UBUNTU-CVE-2026-46304

In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid recursive nvmet-wq flush in nvmetctrlfree nvmettcpreleasequeuework runs on nvmet-wq and can drop the final controller reference through nvmetcqput. If that triggers nvmetctrlfree, the teardown path flushes...

SUSE CVE-2026-45855

In the Linux kernel, the following vulnerability has been resolved: ata: libata-scsi: avoid Non-NCQ command starvation When a non-NCQ command is issued while NCQ commands are being executed, atascsiqcissue indicates to the SCSI layer that the command issuing should be deferred by returning...

UBUNTU-CVE-2026-45855

In the Linux kernel, the following vulnerability has been resolved: ata: libata-scsi: avoid Non-NCQ command starvation When a non-NCQ command is issued while NCQ commands are being executed, atascsiqcissue indicates to the SCSI layer that the command issuing should be deferred by returning...

CVE-2026-31703 writeback: Fix use after free in inode_switch_wbs_work_fn()

In the Linux kernel, the following vulnerability has been resolved: writeback: Fix use after free in inodeswitchwbsworkfn inodeswitchwbsworkfn has a loop like: wbgetnewwb; while 1 list = llistdelall&newwb-switchwbsctxs; / Nothing to do? / if !list break; ... process the items ... Now adding of...

CVE-2026-31557 nvmet: move async event work off nvmet-wq

In the Linux kernel, the following vulnerability has been resolved: nvmet: move async event work off nvmet-wq For target nvmetctrlfree flushes ctrl-asynceventwork. If nvmetctrlfree runs on nvmet-wq, the flush re-enters workqueue completion for the same worker:- A. Async event work queued on...

SUSE CVE-2026-31404

In the Linux kernel, the following vulnerability has been resolved: NFSD: Defer sub-object cleanup in export put callbacks svcexportput calls pathput and authdomainput immediately when the last reference drops, before the RCU grace period. RCU readers in eshow and cshow access both expath via...

EUVD-2026-18790

In the Linux kernel, the following vulnerability has been resolved: NFSD: Defer sub-object cleanup in export put callbacks svcexportput calls pathput and authdomainput immediately when the last reference drops, before the RCU grace period. RCU readers in eshow and cshow access both expath via...

CVE-2026-31404

In the Linux kernel, the following vulnerability has been resolved: NFSD: Defer sub-object cleanup in export put callbacks svcexportput calls pathput and authdomainput immediately when the last reference drops, before the RCU grace period. RCU readers in eshow and cshow access both expath via...

CVE-2026-31404

In CVE-2026-31404, the Linux kernel NFSD component suffers a Use-After-Free: svc_export_put() releases sub-objects (path_put, auth_domain_put) immediately, before the RCU grace period, risking NULL pointer dereferences when cache_clean drops references concurrently. Fixes described in the CVE not...

CVE-2026-23210

In CVE-2026-23210, the Linux kernel ice driver experiences a NULL pointer dereference during VSI rebuild when PTP periodic work runs concurrently with VSI rebuild. The root cause is a race where ice_ptp_prepare_for_reset() cancels PTP work, ice_ptp_rebuild() queues it, and VSI rebuild occurs afte...

EUVD-2026-5836

In the Linux kernel, the following vulnerability has been resolved: ice: Fix PTP NULL pointer dereference during VSI rebuild Fix race condition where PTP periodic work runs while VSI is being rebuilt, accessing NULL vsi-rxrings. The sequence was: 1. iceptpprepareforreset cancels PTP work 2...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004393)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004393 advisory. In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfsqueuework in...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004109)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004109 advisory. In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfsqueuework in...

PT-2026-8218

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.19.0-rc6+ Description The Linux kernel contains a flaw related to the Intel Ice network driver and the Precision Time Protocol PTP. A race condition can occur where PTP periodic work runs while a Virtual Switch...

EUVD-2025-32401

In the Linux kernel, the following vulnerability has been resolved: smb: client: let smbddestroy call disableworksync&info-postsendcreditswork In smbddestroy we may destroy the memory so we better wait until postsendcreditswork is no longer pending and will never be started again. I actually just...

UBUNTU-CVE-2025-39932

In the Linux kernel, the following vulnerability has been resolved: smb: client: let smbddestroy call disableworksync&info-postsendcreditswork In smbddestroy we may destroy the memory so we better wait until postsendcreditswork is no longer pending and will never be started again. I actually just...

EUVD-2025-31890

Malicious code in bioql PyPI...

EUVD-2025-6281

Malicious code in bioql PyPI...

CVE-2023-53530 scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id()

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use rawsmpprocessorid instead of smpprocessorid The following call trace was observed: localhost kernel: nvme nvme0: NVME-FC0: controller connect complete localhost kernel: BUG: using smpprocessorid in preemptible...

CVE-2023-53530

CVE-2023-53530 details a Linux kernel issue in the qla2xxx SCSI driver: code path using smp_processor_id() in preemptible work leads to a bug trace. The patch replaces smp_processor_id() with raw_smp_processor_id() and updates driver scheduling to queue_work() (instead of queue_work_on()) to avoi...