662 matches found
CVE-2026-64153
The CVE concerns the Linux kernel DRM MSM IOMMU path. The issue was in iommu_map_sgtable() returning a size_t and 0 on error; it now returns an ssize_t and propagates negative error codes. The commit change (iommu: return full error code from iommu_map_sg_atomic ) stores the error value in the pr...
CVE-2026-63940 KVM: SEV: Ignore Port I/O requests of length '0'
In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Ignore Port I/O requests of length '0' Explicitly ignore Port I/O requests of length '0' or count '0', so that setting up the software scratch area and other code doesn't have to worry about underflowing the length, and...
CVE-2026-63878
The CVE-2026-63878 entry concerns the Linux kernel driver drm/amdgpu, specifically GEM_OP GET_MAPPING_INFO. The issue arises when user-supplied num_entries is used directly to allocate memory via kvcalloc without an upper bound, with num_entries as __u32 and each entry-sized 32 bytes. This can le...
PT-2026-61470
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix iommu map sgtable return value check and avoid WARN Commit "iommu: return full error code from iommu map sg atomic" changed iommu map sgtable to return an ssize t and negative values in error cases, rather than a siz...
PT-2026-61354
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: fix TSO segmentation explosion when AMSDU is disabled When the TLC notification disables AMSDU for a TID, the MLD driver sets max tid amsdu len to the sentinel value 1. The TSO segmentation path in iwl mld tx...
hsr: Remove WARN_ONCE() in hsr_addr_is_self().
...
UBUNTU-CVE-2026-53353
In the Linux kernel, the following vulnerability has been resolved: hsr: Remove WARNONCE in hsraddrisself. syzbot reported the warning 0 in hsraddrisself, whose assumption is simply wrong. hsr-selfnode is cleared in hsrdelselfnode, which is called from hsrdellink. Since dev-rtnllinkops-dellink is...
CVE-2026-53353
In the Linux kernel, the following vulnerability has been resolved: hsr: Remove WARNONCE in hsraddrisself. syzbot reported the warning 0 in hsraddrisself, whose assumption is simply wrong. hsr-selfnode is cleared in hsrdelselfnode, which is called from hsrdellink. Since dev-rtnllinkops-dellink is...
CVE-2026-53353 hsr: Remove WARN_ONCE() in hsr_addr_is_self().
In the Linux kernel, the following vulnerability has been resolved: hsr: Remove WARNONCE in hsraddrisself. syzbot reported the warning 0 in hsraddrisself, whose assumption is simply wrong. hsr-selfnode is cleared in hsrdelselfnode, which is called from hsrdellink. Since dev-rtnllinkops-dellink is...
CVE-2026-53353
The CVE-2026-53353 entry concerns the Linux kernel HSR subsystem. A timing window exists where hsr->self_node can be absent because hsr_del_self_node() clears self_node in hsr_dellink() and dellink() may complete before unregister_netdevice_many(), leaving a race that can affect self-node chec...
Linux Distros Unpatched Vulnerability : CVE-2026-53319
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - blk-wbt: remove WARNONONCE from wbtinitenabledefault wbtinitenabledefault uses WARNONONCE to check for failures from wbtalloc and wbtinit. However, both are...
SUSE CVE-2026-53319
In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARNONONCE from wbtinitenabledefault wbtinitenabledefault uses WARNONONCE to check for failures from wbtalloc and wbtinit. However, both are expected failure paths: - wbtalloc can return NULL under memory pressure...
SUSE CVE-2026-53320
In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject zero bdoblocknr in nilfsioctlmarkblocksdirty nilfsioctlmarkblocksdirty uses bdoblocknr to detect dead blocks by comparing it with the current block number bdblocknr. If they differ, the block is considered dead and...
DEBIAN-CVE-2026-53319
In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARNONONCE from wbtinitenabledefault wbtinitenabledefault uses WARNONONCE to check for failures from wbtalloc and wbtinit. However, both are expected failure paths: - wbtalloc can return NULL under memory pressure...
EUVD-2026-39854
In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARNONONCE from wbtinitenabledefault wbtinitenabledefault uses WARNONONCE to check for failures from wbtalloc and wbtinit. However, both are expected failure paths: - wbtalloc can return NULL under memory pressure...
CVE-2026-53027
A flaw was found in the Linux kernel's fs/ntfs3 component. When handling compressed or sparse attributes with frame-aligned clusters, a missing run load for vcn0 can occur if vcn0 resides in a different attribute segment. This oversight can lead to a kernel warning WARNON1 during a run lookup,...
PT-2026-52260
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the iommu dma iova link swiotlb function when processing unaligned mappings divided into head, middle, and trailer parts. If the middle section is empty due to a lack ...
RockyLinux 9 : kernel (RLSA-2026:27789)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:27789 advisory. kernel: can: isotp: fix tx.buf use-after-free in isotpsendmsg CVE-2026-31474 kernel: mptcp: fix slab-use-after-free in inetlookupestablished...
EUVD-2026-38820
In the Linux kernel, the following vulnerability has been resolved: iommu: Fix WARNON in iommugroupsetdomainnofail due to reset In iommugroupsetdomaininternal, concurrent domain attachments are rejected when any device in the group is recovering. This is necessary to fence concurrent attachments ...
CVE-2026-52952 iommu: Fix WARN_ON in __iommu_group_set_domain_nofail() due to reset
In the Linux kernel, the following vulnerability has been resolved: iommu: Fix WARNON in iommugroupsetdomainnofail due to reset In iommugroupsetdomaininternal, concurrent domain attachments are rejected when any device in the group is recovering. This is necessary to fence concurrent attachments ...