EUVD-2026-39345

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

CVE-2026-53265

CVE-2026-53265 – Linux kernel : A race in dm cache policy SMQ allowed a check-then-act sequence to observe e->allocated as true before taking mq->lock. Two concurrent invalidators could both proceed, causing one to remove the entry from queues/hash table and free_entry(), then another to ac...

EUVD-2026-39216

In the Linux kernel, the following vulnerability has been resolved: dm cache policy smq: check allocation under invalidate lock commit 2d1f7b65f5de "dm cache policy smq: fix missing locks in invalidating cache blocks" added mq-lock around the destructive part of smqinvalidatemapping, but left the...

EUVD-2026-39203

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix memory leak in error path of hciallocdev Early failures in Bluetooth HCI UART configuration leak SRCU percpu memory. When device initialization fails before hciregisterdev completes, the HCIUNREGISTER flag is never...

CVE-2026-53227

CVE-2026-53227 : In the Linux kernel’s net/openvswitch path, the patch fixes a bug where a reply skb could be freed after unlocking when its allocation happens after locking the ovs_mutex and returns an error. The root cause is that the error value is saved but the pointer remains non-NULL, leadi...

CVE-2026-53216

The CVE-2026-53216 issue affects the Linux kernel, specifically the mvpp2 XDP path. Short BM pool buffers can be smaller than PAGE_SIZE, but xdp_buff is initialized with PAGE_SIZE, causing XDP tail growth validation to miscompute and potentially exceed the real allocation, risking memory corrupti...

EUVD-2026-39297

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add bounds check for firmware runtime memory Validate that the firmware runtime memory specified in the image header is properly aligned and sized to hold the firmware image. This prevents errors during memory...

CVE-2026-53187

The CVE-2026-53187 entry describes a Linux kernel vulnerability in RDMA/core where UVERBS_ATTR_ALLOC_DMAH_CPU_ID from user space is passed to cpumask_test_cpu() without validating against nr_cpu_ids. This can cause an out-of-bounds read of the cpumask bitmap (indexed by cpu_id / BITS_PER_LONG) an...

CVE-2026-53167

In the Linux kernel, CVE-2026-53167 concerns FUSE_NOTIFY_RETRIEVE: the operation must be limited to uptodate folios because !uptodate folios may contain uninitialized data. The fix ensures FUSE_NOTIFY_RETRIEVE only returns data already present in the page cache and does not wait for data from the...

CVE-2026-53148

In the Linux kernel Thunderbolt code, tb_xdp_properties_request derives per-packet copy length from the response header and may exceed the previously allocated data buffer, allowing memcpy to write past the kcalloc allocation. The fix clamps the per-packet copy length so that the cumulative offse...

EUVD-2026-39239

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Clamp XDomain response data copy to allocation size tbxdppropertiesrequest derives the per-packet copy length from the response header without checking that it fits in the previously allocated data buffer. A maliciou...

postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write

A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...

CVE-2026-53127

A flaw was found in the Linux kernel's block subsystem. This vulnerability allows for a memory leak when zone revalidation fails, specifically when blkrevalidatediskzones encounters an error after memory has been allocated for zonescond. This can lead to resource exhaustion, potentially resulting...

CVE-2026-52923

A flaw was found in the Linux kernel. The ipcidralloc function, used in the checkpoint/restore path for SysV Inter-Process Communication IPC ID allocation, does not properly limit ID allocation to the valid range. This can result in the system attempting to dereference freed memory, leading to a...

EUVD-2026-38899

In the Linux kernel, the following vulnerability has been resolved: bpf: Validate nodeid in arenaallocpages arenaallocpages accepts a plain int nodeid and forwards it through the entire allocation chain without any bounds checking. Validate nodeid before passing it down the allocation chain in...

EUVD-2026-38905

In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: fix deadlock in hidpostreset You can build a USB device that includes a HID component and a storage or UAS component. The components can be reset only together. That means that hidprereset and hidpostreset are in the...

EUVD-2026-38841

In the Linux kernel, the following vulnerability has been resolved: futex: Drop CLONETHREAD requirement for private default hash alloc Currently needfutexhashallocatedefault depends on strict pthread semantics, abusing CLONETHREAD. This breaks the non-concurrency assumptions when doing the...

EUVD-2026-38842

In the Linux kernel, the following vulnerability has been resolved: net: tls: fix strparser anchor skb leak on offload RX setup failure When tlssetdeviceoffloadrx fails at tlsdevadd, the error path calls tlsswfreeresourcesrx to clean up the SW context that was initialized by tlssetswoffload. This...

EUVD-2026-38838

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: fix missing expect put in obj eval nftctexpectobjeval allocates an expectation and may call nfctexpectrelated, but never drops its local reference. Add nfctexpectputexp before return to balance allocation...

EUVD-2026-38970

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix memory leak after mt76connacmcuallocstareq mt76connacmcuallocstareq allocates an skb which is expected to be freed eventually by mt76mcuskbsendmsg. However, currently if an intermediate function fails before...