CVE-2026-45975 ublk: use READ_ONCE() to read struct ublksrv_ctrl_cmd

In the Linux kernel, the following vulnerability has been resolved: ublk: use READONCE to read struct ublksrvctrlcmd struct ublksrvctrlcmd is part of the iouringsqe, which may lie in userspace-mapped memory. It's racy to access its fields with normal loads, as userspace may write to them...

CVE-2026-45961

The CVE-2026-45961 entry concerns the Linux kernel gfs2 subsystem. It fixes two memory leaks in gfs2_fill_super() error paths when transitioning a filesystem to read-write mode: (1) kernel thread objects (logd/quotad) leaked if gfs2_freeze_lock_shared() fails after init_threads(), because fail_pe...

CVE-2026-45957

CVE-2026-45957 affects the Linux kernel where removing recursion-protection from __rcu_read_unlock() can cause a deadloop when raise_softirq_irqoff() is invoked with ftrace enabled during rcu_read_unlock_special(). The issue, observed as a deadlock trace in trace.c, was fixed by commits that refo...

CVE-2026-45957 rcu: Fix rcu_read_unlock() deadloop due to softirq

In the Linux kernel, the following vulnerability has been resolved: rcu: Fix rcureadunlock deadloop due to softirq Commit 5f5fa7ea89dc "rcu: Don't use negative nesting depth in rcureadunlock" removes the recursion-protection code from rcureadunlock. Therefore, we could invoke the deadloop in...

CVE-2026-45957

In the Linux kernel, the following vulnerability has been resolved: rcu: Fix rcureadunlock deadloop due to softirq Commit 5f5fa7ea89dc "rcu: Don't use negative nesting depth in rcureadunlock" removes the recursion-protection code from rcureadunlock. Therefore, we could invoke the deadloop in...

CVE-2026-45949 hwrng: core - use RCU and work_struct to fix race condition

In the Linux kernel, the following vulnerability has been resolved: hwrng: core - use RCU and workstruct to fix race condition Currently, hwrngfill is not cleared until the hwrngfillfn thread exits. Since hwrngunregister reads hwrngfill outside the rngmutex lock, a concurrent hwrngunregister may...

CVE-2026-45943

CVE-2026-45943 affects the Linux kernel EROFS (ztailpacking pclusters). The issue could allow a NULL pointer dereference when inline data for compressed folios is invalid and pclusters are added to I/O chains without validating the inline data first. The root cause is assuming inline data is vali...

CVE-2026-45943

In the Linux kernel, the following vulnerability has been resolved: erofs: fix inline data read failure for ztailpacking pclusters Compressed folios for ztailpacking pclusters must be valid before adding these pclusters to I/O chains. Otherwise, zerofsdecompresspcluster may assume they are alread...

CVE-2026-45895 quota: fix livelock between quotactl and freeze_super

In the Linux kernel, the following vulnerability has been resolved: quota: fix livelock between quotactl and freezesuper When a filesystem is frozen, quotactlblock enters a retry loop waiting for the filesystem to thaw. It acquires sumount, checks the freeze state, drops sumount and uses...

CVE-2026-45886 bpf: Fix bpf_xdp_store_bytes proto for read-only arg

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpfxdpstorebytes proto for read-only arg While making some maps in Cilium read-only from the BPF side, we noticed that the bpfxdpstorebytes proto is incorrect. In particular, the verifier was throwing the following error...

CVE-2026-45886

CVE-2026-45886 : Linux kernel fix for bpf_xdp_store_bytes argument type error when writing to read-only maps. The verifier flagged a MEM_WRITE on R3 (PTR_TO_MAP_VALUE from a read-only map) due to ARG_PTR_TO_UNINIT_MEM; the third argument’s type did not match bpf_skb_store_bytes. The patch aligns ...

CVE-2026-45886

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpfxdpstorebytes proto for read-only arg While making some maps in Cilium read-only from the BPF side, we noticed that the bpfxdpstorebytes proto is incorrect. In particular, the verifier was throwing the following error...

CVE-2026-45865

The CVE affects the Linux kernel mctp i2c subsystem. The issue arises in the i2c event handler read path where reads could return an uninitialised value (stack u8) for i2c-aspeed and i2c-npcm7xx; a fix now sets reads to 0xff. Affected scenario involves mctp-i2c devices and reads such as i2ctransf...

CVE-2026-45865

In the Linux kernel, the following vulnerability has been resolved: mctp i2c: initialise event handler read bytes Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return "val" from the i2c bus driver. For i2c-aspeed and i2c-npcm7xx that is a stack uninitialised u8. Teste...

CVE-2026-45856

The CVE-2026-45856 issue affects the Linux kernel's RDMA/uverbs subsystem, specifically ib_uverbs_post_send. The vulnerability arises when cmd.wqe_size from userspace is not validated before kmalloc and using the allocated memory as struct ib_uverbs_send_wr, allowing an out-of-bounds read of kern...

CVE-2026-45856 RDMA/uverbs: Validate wqe_size before using it in ib_uverbs_post_send

In the Linux kernel, the following vulnerability has been resolved: RDMA/uverbs: Validate wqesize before using it in ibuverbspostsend ibuverbspostsend uses cmd.wqesize from userspace without any validation before passing it to kmalloc and using the allocated buffer as struct ibuverbssendwr. If a...

CVE-2025-71309 fs/ntfs3: fix deadlock in ni_read_folio_cmpr

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix deadlock in nireadfoliocmpr Syzbot reported a task hung in nireadpagecmpr now nireadfoliocmpr. This is caused by a lock inversion deadlock involving the inode mutex nilock and page locks. Scenario: 1. Task A enters...

CVE-2026-1933

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

CVE-2026-45839

In the Linux kernel, the following vulnerability has been resolved: bpf: reject negative CO-RE accessor indices in bpfcoreparsespec CO-RE accessor strings are colon-separated indices that describe a path from a root BTF type to a target field, e.g. "0:1:2" walks through nested struct members...

SUSE CVE-2026-9504

A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bitconvertTU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public...