CVE-2026-31481

A flaw was found in the Linux kernel. A local user can exploit this vulnerability by providing specific kernel command line parameters during boot, which can lead to a NULL pointer dereference. This issue occurs due to improper handling of deferred trigger frees when kernel thread kthread creatio...

EUVD-2018-21784

LanSpy 2.0.1.159 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying oversized input to the scan field. Attackers can craft a payload with 688 bytes of padding followed by 4 bytes of controlled data to crash the application or...

kernel: net/sched: cls_u32: use skb_header_pointer_careful()

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsu32: use skbheaderpointercareful skbheaderpointer does not fully validate negative @offset values. Use skbheaderpointercareful instead. GangMin Kim provided a report and a repro fooling u32classify: BUG: KASAN:...

CVE-2026-31457

A flaw was found in the Linux kernel. A local user can exploit this vulnerability by setting the nrcontexts parameter to zero via the DAMON sysfs interface while DAMON Data Access MONitor is active. This improper input validation leads to a NULL pointer dereference, which can cause a system crash...

CVE-2026-31458

A flaw was found in the Linux kernel. A privileged local user can exploit this by manipulating the nrcontexts parameter in the mm/damon/sysfs interface to zero while the DAMON Data Access MONitor subsystem is active. This leads to a null pointer dereference when certain sysfs commands are...

kernel: net/sched: cls_u32: use skb_header_pointer_careful()

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsu32: use skbheaderpointercareful skbheaderpointer does not fully validate negative @offset values. Use skbheaderpointercareful instead. GangMin Kim provided a report and a repro fooling u32classify: BUG: KASAN:...

CVE-2026-31445

A flaw was found in the Linux kernel. When updating DAMON Data Access MONitor parameters, an internal memory allocation failure during the damoncommitctx function could leave the DAMON context in a partially corrupted state. If this corrupted context is subsequently used, it can lead to unexpecte...

CVE-2026-31444

A flaw was found in ksmbd, a component of the Linux kernel. This vulnerability involves a use-after-free and a NULL pointer dereference within the smbgrantoplock function during the oplock publication sequence. An attacker could potentially exploit these issues, leading to memory corruption. This...

CVE-2026-31439

A flaw was found in the Linux kernel's Xilinx DMA Direct Memory Access engine. The xdma driver's regmap initialization incorrectly handled errors, specifically when the devmregmapinitmmio function returned an error pointer instead of a null value. This improper error handling could potentially le...

CVE-2026-31437

A flaw was found in the Linux kernel's netfs component. When a write operation is retried, the netfsunbufferedwrite function can attempt to access a non-existent function, leading to a NULL pointer dereference. This vulnerability can be triggered by specific filesystem configurations, such as 9P,...

CVE-2026-31436

A flaw was found in the Linux kernel's dmaengine subsystem, specifically within the idxd driver. This vulnerability occurs due to incorrect descriptor completion in the llistabortdesc function. This can lead to issues such as NULL pointer dereferences, double completion, or descriptor leaks, whic...

CVE-2026-31435

A flaw was found in the Linux kernel's netfs component. Under certain circumstances, during a read retry operation, the system may incorrectly abandon subrequests. This issue arises because a pointer subreq used in the abandonment process can be uninitialized or point to invalid memory. An attack...

EUVD-2026-24892

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref on l2capsockreadycb Before using sk pointer, check if it is null. Fix the following: KASAN: null-ptr-deref in range 0x0000000000000260-0x0000000000000267 CPU: 0 UID: 0 PID: 5985 Comm:...

EUVD-2026-24893

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix dangling pointer on mgmtaddadvpatternsmonitorcomplete This fixes the condition checking so mgmtpendingvalid is executed whenever status != -ECANCELED otherwise calling mgmtpendingfreecmd would kfreecmd withou...

EUVD-2026-24860

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix use-after-free in migration restore When an error is returned from xesriovpfmigrationrestoreproduce, the data pointer is not set to NULL, which can trigger use-after-free in subsequent .write calls. Set the pointer...

EUVD-2026-24821

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: only publish modedata after clone setup iptfsclonestate stores x-modedata before allocating the reorder window. If that allocation fails, the code frees the cloned state and returns -ENOMEM, leaving x-modedata pointi...

EUVD-2026-24841

In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger frees if kthread creation fails Boot-time trigger registration can fail before the trigger-data cleanup kthread exists. Deferring those frees until late init is fine, but the post-boot fallback mus...

EUVD-2026-24799

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check if extcaps is valid in BL setup LVDS connectors don't have extended backlight caps so check if the pointer is valid before accessing it. cherry picked from commit 3f797396d7f4eb9bb6eded184bbc6f033628a6f6...

EUVD-2026-24797

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts-nr before accessing contextsarr0 Multiple sysfs command paths dereference contextsarr0 without first verifying that kdamond-contexts-nr == 1. A user can set nrcontexts to 0 via sysfs while DAMON is...

EUVD-2026-24796

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts-nr in repeatcallfn damonsysfsrepeatcallfn calls damonsysfsupdtunedintervals, damonsysfsupdschemesstats, and damonsysfsupdschemeseffectivequotas without checking contexts-nr. If nrcontexts is set to ...