CVE-2026-45853

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Use kvfree instead of kfree in amdgpugmcgetnpsmemranges amdgpudiscoverygetnpsinfo internally allocates memory for ranges using kvcalloc, which may use vmalloc for large allocation. Using kfree to release vmalloc memor...

CVE-2026-45854

In the Linux kernel, the following vulnerability has been resolved: crypto: inside-secure/eip93 - unregister only available algorithm EIP93 has an options register. This register indicates which crypto algorithms are implemented in silicon. Supported algorithms are registered on this basis...

CVE-2026-45847

In the Linux kernel, the following vulnerability has been resolved: net: remove WARNONONCE when accessing forward path array Although unlikely, recent support for IPIP tunnels increases chances of reaching this WARNONONCE if userspace manages to build a sufficiently long forward path. Remove it...

CVE-2026-45849

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add missing lock protection in ocelotportxmitinj ocelotportxmitinj calls ocelotcaninject and ocelotportinjectframe without holding the injection group lock. Both functions contain lockdepassertheld for the...

CVE-2026-45848

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL sock in aasockfileperm Deal with the potential that sock and sock-sk can be NULL during socket setup or teardown. This could lead to an oops. The fix for NULL pointer dereference in unixneedsrevalidation shows...

CVE-2026-45850

In the Linux kernel, the following vulnerability has been resolved: ipvs: skip ipv6 extension headers for csum checks Protocol checksum validation fails for IPv6 if there are extension headers before the protocol header. iph-len already contains its offset, so use it to fix the problem...

CVE-2025-71308

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix potential NULL pointer dereference in context cleanup aiedestroycontext is invoked during error handling in aie2createcontext. However, aiedestroycontext assumes that the context's mailbox channel pointer is...

CVE-2025-71312

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix ntfsmountoptions leak in ntfsfillsuper In ntfsfillsuper, the fc-fsprivate pointer is set to NULL without first freeing the memory it points to. This causes the subsequent call to ntfsfsfree to skip freeing the...

CVE-2025-71305

In the Linux kernel, the following vulnerability has been resolved: drm/display/dpmst: Add protection against 0 vcpi When releasing a timeslot there is a slight chance we may end up with the wrong payload mask due to overflow if the delayeddestroywork ends up coming into play after a DP 2.1 monit...

CVE-2025-71307

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix NULL pointer dereference on panthorfwunplug This patch removes the MCU halt and wait for halt procedures during panthorfwunplug as the MCU can be in a variety of states or the FW may not even be loaded/initialize...

CVE-2025-71306

In the Linux kernel, the following vulnerability has been resolved: ima: Fix stack-out-of-bounds in isbprmcredsforexec KASAN reported a stack-out-of-bounds access in imaappraisemeasurement from isbprmcredsforexec: BUG: KASAN: stack-out-of-bounds in imaappraisemeasurement+0x12dc/0x16a0 Read of siz...

CVE-2025-71311

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Initialize new folios before use KMSAN reports an uninitialized value in longestmatchstd, invoked from ntfscompresswrite. When new folios are allocated without being marked uptodate and nireadframe is skipped because th...

UBUNTU-CVE-2025-71308

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix potential NULL pointer dereference in context cleanup aiedestroycontext is invoked during error handling in aie2createcontext. However, aiedestroycontext assumes that the context's mailbox channel pointer is...

UBUNTU-CVE-2026-45848

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL sock in aasockfileperm Deal with the potential that sock and sock-sk can be NULL during socket setup or teardown. This could lead to an oops. The fix for NULL pointer dereference in unixneedsrevalidation shows...

UBUNTU-CVE-2026-45850

In the Linux kernel, the following vulnerability has been resolved: ipvs: skip ipv6 extension headers for csum checks Protocol checksum validation fails for IPv6 if there are extension headers before the protocol header. iph-len already contains its offset, so use it to fix the problem...

UBUNTU-CVE-2026-45858

In the Linux kernel, the following vulnerability has been resolved: ext4: don't zero the entire extent if EXT4EXTDATAPARTIALVALID1 When allocating initialized blocks from a large unwritten extent, or when splitting an unwritten extent during end I/O and converting it to initialized, there is...

UBUNTU-CVE-2025-71312

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix ntfsmountoptions leak in ntfsfillsuper In ntfsfillsuper, the fc-fsprivate pointer is set to NULL without first freeing the memory it points to. This causes the subsequent call to ntfsfsfree to skip freeing the...

UBUNTU-CVE-2026-45864

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: prevent infinite loops caused by the next valid being the same When processing valid within the range valid : pos, if valid cannot be retrieved correctly, for example, if the retrieved valid value is always the same, th...

UBUNTU-CVE-2025-71304

In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. cat /smack/doi 3 netlabelctl -p cipso list Configured...

UBUNTU-CVE-2026-45847

In the Linux kernel, the following vulnerability has been resolved: net: remove WARNONONCE when accessing forward path array Although unlikely, recent support for IPIP tunnels increases chances of reaching this WARNONONCE if userspace manages to build a sufficiently long forward path. Remove it...