CVE-2026-45858

CVE-2026-45858 affects the Linux kernel ext4 code. The issue occurs when allocating initialized blocks from a large unwritten extent or splitting an unwritten extent during end I/O, potentially leaving stale data if a split happens in the middle. The problem centers on ext4_split_extent() splitti...

CVE-2026-45852 RDMA/rxe: Fix double free in rxe_srq_from_init

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix double free in rxesrqfrominit In rxesrqfrominit, the queue pointer 'q' is assigned to 'srq-rq.queue' before copying the SRQ number to user space. If copytouser fails, the function calls rxequeuecleanup to free the...

CVE-2025-71307

CVE-2025-71307 affects the Linux kernel’s DRM panthor path. The vulnerability arises in panthor_fw_unplug() where the MCU halt-and-wait sequence could dereference a NULL pointer if the MCU is in an unexpected state or the firmware is not loaded/initialized. The patch removes the MCU halt/wait dur...

SUSE CVE-2024-12289

Boundary Community Edition and Boundary Enterprise “Boundary” incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary...

Insecure Default Initialization of Resource

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Insecure Default Initialization of Resource in the Context.spawn function. An attacker can access prototype-chain properties of objects...

PT-2026-43915

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: fix usb dev refcount leak on probe failure create card takes a reference on the USB device with usb get dev and stores the matching usb put dev in card free, which is installed as the snd card's -private free...

PT-2026-43844

In the Linux kernel, the following vulnerability has been resolved: fbnic: close fw log race between users and teardown Fixes a theoretical race on fw log between the teardown path and fw log write functions. fw log is written inside fbnic fw log write and can be reached from the mailbox handler...

PT-2026-43828

In the Linux kernel, the following vulnerability has been resolved: gfs2: fix memory leaks in gfs2 fill super error path Fix two memory leaks in the gfs2 fill super error handling path when transitioning a filesystem to read-write mode fails. First leak: kthread objects thread struct, task struct...

PT-2026-43780

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mcast: always update mdb n entries for vlan contexts syzbot triggered a warning1 about the number of mdb entries in a context. It turned out that there are multiple ways to trigger that warning today some got added...

PT-2026-43843

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix memory leak in amdgpu ras init When amdgpu nbio ras sw init fails in amdgpu ras init, the function returns directly without freeing the allocated con structure, leading to a memory leak. Fix this by jumping to the...

PT-2026-43969

In the Linux kernel, the following vulnerability has been resolved: netfilter: reject zero shift in nft bitwise Reject zero shift operands for nft bitwise left and right shift expressions during initialization. The carry propagation logic computes the carry from the adjacent 32-bit word using BIT...

CVE-2026-45926

rust: pwm: Fix potential memory leak on init error...

CVE-2025-71311

fs/ntfs3: Initialize new folios before use...

PT-2026-43756

In the Linux kernel, the following vulnerability has been resolved: mptcp: do not account for OoO in mptcp rcvbuf grow MPTCP-level OoOs are physiological when multiple subflows are active concurrently and will not cause retransmissions nor are caused by drops. Accounting for them in mptcp rcvbuf...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure of the PWM chip initialization in rust/pwm. As a result of this failure, the allocated...

CVE-2026-45852

RDMA/rxe: Fix double free in rxesrqfrominit...

PT-2026-43693

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Initialize new folios before use KMSAN reports an uninitialized value in longest match std, invoked from ntfs compress write. When new folios are allocated without being marked uptodate and ni read frame is skipped...

EUVD-2026-31926

NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU MIG partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. A successful exploit of this...

CVE-2026-24197

NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU MIG partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. A successful exploit of this...

CVE-2026-24197

CVE-2026-24197 affects NVIDIA’s Linux GPU Display Driver, specifically the Multi-Instance GPU (MIG) partition management. The issue is an insecure default initialization of memory subsystem routing resources, which can cause data corruption or a hang during MIG partition reconfiguration. A succes...