UBUNTU-CVE-2026-46049

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Add fallback to default RSR for S/PDIF spdifpassthruplaybackgetresources uses atc-pllrate as the RSR for the MSR calculation loop. However, pllrate is only updated in atcpllinit and not in hwpllinit, so it remains 0...

UBUNTU-CVE-2026-46005

In the Linux kernel, the following vulnerability has been resolved: xfs: fix a resource leak in xfsallocbuftarg In the error path, call fsputdax to drop the DAX device reference...

UBUNTU-CVE-2026-45926

In the Linux kernel, the following vulnerability has been resolved: rust: pwm: Fix potential memory leak on init error When initializing a PWM chip using pwmchipalloc, the allocated device owns an initial reference that must be released on all error paths. If pinnedinit were to fail, the allocate...

UBUNTU-CVE-2026-45910

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix race condition in QP timer handlers I encontered the following warning: WARNING: drivers/infiniband/sw/rxe/rxetask.c:249 at rxeschedtask+0x1c8/0x238 rdmarxe, CPU0: swapper/0/0 ... libsha1 last unloaded: ip6udptunnel...

UBUNTU-CVE-2026-45880

In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Release per-CPU pgmap ref when vminsertpage fails When vminsertpage fails in p2pmemallocmmap, p2pmemallocmmap doesn't invoke percpurefput to free the per-CPU ref of pgmap acquired after genpoolallocowner, and...

CVE-2026-45866

In the Linux kernel, the following vulnerability has been resolved: serial: caif: fix use-after-free in caifserial ldiscclose There is a use-after-free bug in caifserial where handletx may access ser-tty after the tty has been freed. The race condition occurs between ldiscclose and packet...

UBUNTU-CVE-2026-45866

In the Linux kernel, the following vulnerability has been resolved: serial: caif: fix use-after-free in caifserial ldiscclose There is a use-after-free bug in caifserial where handletx may access ser-tty after the tty has been freed. The race condition occurs between ldiscclose and packet...

EUVD-2026-32482

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels seg6inputcore and rplinput call ip6routeinput which sets a NOREF dst on the skb, then pass it to dstcachesetip6 invoking dsthold unconditionally. On PREEMPTRT, ksoftirqd is...

CVE-2026-46099

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels seg6inputcore and rplinput call ip6routeinput which sets a NOREF dst on the skb, then pass it to dstcachesetip6 invoking dsthold unconditionally. On PREEMPTRT, ksoftirqd is...

CVE-2026-46099

The CVE-2026-46099 entry describes a use-after-free race in Linux kernel IPv6 handling for seg6 and rpl lightweight tunnels. A NOREF destination cached during ip6_route_input() can be freed by a concurrent FIB lookup on a shared nexthop under PREEMPT_RT, leading to a WARN or potential instability...

CVE-2026-46049

CVE-2026-46049 concerns the Linux kernel ALSA ctxfi driver (S/PDIF path). The issue arises in spdif_passthru_playback_setup() when pll_rate is not updated (remains 0), causing the MSR calculation loop to spin if 32000 Hz is skipped. The fix adds a fallback: if atc->pll_rate is 0, use atc->r...

CVE-2026-46048

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: fix usbdev refcount leak on probe failure createcard takes a reference on the USB device with usbgetdev and stores the matching usbputdev in cardfree, which is installed as the sndcard's -privatefree destructor...

EUVD-2026-32430

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: fix usbdev refcount leak on probe failure createcard takes a reference on the USB device with usbgetdev and stores the matching usbputdev in cardfree, which is installed as the sndcard's -privatefree destructor...

CVE-2026-46048 ALSA: caiaq: fix usb_dev refcount leak on probe failure

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: fix usbdev refcount leak on probe failure createcard takes a reference on the USB device with usbgetdev and stores the matching usbputdev in cardfree, which is installed as the sndcard's -privatefree destructor...

CVE-2026-46048

CVE-2026-46048 relates to a leak in the Linux kernel ALSA caiaq driver. The issue arises because create_card() takes a usb_get_dev() reference to a USB device and stores the corresponding usb_put_dev() in card_free(), which is registered as snd_card’s private_free destructor. However, private_fre...

CVE-2026-46048

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: fix usbdev refcount leak on probe failure createcard takes a reference on the USB device with usbgetdev and stores the matching usbputdev in cardfree, which is installed as the sndcard's -privatefree destructor...

EUVD-2026-32428

In the Linux kernel, the following vulnerability has been resolved: ext4: fix missing brelse in ext4xattrinodedecrefall The commit c8e008b60492 "ext4: ignore xattrs past end" introduced a refcount leak in when blockcsum is false. ext4xattrinodedecrefall calls ext4getinodeloc to get iloc.bh, but...

CVE-2026-46005

The CVE-2026-46005 issue concerns a resource leak in the XFS code path of the Linux kernel (xfs_alloc_buftarg) where, in error paths, the DAX device reference must be dropped via fs_put_dax(). Connected documents indicate patches and mitigations across multiple distributions: Debian/OpenSUSE OSV ...

EUVD-2026-32302

In the Linux kernel, the following vulnerability has been resolved: xfs: fix a resource leak in xfsallocbuftarg In the error path, call fsputdax to drop the DAX device reference...

CVE-2026-45997 scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails

In the Linux kernel, the following vulnerability has been resolved: scsi: sd: fix missing putdisk when deviceadd&diskdev fails If deviceadd&sdkp-diskdev fails, putdevice runs scsidiskrelease, which frees the scsidisk but leaves the gendisk referenced. The deviceadddisk error path in sdprobe calls...