CVE-2026-46037

In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmppointers Extended echo replies use ICMPEXTECHOREPLY as the outbound reply type. That value is outside the range covered by icmppointers, which only describes the traditional ICMP...

EUVD-2026-32418

In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmppointers Extended echo replies use ICMPEXTECHOREPLY as the outbound reply type. That value is outside the range covered by icmppointers, which only describes the traditional ICMP...

EUVD-2026-32417

In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Serialize VFIODEVICESETIRQS with a per-device mutex vfiocdxsetmsitrigger reads vdev-configmsi and operates on the vdev-cdxirqs array based on its value, but provides no serialization against concurrent VFIODEVICESETIRQS...

CVE-2026-46035 mm/page_alloc: return NULL early from alloc_frozen_pages_nolock() in NMI on UP

In the Linux kernel, the following vulnerability has been resolved: mm/pagealloc: return NULL early from allocfrozenpagesnolock in NMI on UP On UP kernels !CONFIGSMP, spintrylock is a no-op that unconditionally succeeds even when the lock is already held. As a result, allocfrozenpagesnolock calle...

CVE-2026-46035

In the Linux kernel, the following vulnerability has been resolved: mm/pagealloc: return NULL early from allocfrozenpagesnolock in NMI on UP On UP kernels !CONFIGSMP, spintrylock is a no-op that unconditionally succeeds even when the lock is already held. As a result, allocfrozenpagesnolock calle...

CVE-2026-46034

CVE-2026-46034 affects the Linux kernel VFIO/PCI MSI handling: a NULL pointer dereference can occur in vfio_cdx_set_msi_trigger() if interrupts are triggered before MSIs are configured. The openSUSE Tumbleweed OpenSUSE-SU-2026:10954-1 advisory documents the fix in kernel-devel-7.0.11-1.1, noting ...

CVE-2026-46033

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject short ahash digests during instance creation authencesn requires either a zero authsize or an authsize of at least 4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of high-order sequen...

EUVD-2026-32414

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject short ahash digests during instance creation authencesn requires either a zero authsize or an authsize of at least 4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of high-order sequen...

CVE-2026-46033

The CVE-2026-46033 issue in the Linux kernel crypto/authencesn was fixed: authenc ESN paths require either a zero authsize or an authsize of at least 4 bytes, but a later path could copy digestsize into inst->alg.maxauthsize without validation, allowing ahash digests of 1–3 bytes (e.g., cbcmac...

EUVD-2026-32410

In the Linux kernel, the following vulnerability has been resolved: mm/slab: return NULL early from kmallocnolock in NMI on UP On UP kernels !CONFIGSMP, spintrylock is a no-op that unconditionally succeeds even when the lock is already held. As a result, kmallocnolock called from NMI context can...

CVE-2026-46028 crypto: algif_aead - snapshot IV for async AEAD requests

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - snapshot IV for async AEAD requests AFALG AEAD AIO requests currently use the socket-wide IV buffer during request processing. For async requests, later socket activity can update that shared state before the...

EUVD-2026-32409

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - snapshot IV for async AEAD requests AFALG AEAD AIO requests currently use the socket-wide IV buffer during request processing. For async requests, later socket activity can update that shared state before the...

CVE-2026-46028

CVE-2026-46028 — Linux kernel crypto/AF_ALG: per‑request IV storage for async AEAD . The vulnerability occurs in AF_ALG AEAD async requests that previously reused a socket‑wide IV buffer during processing, allowing later socket activity to modify the shared IV before the original request finished...

CVE-2026-46027

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smcclcwaitmsg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smcclcwaitmsg...

EUVD-2026-32408

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smcclcwaitmsg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smcclcwaitmsg...

CVE-2026-46026 net: qrtr: ns: Limit the maximum number of lookups

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum number of lookups Current code does no bound checking on the number of lookups a client can perform. Though the code restricts the lookups to local clients, there is still a possibility of a...

EUVD-2026-32407

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum number of lookups Current code does no bound checking on the number of lookups a client can perform. Though the code restricts the lookups to local clients, there is still a possibility of a...

CVE-2026-46026

CVE-2026-46026 concerns a bound-check omission in the Linux kernel’s net: qrtr: ns path, allowing a local attacker to flood LOOKUP messages; fix clamps the global maximum lookups to 64. Affected component is the qrtr ns logic, with local-privilege abuse leading to potential denial or resource exh...

CVE-2026-46025 mm/damon/core: fix damon_call() vs kdamond_fn() exit race

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix damoncall vs kdamondfn exit race Patch series "mm/damon/core: fix damoncall/damoswalk vs kdmond exit race". damoncall and damoswalk can leak memory and/or deadlock when they race with kdamond terminations. Fix...

CVE-2026-46024

In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in cephhandleauthreply If a message of type CEPHMSGAUTHREPLY contains a zero value for both protocol and result, this is currently not treated as an error. In case of ac-negotiating == tr...