kernel: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events

In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdepread could write more bytes to the user buffer than requested, when a user provides a buffer smaller than the event header...

EUVD-2026-32865

In the Linux kernel, the following vulnerability has been resolved: eventfs: Hold eventfsmutex and SRCU when remount walks events Commit 340f0c7067a9 "eventfs: Update all the eventfsinodes from the events descriptor" had eventfssetattrs recurse through ei-children on remount. The walk only holds...

CVE-2026-46211

In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: fix error handling in msmioctlgeminfogetmetadata msmioctlgeminfogetmetadata always returns 0 regardless of errors. When copytouser fails or the user buffer is too small, the error code stored in ret is ignored becaus...

CVE-2026-46165

In the Linux kernel, the following vulnerability has been resolved: openvswitch: vport: fix self-deadlock on release of tunnel ports vports are used concurrently and protected by RCU, so netdevput must happen after the RCU grace period. So, either in an RCU call or after the synchronizenet. The...

CVE-2026-46159

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix btrfsioctlspaceinfo slotcount TOCTOU which can lead to info-leak btrfsioctlspaceinfo has a TOCTOU race between two passes over the block group RAID type lists. The first pass counts entries to determine the allocation...

UBUNTU-CVE-2026-46207

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix empty payload in tap skb for non-linear buffers For non-linear skbs, virtiotransportbuildskb goes through virtiotransportcopynonlinearskb to copy the original payload in the new skb to be delivered to the vsockm...

UBUNTU-CVE-2026-46116

In the Linux kernel, the following vulnerability has been resolved: xfrm: defensively unhash xfrmstate lists in xfrmstatedelete KASAN reproduces a slab-use-after-free in xfrmstatedelete's hlistdelrcu calls under syzkaller load on linux-6.12.y stable reproduced on 6.12.47, also reachable via the...

UBUNTU-CVE-2026-46211

In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: fix error handling in msmioctlgeminfogetmetadata msmioctlgeminfogetmetadata always returns 0 regardless of errors. When copytouser fails or the user buffer is too small, the error code stored in ret is ignored becaus...

CVE-2026-46211

The CVE-2026-46211 issue affects the Linux kernel DRM MSM GEM path (drm/msm/gem). The function msm_ioctl_gem_info_get_metadata() erroneously returns 0 regardless of errors, causing user-space to misinterpret failed copies (copy_to_user) or small user buffers as successes. Additionally, kmemdup() ...

EUVD-2026-32838

In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: fix error handling in msmioctlgeminfogetmetadata msmioctlgeminfogetmetadata always returns 0 regardless of errors. When copytouser fails or the user buffer is too small, the error code stored in ret is ignored becaus...

CVE-2026-46207

The CVE-2026-46207 entry describes a Linux kernel fix in vsock/virtio where empty payloads could be copied to the vsockmon tap interface for non-linear skbs due to an uninitialized iov_iter.count in virtio_transport_copy_nonlinear_skb(). The remediation replaces the linear/non-linear split with s...

CVE-2026-46207 vsock/virtio: fix empty payload in tap skb for non-linear buffers

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix empty payload in tap skb for non-linear buffers For non-linear skbs, virtiotransportbuildskb goes through virtiotransportcopynonlinearskb to copy the original payload in the new skb to be delivered to the vsockm...

EUVD-2026-32834

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix empty payload in tap skb for non-linear buffers For non-linear skbs, virtiotransportbuildskb goes through virtiotransportcopynonlinearskb to copy the original payload in the new skb to be delivered to the vsockm...

CVE-2026-46182

The CVE describes a Linux kernel issue in the pseries/papr-hvpipe path where a stack-allocated hdr structure is only partially initialized (hdr.version, hdr.flags). Because papr_hvpipe_hdr includes reserved padding (reserved[3], reserved2[40]), uninitialized padding bytes could be exposed to user...

CVE-2026-46182

In the Linux kernel, the following vulnerability has been resolved: pseries/papr-hvpipe: Prevent kernel stack memory leak to userspace The hdr variable is allocated on the stack and only hdr.version and hdr.flags are initialized explicitly. Because the struct paprhvpipehdr contains reserved paddi...

CVE-2026-46181

Summary: CVE-2026-46181 concerns the Linux kernel RDMA/mlx4 component. The root cause is improper use of Read-Copy Update (RCU) in mlx4_srq_event(), which could allow a race where an event is delivered before the srq object is fully initialized, potentially crashing the system. The documented fix...

EUVD-2026-32808

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4srqevent Sashiko points out the radixtree itself is RCU safe, but nothing ever frees the mlx4srq struct with RCU, and it isn't even accessed within the RCU critical section. It also will crash...

CVE-2026-46181

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4srqevent Sashiko points out the radixtree itself is RCU safe, but nothing ever frees the mlx4srq struct with RCU, and it isn't even accessed within the RCU critical section. It also will crash...

EUVD-2026-32792

In the Linux kernel, the following vulnerability has been resolved: openvswitch: vport: fix self-deadlock on release of tunnel ports vports are used concurrently and protected by RCU, so netdevput must happen after the RCU grace period. So, either in an RCU call or after the synchronizenet. The...

CVE-2026-46165

The CVE concerns the Linux kernel openvswitch vport handling during tunnel-port release. It explains a self-deadlock risk when deleting a device: vports are protected by RCU, so netdev_put() must occur after the RCU grace period, either in an RCU callback or after synchronize_net(). The rtnl_dele...