223813 matches found
UBUNTU-CVE-2026-46102
In the Linux kernel, the following vulnerability has been resolved: net: strparser: fix skbhead leak in strpabortstrp When the stream parser is aborted, for example after a message assembly timeout, it can still hold a reference to a partially assembled message in strp-skbhead. That skb is not...
UBUNTU-CVE-2026-45968
In the Linux kernel, the following vulnerability has been resolved: cpuidle: Skip governor when only one idle state is available On certain platforms PowerNV systems without a power-mgt DT node, cpuidle may register only a single idle state. In cases where that single state is a polling state sta...
UBUNTU-CVE-2026-46056
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: fix potential UAF in SSP passkey handlers hciconn lookup and field access must be covered by hdev lock in hciuserpasskeynotifyevt and hcikeypressnotifyevt, otherwise the connection can be freed concurrently...
UBUNTU-CVE-2026-45960
In the Linux kernel, the following vulnerability has been resolved: hfsplus: return error when node already exists in hfsbnodecreate When hfsbnodecreate finds that a node is already hashed which should not happen in normal operation, it currently returns the existing node without incrementing its...
UBUNTU-CVE-2026-45994
In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix OOB reads in commandfilewrite due to missing size checks The commandfilewrite handler allocates a kernel buffer of exactly count bytes and copies user data into it, but does not validate the buffer against the dot...
UBUNTU-CVE-2026-45867
In the Linux kernel, the following vulnerability has been resolved: power: supply: act8945a: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...
UBUNTU-CVE-2026-45896
In the Linux kernel, the following vulnerability has been resolved: mtd: intel-dg: Fix accessing regions before setting nregions The regions array is counted by nregions, but it's set only after accessing it: UBSAN: array-index-out-of-bounds in drivers/mtd/devices/mtdinteldg.c:750:15 index 0 is o...
UBUNTU-CVE-2026-45943
In the Linux kernel, the following vulnerability has been resolved: erofs: fix inline data read failure for ztailpacking pclusters Compressed folios for ztailpacking pclusters must be valid before adding these pclusters to I/O chains. Otherwise, zerofsdecompresspcluster may assume they are alread...
UBUNTU-CVE-2026-45917
In the Linux kernel, the following vulnerability has been resolved: ipvs: do not keep destdst if dev is going down There is race between the netdev notifier ipvsdstevent and the code that caches dst with dev that is going down. As the FIB can be notified for the closed device after our handler...
UBUNTU-CVE-2026-46074
In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix memory leaks on probe failures Make sure to deregister the controller, disable pins, and kill and free the RX URB on probe failures to mirror disconnect and avoid memory leaks and use-after-free. Also add an...
UBUNTU-CVE-2026-45885
In the Linux kernel, the following vulnerability has been resolved: power: supply: cpcap-battery: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...
UBUNTU-CVE-2026-45991
In the Linux kernel, the following vulnerability has been resolved: udf: fix partition descriptor append bookkeeping Mounting a crafted UDF image with repeated partition descriptors can trigger a heap out-of-bounds write in partdescsloc. handlepartitiondescriptor deduplicates entries by partition...
UBUNTU-CVE-2026-45916
In the Linux kernel, the following vulnerability has been resolved: power: supply: sbs-battery: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...
UBUNTU-CVE-2026-46058
In the Linux kernel, the following vulnerability has been resolved: media: amphion: Fix race between m2m jobabort and devicerun Fix kernel panic caused by race condition where v4l2m2mctxrelease frees m2mctx while v4l2m2mtryrun is about to call devicerun with the same context. Race sequence:...
UBUNTU-CVE-2026-46083
In the Linux kernel, the following vulnerability has been resolved: spi: fix resource leaks on device setup failure Make sure to call controller cleanup if spisetup fails while registering a device to avoid leaking any resources allocated by setup...
UBUNTU-CVE-2026-46054
In the Linux kernel, the following vulnerability has been resolved: selinux: fix overlayfs mmap and mprotect access checks The existing SELinux security model for overlayfs is to allow access if the current task is able to access the top level file the "user" file and the mounter's credentials ar...
UBUNTU-CVE-2026-45932
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix tcx/netkit detach permissions when prog fd isn't given This commit fixes a security issue where BPFPROGDETACH on tcx or netkit devices could be executed by any user when no program fd was provided, bypassing permission...
UBUNTU-CVE-2026-46044
In the Linux kernel, the following vulnerability has been resolved: ipmi:ssif: Clean up kthread on errors If an error occurs after the ssif kthread is created, but before the main IPMI code starts the ssif interface, the ssif kthread will not be stopped. So make sure the kthread is stopped on an...
UBUNTU-CVE-2026-45889
In the Linux kernel, the following vulnerability has been resolved: mptcp: do not account for OoO in mptcprcvbufgrow MPTCP-level OoOs are physiological when multiple subflows are active concurrently and will not cause retransmissions nor are caused by drops. Accounting for them in mptcprcvbufgrow...
UBUNTU-CVE-2026-45914
In the Linux kernel, the following vulnerability has been resolved: Revert "hwmon: ibmpex fix use-after-free in high/low store" This reverts commit 6946c726c3f4c36f0f049e6f97e88c510b15f65d. Jean Delvare points out that the patch does not completely fix the reported problem, that it in fact...