CVE-2026-31755

A flaw was found in the Linux kernel's cdns3 USB gadget driver. When a gadget endpoint is disabled or not yet configured, a NULL pointer dereference can occur in the epqueue function. This can lead to a kernel crash, resulting in a denial of service DoS on the affected system...

CVE-2026-43031

A flaw was found in the Linux kernel's xilinx axienet network driver. This vulnerability arises from incorrect accounting of Buffer Queue Length BQL, a mechanism that manages network buffer usage, for transmit TX packets that are split across multiple buffer descriptors. If these packet segments...

CVE-2026-43029

A flaw was found in the Linux kernel's Multipath TCP mptcp implementation. When an attacker sends data with MSGPEEK | MSGWAITALL flags, the system can enter a soft lockup state. This occurs because the skreceivequeue is not properly cleared, causing the system to continuously find available data...

CVE-2026-43024

A flaw was found in the Linux kernel's netfilter nftables component. This vulnerability arises from the system allowing immediate NFQUEUE verdicts, which are not intended for use by userspace nft tools. This could lead to unexpected behavior or a bypass of intended network filtering rules,...

CVE-2026-43022

A flaw was found in the Bluetooth Host Controller Interface HCI synchronization component of the Linux kernel. The hcicmdsyncqueueonce function did not properly signal when a command was already queued, which could lead to resource leaks. An attacker could potentially exploit this to cause a Deni...

CVE-2026-43021

A flaw was found in the Bluetooth hcisync component of the Linux kernel. When the hcicmdsyncqueueonce function fails, the associated destroy callback is not invoked, leading to memory and reference leaks. This continuous leakage of resources could eventually result in a Denial of Service DoS...

CVE-2026-43011

A flaw was found in the Linux kernel's X.25 networking component. This vulnerability, a double free, occurs when a socket buffer skb allocation fails in x25queuerxframe, causing the same skb to be freed twice. This improper memory handling can lead to a system crash, resulting in a Denial of...

CVE-2026-43021

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix leaks when hcicmdsyncqueueonce fails When hcicmdsyncqueueonce returns with error, the destroy callback will not be called. Fix leaking references / memory on these failures...

CVE-2026-43024

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject immediate NFQUEUE verdict nftqueue is always used from userspace nftables to deliver the NFQUEUE verdict. Immediately emitting an NFQUEUE verdict is never used by the userspace nft tools, so reject...

CVE-2026-43022

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: hcicmdsyncqueueonce return -EEXIST if exists hcicmdsyncqueueonce needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid leaking resources. Change the...

CVE-2026-31766

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate doorbelloffset in user queue creation amdgpuuserqgetdoorbellindex passes the user-provided doorbelloffset to amdgpudoorbellindexonbar without bounds checking. An arbitrarily large doorbelloffset can cause the...

CVE-2026-31755

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: fix NULL pointer dereference in epqueue When the gadget endpoint is disabled or not yet configured, the ep-desc pointer can be NULL. This leads to a NULL pointer dereference when cdns3gadgetepqueue is called,...

CVE-2026-31721

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: move list and spinlock inits from bind to alloc There was an issue when you did the following: - setup and bind an hid gadget - open /dev/hidg0 - use the resulting fd in EPOLLCTLADD - unbind the UDC - bind the...

CVE-2026-31703

In the Linux kernel, the following vulnerability has been resolved: writeback: Fix use after free in inodeswitchwbsworkfn inodeswitchwbsworkfn has a loop like: wbgetnewwb; while 1 list = llistdelall&newwb-switchwbsctxs; / Nothing to do? / if !list break; ... process the items ... Now adding of...

EUVD-2026-26649

In the Linux kernel, the following vulnerability has been resolved: atm: lec: fix use-after-free in sockdefreadable A race condition exists between lecatmclose setting priv-lecd to NULL and concurrent access to priv-lecd in sendtolecd, lechandlebridge, and lecatmsend. When the socket is freed via...

CVE-2026-43031

In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Fix BQL accounting for multi-BD TX packets When a TX packet spans multiple buffer descriptors scatter-gather, axienetfreetxchain sums the per-BD actual length from descriptor status into a caller-provided...

EUVD-2026-26630

In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Fix BQL accounting for multi-BD TX packets When a TX packet spans multiple buffer descriptors scatter-gather, axienetfreetxchain sums the per-BD actual length from descriptor status into a caller-provided...

CVE-2026-43031 net: xilinx: axienet: Fix BQL accounting for multi-BD TX packets

In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Fix BQL accounting for multi-BD TX packets When a TX packet spans multiple buffer descriptors scatter-gather, axienetfreetxchain sums the per-BD actual length from descriptor status into a caller-provided...

CVE-2026-43024

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject immediate NFQUEUE verdict nftqueue is always used from userspace nftables to deliver the NFQUEUE verdict. Immediately emitting an NFQUEUE verdict is never used by the userspace nft tools, so reject...

CVE-2026-43024

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject immediate NFQUEUE verdict nftqueue is always used from userspace nftables to deliver the NFQUEUE verdict. Immediately emitting an NFQUEUE verdict is never used by the userspace nft tools, so reject...