EUVD-2026-27733

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix post open error handling Closing a queue doesn't guarantee that all associated page pools are terminated right away, let the refcounting do the work instead of releasing the zcrx ctx directly...

EUVD-2026-27739

In the Linux kernel, the following vulnerability has been resolved: media: ipu6: Fix RPM reference leak in probe error paths Several error paths in ipu6pciprobe were jumping directly to outipu6busdeldevices without releasing the runtime PM reference. Add pmruntimeputsync before cleaning up other...

EUVD-2026-27730

In the Linux kernel, the following vulnerability has been resolved: EFI/CPER: don't dump the entire memory region The current logic at cperprintfwerr doesn't check if the error record length is big enough to handle offset. On a bad firmware, if the ofset is above the actual record, length -= offs...

EUVD-2026-27706

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix potential kernel oops when probe fails When probe of the sdio brcmfmac device fails for some reasons i.e. missing firmware, the sdiodev-bus is set to error instead of NULL, thus the cleanup later in...

EUVD-2026-27714

In the Linux kernel, the following vulnerability has been resolved: Revert "media: iris: Add sanity check for stop streaming" This reverts commit ad699fa78b59241c9d71a8cafb51525f3dab04d4. Revert the check that skipped stopstreaming when the instance was in IRISINSTERROR, as it caused multiple...

EUVD-2026-27709

In the Linux kernel, the following vulnerability has been resolved: perf/arm-cmn: Reject unsupported hardware configurations So far we've been fairly lax about accepting both unknown CMN models at least with a warning, and unknown revisions of those which we do know, as although things do...

EUVD-2026-27698

In the Linux kernel, the following vulnerability has been resolved: xfrm6: fix uninitialized saddr in xfrm6getsaddr xfrm6getsaddr does not check the return value of ipv6devgetsaddr. When ipv6devgetsaddr fails to find a suitable source address returns -EADDRNOTAVAIL, saddr-in6 is left uninitialize...

EUVD-2026-27697

In the Linux kernel, the following vulnerability has been resolved: media: cx23885: Add missing unmap in sndcx23885hwparams In error path, add cx23885alsadmaunmap to release the resource acquired by cx23885alsadmamap...

EUVD-2025-209678

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle attrsetsize errors when truncating files If attrsetsize fails while truncating down, the error is silently ignored and the inode may be left in an inconsistent state...

EUVD-2025-209665

HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic, and environment configurations...

EUVD-2026-27629

In the Linux kernel, the following vulnerability has been resolved: x86: shadow stacks: proper error handling for mmap lock 김영민 reports that shstkpopsigframe doesn't check for errors from mmapreadlockkillable, which is a silly oversight, and also shows that we haven't marked those functions with...

EUVD-2026-27604

In the Linux kernel, the following vulnerability has been resolved: PCI: hv: Fix double idafree in hvpciprobe error path If hvpciprobe fails after storing the domain number in hbus-bridge-domainnr, there is a call to free this domainnr via pcibusreleaseemuldomainnr, however, during cleanup, the...

EUVD-2026-27614

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Fix memory leak in airohaqdmarxprocess If an error occurs on the subsequents buffers belonging to the non-linear part of the skb e.g. due to an error in the payload length reported by the NIC or if we consumed all th...

EUVD-2026-27626

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pd-mapper: Fix element length in servreglocpfrreqei It looks element length declared in servreglocpfrreqei for reason not matching servreglocpfrreq's reason field due which we could observe decoding error on PD crash...

EUVD-2026-27578

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: make hash table per queue Sharing a global hash table among all queues is tempting, but it can cause crash: BUG: KASAN: slab-use-after-free in nfqnlrecvverdict+0x11ac/0x15e0 nfnetlinkqueue...

EUVD-2026-27624

In the Linux kernel, the following vulnerability has been resolved: xfrm: account XFRMAIFID in aevent size calculation xfrmgetae allocates the reply skb with xfrmaeventmsgsize, then buildaevent appends attributes including XFRMAIFID when x-ifid is set. xfrmaeventmsgsize does not include space for...

EUVD-2026-27608

In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: fix null-ptr-deref in icmpbuildprobe ipv6stub-ipv6devfind may return ERRPTR-EAFNOSUPPORT when the IPv6 stack is not active CONFIGIPV6=m and not loaded, and passing this error pointer to devhold will cause a kernel cra...

EUVD-2026-27582

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix NULL deref in ipvsaddservice error path When ipvsbindscheduler succeeds in ipvsaddservice, the local variable sched is set to NULL. If ipvsstartestimator subsequently fails, the outerr cleanup calls...

CVE-2026-43277

In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ensure that won't go past CPER allocated record The logic at ghesnew prevents allocating too large records, by checking if they're bigger than GHESESTATUSMAXSIZE currently, 64KB. Yet, the allocation is done with the...

CVE-2026-43283

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ecbhf: Fix dmafreecoherent dma handle dmafreecoherent in error path takes priv-rxbuf.alloclen as the dma handle. This would lead to improper unmapping of the buffer. Change the dma handle to priv-rxbuf.allocphys...