CVE-2026-46239

The CVE concerns the Linux kernel media i2c ov5647 driver where a runtime PM reference count leak could occur in s_ctrl due to early returns in three control paths (AUTOGAIN, EXPOSURE_AUTO, ANALOGUE_GAIN). The provided fixes modify these paths from plain return to a pattern that assigns the retur...

SUSE CVE-2026-45975

In the Linux kernel, the following vulnerability has been resolved: ublk: use READONCE to read struct ublksrvctrlcmd struct ublksrvctrlcmd is part of the iouringsqe, which may lie in userspace-mapped memory. It's racy to access its fields with normal loads, as userspace may write to them...

CVE-2026-46038

CVE-2026-46038 affects the Linux kernel’s net: qrtr: ns code. The issue is a memory leak where the nameserver fails to free the node memory after processing a BYE packet, potentially persisting when a node goes down. The fix modifies the BYE handling to remove the node from the Xarray list and fr...

CVE-2026-45975

CVE-2026-45975 affects the Linux kernel’s block I/O path: reading the ublksrv_ctrl_cmd (part of io_uring_sqe) from userspace-mapped memory using normal loads can race with concurrent writes. The fix applies READ_ONCE() to copy the ublksrv_ctrl_cmd from the io_uring_sqe to the stack and use the lo...

Malicious code in @ctrl/plex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20e1aad15739a79a359d88099a004fa395b66df8845c10823824e848f095c568 The @ctrl/ npm scope was compromised in the Shai-Hulud supply-chain incident September 2025. Versions of @ctrl/plex published during and after the...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: nvme-tcp: fixed a possible use-after-free issue in the transport errorrecovery process. While nvmetcpsubmitasynceventwork checks the ctrl and queue states before preparing the AER command and scheduling iowork, this check is...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: ubi: Fixed a race condition between ctrlcdevioctl and ubicdevioctl. Hulk Robot reported a KASAN report regarding a use-after-free issue: BUG: KASAN: use-after-free in listdelentryvalid+0x13d/0x160. A size 8 byte read at addres...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: nvmet: A possible leak has been fixed when destroying a ctrl during qp establishment. In nvmetsqdestroy, we capture sq-ctrl early. If it is not NULL, we know that a ctrl was allocated during the admin connect request handling. We...

EUVD-2026-27805

In the Linux kernel, the following vulnerability has been resolved: media: i2c/tw9906: Fix potential memory leak in tw9906probe In one of the error paths in tw9906probe, the memory allocated in v4l2ctrlhandlerinit and v4l2ctrlnewstd is not freed. Fix that by calling v4l2ctrlhandlerfree on the...

PT-2026-37586

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the tw9906 probe function. In a specific error path, memory allocated by v4l2 ctrl handler init and v4l2 ctrl new std is not properly released. Recommendations At...

CVE-2026-34461

Sandboxie-Plus

Astra Linux - уязвимость в linux-5.15

rpmsgvirtioaddctrldev in drivers/rpmsg/virtiorpmsgbus.c in the Linux kernel before 5.18.4 has a double free...

DEBIAN-CVE-2026-31655

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: Keep the NOCHDCP clock enabled Keep the NOCHDCP clock always enabled to fix the potential hang caused by the NoC ADB400 port power down handshake...

DEBIAN-CVE-2026-31557

In the Linux kernel, the following vulnerability has been resolved: nvmet: move async event work off nvmet-wq For target nvmetctrlfree flushes ctrl-asynceventwork. If nvmetctrlfree runs on nvmet-wq, the flush re-enters workqueue completion for the same worker:- A. Async event work queued on...

CVE-2026-31557

Summary of CVE-2026-31557 (Linux kernel) : The issue affects the NVMe over Fabrics target (nvmet/nvmet_rdma) where flushing an asynchronous-event work item on nvmet-wq can recurse the same worker, risking a deadlock and DoS. The root cause is a potential re-entrant lock when nvmet_ctrl_free() flu...

CVE-2026-31557 nvmet: move async event work off nvmet-wq

In the Linux kernel, the following vulnerability has been resolved: nvmet: move async event work off nvmet-wq For target nvmetctrlfree flushes ctrl-asynceventwork. If nvmetctrlfree runs on nvmet-wq, the flush re-enters workqueue completion for the same worker:- A. Async event work queued on...

PT-2026-34909

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A recursive locking issue exists in the nvmet component. When the nvmet ctrl free function flushes ctrl-async event work while running on the nvmet-wq workqueue, it causes the flush to...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of the nvmetctrlfree function to refresh asynceventwork on the nvmet-wq layer. This...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007314)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007314 advisory. In the Linux kernel, the following vulnerability has been resolved: nvme-fc: do not wait in vain when unloading module The module exit path has race between deleting...

CVE-2026-3608

Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2...