appletb-kbd takes backlightdevice-opslock via backlightdevicesetbrightness - mutexlock from two different atomic contexts: appletbinactivitytimer is...

CVE-2026-46202 HID: appletb-kbd: run inactivity autodim from workqueues

In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: run inactivity autodim from workqueues The autodim code in hid-appletb-kbd takes backlightdevice-opslock via backlightdevicesetbrightness - mutexlock from two different atomic contexts: appletbinactivitytimer is...

EUVD-2026-32797

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADDADDR rtx: free sk if last When an ADDADDR is retransmitted, the sk is held in skresettimer, and released at the end. If at that moment, it was the last reference being held, the sk would not be freed. sockput should...

CVE-2026-46170

The CVE-2026-46170 issue is in the Linux kernel’s MPTCP path: when ADD_ADDR is retransmitted, a socket (sk) may not be freed if it was the last reference held by sk_reset_timer(). This can lead to a situation where sock_put() frees the socket and calls sk_free(), which could trigger sk_stop_timer...

CVE-2026-46170

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADDADDR rtx: free sk if last When an ADDADDR is retransmitted, the sk is held in skresettimer, and released at the end. If at that moment, it was the last reference being held, the sk would not be freed. sockput should...

CVE-2026-46158

In the Linux kernel, CVE-2026-46158 affects the mptcp.pm path: ADD_ADDR retransmits can lead to sk refcount leakage because some checks could bypass sock_put() and the end of the path did not release the socket in all cases. The fix rewrites control flow to jump to an exit path that calls __sock_...

EUVD-2026-32764

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADDADDR rtx: fix potential data-race This mptcppmaddtimer helper is executed as a timer callback in softirq context. To avoid any data races, the socket lock needs to be held with bhlocksock. If the socket is in use,...

CVE-2026-46137 mptcp: pm: ADD_ADDR rtx: fix potential data-race

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADDADDR rtx: fix potential data-race This mptcppmaddtimer helper is executed as a timer callback in softirq context. To avoid any data races, the socket lock needs to be held with bhlocksock. If the socket is in use,...

CVE-2026-46137

CVE-2026-46137 affects the Linux kernel MPTCP implementation. The mptcp_pm_add_timer() helper runs as a timer callback in softirq context and can race with socket state unless the socket lock is held with bh_lock_sock(). The mitigation is to hold the lock and retry if the socket is in use, mirror...

SUSE CVE-2026-45910

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix race condition in QP timer handlers I encontered the following warning: WARNING: drivers/infiniband/sw/rxe/rxetask.c:249 at rxeschedtask+0x1c8/0x238 rdmarxe, CPU0: swapper/0/0 ... libsha1 last unloaded: ip6udptunnel...

SUSE CVE-2026-46069

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: fix use-after-free in mwifiexadaptercleanup The mwifiexadaptercleanup function uses timerdelete non-synchronous for the wakeuptimer before the adapter structure is freed. This is incorrect because timerdelete does...

PT-2026-44325

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description The hid-appletb-kbd driver contains an issue where the autodim code attempts to acquire backlight device-ops lock via backlight device set brightness and mutex lock from atomic contexts. Th...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from data competition within the ADDADDR retransmission timer in mptcp pm, potentially leading to...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the non-active timer cleanup path in the HID applet b-kbd driver, allowing for reuse of resources after...

PT-2026-44336

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A slab use-after-free issue exists in the appletb-kbd driver. The problem occurs during driver tear-down in the appletb kbd probe and appletb kbd remove functions due to improper...

PT-2026-44293

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the Multipath TCP mptcp path manager during the retransmission of an ADD ADDR message. When the sk socket...

CVE-2026-46069

A flaw was found in the Linux kernel's mwifiex Wi-Fi driver. The mwifiexadaptercleanup function incorrectly uses a non-synchronous timer deletion, allowing the wakeuptimer callback to access memory after it has been freed. This use-after-free vulnerability can lead to system instability, crashes,...

EUVD-2026-32376

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix race condition in QP timer handlers I encontered the following warning: WARNING: drivers/infiniband/sw/rxe/rxetask.c:249 at rxeschedtask+0x1c8/0x238 rdmarxe, CPU0: swapper/0/0 ... libsha1 last unloaded: ip6udptunnel...

CVE-2026-46069

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: fix use-after-free in mwifiexadaptercleanup The mwifiexadaptercleanup function uses timerdelete non-synchronous for the wakeuptimer before the adapter structure is freed. This is incorrect because timerdelete does...