PCTCore64.sys Windows kernel driver contains missing access control vulnerability

Overview The PCTCore64.sys Windows kernel driver from PC Tools Internet Security exposes its \.\PCTCoreDriver device interface with no access control, allowing any user-mode process to interact with the driver and invoke privileged IOCTL I/O Control commands. In a Bring Your Own Vulnerable Driver...

CVE-2026-46205 staging: media: atomisp: Disallow all private IOCTLs

In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Disallow all private IOCTLs Disallow all private IOCTLs. These aren't quite as safe as one could assume of IOCTL handlers; disable them for now. Instead of removing the code, return in the beginning of th...

CVE-2026-43338

A flaw was found in the Linux kernel's Btrfs filesystem. The qgroup ioctls input/output control system calls for quota groups do not reserve sufficient transaction space. A local user can exploit this by performing specific qgroup operations, which can lead to a transaction abort and result in a...

SUSE CVE-2026-43338

In the Linux kernel, the following vulnerability has been resolved: btrfs: reserve enough transaction items for qgroup ioctls Currently our qgroup ioctls don't reserve any space, they just do a transaction join, which does not reserve any space, neither for the quota tree updates nor for the...

EUVD-2026-28622

In the Linux kernel, the following vulnerability has been resolved: btrfs: reserve enough transaction items for qgroup ioctls Currently our qgroup ioctls don't reserve any space, they just do a transaction join, which does not reserve any space, neither for the quota tree updates nor for the...

CVE-2026-43403

In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for ns iteration ioctls Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces...

UBUNTU-CVE-2026-43403

In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for ns iteration ioctls Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces...

CVE-2026-43403 nsfs: tighten permission checks for ns iteration ioctls

In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for ns iteration ioctls Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces...

CVE-2026-43338

In the Linux kernel, the following vulnerability has been resolved: btrfs: reserve enough transaction items for qgroup ioctls Currently our qgroup ioctls don't reserve any space, they just do a transaction join, which does not reserve any space, neither for the quota tree updates nor for the...

CVE-2026-43338

In the Linux kernel, the following vulnerability has been resolved: btrfs: reserve enough transaction items for qgroup ioctls Currently our qgroup ioctls don't reserve any space, they just do a transaction join, which does not reserve any space, neither for the quota tree updates nor for the...

PT-2026-37043

Name of the Vulnerable Software and Affected Versions Realtek rtl819x Jungle SDK versions prior to v3.4.14B Description The rtl8192cd Wi-Fi kernel driver fails to perform access control checks on the write mem ioctl 0x89F5 and read mem ioctl 0x89F6 debug handlers. These handlers are included in...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

A memory leak flaw, along with potential division by zero and integer overflow issues, have been detected in the Linux kernel’s V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as the VIDIOCSDVTIMINGS ioctl. This could allow a local user to crash the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: pidfs: validate extensible ioctls Validate extensible ioctls stricter than we do now...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

A flaw was discovered in the Linux kernel. A denial-of-service attack may occur if a consecutive request for NVMEIOCTLRESET and NVMEIOCTLSUBSYSRESET is made through the device file of the driver, resulting in a disconnection of the PCIe link...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fixed race conditions between concurrent hwparams and hwfree calls Currently, we do not have any proper checks or protections against concurrent calls to hwparams and hwfree ioctls, which may lead to a Use-After-Free...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: comedi: check device's attached status in compat ioctls Syzbot identified an issue 1 that crashes kernel, seemingly due to unexistent callback dev-getvalidroutes. By all means, this should not occur as said callback must always b...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003661)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003661 advisory. In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setupformatparams division-by-zero. Two consecutive ioctls can trigger the bug...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000753)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000753 advisory. Multiple heap-based buffer overflows in the hiddevioctlusage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001018)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001018 advisory. arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004319)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004319 advisory. A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use th...