CVE-2026-31649

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix integer underflow in chain mode The jumbofrm chain-mode implementation unconditionally computes len = nopagedlen - bmax; where nopagedlen = skbheadlenskb linear bytes only and bmax is BUFSIZE8KiB or BUFSIZE2KiB...

DEBIAN-CVE-2026-31602

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Limit PTP to a single page Commit 391e69143d0a increased CTPTPNUM from 1 to 4 to support 256 playback streams, but the additional pages are not used by the card correctly. The CT20K2 hardware already has multiple...

DEBIAN-CVE-2026-31589

In the Linux kernel, the following vulnerability has been resolved: mm: call -freefolio directly in foliounmapinvalidate We can only call filemapfreefolio if we have a reference to or hold a lock on the mapping. Otherwise, we've already removed the folio from the mapping so it no longer pins the...

CVE-2026-31589

In the Linux kernel, the following vulnerability has been resolved: mm: call -freefolio directly in foliounmapinvalidate We can only call filemapfreefolio if we have a reference to or hold a lock on the mapping. Otherwise, we've already removed the folio from the mapping so it no longer pins the...

CVE-2026-31658

CVE-2026-31658 affects the Linux kernel net: altera-tse driver. The root cause is a memory leak: when dma_map_single() fails in tse_start_xmit(), the code returns NETDEV_TX_OK without freeing the skb, causing the skb to be leaked on every DMA mapping failure. The provided patches add dev_kfree_sk...

CVE-2026-31658

In the Linux kernel, the following vulnerability has been resolved: net: altera-tse: fix skb leak on DMA mapping error in tsestartxmit When dmamapsingle fails in tsestartxmit, the function returns NETDEVTXOK without freeing the skb. Since NETDEVTXOK tells the stack the packet was consumed, the sk...

CVE-2026-31658 net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit()

In the Linux kernel, the following vulnerability has been resolved: net: altera-tse: fix skb leak on DMA mapping error in tsestartxmit When dmamapsingle fails in tsestartxmit, the function returns NETDEVTXOK without freeing the skb. Since NETDEVTXOK tells the stack the packet was consumed, the sk...

CVE-2026-31658

In the Linux kernel, the following vulnerability has been resolved: net: altera-tse: fix skb leak on DMA mapping error in tsestartxmit When dmamapsingle fails in tsestartxmit, the function returns NETDEVTXOK without freeing the skb. Since NETDEVTXOK tells the stack the packet was consumed, the sk...

CVE-2026-31649

The CVE-2026-31649 issue affects the Linux kernel’s stmmac driver, where jumbo_frm() can underflow when processing fragmented packets. If nopaged_len is small but skb->len is large, len = nopaged_len - buf_len (with buf_len clamped to min(nopaged_len, bmax)) can still yield a large unsigned va...

CVE-2026-31648

Summary of CVE-2026-31648 (Linux kernel) • Affects the kernel vulnerability in filemap handling: nr_pages overflow in filemap_map_pages() can cause set_pte_range() to map beyond the size of a large folio, potentially corrupting page metadata. • Root cause (as documented): race condition between f...

CVE-2026-31589

In the Linux kernel, the following vulnerability has been resolved: mm: call -freefolio directly in foliounmapinvalidate We can only call filemapfreefolio if we have a reference to or hold a lock on the mapping. Otherwise, we've already removed the folio from the mapping so it no longer pins the...

CVE-2026-31589

The CVE-2026-31589 issue affects the Linux kernel memory management in the mm path related to folio_unmap_invalidate. The vulnerability arises when the system calls free_folio() directly, instead of loading the free_folio function pointer after obtaining a mapping reference or lock, potentially l...

EUVD-2026-25482

In the Linux kernel, the following vulnerability has been resolved: mm: call -freefolio directly in foliounmapinvalidate We can only call filemapfreefolio if we have a reference to or hold a lock on the mapping. Otherwise, we've already removed the folio from the mapping so it no longer pins the...

CVE-2026-31588

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Use scratch field in MMIO fragment to hold small write values When exiting to userspace to service an emulated MMIO write, copy the to-be-written value to a scratch field in the MMIO fragment if the size of the data...

EUVD-2026-25435

In the Linux kernel, the following vulnerability has been resolved: x86/platform/uv: Handle deconfigured sockets When a socket is deconfigured, it's mapped to SOCKEMPTY 0xffff. This causes a panic while allocating UV hub info structures. Fix this by using NUMANONODE, allowing UV hub info structur...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from handling unconfigured sockets by mapping them to SOCKEMPTY. This could lead to a kernel crash whe...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a failure in DMA mapping in the altera-tse driver, resulting in the skb objects not being release...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the PCI endpoint driver pci-epf-vntb not disabling the delay mechanism before cleaning up the BAR...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the functionfoliounmapinvalidate calls filemapfreefolio without holding a reference...

PT-2026-35001

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer underflow exists in the jumbo frm chain-mode implementation within the stmmac network driver. The issue occurs when a packet has a small linear portion but a large total lengt...