CVE-2026-31468 vfio/pci: Fix double free in dma-buf feature

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Fix double free in dma-buf feature The error path through vfiopcicorefeaturedmabuf ignores its own advice to only use dmabufput after dmabufexport, instead falling through the entire unwind chain. In the unlikely event...

CVE-2026-31468

CVE-2026-31468 affects the Linux kernel vfio/pci dma-buf feature. The issue is an error-path handling bug in vfio_pci_core_feature_dma_buf() that can cause an unbalanced refcount and a double free under certain conditions (e.g., file descriptor exhaustion). The documented fix moves the dma_buf_pu...

CVE-2026-31451 ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio

In the Linux kernel, the following vulnerability has been resolved: ext4: replace BUGON with proper error handling in ext4readinlinefolio Replace BUGON with proper error handling when inline data size exceeds PAGESIZE. This prevents kernel panic and allows the system to continue running while...

CVE-2026-31451

CVE-2026-31451: In the Linux kernel ext4_read_inline_folio, BUG_ON was replaced with proper error handling when inline data size exceeds PAGE_SIZE. The fix prevents kernel panics, logs the filesystem corruption via ext4_error_inode(), releases the buffer head to avoid leaks, and returns -EFSCORRU...

CVE-2026-31446 ext4: fix use-after-free in update_super_work when racing with umount

In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in updatesuperwork when racing with umount Commit b98535d09179 "ext4: fix bugon in startthishandle during umount filesystem" moved ext4unregistersysfs before flushing ssbupdwork to prevent new error work...

CVE-2026-31446

CVE-2026-31446 is a Linux kernel/ext4 vulnerability describing a use-after-free in update_super_work during unmount races. The root cause: update_super_work calls ext4_notify_error_sysfs() -> sysfs_notify() after ext4_unregister_sysfs() frees the kobject, leading to a stale kernfs_node access....

CVE-2026-31443

CVE-2026-31443 : Linux kernel, dmaengine: idxd driver fix. When hardware does not support event logging and a Function Level Reset (FLR) occurs, the driver previously attempted to restore the event log even if it was never allocated, and may crash. The fix ensures the event log is only freed if i...

CVE-2026-31443 dmaengine: idxd: Fix crash when the event log is disabled

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix crash when the event log is disabled If reporting errors to the event log is not supported by the hardware, and an error that causes Function Level Reset FLR is received, the driver will try to restore the...

CVE-2026-31439

The CVE-2026-31439 entry refers to a Linux kernel issue in dmaengine: xilinx: xdma, where devm_regmap_init_mmio could return an ERR_PTR and the error handling/ messaging were incorrect. The description and connected advisories confirm this is a kernel regression/fix in the regmap init path, with ...

CVE-2026-31439 dmaengine: xilinx: xdma: Fix regmap init error handling

In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix regmap init error handling devmregmapinitmmio returns an ERRPTR upon error, not NULL. Fix the error check and also fix the error message. Use the error code from ERRPTR instead of the wrong value in r...

CVE-2026-33595 DoQ/DoH3 excessive memory allocation

A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection...

CVE-2026-33595 DoQ/DoH3 excessive memory allocation

A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection...

CVE-2026-33595

The connected documents independently confirm CVE-2026-33595 affects PowerDNS DNSdist, describing a flaw where a client can trigger excessive memory allocation by generating many error responses over a single DoQ/DoH3 connection, with resources not released until connection end. This is the state...

EUVD-2026-24618

Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incorrect copy length and memory corruption for oversized tensors. Affected version is prior to commit 1.30.0...

kernel: macvlan: fix error recovery in macvlan_common_newlink()

A use-after-free vulnerability was found in the macvlan driver. When creating a macvlan interface in source mode fails after the source MAC has been added to the hash table e.g., due to an invalid interface name, the hash entry still references the freed netdevice structure. Subsequent packets...

CVE-2026-41667

Technical details about CVE-2026-41667 are not provided in the supplied documents. The description notes an integer overflow in Samsung ONE’s constant tensor data size calculation affecting large constant nodes, with affected versions prior to commit 1.30.0; monitor for updates.

Exploit for Origin Validation Error in Apache Airflow_Providers_Amazon

CVE-2026-25604 PoC Host Header Injection leading to SAML au...

EUVD-2026-24550

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and validation error...

EUVD-2026-24513

KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there is an error in the mechanism KUniqueService for ensuring that only one instance is running...

kernel: kernel: Privilege escalation or denial of service via use-after-free in nf_tables_addchain()

A flaw was found in the Linux kernel. A local attacker with CAPNETADMIN capabilities, or remote packet traffic, could exploit a use-after-free vulnerability in the nftablesaddchain function's error handling. Successful exploitation could lead to a kernel crash, resulting in a Denial of Service Do...