CVE-2026-31714

The CVE-2026-31714 issue affects the Linux kernel F2FS component, where a memory leak occurs in f2fs_rename() due to an unpaired call to f2fs_free_filename() after f2fs_setup_filename() was added in commit 40b2d55e0452. Exploitation details are local (AV:L/AC:L) with a high availability impact (A...

PT-2026-36425

In the Linux kernel, the following vulnerability has been resolved: gpio: qixis-fpga: Fix error handling for devm regmap init mmio devm regmap init mmio returns an ERR PTR on failure, not NULL. The original code checked for NULL which would never trigger on error, potentially leading to an invali...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the failure to properly clean up the userspace infrastructure when force-feed initialization fails in the...

PT-2026-36472

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the target core file component, the aio cmd structure does not properly initialize the iocb for the ki write stream. During the execution of a write command via the fd execute rw aio...

PT-2026-36410

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Don't enumerate SPDIF1 at DAIO initialization The recent refactoring of xfi driver changed the assignment of atc-daios at atc get resources; now it loops over all enum DAIOTYP entries while it looped formerly only a...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper timing of list initialization and spinlock operations in fhid, potentially leading to li...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an inconsistent state of the usb cdns3 gadget driver upon initialization failure, which could lead to...

PT-2026-36466

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free UAF issue exists in the logitech-hidpp module during the probing of the Logitech G920 Driving Force Racing Wheel for Xbox One. If force feedback initialisation fails, an...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect enumeration of the SPDIF1 type during DAIO initialization in the ALSA ctxfi driver, which could...

PT-2026-36356

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the USB gadget HID function where list and spinlock initializations were performed during the bind process. Specifically, queues registered via poll wait were...

PT-2026-36344

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the f2fs file system. The issue occurs within the f2fs rename function due to a call to f2fs setup filename that lacks a corresponding call to f2fs free filename,...

CVE-2026-31693

In the Linux kernel, the following vulnerability has been resolved: cifs: some missing initializations on replay In several places in the code, we have a label to signify the start of the code where a request can be replayed if necessary. However, some of these places were missing the necessary...

CVE-2026-31693

CVE-2026-31693 affects the Linux kernel CIFS implementation. The issue arises when replaying a request: certain local variables were not reinitialized after a replay label, which can cause unpredictable behavior and potentially denial of service or instability. The vulnerability is limited to the...

CVE-2026-31693

In the Linux kernel, the following vulnerability has been resolved: cifs: some missing initializations on replay In several places in the code, we have a label to signify the start of the code where a request can be replayed if necessary. However, some of these places were missing the necessary...

EUVD-2026-26367

In the Linux kernel, the following vulnerability has been resolved: cifs: some missing initializations on replay In several places in the code, we have a label to signify the start of the code where a request can be replayed if necessary. However, some of these places were missing the necessary...

CVE-2026-31693 cifs: some missing initializations on replay

In the Linux kernel, the following vulnerability has been resolved: cifs: some missing initializations on replay In several places in the code, we have a label to signify the start of the code where a request can be replayed if necessary. However, some of these places were missing the necessary...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper initialization of certain local variables during replay requests, potentially leading to...

PT-2026-36090

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the CIFS Common Internet File System component, certain local variables were not properly reinitialized before a request was replayed. This occurred in several code locations where...

Malicious code in npm-global-util (npm)

Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...

CVE-2026-24222

NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host environment variables not properly restricted during sandb...