CVE-2026-46242 eventpoll: fix ep_remove struct eventpoll / struct file UAF

In the Linux kernel, the following vulnerability has been resolved: eventpoll: fix epremove struct eventpoll / struct file UAF epremove via epremovefile cleared file-fep under file-flock but then kept using @file inside the critical section isfileepoll, hlistdelrcu through the head, spinunlock. A...

UBUNTU-CVE-2026-46145

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rxhashkeylen Sashiko points out that rxhashkeylen comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to trash kernel memory. Bounds check it so the memcpy cannot overflow...

CVE-2026-43084

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: make hash table per queue Sharing a global hash table among all queues is tempting, but it can cause crash: BUG: KASAN: slab-use-after-free in nfqnlrecvverdict+0x11ac/0x15e0 nfnetlinkqueue...

CVE-2026-43085

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinklog: initialize nfgenmsg in NLMSGDONE terminator When batching multiple NFLOG messages inst-qlen 1, nfulnlsend appends an NLMSGDONE terminator with sizeofstruct nfgenmsg payload via nlmsgput, but never...

SUSE CVE-2026-31698

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed When retrieving the PDH cert, don't attempt to copy the blobs to userspace if the firmware command failed. If the failure was due to an invalid length...

CVE-2026-31699

Technical details about CVE-2026-31699 are not publicly available in the provided documents. Monitor for updates from OSV, Red Hat, SUSE, Debian and other trackers for affected products and fixes.

CVE-2026-31699 crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed When retrieving the PEK CSR, don't attempt to copy the blob to userspace if the firmware command failed. If the failure was due to an invalid length, i.e...

EUVD-2026-26508

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed When retrieving the PEK CSR, don't attempt to copy the blob to userspace if the firmware command failed. If the failure was due to an invalid length, i.e...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the skbkfreehead function potentially releasing objects allocated with KFENCE to the wrong cache,...

PT-2026-33746

In the Linux kernel, the following vulnerability has been resolved: net: skb: fix cross-cache free of KFENCE-allocated skb head SKB SMALL HEAD CACHE SIZE is intentionally set to a non-power-of-2 value e.g. 704 on x86 64 to avoid collisions with generic kmalloc bucket sizes. This ensures that skb...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Correct devm device reference for hidinput inputdev name CVE-2023-54207 In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential null-ptr-deref in deviceadd...

kernel: ipv6: Fix out-of-bounds access in ipv6_find_tlv()

An out of bounds OOB memory access flaw was found in the Linux kernel's ipv6 network subsystem. This could allow a local attacker to crash the system or leak kernel internal information...

CVE-2023-54210

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Avoid use-after-free in dbg for hciremoveadvmonitor KASAN reports that there's a use-after-free in hciremoveadvmonitor. Trawling through the disassembly, you can see that the complaint is from the access in...

CVE-2022-50666

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix QP destroy to wait for all references dropped. Delay QP destroy completion until all siw references to QP are dropped. The calling RDMA core will free QP structure after successful return from siwqpdestroy call, so...

EUVD-2025-150369

In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid potential out-of-bounds in btrfsencodefh The function btrfsencodefh does not properly account for the three cases it handles. Before writing to the file handle fh, the function only returns to the user...

Linux Distros Unpatched Vulnerability : CVE-2025-40064

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smc: Fix use-after-free in pnetfindbasendev. syzbot reported use-after-free of netdevice in pnetfindbasendev, which was called during connect. 0...

PT-2025-52920

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the ntfs3 module related to uninitialized buffers allocated by the getname function. This issue can lead to uninitialized errors after buffer...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986814)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986814 advisory. In the Linux kernel, the following vulnerability has been resolved: watchqueue: Fix filter limit check In watchqueuesetfilter, there are a couple of places where we...

CVE-2022-50480 memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe()

In the Linux kernel, the following vulnerability has been resolved: memory: pl353-smc: Fix refcount leak bug in pl353smcprobe The break of foreachavailablechildofnode needs a corresponding ofnodeput when the reference 'child' is not used anymore. Here we do not need to call ofnodeput in fail path...

CVE-2022-50323

CVE-2022-50323 (Linux kernel) : The vulnerability stems from skb_append_pagefrags() sensing pfmemalloc status for pages owned by user space, triggering a data race reported by KCSAN in the swap/LRU paths. The fix/mitigation is to stop sensing pfmemalloc status for these pages and to use skb_fill_...