CVE-2026-46220 drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/sdma4: replace BUGON with WARNON in fence emission sdmav40ringemitfence contains two BUGONaddr & 0x3 assertions that verify fence writeback addresses are dword-aligned. These assertions can be reached from unprivileged...

CVE-2026-46110 net: stmmac: Prevent NULL deref when RX memory exhausted

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Prevent NULL deref when RX memory exhausted The CPU receives frames from the MAC through conventional DMA: the CPU allocates buffers for the MAC, then the MAC fills them and returns ownership to the CPU. For each...

OSEC-2026-09 Albatross-console memory exhaustion

Albatross-console doesn't properly terminate when looping over the ringbuffer. This leads to denial of service and memory exhaustion. Scenario A user that has access to albatross-console either via the unix domain socket requires root:albatross by default or via albatross-tls-endpoint requires a...

SUSE CVE-2026-45940

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix oops when split header is enabled For GMAC4, when split header is enabled, in some rare cases, the hardware does not fill buf2 of the first descriptor with payload. Thus we cannot assume buf2 is always fully fill...

CVE-2026-45891

A flaw was found in the Linux kernel's hns3 network driver. This double-free vulnerability occurs due to incorrect handling of the txspare buffer during ring parameter setup. If memory allocation fails in the error cleanup path, a stale pointer to backup memory is erroneously freed twice. This ca...

PT-2026-44233

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Prevent NULL deref when RX memory exhausted The CPU receives frames from the MAC through conventional DMA: the CPU allocates buffers for the MAC, then the MAC fills them and returns ownership to the CPU. For each...

EUVD-2026-32291

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix userstruct uaf iofreerbufring usees a struct userstruct, which iozcrxifqfree puts it down before destroying the ring...

CVE-2026-45995

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix userstruct uaf iofreerbufring usees a struct userstruct, which iozcrxifqfree puts it down before destroying the ring...

CVE-2026-45891

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix double free issue for tx spare buffer In hns3setringparam, a temporary copy tmprings of the ring structure is created for rollback. However, the txspare pointer in the original ring handle is incorrectly left...

UBUNTU-CVE-2026-45891

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix double free issue for tx spare buffer In hns3setringparam, a temporary copy tmprings of the ring structure is created for rollback. However, the txspare pointer in the original ring handle is incorrectly left...

CVE-2026-45995 io_uring/zcrx: fix user_struct uaf

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix userstruct uaf iofreerbufring usees a struct userstruct, which iozcrxifqfree puts it down before destroying the ring...

CVE-2026-45891

The CVE-2026-45891 issue affects Linux kernel networking for the hns3 driver. In hns3_set_ringparam(), a temporary copy of the ring is used for rollback, but the tx_spare pointer in the original ring is not cleared after saving its value in tmp_rings. If memory allocation fails during hns3_init_a...

CVE-2026-45891 net: hns3: fix double free issue for tx spare buffer

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix double free issue for tx spare buffer In hns3setringparam, a temporary copy tmprings of the ring structure is created for rollback. However, the txspare pointer in the original ring handle is incorrectly left...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the iofreerbufring function in iouring zcrx. This function releases user structures before...

PT-2026-43862

In the Linux kernel, the following vulnerability has been resolved: io uring/zcrx: fix user struct uaf io free rbuf ring usees a struct user struct, which io zcrx ifq free puts it down before destroying the ring...

Important: kernel-livepatch-6.12.80-106.156

Issue Overview: PinTheft is a Linux local privilege escalation exploit for an RDS zerocopy double-free that can be turned into a page-cache overwrite through iouring fixed buffers. Affected Packages: kernel-livepatch-6.12.80-106.156 Issue Correction: Please ensure you have live patching enabled...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/fdinfo: The ctx-uringlock lock is acquired around the iouringshowfdinfo function. Not everything requires locking, which is why the haslock variable exists. However, enough cases require locking, making it somewhat unwiel...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: libwx: properly resets the Rx ring descriptor When a device reset is triggered due to feature changes, such as toggling Rx VLAN, the function wx-doreset is called to reinitialize the Rx rings. The hardware descriptor ring ma...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: Tracing: Free buffers when a used dynamic event is removed After 65536 dynamic events have been added and removed, the “type” field of the event uses the first available type number which is not currently used by other events. A...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/msgring: Ensure that the freeing of iokiocb is deferred to a later time, specifically to the RCU context. The syzbot report indicates that deferring or localizing the taskwork addition via msgring can potentially affect...