kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation

A flaw was found in the Linux kernel. A use-after-free vulnerability exists in the traffic control actct path when it is incorrectly configured with non-ingress egress qdiscs queueing disciplines. This can allow a local user with specific privileges to trigger a kernel crash, leading to a denial ...

CVE-2026-43496

A flaw was found in the Linux kernel's networking scheduler component. This vulnerability occurs when a specific queueing discipline qdisc configuration is used, where a parent qdisc attempts to retrieve a network packet from a child qdisc. An incorrect function call during this process can lead ...

kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation

A flaw was found in the Linux kernel. A use-after-free vulnerability exists in the traffic control actct path when it is incorrectly configured with non-ingress egress qdiscs queueing disciplines. This can allow a local user with specific privileges to trigger a kernel crash, leading to a denial ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: cancel mloscanstartwk The mloscanstartwk operation is not canceled upon disconnection. In fact, it isn’t canceled anywhere else, except during the restart cleanup, where we don’t actually need to cancel it. Th...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is a potential UAF scenario in the case of an LPI translation cache hit racing with an operation that invalidates the cache, such as a DISCARD ITS command...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix NULL dereferencing when deactivating an inactive aggregate in qfqreset qfqclass-leafqdisc-q.qlen 0 does not imply that the class itself is active. Two qfqclass objects may point to the same leafqdisc. This...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Bus: MHI: Host – Drop the channel lock before queuing buffers. Ensure that read and write locks for the channel are not acquired consecutively by dropping the read lock from parsexferevent. This allows a callback provided to the...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: netsched: schsfq: fixed a potential crash when handling gsoskb. SFQ assumes that at least one packet can always be queued. However, after the problematic commit, sch-q.len can be inflated by packets in sch-gsoskb. An enqueue...

kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation

A flaw was found in the Linux kernel. A use-after-free vulnerability exists in the traffic control actct path when it is incorrectly configured with non-ingress egress qdiscs queueing disciplines. This can allow a local user with specific privileges to trigger a kernel crash, leading to a denial ...

EUVD-2026-26616

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate mesh send advertising payload length meshsend currently bounds MGMTOPMESHSEND by total command length, but it never verifies that the bytes supplied for the flexible advdata array actually match the...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013504)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013504 advisory. In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for bfqq in bfqexiticqbfqq Commit 64dc8c732f5c block, bfq: fix possible uaf f...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007518)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007518 advisory. In the Linux kernel, the following vulnerability has been resolved: net/sched: Restrict conditions for adding duplicating netems to qdisc tree netemenqueue's...

SUSE-SU-2026:1281-1 Security update for the Linux Kernel (Live Patch 42 for SUSE Linux Enterprise 15 SP4)

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.170 fixes various security issues The following security issues were fixed: - CVE-2025-39973: i40e: add validation for ringlen param bsc1252036. - CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup bsc1252689. -...

Organizational Security Resource Estimation Via Vulnerability Queueing

We provide an approach that closely estimates an organization's cyber resources directly from vulnerability timestamps, using a non-stationary queueing framework. Traditional attack-surface metrics operate on static snapshots, ignoring the core attack-defense dynamics within information systems,...

CLSA-2026-1775745943 kernel: Fix of 5 CVEs

net/sched: schhfsc: upgrade 'rt' to 'sc' when it becomes a inner curve CVE-2023-4623 - net/sched: Enforce that teql can only be used as root qdisc CVE-2026-23074 - ALSA: usb-audio: Fix use-after-free in sndusbmixerfree CVE-2026-23089 - atm: atmtcp: Prevent arbitrary write in atmtcprecvcontrol...

EUVD-2026-17765

Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional Routing Service,Observability Collector,Recording Service,Queueing Service,Cloud Discovery Service allows Serialized Data External Linking, Data Serializat...

CVE-2026-4374

CVE-2026-4374 affects RTI Connext Professional (Routing Service, Observability Collector, Recording Service, Queueing Service, Cloud Discovery Service). The vulnerability is described as an improper restriction of XML External Entity Reference, enabling Serialized Data External Linking and data s...

net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs

...

PT-2026-26732

OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling that allows unauthorized senders to enqueue status events before authorization checks are applied. Attackers can exploit the reaction-only event path in event-handler.ts to queue...

PT-2026-26478

Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev97 Description A Host Header Spoofing issue in the @local check decorator allows unauthenticated external attackers to bypass local-only restrictions. This grants access to the Click'N'Load API endpoints,...