CVE-2026-31718

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbdclosefd via durable scavenger When a durable file handle survives session disconnect TCP close without SMB2LOGOFF, sessionfdcheck sets fp-conn = NULL to preserve the handle for later reconnection...

EUVD-2026-26527

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbdclosefd via durable scavenger When a durable file handle survives session disconnect TCP close without SMB2LOGOFF, sessionfdcheck sets fp-conn = NULL to preserve the handle for later reconnection...

CVE-2026-31718

The CVE-2026-31718 entries describe a use-after-free in ksmbd (Linux kernel in-kernel SMB3 server) triggered when a durable file handle survives a session disconnect. The root cause is an asymmetric cleanup of lock state: byte-range locks left on a freed conn->lock_list after fp->conn is nu...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-989994)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989994 advisory. In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Fix sclpinit cleanup on failure If sclpinit fails it only partially cleans up: if ther...

aoe: clean device rq_list in aoedev_downdev()

...

kernel: net: Fix an unsafe loop on the list

In the Linux kernel, the following vulnerability has been resolved: net: Fix an unsafe loop on the list The kernel may crash when deleting a genetlink family if there are still listeners for that family: Oops: Kernel access of bad area, sig: 11 1 ... NIP c000000000c080bc...

SUSE CVE-2022-48691

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: clean up hook list when offload flags check fails splice back the hook list so nftchainreleasehook has a chance to release the hooks. BUG: memory leak unreferenced object 0xffff88810180b100 size 96: comm...

CVE-2021-47143

In the Linux kernel, the following vulnerability has been resolved: net/smc: remove device from smcddevlist after failed deviceadd If the deviceadd for a smcddev fails, there's no cleanup step that rolls back the earlier listadd. The device subsequently gets freed, and we end up with a corrupted...

kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver

A vulnerability was found in hiddevopen in drivers/hid/usbhid/hiddev.c in the USB Human Interface Device class subsystem, where an existing device must be validated prior to its access. The device should also ensure the hiddevlist cleanup occurs at failure, as this may lead to a use-after-free...