CVE-2026-46111 Bluetooth: hci_conn: fix potential UAF in create_big_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in createbigsync Add hciconnvalid check in createbigsync to detect stale connections before proceeding with BIG creation. Handle the resulting -ECANCELED in createbigcomplete and re-validate...

CVE-2026-31534

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

EUVD-2026-25429

In the Linux kernel, the following vulnerability has been resolved: smb: server: let senddone handle a completion without IBSENDSIGNALED With smbdirectsendbatch processing we likely have requests without IBSENDSIGNALED, which will be destroyed in the final request that has IBSENDSIGNALED set. If...

CVE-2026-31534

CVE-2026-31534 affects the Linux kernel SMB client logic. In smbdirect_send_batch processing, requests may exist without the IB_SEND_SIGNALED flag and could be destroyed by the final request that carries IB_SEND_SIGNALED. If the connection is broken, all outstanding requests are signaled even wit...

PT-2026-34886

In the Linux kernel, the following vulnerability has been resolved: smb: client: let send done handle a completion without IB SEND SIGNALED With smbdirect send batch processing we likely have requests without IB SEND SIGNALED, which will be destroyed in the final request that has IB SEND SIGNALED...

CVE-2026-4531

A weakness has been identified in Free5GC 4.1.0. Affected is the function HandleRegistrationComplete of the file internal/gmm/handler.go of the component AMF. Executing a manipulation can lead to denial of service. The attack may be performed from remote. This patch is called...

CVE-2025-71149

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-71149

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-71149

CVE-2025-71149 is reported in multiple advisories as a Linux kernel io_uring/poll issue. The root cause is incorrect handling of the return value from io_poll_add() during updates, which can affect completion/event signaling (CQEs) for POLL_ADD/POLL_REMOVE scenarios. Affected advisories reference...

PT-2025-53046

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s RDMA/bnxt re component related to handling completions after queue pair QP destruction. Hardware may generate completions even after a QP is destroyed...

PT-2026-4362

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel’s io uring/poll subsystem where the handling of io poll add return values during updates is incorrect. Specifically, if a POLL ADD is pending and a PO...

CVE-2021-47613

In the Linux kernel, the following vulnerability has been resolved: i2c: virtio: fix completion handling The driver currently assumes that the notify callback is only received when the device is done with all the queued buffers. However, this is not true, since the notify callback could be called...

CVE-2021-47613

In the Linux kernel, the following vulnerability has been resolved: i2c: virtio: fix completion handling The driver currently assumes that the notify callback is only received when the device is done with all the queued buffers. However, this is not true, since the notify callback could be called...

UBUNTU-CVE-2021-47613

In the Linux kernel, the following vulnerability has been resolved: i2c: virtio: fix completion handling The driver currently assumes that the notify callback is only received when the device is done with all the queued buffers. However, this is not true, since the notify callback could be called...

CVE-2021-47613

In the Linux kernel, the following vulnerability has been resolved: i2c: virtio: fix completion handling The driver currently assumes that the notify callback is only received when the device is done with all the queued buffers. However, this is not true, since the notify callback could be called...

CVE-2021-47613 i2c: virtio: fix completion handling

In the Linux kernel, the following vulnerability has been resolved: i2c: virtio: fix completion handling The driver currently assumes that the notify callback is only received when the device is done with all the queued buffers. However, this is not true, since the notify callback could be called...

CVE-2021-47613

CVE-2021-47613 concerns a Linux kernel i2c virtio issue where the notify callback could run before all buffers are completed, risking incorrect I2C data or guest memory corruption. The confirmed fix is to call virtio_get_buf() from the notify handler (as in other virtio drivers) and to wait for a...

CVE-2021-47613 i2c: virtio: fix completion handling

In the Linux kernel, the following vulnerability has been resolved: i2c: virtio: fix completion handling The driver currently assumes that the notify callback is only received when the device is done with all the queued buffers. However, this is not true, since the notify callback could be called...

CVE-2024-26958

In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------ cut here ------------ refcountt: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28...

CVE-2024-26958

In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------ cut here ------------ refcountt: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28...