CVE-2026-46231 batman-adv: bla: put backbone reference on failed claim hash insert

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: put backbone reference on failed claim hash insert When batadvblaaddclaim fails to insert a new claim into the hash, it leaked a reference to the backbonegw for which the claim was intended. Call...

EUVD-2026-32858

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: put backbone reference on failed claim hash insert When batadvblaaddclaim fails to insert a new claim into the hash, it leaked a reference to the backbonegw for which the claim was intended. Call...

CVE-2026-46231

CVE-2026-46231 concerns the Linux kernel’s batman-adv code. When batadv_bla_add_claim() fails to insert a new claim into its hash, a reference to the target backbone_gw could be leaked. The vulnerability arises from not releasing that reference on the error path, potentially allowing a backbone_g...

CVE-2026-46231

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: put backbone reference on failed claim hash insert When batadvblaaddclaim fails to insert a new claim into the hash, it leaked a reference to the backbonegw for which the claim was intended. Call...

EUVD-2026-32850

In the Linux kernel, the following vulnerability has been resolved: cgroup: Defer css percpuref kill on rmdir until cgroup is depopulated A chain of commits going back to v7.0 reworked rmdir to satisfy the controller invariant that a subsystem's -cssoffline must not run while tasks are still doin...

CVE-2026-46223

In the Linux kernel, the following vulnerability has been resolved: cgroup: Defer css percpuref kill on rmdir until cgroup is depopulated A chain of commits going back to v7.0 reworked rmdir to satisfy the controller invariant that a subsystem's -cssoffline must not run while tasks are still doin...

CVE-2026-46181 RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4srqevent Sashiko points out the radixtree itself is RCU safe, but nothing ever frees the mlx4srq struct with RCU, and it isn't even accessed within the RCU critical section. It also will crash...

EUVD-2026-32808

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4srqevent Sashiko points out the radixtree itself is RCU safe, but nothing ever frees the mlx4srq struct with RCU, and it isn't even accessed within the RCU critical section. It also will crash...

CVE-2026-46180

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task Watchdog task might end between sendsig and kthreadstop calls, what results in the use-after-free issue. Fix this by increasing watchdog task referenc...

CVE-2026-46180

CVE-2026-46180 concerns a use-after-free in wifi brcmfmac when stopping the watchdog task in the Linux kernel. The vulnerability is addressed by increasing the watchdog task reference count before send_sig() and then dropping it with kthread_stop_put(). Connected OSV entries show patches in Root:...

CVE-2026-46170 mptcp: pm: ADD_ADDR rtx: free sk if last

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADDADDR rtx: free sk if last When an ADDADDR is retransmitted, the sk is held in skresettimer, and released at the end. If at that moment, it was the last reference being held, the sk would not be freed. sockput should...

EUVD-2026-32797

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADDADDR rtx: free sk if last When an ADDADDR is retransmitted, the sk is held in skresettimer, and released at the end. If at that moment, it was the last reference being held, the sk would not be freed. sockput should...

CVE-2026-46170

CVE-2026-46170 affects the Linux kernel MPTCP implementation. When ADD_ADDR is retransmitted, the socket reference counting can fail to free the sk, which may trigger indefinite waiting in timer synchronization and cause a DoS. The root cause is improper timer handling during sk_free that could c...

CVE-2026-46158

The CVE-2026-46158 issue is in the Linux kernel MPTCP implementation: when ADD_ADDR is retransmitted, the socket reference count may not be released reliably, creating a potential resource leak. The fix adds a proper exit path to call sock_put (__sock_put) at the end of the handling and removes a...

CVE-2026-46111 Bluetooth: hci_conn: fix potential UAF in create_big_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in createbigsync Add hciconnvalid check in createbigsync to detect stale connections before proceeding with BIG creation. Handle the resulting -ECANCELED in createbigcomplete and re-validate...

CVE-2026-46111

The CVE concerns a use-after-free in the Linux kernel Bluetooth stack (hci_conn, BIG creation). The patch adds hci_conn_valid() in create_big_sync() to detect stale connections before BIG creation, handles -ECANCELED in create_big_complete(), and re-validates under hci_dev_lock() before dereferen...

CVE-2026-9813 FlowIntel external reference URL probe allows server-side request forgery

FlowIntel up to version 3.3.0 contains a server-side request forgery SSRF vulnerability in the external reference URL probe functionality in app/case/task.py. An attacker who can submit an external reference URL can cause the application server to issue an HTTP HEAD request to an attacker-specifi...

CVE-2026-9813 FlowIntel external reference URL probe allows server-side request forgery

FlowIntel up to version 3.3.0 contains a server-side request forgery SSRF vulnerability in the external reference URL probe functionality in app/case/task.py. An attacker who can submit an external reference URL can cause the application server to issue an HTTP HEAD request to an attacker-specifi...

CVE-2026-9813

CVE-2026-9813 affects FlowIntel up to version 3.3.0 and is due to a server-side request forgery (SSRF) in the external reference URL probe in app/case/task.py. An attacker who can submit an external reference URL can cause the application server to issue an HTTP HEAD request to an attacker-specif...

BIT-GITLAB-2026-8716 Use of Incorrectly-Resolved Name or Reference in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user to access CI data from a different ref type than intended...