CVE-2026-53298

CVE-2026-53298 (net: airoha) - Linux kernel : The issue arises in the airoha_qdma_init_rx_queue path where ndesc is initialized too early, causing a NULL pointer dereference in airoha_qdma_cleanup() if queue entry or DMA descriptor list allocation fails because netif_napi_add() was never executed...

CVE-2026-53104

A flaw was found in the Linux kernel's mt76 Wi-Fi driver. This vulnerability, a memory leak, occurs when the device is destroyed during module unload. Specifically, the mt76dmacleanup routine fails to properly destroy the pagepool associated with all MT76 receive queues, leading to unreleased...

UBUNTU-CVE-2026-53215

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: refill RX buffers before XDP or skb use The RX error path returns the current descriptor buffer to the hardware BM pool. That is only valid while the driver still owns the buffer. mvpp2rxrefill can fail after the...

CVE-2026-55388

A flaw was found in piscina, a Node.js worker pool implementation. This vulnerability allows an attacker to achieve arbitrary code execution by exploiting a prototype pollution issue. By manipulating the filename option, an attacker can cause their malicious code to be executed within the worker,...

CVE-2026-13351

Zephyr’s IPv6 network stack is vulnerable to a denial-of-service caused by fragmented IPv6 packets. In the fragment-header processing path, the RX network packet buffer allocated from a memory slab is not released back to the pool after handling malicious fragments. Repeating such packets exhaust...

CVE-2026-53215 net: mvpp2: refill RX buffers before XDP or skb use

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: refill RX buffers before XDP or skb use The RX error path returns the current descriptor buffer to the hardware BM pool. That is only valid while the driver still owns the buffer. mvpp2rxrefill can fail after the...

EUVD-2026-39306

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: refill RX buffers before XDP or skb use The RX error path returns the current descriptor buffer to the hardware BM pool. That is only valid while the driver still owns the buffer. mvpp2rxrefill can fail after the...

CVE-2026-53215

CVE-2026-53215 affects the Linux kernel mvpp2 driver: the RX path could return a descriptor buffer to the hardware Buffer Manager after it had been handed to XDP or an skb, allowing DMA into memory no longer owned by the RX ring. Root cause is improper handling of RX buffers in mvpp2_rx_refill() ...

CVE-2026-53146 thunderbolt: Limit XDomain response copy to actual frame size

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Limit XDomain response copy to actual frame size tbxdomaincopy copies req-responsesize bytes from the received packet buffer regardless of the actual frame size. When a short response arrives, this reads past the val...

EUVD-2026-39237

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Limit XDomain response copy to actual frame size tbxdomaincopy copies req-responsesize bytes from the received packet buffer regardless of the actual frame size. When a short response arrives, this reads past the val...

EUVD-2026-38972

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix memory leak destroying device All MT76 rx queues have an associated pagepool even if the queue is not associated to a NAPI e.g. WED RRO queues with WED enabled. Destroy the pagepool running mt76dmacleanup routine...

CURL-CVE-2026-8458 wrong reuse for different services

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different "services". libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

kernel: libceph: make decode_pool() more resilient against corrupted osdmaps

In the Linux kernel, the following vulnerability has been resolved: libceph: make decodepool more resilient against corrupted osdmaps If the osdmap is maliciously corrupted such that the encoded length of cephpgpool envelope is less than what is expected for a particular encoding version,...

SUSE CVE-2026-55204

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

EUVD-2026-37760

undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse...

undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse

Impact When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This cause...

GHSA-HM92-R4W5-C3MJ undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse

Impact When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This cause...

NPM: undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse

NPM: undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse vulnerability discovered by ? in WordPress Npm undici versions = 7.23.0, 7.28.0...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: “Reapply ‘drm/qxl: simplify qxlfencewait’” This change reverts the commit 07ed11afb68d94eadd4ffc082b97c2331307c5ea. Stephen Rostedt reported: “I tried running my tests on my virtual machines, but the tests failed upon boot-up...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Added the missing skbmarkforrecycle function. It should be noted that the skbmarkforrecycle function was introduced later than the “fixes” tag in commit 6a5bcd84e886 “pagepool: Allow drivers to hint on SKB recycling...