7286 matches found
EUVD-2026-26623
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject immediate NFQUEUE verdict nftqueue is always used from userspace nftables to deliver the NFQUEUE verdict. Immediately emitting an NFQUEUE verdict is never used by the userspace nft tools, so reject...
CVE-2026-43024
CVE-2026-43024 affects Linux kernel nf_tables/netfilter: nf_queue. The issue is that immediate NF_QUEUE verdicts were emitted and could be misused; upstream patch rejects immediate NF_QUEUE verdicts to fix it. Downstream advisories indicate fixes implemented in kernel updates (e.g., upstream kern...
CVE-2026-43022
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: hcicmdsyncqueueonce return -EEXIST if exists hcicmdsyncqueueonce needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid leaking resources. Change the...
CVE-2026-43022
The CVE-2026-43022 issue affects the Linux kernel Bluetooth HCI synchronization path: hci_cmd_sync_queue_once() did not indicate when a queue item already existed, risking resource leaks. The fix changes hci_cmd_sync_queue_once() to return -EEXIST when a queue item already exists and requires upd...
EUVD-2026-26621
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: hcicmdsyncqueueonce return -EEXIST if exists hcicmdsyncqueueonce needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid leaking resources. Change the...
CVE-2026-43022 Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: hcicmdsyncqueueonce return -EEXIST if exists hcicmdsyncqueueonce needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid leaking resources. Change the...
CVE-2026-43021
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix leaks when hcicmdsyncqueueonce fails When hcicmdsyncqueueonce returns with error, the destroy callback will not be called. Fix leaking references / memory on these failures...
CVE-2026-43021 Bluetooth: hci_sync: fix leaks when hci_cmd_sync_queue_once fails
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix leaks when hcicmdsyncqueueonce fails When hcicmdsyncqueueonce returns with error, the destroy callback will not be called. Fix leaking references / memory on these failures...
CVE-2026-43021
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix leaks when hcicmdsyncqueueonce fails When hcicmdsyncqueueonce returns with error, the destroy callback will not be called. Fix leaking references / memory on these failures...
CVE-2026-43021
CVE-2026-43021 affects the Linux kernel Bluetooth hci_sync path. A failure in hci_cmd_sync_queue_once() can skip calling the destroy callback, causing leaks of references/memory. The issue manifests during error paths, potentially leaving resources allocated for the hci_sync queue. Public discuss...
CVE-2026-31766
The CVE-2026-31766 issue affects the Linux kernel AMDGPU driver: amdgpu_userq_get_doorbell_index() passes user-supplied doorbell_offset to amdgpu_doorbell_index_on_bar() without proper bounds checking. An arbitrarily large doorbell_offset can drive the computed doorbell index outside the allocate...
CVE-2026-31766
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate doorbelloffset in user queue creation amdgpuuserqgetdoorbellindex passes the user-provided doorbelloffset to amdgpudoorbellindexonbar without bounds checking. An arbitrarily large doorbelloffset can cause the...
CVE-2026-31766 drm/amdgpu: validate doorbell_offset in user queue creation
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate doorbelloffset in user queue creation amdgpuuserqgetdoorbellindex passes the user-provided doorbelloffset to amdgpudoorbellindexonbar without bounds checking. An arbitrarily large doorbelloffset can cause the...
EUVD-2026-26579
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate doorbelloffset in user queue creation amdgpuuserqgetdoorbellindex passes the user-provided doorbelloffset to amdgpudoorbellindexonbar without bounds checking. An arbitrarily large doorbelloffset can cause the...
CVE-2026-31755
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: fix NULL pointer dereference in epqueue When the gadget endpoint is disabled or not yet configured, the ep-desc pointer can be NULL. This leads to a NULL pointer dereference when cdns3gadgetepqueue is called,...
EUVD-2026-26544
In the Linux kernel, the following vulnerability has been resolved: thermal: core: Address thermal zone removal races with resume Since thermalzonepmcomplete and thermalzonedeviceresume re-initialize the pollqueue delayed work for the given thermal zone, the canceldelayedworksync in...
CVE-2026-31721
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: move list and spinlock inits from bind to alloc There was an issue when you did the following: - setup and bind an hid gadget - open /dev/hidg0 - use the resulting fd in EPOLLCTLADD - unbind the UDC - bind the...
CVE-2026-31703 writeback: Fix use after free in inode_switch_wbs_work_fn()
In the Linux kernel, the following vulnerability has been resolved: writeback: Fix use after free in inodeswitchwbsworkfn inodeswitchwbsworkfn has a loop like: wbgetnewwb; while 1 list = llistdelall&newwb-switchwbsctxs; / Nothing to do? / if !list break; ... process the items ... Now adding of...
CVE-2026-31703
The CVE-2026-31703 entry is supported by multiple connected sources describing a Linux kernel use-after-free in the writeback path. Specifically, inode_switch_wbs_work_fn() loops over switch_wbs_ctxs and can have wb->switch_work pending while the wb reference is dropped, enabling a use-after-f...
Exploit for Missing Authentication for Critical Function in Cpanel
cPanel-CVE-2026-41940-Scanner !Licensehttps://img.shields...