CVE-2026-45890

The CVE-2026-45890 issue affects the Linux kernel Xen-netback. A Xen guest can set multi-queue-num-queues to 0; the connect() validation checks only the upper bound (requested_num_queues > xenvif_max_queues) and does not reject zero. This can reach vzalloc(array_size(0, sizeof(struct xenvif_qu...

CVE-2026-45890

In the Linux kernel, the following vulnerability has been resolved: xen-netback: reject zero-queue configuration from guest A malicious or buggy Xen guest can write "0" to the xenbus key "multi-queue-num-queues". The connect function in the backend only validates the upper bound requestednumqueue...

CVE-2026-45890 xen-netback: reject zero-queue configuration from guest

In the Linux kernel, the following vulnerability has been resolved: xen-netback: reject zero-queue configuration from guest A malicious or buggy Xen guest can write "0" to the xenbus key "multi-queue-num-queues". The connect function in the backend only validates the upper bound requestednumqueue...

CVE-2026-45859

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: do shared-unconfirmed check before segmentation Ulrich reports a regression with nfqueue: If an application did not set the 'FGSO' capability flag and a gso packet with an unconfirmed nfconn entry is...

CVE-2026-45855 ata: libata-scsi: avoid Non-NCQ command starvation

In the Linux kernel, the following vulnerability has been resolved: ata: libata-scsi: avoid Non-NCQ command starvation When a non-NCQ command is issued while NCQ commands are being executed, atascsiqcissue indicates to the SCSI layer that the command issuing should be deferred by returning...

CVE-2026-45852 RDMA/rxe: Fix double free in rxe_srq_from_init

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix double free in rxesrqfrominit In rxesrqfrominit, the queue pointer 'q' is assigned to 'srq-rq.queue' before copying the SRQ number to user space. If copytouser fails, the function calls rxequeuecleanup to free the...

CVE-2026-45852

Summary of CVE-2026-45852 (Linux kernel RDMA/rxe): A double-free vulnerability exists in the rxe_srq_from_init path of the RDMA subsystem. The queue pointer is temporarily assigned to srq->rq.queue before copy_to_user(), so if copy_to_user() fails, cleanup frees the same memory twice when the ...

CVE-2026-8054

dotCMS Core versions 25.11.04-1 to 26.04.28-02 contain an SQL injection in the Publish Audit API (/api/auditPublishing/get and /api/auditPublishing/getAll). The endpoints did not require authentication and used unsanitized input in dynamically constructed SQL, allowing remote unauthenticated atta...

CVE-2026-8054

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrar...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the xen-netback backend not verifying that the queue number is zero, potentially leading to a...

CVE-2026-45910

RDMA/rxe: Fix race condition in QP timer handlers...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the mtk-jpeg driver failing to cancel the work queue during the release process, potentially...

PT-2026-43777

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix race condition in QP timer handlers I encontered the following warning: WARNING: drivers/infiniband/sw/rxe/rxe task.c:249 at rxe sched task+0x1c8/0x238 rdma rxe, CPU0: swapper/0/0 ... libsha1 last unloaded: ip6 udp...

Linux Distros Unpatched Vulnerability : CVE-2026-45855

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ata: libata-scsi: avoid Non-NCQ command starvation When a non-NCQ command is issued while NCQ commands are being executed, atascsiqcissue indicates to the SCSI...

PT-2026-43723

In the Linux kernel, the following vulnerability has been resolved: RDMA/uverbs: Validate wqe size before using it in ib uverbs post send ib uverbs post send uses cmd.wqe size from userspace without any validation before passing it to kmalloc and using the allocated buffer as struct ib uverbs sen...

PT-2026-43951

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana ib: Disable RX steering on RSS QP destroy When an RSS QP is destroyed e.g. DPDK exit, mana ib destroy qp rss destroys the RX WQ objects but does not disable vPort RX steering in firmware. This leaves stale steering...

PT-2026-43726

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink queue: do shared-unconfirmed check before segmentation Ulrich reports a regression with nfqueue: If an application did not set the 'F GSO' capability flag and a gso packet with an unconfirmed nf conn entry is...

CVE-2026-46017

mm: fix deferred split queue races during migration...

PT-2026-43719

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix double free in rxe srq from init In rxe srq from init, the queue pointer 'q' is assigned to 'srq-rq.queue' before copying the SRQ number to user space. If copy to user fails, the function calls rxe queue cleanup to...

PT-2026-44050

A weakness has been identified in TeamSpeak 3 Server up to 3.13.7. This affects the function process resend queue of the component Connection State Management. This manipulation causes use after free. The attack may be initiated remotely. Upgrading to version 3.13.8 is able to mitigate this issue...