CVE-2026-43494

In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails When iovitergetpages2 fails in rdsmessagezcopyfromuser, the pinned pages are released with putpage, and rm-data.opmmpznotifier is cleared. But we fail to properly clear...

EUVD-2026-31267

In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails When iovitergetpages2 fails in rdsmessagezcopyfromuser, the pinned pages are released with putpage, and rm-data.opmmpznotifier is cleared. But we fail to properly clear...

CVE-2026-43494

CVE-2026-43494 affects the Linux kernel’s net/rds zerocopy path. When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(), pinned pages are released and rm->data.op_mmp_znotifier is cleared, but rm->data.op_nents may not be reset. This leads to the cleanup loop in rds_message_purge...

kernel: Read root-owned files as an unprivileged user

A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...

kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's XFRM ESP-in-TCP subsystem. Unsafe in-place cryptographic processing allows a low-privileged local attacker to write arbitrary bytes into the page cache of read-only files, including sensitive system files. An attacker can exploit this to overwrite privileged...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

copy-fail CVE-2026-31431 Copy Fail – a C language PoC,...

9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros

Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 CVSS score: 5.5, is a case of improper privilege management that could permit an unprivileged local user to disclose...

PT-2026-42455

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue in the accel/ivpu component allows the re-exporting of imported GEM Graphics Execution Manager objects. This occurs because the system fails to verify if a buffer is imported...

PT-2026-42454

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the udlfb component of the fbdev subsystem. The dlfb ops mmap function uses remap pfn range to map vmalloc framebuffer pages to userspace without setting...

PT-2026-42452

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the t7xx port enum msg handler function where the modem-supplied port count field is used as a loop bound over port msg-data without verifying if the message buffer...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fbdev: udlfb module. In this module, the dlfbopsmmap function does not set vmops, causing the...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of validation for the portcount field in the t7xxport EnumMsghandler function. This...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of a check to re-export GEM objects in accel/ivpu. This could lead to the loss of buffer...

PT-2026-42453

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A kernel panic can occur in the Linux kernel when a Random Early Detection RED queueing discipline qdisc has children, such as a Fair Queueing FQ qdisc, whose peek callback is qdisc peek...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from schred qdisc directly calling dequeue of sub-qdisc instead of peek and qdiscdequeuepeeked. This could...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from IPv6: when the SRH compression level increases in RPL, the maclen header field is not reserved,...

ROS-20260521-73-0004

A vulnerability in the icmptagvalidation function of the Linux kernel is related to pointer dereferencing errors. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service by sending specially crafted ICMP packets...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure of zero-copy page fixing in the rdsmessagezcopyfromuser function. This failure does n...

TencentOS Server 4: kernel (TSSA-2026:0334)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0334 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

PT-2026-42458

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Reliable Delivery Service RDS implementation where zerocopy send operations can fail after user pages are pinned but before the message is attached to the sending...