28168 matches found
CVE-2026-52959
In the Linux kernel, the following vulnerability has been resolved: virt: sev-guest: Do not use host-controlled page order in cleanup path When issuing an extended guest request SVMVMGEXITEXTGUESTREQUEST, getextreport allocates a buffer to retrieve a certificate blob from the host, keeping track ...
UBUNTU-CVE-2026-52987
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid double drmexecfini in userq validate When newaddition is true, amdgpuuserqvmvalidate calls drmexecfini&exec before iterating over the collected HMM ranges and calling amdgputtmttgetuserpages. If...
UBUNTU-CVE-2026-53079
In the Linux kernel, the following vulnerability has been resolved: netsched: fix skb memory leak in deferred qdisc drops When the network stack cleans up the deferred list via qdiscrunend, it operates on the root qdisc. If the root qdisc do not implement the TCQFDEQUEUEDROPS flag the packets que...
UBUNTU-CVE-2026-53028
In the Linux kernel, the following vulnerability has been resolved: usb: typec: Fix error pointer dereference The variable tps-partner is checked for an error pointer and then if it is, it sends an error message but does not return and then immediately dereferenced a few lines below: tps-partner ...
UBUNTU-CVE-2026-52964
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading...
UBUNTU-CVE-2026-53020
In the Linux kernel, the following vulnerability has been resolved: um: Fix potential race condition in TLB sync During the TLB sync, we need to traverse and modify the page table, so we should hold the page table lock. Since full SMP support for threads within the same process is still missing,...
UBUNTU-CVE-2026-52960
In the Linux kernel, the following vulnerability has been resolved: ceph: put folios not suitable for writeback The batch holds references to the folios see filemapgetfolios, foliobatchrelease, so we need to folioput the folios we remove. Tested on v6.18...
UBUNTU-CVE-2026-52988
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: join hook list via splicelistrcu in commit phase Publish new hooks in the list into the basechain/flowtable using splicelistrcu to ensure netlink dump list traversal via rcu is safe while concurrent ruleset...
UBUNTU-CVE-2026-53097
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix use-after-free bugs in mt7996macdumpwork When the mt7996 pci chip is detaching, the mt7996crashdata is released in mt7996coredumpunregister. However, the work item dumpwork may still be running or pending,...
UBUNTU-CVE-2026-52990
In the Linux kernel, the following vulnerability has been resolved: fsnotify: fix inode reference leak in fsnotifyrecalcmask fsnotifyrecalcmask fails to handle the return value of fsnotifyrecalcmask, which may return an inode pointer that needs to be released via fsnotifydropobject when the...
UBUNTU-CVE-2026-53090
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix ldabs,ind failure path analysis in subprogs Usage of ldabs,ind instructions got extended into subprogs some time ago via commit 09b28d76eac4 "bpf: Add abnormal return checks.". These are only allowed in subprograms when...
UBUNTU-CVE-2026-53089
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in offloaded map/prog info fill When querying info for an offloaded BPF map or program, bpfmapoffloadinfofillns and bpfprogoffloadinfofillns obtain the network namespace with getnetdevnetoffmap-netdev...
UBUNTU-CVE-2026-53010
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb2open during durable reconnect In smb2open, the call to ksmbdputdurablefdfp drops the reference to the durable file descriptor early during the durable reconnect process. If an error occurs...
UBUNTU-CVE-2026-52971
In the Linux kernel, the following vulnerability has been resolved: net: ena: PHC: Fix potential use-after-free in gettimestamp Move the phc-active check and resp pointer assignment to after acquiring the spinlock. Previously, phc-active was checked without holding the lock, and resp was cached...
UBUNTU-CVE-2026-53092
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix linked reg delta tracking when srcreg == dstreg Consider the case of rX += rX where srcreg and dstreg are pointers to the same bpfregstate in adjustregminmaxvals. The latter first modifies the dstreg in-place, and later ...
UBUNTU-CVE-2026-53117
In the Linux kernel, the following vulnerability has been resolved: s390/cio: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which can...
UBUNTU-CVE-2026-53120
In the Linux kernel, the following vulnerability has been resolved: PCI: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which can cause ...
UBUNTU-CVE-2026-53119
In the Linux kernel, the following vulnerability has been resolved: platform/wmi: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which c...
UBUNTU-CVE-2026-52959
In the Linux kernel, the following vulnerability has been resolved: virt: sev-guest: Do not use host-controlled page order in cleanup path When issuing an extended guest request SVMVMGEXITEXTGUESTREQUEST, getextreport allocates a buffer to retrieve a certificate blob from the host, keeping track ...
UBUNTU-CVE-2026-53085
In the Linux kernel, the following vulnerability has been resolved: bpf: fix mm lifecycle in open-coded taskvma iterator The open-coded taskvma iterator reads task-mm locklessly and acquires mmapreadtrylock but never calls mmget. If the task exits concurrently, the mmstruct can be freed as it is...