CVE-2026-35344 uutils coreutils dd Silent Data Corruption via Unconditional Truncation Error Suppression

The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directorie...

CVE-2026-35343

The cut utility in uutils coreutils incorrectly handles the -s only-delimited option when a newline character is specified as the delimiter. The implementation fails to verify the onlydelimited flag in the cutfieldsnewlinechardelim function, causing the utility to print non-delimited lines that...

CVE-2026-35341

The CVE-2026-35341 entry concerns uutils coreutils mkfifo. The vulnerability arises when mkfifo tries to create a FIFO but a file already exists at the target path; the operation for that path does not terminate and a follow-up set_permissions call executes, changing the existing file’s permissio...

CVE-2026-35339

The CVE-2026-35339 entry concerns the recursive mode (-R) of uutils coreutils chmod. Affected component: chmod in uutils coreutils. Issue: exit codes are determined by the last file processed, allowing an exit code of 0 despite prior errors (e.g., Operation not permitted). Impact: scripts relying...

CVE-2026-35339 uutils coreutils chmod False Success Exit Code in Recursive Mode

The recursive mode -R of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined solely by the success or failure of the last file processed. This allows the command to return an exit code of 0 success even if error...

EUVD-2026-24933

A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection...

EUVD-2026-24898

In the Linux kernel, the following vulnerability has been resolved: erofs: set fileio bio failed in short read case For file-backed mount, IO requests are handled by vfsiocbiterread. However, it can be interrupted by SIGKILL, returning the number of bytes actually copied. Unused folios in bio are...

EUVD-2026-24889

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix circular locking dependency in nciclosedevice nciclosedevice flushes rxwq and txwq while holding reqlock. This causes a circular locking dependency because ncirxwork running on rxwq can end up taking reqlock too:...

EUVD-2026-24897

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2capecredconnreq Syzbot reported a KASAN stack-out-of-bounds read in l2capbuildcmd that is triggered by a malformed Enhanced Credit Based Connection Request. The vulnerability...

EUVD-2026-24903

In the Linux kernel, the following vulnerability has been resolved: btrfs: set BTRFSROOTORPHANCLEANUP during subvol create We have recently observed a number of subvolumes with broken dentries. ls-ing the parent dir looks like: drwxrwxrwt 1 root root 16 Jan 23 16:49 . drwxr-xr-x 1 root root 24 Ja...

EUVD-2026-24833

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leaks and NULL deref in smb2lock smb2lock has three error handling issues after listdel detaches smblock from locklist at nocheckcl: 1 If vfslockfile returns an unexpected error in the non-UNLOCK path, goto out...

EUVD-2026-24815

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Fix double free in dma-buf feature The error path through vfiopcicorefeaturedmabuf ignores its own advice to only use dmabufput after dmabufexport, instead falling through the entire unwind chain. In the unlikely event...

EUVD-2026-24790

In the Linux kernel, the following vulnerability has been resolved: ext4: replace BUGON with proper error handling in ext4readinlinefolio Replace BUGON with proper error handling when inline data size exceeds PAGESIZE. This prevents kernel panic and allows the system to continue running while...

EUVD-2026-24767

In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix regmap init error handling devmregmapinitmmio returns an ERRPTR upon error, not NULL. Fix the error check and also fix the error message. Use the error code from ERRPTR instead of the wrong value in r...

CVE-2026-33595

A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection...

CVE-2026-31519

In the Linux kernel, the following vulnerability has been resolved: btrfs: set BTRFSROOTORPHANCLEANUP during subvol create We have recently observed a number of subvolumes with broken dentries. ls-ing the parent dir looks like: drwxrwxrwt 1 root root 16 Jan 23 16:49 . drwxr-xr-x 1 root root 24 Ja...

CVE-2026-31514

In the Linux kernel, the following vulnerability has been resolved: erofs: set fileio bio failed in short read case For file-backed mount, IO requests are handled by vfsiocbiterread. However, it can be interrupted by SIGKILL, returning the number of bytes actually copied. Unused folios in bio are...

CVE-2026-31490

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix use-after-free in migration restore When an error is returned from xesriovpfmigrationrestoreproduce, the data pointer is not set to NULL, which can trigger use-after-free in subsequent .write calls. Set the pointer...

CVE-2026-31477

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leaks and NULL deref in smb2lock smb2lock has three error handling issues after listdel detaches smblock from locklist at nocheckcl: 1 If vfslockfile returns an unexpected error in the non-UNLOCK path, goto out...

CVE-2026-31468

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Fix double free in dma-buf feature The error path through vfiopcicorefeaturedmabuf ignores its own advice to only use dmabufput after dmabufexport, instead falling through the entire unwind chain. In the unlikely event...