27998 matches found
EUVD-2026-28762
In the Linux kernel, the following vulnerability has been resolved: bonding: fix type confusion in bondsetupbyslave kernel BUG at net/core/skbuff.c:2306! Oops: invalid opcode: 0000 1 SMP KASAN NOPTI RIP: 0010:pskbexpandhead+0xa08/0xfe0 net/core/skbuff.c:2306 RSP: 0018:ffffc90004aff760 EFLAGS:...
EUVD-2026-28699
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix chunk map leak in btrfsmapblock after btrfschunkmapnumcopies Fix a chunk map leak in btrfsmapblock: if we return early with -EINVAL, we're not freeing the chunk map that we've just looked up...
CVE-2026-43434
In the Linux kernel, the following vulnerability has been resolved: rustbinder: check ownership before using vma When installing missing pages or zapping them, Rust Binder will look up the vma in the mm by address, and then call vminsertpage or zappagerangesingle. However, if the vma is closed an...
UBUNTU-CVE-2026-43380
In the Linux kernel, the following vulnerability has been resolved: hwmon: pmbus/q54sj108a2 fix stack overflow in debugfs read The q54sj108a2debugfsread function suffers from a stack buffer overflow due to incorrect arguments passed to bin2hex. The function currently passes 'data' as the...
CVE-2026-43455
In the Linux kernel, the following vulnerability has been resolved: mctp: route: hold key-lock in mctpflowprepareoutput mctpflowprepareoutput checks key-dev and may call mctpdevsetkey, but it does not hold key-lock while doing so. mctpdevsetkey and mctpdevreleasekey are annotated with...
UBUNTU-CVE-2026-43382
In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid double-rtnllock ELP metric worker batadvvelpgetthroughput might be called when the RTNL lock is already held. This could be problematic when the work queue item is cancelled via canceldelayedworksync in...
UBUNTU-CVE-2026-43429
In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Use usbbulkmsgkillable with user-specified timeouts The usbtmc driver accepts timeout values specified by the user in an ioctl command, and uses these timeouts for some usbbulkmsg calls. Since the user can specify...
UBUNTU-CVE-2026-43362
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2write SMB2write places write payload in iov1..n as part of rqiov. smb3inittransformrq pointer-shares rqiov, so cryptmessage encrypts iov1 in-place, replacing the original...
UBUNTU-CVE-2026-43389
In the Linux kernel, the following vulnerability has been resolved: mm: memfdluo: always dirty all folios A dirty folio is one which has been written to. A clean folio is its opposite. Since a clean folio has no user data, it can be freed under memory pressure. memfd preservation with LUO saves t...
CVE-2026-43474
CVE-2026-43474 concerns the Linux kernel’s fuse filesystem. A local uninitialized-value bug was reported in fuse_fileattr_get, triggered when calling vfs_fileattr_get, due to not initializing flags_valid before the call. The issue is resolved by initializing the kernel’s internal file_kattr struc...
CVE-2026-43464 net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ XDP multi-buf programs can modify the layout of the XDP buffer when the program calls bpfxdppulldata or bpfxdpadjusttail. The referenced commit in the fixes tag correct...
CVE-2026-43443 ASoC: amd: acp-mach-common: Add missing error check for clock acquisition
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp-mach-common: Add missing error check for clock acquisition The acpcardrt5682init and acpcardrt5682sinit functions did not check the return values of clkget. This could lead to a kernel crash when the invalid pointe...
CVE-2026-43434
CVE-2026-43434 (Linux kernel, rust_binder) : A vulnerability in the rust_binder component can occur during page installation or zap_page_range operations. If a VMA at a given address is closed and replaced, rust_binder may look up and use the wrong VMA, potentially allowing writes to normally rea...
CVE-2026-43434 rust_binder: check ownership before using vma
In the Linux kernel, the following vulnerability has been resolved: rustbinder: check ownership before using vma When installing missing pages or zapping them, Rust Binder will look up the vma in the mm by address, and then call vminsertpage or zappagerangesingle. However, if the vma is closed an...
CVE-2026-43428
CVE-2026-43428 affects the Linux kernel USB core. The vulnerability arises from usb_control_msg(), usb_bulk_msg(), and usb_interrupt_msg() allowing unbounded, uninterruptible timeouts, which could hang a task indefinitely. The fix enforces a maximum timeout of 60 seconds and treats negative timeo...
CVE-2026-43387 staging: rtl8723bs: properly validate the data in rtw_get_ie_ex()
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: properly validate the data in rtwgetieex Just like in commit 154828bf9559 "staging: rtl8723bs: fix out-of-bounds read in rtwgetie parser", we don't trust the data in the frame so we should check the length...
CVE-2026-43371 net: macb: Shuffle the tx ring before enabling tx
In the Linux kernel, the following vulnerability has been resolved: net: macb: Shuffle the tx ring before enabling tx Quanyang observed that when using an NFS rootfs on an AMD ZynqMp board, the rootfs may take an extended time to recover after a suspend. Upon investigation, it was determined that...
CVE-2026-43370
The CVE-2026-43370 issue affects the Linux kernel DRM/AMDGPU subsystem, specifically a use-after-free race in VM acquisition. Root cause: a non-atomic vm->process_info assignment could race when parent and child processes sharing a drm_file both attempt to acquire the same VM after fork(). The...
CVE-2026-43366
Summary: CVE-2026-43366 affects the Linux kernel’s io_uring/kbuf recycling path. A gap existed between when a buffer was grabbed and when it could be recycled; if the target list is empty, it could be upgraded to a ring-provided type without proper validation. The issue arises from missing checks...
CVE-2026-43333
In the Linux kernel, the following vulnerability has been resolved: bpf: reject direct access to nullable PTRTOBUF pointers checkmemaccess matches PTRTOBUF via basetype which strips PTRMAYBENULL, allowing direct dereference without a null check. Map iterator ctx-key and ctx-value are PTRTOBUF |...