CVE-2026-31638

A flaw was found in the Linux kernel's rxrpc subsystem. This vulnerability occurs when the system processes a packet intended for a client after the client's call on the channel has already been terminated. An attacker could exploit this protocol error path, which improperly handles call...

CVE-2026-31632

A flaw was found in the Linux kernel's rxrpc component. The rxgkverifyresponse function fails to properly clean up the rxgk context it creates, leading to a memory leak. This vulnerability could potentially allow an attacker to cause a Denial of Service DoS by exhausting available memory resource...

CVE-2026-31630

A flaw was found in the Linux kernel, specifically within the rxrpc component. The AFRXRPC procfs helpers use fixed-size buffers to format local and remote socket addresses. When processing certain IPv6 addresses with ports, the formatted string can exceed the buffer's capacity, leading to a buff...

CVE-2026-31653

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: dealloc repeatcallcontrol if damoncall fails damoncall for repeatcallcontrol of DAMONSYSFS could fail if somehow the kdamond is stopped before the damoncall. It could happen, for example, when te damon context was...

DEBIAN-CVE-2026-31653

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: dealloc repeatcallcontrol if damoncall fails damoncall for repeatcallcontrol of DAMONSYSFS could fail if somehow the kdamond is stopped before the damoncall. It could happen, for example, when te damon context was...

CVE-2026-31652

In the Linux kernel, the following vulnerability has been resolved: mm/damon/stat: deallocate damoncall failure leaking damonctx damonstatstart always allocates the module's damonctx object damonstatcontext. Meanwhile, if damoncall in the function fails, the damonctx object is not deallocated...

DEBIAN-CVE-2026-31637

In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxkad response tickets rxkaddecryptticket decrypts the RXKAD response ticket and then parses the buffer as plaintext without checking whether cryptoskcipherdecrypt succeeded. A malformed RESPONSE can...

CVE-2026-31638

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Only put the call ref if one was acquired rxrpcinputpacketonconn can process a to-client packet after the current client call on the channel has already been torn down. In that case chan-call is NULL, rxrpctrygetcall retur...

DEBIAN-CVE-2026-31639

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key reference count leak from call-key When creating a client call in rxrpcallocclientcall, the code obtains a reference to the key. This is never cleaned up and gets leaked when the call is destroyed. Fix this by...

CVE-2026-31639

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key reference count leak from call-key When creating a client call in rxrpcallocclientcall, the code obtains a reference to the key. This is never cleaned up and gets leaked when the call is destroyed. Fix this by...

DEBIAN-CVE-2026-31638

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Only put the call ref if one was acquired rxrpcinputpacketonconn can process a to-client packet after the current client call on the channel has already been torn down. In that case chan-call is NULL, rxrpctrygetcall retur...

DEBIAN-CVE-2026-31631

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix buffer overread in rxgkdoverifyauthenticator Fix rxgkdoverifyauthenticator to check the buffer size before checking the nonce...

DEBIAN-CVE-2026-31632

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix leak of rxgk context in rxgkverifyresponse Fix rxgkverifyresponse to clean up the rxgk context it creates...

DEBIAN-CVE-2026-31633

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix integer overflow in rxgkverifyresponse In rxgkverifyresponse, there's a potential integer overflow due to rounding up tokenlen before checking it, thereby allowing the length check to be bypassed. Fix this by checking...

EUVD-2026-25546

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: dealloc repeatcallcontrol if damoncall fails damoncall for repeatcallcontrol of DAMONSYSFS could fail if somehow the kdamond is stopped before the damoncall. It could happen, for example, when te damon context was...

CVE-2026-31653

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: dealloc repeatcallcontrol if damoncall fails damoncall for repeatcallcontrol of DAMONSYSFS could fail if somehow the kdamond is stopped before the damoncall. It could happen, for example, when te damon context was...

CVE-2026-31653

Summary : CVE-2026-31653 impacts the Linux kernel DAMON subsystem (DAMON_SYSFS). When a monitored process terminates before damon_call() runs, a dynamically allocated repeat_call_control is not deallocated, causing a memory leak. The connected sources document the root cause and confirm the fix: ...

CVE-2026-31653 mm/damon/sysfs: dealloc repeat_call_control if damon_call() fails

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: dealloc repeatcallcontrol if damoncall fails damoncall for repeatcallcontrol of DAMONSYSFS could fail if somehow the kdamond is stopped before the damoncall. It could happen, for example, when te damon context was...

CVE-2026-31653

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: dealloc repeatcallcontrol if damoncall fails damoncall for repeatcallcontrol of DAMONSYSFS could fail if somehow the kdamond is stopped before the damoncall. It could happen, for example, when te damon context was...

EUVD-2026-25545

In the Linux kernel, the following vulnerability has been resolved: mm/damon/stat: deallocate damoncall failure leaking damonctx damonstatstart always allocates the module's damonctx object damonstatcontext. Meanwhile, if damoncall in the function fails, the damonctx object is not deallocated...