CVE-2026-46294

In the Linux kernel, the following vulnerability has been resolved: dm: fix a buffer overflow in ioctl processing Tony Asleson using Claude found a buffer overflow in dm-ioctl in the function retrievestatus: 1. The code in retrievestatus checks that the output string fits into the output buffer a...

PCTCore64.sys Windows kernel driver contains missing access control vulnerability

Overview The PCTCore64.sys Windows kernel driver from PC Tools Internet Security exposes its \.\PCTCoreDriver device interface with no access control, allowing any user-mode process to interact with the driver and invoke privileged IOCTL I/O Control commands. In a Bring Your Own Vulnerable Driver...

CVE-2026-46205 staging: media: atomisp: Disallow all private IOCTLs

In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Disallow all private IOCTLs Disallow all private IOCTLs. These aren't quite as safe as one could assume of IOCTL handlers; disable them for now. Instead of removing the code, return in the beginning of th...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fixed race conditions between concurrent hwparams and hwfree calls Currently, there are no proper checks or protections against concurrent calls to hwparams and hwfree ioctls, which may lead to a Use-After-Free error...

Astra Linux - уязвимость в linux-5.10, linux

A memory leak flaw, along with potential division by zero and integer overflow issues, have been detected in the Linux kernel’s V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as the VIDIOCSDVTIMINGS ioctl. This could allow a local user to crash the...

Astra Linux - уязвимость в linux-5.10, linux

A flaw was discovered in the Linux kernel. A denial-of-service attack may occur if a consecutive request for NVMEIOCTLRESET and NVMEIOCTLSUBSYSRESET is made through the device file of the driver, resulting in a disconnection of the PCIe link...

CVE-2026-43338

A flaw was found in the Linux kernel's Btrfs filesystem. The qgroup ioctls input/output control system calls for quota groups do not reserve sufficient transaction space. A local user can exploit this by performing specific qgroup operations, which can lead to a transaction abort and result in a...

SUSE CVE-2026-43338

In the Linux kernel, the following vulnerability has been resolved: btrfs: reserve enough transaction items for qgroup ioctls Currently our qgroup ioctls don't reserve any space, they just do a transaction join, which does not reserve any space, neither for the quota tree updates nor for the...

EUVD-2026-28622

In the Linux kernel, the following vulnerability has been resolved: btrfs: reserve enough transaction items for qgroup ioctls Currently our qgroup ioctls don't reserve any space, they just do a transaction join, which does not reserve any space, neither for the quota tree updates nor for the...

CVE-2026-43403

In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for ns iteration ioctls Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces...

UBUNTU-CVE-2026-43403

In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for ns iteration ioctls Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces...

CVE-2026-43403 nsfs: tighten permission checks for ns iteration ioctls

In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for ns iteration ioctls Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces...

CVE-2026-43338

In the Linux kernel, the following vulnerability has been resolved: btrfs: reserve enough transaction items for qgroup ioctls Currently our qgroup ioctls don't reserve any space, they just do a transaction join, which does not reserve any space, neither for the quota tree updates nor for the...

CVE-2026-43338

In the Linux kernel, the following vulnerability has been resolved: btrfs: reserve enough transaction items for qgroup ioctls Currently our qgroup ioctls don't reserve any space, they just do a transaction join, which does not reserve any space, neither for the quota tree updates nor for the...

PT-2026-37043

Name of the Vulnerable Software and Affected Versions Realtek rtl819x Jungle SDK versions prior to v3.4.14B Description The rtl8192cd Wi-Fi kernel driver fails to perform access control checks on the write mem ioctl 0x89F5 and read mem ioctl 0x89F6 debug handlers. These handlers are included in...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: “comedi”: checking the attached status of devices in compatible IOCTLs. Syzbot identified a issue 1 that causes the kernel to crash, seemingly due to the absence of the callback dev-getvalidroutes. This should never happen, as th...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: pidfs: validate extensible ioctls. The validation of extensible ioctls is performed more strictly than currently practiced...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003579)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003579 advisory. In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setupformatparams division-by-zero. Two consecutive ioctls can trigger the bug...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004319)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004319 advisory. A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use th...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003661)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003661 advisory. In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setupformatparams division-by-zero. Two consecutive ioctls can trigger the bug...