CVE-2026-53128

A flaw was found in the Linux kernel's drbd component. Specifically, an imbalance in RCU Read-Copy Update calls within the drbdadmdumpdevices function could occur, where rcureadlock was not properly invoked before rcureadunlock. This concurrency issue, identified by a thread-safety analyzer, may...

CVE-2026-53127

A flaw was found in the Linux kernel's block subsystem. This vulnerability allows for a memory leak when zone revalidation fails, specifically when blkrevalidatediskzones encounters an error after memory has been allocated for zonescond. This can lead to resource exhaustion, potentially resulting...

CVE-2026-53126

A flaw was found in the Linux kernel's blk-cgroup component. This vulnerability occurs due to a missing disk reference release on an error path within the blkcgmaybethrottlecurrent function. When certain lookups or gets fail, the disk reference acquired is not properly freed. This oversight can...

CVE-2026-52944

A flaw was found in the Linux kernel's ksmbd component. This vulnerability allows a client to bypass intended permission restrictions by using the FSCTLSETSPARSE operation. Specifically, a client on a read-only share can modify a file's sparse attribute, and clients on writable shares can modify...

CVE-2026-53100

A flaw was found in the Linux kernel's mt76 wireless driver. This vulnerability occurs in the remain-on-channel functionality, where the mt76remainonchannel and mt76roccomplete functions attempt to acquire a mutex that is already held. This improper handling of the device mutex can lead to a syst...

CVE-2026-52928

A flaw was found in the Linux kernel's afunix component. This vulnerability involves the incorrect handling of the SIOCATMARK operation when used with non-stream sockets, such as SOCKDGRAM and SOCKSEQPACKET. These socket types did not properly reject SIOCATMARK, an operation intended only for...

CVE-2026-52926

A flaw was found in the Linux kernel's batman-adv module, which is responsible for managing mesh networks. When a mesh network is being shut down, the system fails to properly clear the active gateway information. This leaves outdated network configuration data, which can prevent the mesh network...

CVE-2026-52914

A flaw was found in the Linux kernel's batman-adv component. This vulnerability allows a local attacker to cause a denial of service DoS by sending malformed fragment chains. The flaw is due to incorrect accounting of fragment reassembly length, which can be truncated during updates, bypassing...

CVE-2026-52930

A flaw was found in the Linux kernel's inter-process communication IPC shared memory shm component. A synchronization issue exists where orphaned shared memory segments might be incorrectly destroyed while still in use due to a lack of serialization between cleanup and attachment updates. This...

CVE-2026-52929

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP stream handling. When an attempt to add outgoing streams is denied, the system fails to fully roll back the associated state. This incomplete rollback can leave behind stale stream metadata, which a subsequent stream...

CVE-2026-52927

A flaw was found in the Linux kernel's netfilter ebtables component. The compatmtwfromuser function, responsible for converting ebtables extensions, does not properly validate user-supplied sizes for match or target extensions. An attacker providing a size smaller than expected by an extension ca...

CVE-2026-52925

A flaw was found in the Linux kernel's Virtual Routing and Forwarding VRF functionality. When a network device is removed from a VRF, a lack of proper synchronization can lead to a Null Pointer Dereference NPD. This issue can be triggered by a local user, potentially causing the system to crash,...

CVE-2026-52912

A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs because a queued bridge packet can retain a freed bridge master in its skb-dev field until it is reinjected. When the packet is later reinjected, the system attempts to use the freed bridge master, leading to a...

CVE-2026-53091

A flaw was found in the Linux kernel's handling of Generic Segmentation Offload GSO packet headers. This vulnerability occurs when the qdiscpktlensegsinit function does not properly pull headers into the expected memory location, which can lead to incorrect processing by network drivers. A remote...

CVE-2026-52924

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. This vulnerability, a use-after-free, occurs when the system processes a Stale Cookie ERROR during the setup or reconfiguration of an SCTP association. A remote attacker could exploit this by sending...

CVE-2026-52923

A flaw was found in the Linux kernel. The ipcidralloc function, used in the checkpoint/restore path for SysV Inter-Process Communication IPC ID allocation, does not properly limit ID allocation to the valid range. This can result in the system attempting to dereference freed memory, leading to a...

EUVD-2026-38899

In the Linux kernel, the following vulnerability has been resolved: bpf: Validate nodeid in arenaallocpages arenaallocpages accepts a plain int nodeid and forwards it through the entire allocation chain without any bounds checking. Validate nodeid before passing it down the allocation chain in...

EUVD-2026-38904

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix off-by-one in checkimm signed range check checkimmbits, imm is used in the arm64 BPF JIT to verify that a branch displacement in arm64 instruction units fits into the signed N-bit immediate field of a B, B.cond or...

EUVD-2026-38897

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: prevent uninitialized lcn caused by zero len syzbot reported a uninit-value in ntfsiomapbegin 1. Since runs was not touched yet, runlookupentry immediately fails and returns false, which makes the value of "len" 0...

EUVD-2026-38893

In the Linux kernel, the following vulnerability has been resolved: greybus: raw: fix use-after-free on cdev close This addresses a use-after-free bug when a raw bundle is disconnected but its chardev is still opened by an application. When the application releases the cdev, it causes the followi...