19116 matches found
CVE-2026-31532
A flaw was found in the Linux kernel's Controller Area Network CAN raw socket implementation. A use-after-free vulnerability can occur due to a timing window during the unregistration of CAN receive filters, allowing a freed memory region to be accessed. This could lead to system instability or a...
EUVD-2026-25219
In the Linux kernel, the following vulnerability has been resolved: can: raw: fix ro-uniq use-after-free in rawrcv rawrelease unregisters raw CAN receive filters via canrxunregister, but receiver deletion is deferred with callrcu. This leaves a window where rawrcv may still be running in an RCU...
USN-8179-3 linux-hwe-6.8, linux-ibm-6.8, linux-raspi vulnerabilities
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...
USN-8179-3: Linux kernel vulnerabilities
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...
net: macb: use the current queue number for stats
...
can: isotp: fix tx.buf use-after-free in isotp_sendmsg()
...
SUSE CVE-2026-31485
In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-lpspi: fix teardown order issue UAF There is a teardown order issue in the driver. The SPI controller is registered using devmspiregistercontroller, which delays unregistration of the SPI controller until after the...
SUSE CVE-2026-31489
In the Linux kernel, the following vulnerability has been resolved: spi: meson-spicc: Fix double-put in remove path mesonspiccprobe registers the controller with devmspiregistercontroller, so teardown already drops the controller reference via devm cleanup. Calling spicontrollerput again in...
Contour 代码注入漏洞
Contour is an open-source Kubernetes ingress controller that uses Envoy proxies. Versions of Contour from v1.19.0 to v1.33.4, v1.32.5 before v1.32.5, and v1.31.6 before v1.31.6 had a code injection vulnerability. This vulnerability stemmed from the Cookie rewriting feature, which was vulnerable t...
PT-2026-34719
Name of the Vulnerable Software and Affected Versions Argo Workflows versions 3.6.5 through 3.6.19 Argo Workflows versions 3.7.0-rc1 through 3.7.12 Argo Workflows versions 4.0.0-rc1 through 4.0.4 Description An unchecked array index in the pod informer's podGCFromPod function causes a...
CVE-2026-31474
A flaw was found in the Linux kernel's Controller Area Network CAN ISO-TP isotp module. This vulnerability, known as a use-after-free, occurs when the system attempts to free a memory region while it is still being used. A local attacker could trigger this condition by sending a signal that...
EUVD-2026-24876
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: serialize btintelhwerror with hcireqsynclock btintelhwerror issues two hcicmdsync calls HCIOPRESET and Intel exception-info retrieval without holding hcireqsynclock. This lets it race against hcidevdoclose -...
EUVD-2026-24857
In the Linux kernel, the following vulnerability has been resolved: spi: meson-spicc: Fix double-put in remove path mesonspiccprobe registers the controller with devmspiregistercontroller, so teardown already drops the controller reference via devm cleanup. Calling spicontrollerput again in...
CVE-2026-31489
In the Linux kernel, the following vulnerability has been resolved: spi: meson-spicc: Fix double-put in remove path mesonspiccprobe registers the controller with devmspiregistercontroller, so teardown already drops the controller reference via devm cleanup. Calling spicontrollerput again in...
CVE-2026-31485
In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-lpspi: fix teardown order issue UAF There is a teardown order issue in the driver. The SPI controller is registered using devmspiregistercontroller, which delays unregistration of the SPI controller until after the...
CVE-2026-31500 Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: serialize btintelhwerror with hcireqsynclock btintelhwerror issues two hcicmdsync calls HCIOPRESET and Intel exception-info retrieval without holding hcireqsynclock. This lets it race against hcidevdoclose -...
CVE-2026-31489 spi: meson-spicc: Fix double-put in remove path
In the Linux kernel, the following vulnerability has been resolved: spi: meson-spicc: Fix double-put in remove path mesonspiccprobe registers the controller with devmspiregistercontroller, so teardown already drops the controller reference via devm cleanup. Calling spicontrollerput again in...
CVE-2026-31489
This CVE (CVE-2026-31489) affects the Linux kernel meson-spicc SPI controller driver. The vulnerability arises from a double-put: meson_spicc_probe() registers the controller with devm_spi_register_controller(), and the removal path erroneously calls spi_controller_put() again in meson_spicc_remo...
CVE-2026-31485
The CVE-2026-31485 issue affects the Linux kernel SPI driver for the FSL LPSPI controller. Root cause: teardown order when unregistering the SPI controller can race with in-flight DMA transfers, causing a NULL pointer dereference (UAF) and an I/O error in DMA RX during a transfer. The documented ...
CVE-2026-31485 spi: spi-fsl-lpspi: fix teardown order issue (UAF)
In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-lpspi: fix teardown order issue UAF There is a teardown order issue in the driver. The SPI controller is registered using devmspiregistercontroller, which delays unregistration of the SPI controller until after the...