CVE-2026-46262

CVE-2026-46262 concerns the Linux kernel ASoC driver for the Freescale XCVR (fsl_xcvr). The issue arises from a revert of a prior patch in fsl_xcvr_mode_put(), which previously attempted to acquire card->controls_rwsem while the ALSA core already holds the write lock for the entire put operati...

CVE-2026-42321 GLPI has stored XSS in asset locks

GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

CVE-2026-42321

CVE-2026-42321 affects GLPI before 10.0.25 and 11.0.7, where a technician can store a stored XSS payload in the asset locked tab. The vulnerability is mitigated by upgrading to GLPI 10.0.25 or 11.0.7, which contain the patch. The connected sources confirm the affected versions and the fix version...

CVE-2026-42321 GLPI has stored XSS in asset locks

GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

CVE-2026-45283

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before 33.0.1, the fileslock app did not properly validate the ownership of files when processing DAV lock and unlock requests. An authenticated user could lock or...

SUSE CVE-2026-46154

In the Linux kernel, the following vulnerability has been resolved: schedext: Read scxroot under scxcgroupopsrwsem in cgroup setters scxgroupsetweight,idle,bandwidth cache scxroot before acquiring scxcgroupopsrwsem, so the pointer can be stale by the time the op runs. If the loaded scheduler is...

UBUNTU-CVE-2026-46168

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix scheduling with atomic in timestamp sockopt Using locksockfast atomic context around socksettimestamp and socksettimestamping is unsafe, as both helpers can sleep. Replace locksockfast with sleepable locksock/releaseso...

CVE-2026-46168 mptcp: fix scheduling with atomic in timestamp sockopt

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix scheduling with atomic in timestamp sockopt Using locksockfast atomic context around socksettimestamp and socksettimestamping is unsafe, as both helpers can sleep. Replace locksockfast with sleepable locksock/releaseso...

CVE-2026-46168

The CVE concerns the Linux kernel, specifically mptcp: fix scheduling with atomic in timestamp sockopt. The issue arises from using lock_sock_fast() (an atomic-context lock) around sock_set_timestamp() and sock_set_timestamping(), since these helpers can sleep, making scheduling unsafe. The remed...

EUVD-2026-32795

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix scheduling with atomic in timestamp sockopt Using locksockfast atomic context around socksettimestamp and socksettimestamping is unsafe, as both helpers can sleep. Replace locksockfast with sleepable locksock/releaseso...

CVE-2026-46112

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix unlocked call to hnsroceqpremove Sashiko points out that hnsroceqpremove requires the caller to hold locks. The error flow in hnsrocecreateqpcommon doesn't hold those locks for the error unwind so it risks corruptin...

SUSE CVE-2025-71309

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix deadlock in nireadfoliocmpr Syzbot reported a task hung in nireadpagecmpr now nireadfoliocmpr. This is caused by a lock inversion deadlock involving the inode mutex nilock and page locks. Scenario: 1. Task A enters...

CVE-2026-45924

A flaw was found in ksmbd, a component of the Linux kernel. This vulnerability occurs because ksmbdvfskernpathendremoving is not called on certain error paths, leading to unbalanced inode locks and references. This can result in potential deadlocks and unbalanced locks, which may cause system...

PT-2026-44291

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix scheduling with atomic in timestamp sockopt Using lock sock fast atomic context around sock set timestamp and sock set timestamping is unsafe, as both helpers can sleep. Replace lock sock fast with sleepable lock...

Canonical Ubuntu Linux 安全漏洞

Canonical Ubuntu Linux is a Linux operating system developed by the British company Canonical. The Canonical Ubuntu Linux 6.8, 6.17, and 7.0 versions contain security vulnerabilities. These vulnerabilities stem from incorrect sleep behavior when holding spin locks, which may lead to kernel panic ...

PT-2026-44235

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix unlocked call to hns roce qp remove Sashiko points out that hns roce qp remove requires the caller to hold locks. The error flow in hns roce create qp common doesn't hold those locks for the error unwind so it risks...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from eventfs failing to properly hold the eventfsmutex and SRCU locks during re-mounting of events. Th...

CVE-2026-24182

NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could leak held driver locks. A successful exploit of this vulnerability might lead to denial of service...

Kirby CMS's content locks disclose IDs and emails of inaccessible users from `users.access/list` permissions

TL;DR This vulnerability affects all Kirby sites that restrict the visibility of users for certain roles via the users.access or users.list permissions. A site is affected if users of a particular role are not allowed to see other users in the Panel, for example because the role's blueprint sets...

GHSA-39VQ-49QM-R2MC Kirby CMS's content locks disclose IDs and emails of inaccessible users from `users.access/list` permissions

TL;DR This vulnerability affects all Kirby sites that restrict the visibility of users for certain roles via the users.access or users.list permissions. A site is affected if users of a particular role are not allowed to see other users in the Panel, for example because the role's blueprint sets...