CVE-2026-31510 Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref on l2capsockreadycb Before using sk pointer, check if it is null. Fix the following: KASAN: null-ptr-deref in range 0x0000000000000260-0x0000000000000267 CPU: 0 UID: 0 PID: 5985 Comm:...

CVE-2026-31510

CVE-2026-31510: Linux kernel Bluetooth L2CAP vulnerability due to a null pointer dereference in l2cap_sock_ready_cb. The issue arises because sk is used without verifying it’s non-null, leading to a kernel panic/DoS. Multiple OS advisories (Debian roots, Ubuntu, Red Hat, SUSE, etc.) report the pa...

CVE-2026-31504

The CVE-2026-31504 entry describes a race in the Linux kernel’s networking stack: during a NETDEV_UP event, a socket re-registration into a fanout group’s arr[] can leave a dangling pointer if packet_release() doesn’t clear po->num while bind_lock is held. This Use-After-Free risk stems from a...

CVE-2026-31490 drm/xe/pf: Fix use-after-free in migration restore

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix use-after-free in migration restore When an error is returned from xesriovpfmigrationrestoreproduce, the data pointer is not set to NULL, which can trigger use-after-free in subsequent .write calls. Set the pointer...

CVE-2026-31490

CVE-2026-31490 affects the Linux kernel drm/xe/pf component. A use-after-free vulnerability occurs when xe_sriov_pf_migration_restore_produce() returns an error and the data pointer is not cleared, potentially enabling memory corruption or a crash. The fix sets the data pointer to NULL on error t...

CVE-2026-31457 mm/damon/sysfs: check contexts->nr in repeat_call_fn

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts-nr in repeatcallfn damonsysfsrepeatcallfn calls damonsysfsupdtunedintervals, damonsysfsupdschemesstats, and damonsysfsupdschemeseffectivequotas without checking contexts-nr. If nrcontexts is set to ...

CVE-2026-31458

Technical details (affected product, vulnerable component, and remediation) are not provided in the connected documents. Monitor for updates.

CVE-2026-31457

The CVE-2026-31457 entry describes a Linux kernel vulnerability in DAMON (mm/damon/sysfs) where damon_sysfs_repeat_call_fn() dereferences contexts_arr[0] when nr_contexts is set to 0 via sysfs, due to a missing check on contexts->nr. This can occur while DAMON is running and cause a NULL point...

CVE-2026-31458 mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0]

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts-nr before accessing contextsarr0 Multiple sysfs command paths dereference contextsarr0 without first verifying that kdamond-contexts-nr == 1. A user can set nrcontexts to 0 via sysfs while DAMON is...

CVE-2026-31442

CVE-2026-31442 affects the Linux kernel in the dmaengine: idxd component. The issue occurs during a Function Level Reset (FLR): if the first FLR succeeds but the second FLR cannot allocate the scratch area for the saved configuration, an invalid memory access can occur. Reports from multiple vend...

CVE-2026-31439 dmaengine: xilinx: xdma: Fix regmap init error handling

In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix regmap init error handling devmregmapinitmmio returns an ERRPTR upon error, not NULL. Fix the error check and also fix the error message. Use the error code from ERRPTR instead of the wrong value in r...

CVE-2026-31437 netfs: Fix NULL pointer dereference in netfs_unbuffered_write() on retry

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix NULL pointer dereference in netfsunbufferedwrite on retry When a write subrequest is marked NETFSSREQNEEDRETRY, the retry path in netfsunbufferedwrite unconditionally calls stream-preparewrite without checking if it is...

CVE-2026-31437

The CVE-2026-31437 issue is in the Linux kernel netfs path: when a write subrequest is marked NETFS_SREQ_NEED_RETRY, netfs_unbuffered_write() could dereference stream->prepare_write if it is NULL (not all filesystems, e.g., 9P, set prepare_write). The fixed behavior mirrors write_retry.c: if s...

CVE-2026-31436 dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc()

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wrong descriptor completion in llistabortdesc At the end of this function, d is the traversal cursor of flist, but the code completes found instead. This can lead to issues such as NULL pointer...

EUVD-2026-24733

If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service...

EUVD-2026-24729

An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default...

EUVD-2026-24731

An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service...

UBUNTU-CVE-2026-35332

NULL-Pointer Dereference When Handling ECDH Public Value in TLS...

CVE-2026-35334

Possible NULL-Pointer Dereference in RSA Decryption...

CVE-2026-35329

NULL-Pointer Dereference When Processing Padding in PKCS7...