CVE-2026-31527

In the Linux kernel, the following vulnerability has been resolved: driver core: platform: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock...

CVE-2026-31509

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix circular locking dependency in nciclosedevice nciclosedevice flushes rxwq and txwq while holding reqlock. This causes a circular locking dependency because ncirxwork running on rxwq can end up taking reqlock too:...

CVE-2026-31527

The CVE-2026-31527 issue affects the Linux kernel’s driver core platform path, where during __driver_attach() the bus match() callback could access the driver_override field without proper locking, causing a Use-After-Free. Root cause: lack of locking around driver_override in match(); fix implem...

CVE-2026-31509 nfc: nci: fix circular locking dependency in nci_close_device

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix circular locking dependency in nciclosedevice nciclosedevice flushes rxwq and txwq while holding reqlock. This causes a circular locking dependency because ncirxwork running on rxwq can end up taking reqlock too:...

CVE-2026-31509

CVE-2026-31509 affects the Linux kernel NFC NCI subsystem. The vulnerability stems from nci_close_device() flushing rx_wq and tx_wq while holding req_lock, creating a circular locking dependency with nci_rx_work() and related paths. The fix moves the rx_wq flush to after req_lock is released, rel...

CVE-2026-31487

The CVE concerns the Linux kernel SPI subsystem. A flaw arises when a driver is probed via __driver_attach(): the bus match() callback is invoked without holding the device lock, allowing access to the driver_override field without proper synchronization, creating a use-after-free (UAF) risk. The...

CVE-2026-31487 spi: use generic driver_override infrastructure

In the Linux kernel, the following vulnerability has been resolved: spi: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which can cause ...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the cyclic locking dependency between reqlock and the work queue in nciclosedevice, potentially...

Linux Distros Unpatched Vulnerability : CVE-2026-31509

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfc: nci: fix circular locking dependency in nciclosedevice nciclosedevice flushes rxwq and txwq while holding reqlock. This causes a circular locking dependenc...

PT-2026-34392

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the SPI subsystem. When a driver is probed via the driver attach function, the bus match callback is executed without holding the device lock. This...

Linux Distros Unpatched Vulnerability : CVE-2026-31527

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - driver core: platform: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an improper locking sequence in the l2capconndel function, potentially leading to a deadlock...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013762)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013762 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Grab sasdev lock when traversing the members of sasdev.list When freeing slots in...

PT-2026-34414

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A circular locking dependency exists in the NFC NCI component. The nci close device function flushes rx wq and tx wq while holding the req lock mutex. This creates a conflict because nci...

PT-2026-34432

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the driver core platform. This occurs when a driver is probed through the driver attach function, causing the bus match callback to be called without...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013098)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013098 advisory. In the Linux kernel, the following vulnerability has been resolved: nfs4setupreaddir: insufficient locking for -dparent-dinode dereferencing Theoretically it's an...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011382)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011382 advisory. In the Linux kernel, the following vulnerability has been resolved: nfs4setupreaddir: insufficient locking for -dparent-dinode dereferencing Theoretically it's an...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007035)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007035 advisory. In the Linux kernel, the following vulnerability has been resolved: nfsd: provide locking for v4endgrace Writing to v4endgrace can race with server shutdown and resu...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013004)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013004 advisory. In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipcmonreinitself. syzbot reported use-after-free of...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013348)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013348 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcommskstatechange rfcommskstatechange attempts to u...