CVE-2026-31727

The CVE affects the Linux kernel USB gadget subsystem, specifically u_ether, where a NULL pointer dereference could occur when a userspace tool queries a surviving interface during a detached window after unbind. The root cause is a missing NULL check for dev->gadget in eth_get_drvinfo(), lead...

EUVD-2026-26539

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix NULL pointer dereference during unbind race Commit b81ac4395bbe "usb: gadget: uvc: allow for application to cleanly shutdown" introduced two stages of synchronization waits totaling 1500ms in uvcfunctionunbi...

CVE-2026-31726

Technical details for CVE-2026-31726 are not publicly available in the provided Connected documents. The Initial Description outlines a Linux kernel UVC unbind race fix, but no vendor/product/version specifics are given here. Monitor for updates from OSV/Mageia/Debian advisories.

CVE-2026-31726

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix NULL pointer dereference during unbind race Commit b81ac4395bbe "usb: gadget: uvc: allow for application to cleanly shutdown" introduced two stages of synchronization waits totaling 1500ms in uvcfunctionunbi...

CVE-2026-31726

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix NULL pointer dereference during unbind race Commit b81ac4395bbe "usb: gadget: uvc: allow for application to cleanly shutdown" introduced two stages of synchronization waits totaling 1500ms in uvcfunctionunbi...

CVE-2026-31726 usb: gadget: uvc: fix NULL pointer dereference during unbind race

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix NULL pointer dereference during unbind race Commit b81ac4395bbe "usb: gadget: uvc: allow for application to cleanly shutdown" introduced two stages of synchronization waits totaling 1500ms in uvcfunctionunbi...

CVE-2026-31715

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF caused by decrementing sbi-nrpages in f2fswriteendio The xfstests case "generic/107" and syzbot have both reported a NULL pointer dereference. The concurrent scenario that triggers the panic is as follows:...

CVE-2026-31715

In Linux kernel (f2fs), CVE-2026-31715 is a use-after-free triggered by decrementing sbi->nr_pages[] during F2FS_WB_CP_DATA handling. The root cause is that f2fs_put_super() calls iput(sbi->node_inode) and NULLs the node_inode after the counter reaches zero, allowing f2fs_in_warm_node_list(...

CLSA-2026-1776179858 Fix of 5 CVEs

SECURITY UPDATE: fix vulnerability in MSL coder - debian/patches/CVE-2026-25988.patch: fix vulnerability in MSL coder - CVE-2026-25988 SECURITY UPDATE: fix path traversal via policy bypass - debian/patches/CVE-2026-25965.patch: fix path traversal via policy bypass - CVE-2026-25965 SECURITY UPDATE...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a race condition between gether disconnect and ethstop in uether. This vulnerability may lead to...

PT-2026-36375

In the Linux kernel, the following vulnerability has been resolved: counter: rz-mtu3-cnt: do not use struct rz mtu3 channel's dev member The counter driver can use HW channels 1 and 2, while the PWM driver can use HW channels 0, 1, 2, 3, 4, 6, 7. The dev member is assigned both by the counter...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a null pointer dereferencing during the unbinding process, potentially leading to kernel crashes...

PT-2026-36379

In the Linux kernel, the following vulnerability has been resolved: PM: EM: Fix NULL pointer dereference when perf domain ID is not found dev energymodel nl get perf domains doit calls em perf domain get by id but does not check the return value before passing it to em nl get pd size. When a call...

CVE-2026-42478

An issue was discovered in VrmlDataIndexedFaceSet::TShape in the VRML V2.0 parser in Open CASCADE Technology OCCT V800rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because malformed VRML input can trigger dereference of a corrupt or unvalidated pointe...

Oracle Linux 缓冲区错误漏洞

Oracle Linux is an open and complete operating environment from Oracle Corporation that provides virtualization, management and cloud-native computing tools, and operating systems. A buffer error vulnerability exists in Oracle Linux that stems from the ELF parser failing to perform bounds checkin...

PT-2026-36362

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the eth get drvinfo function. This happens when a gadget device is reparented to /sys/devices/virtual during an unbind process, which clears the gadg...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the usb cdns3 gadget driver not checking when the ep-desc pointer is null in the epqueue, which could result...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the presence of a crash window when the attribute dabtree is deactivated, which could result in an invalid...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of checking valid entry devices when gmac0 is disabled, potentially leading to null pointer...

PT-2026-36384

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the comedi ni atmio16d driver where the atmio16d detach handler function calls reset atmio16d unconditionally during a failed attach process. If the atmio16d attach...