CVE-2026-31720

A flaw was found in the Linux kernel's USB gadget audio class 1 UAC1 legacy function. A remote attacker could exploit this vulnerability by sending a malicious USB control request, causing an out-of-bounds write on the stack. This could lead to a denial of service or potentially arbitrary code...

CVE-2026-33451

CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system...

CVE-2026-31705

A flaw was found in the ksmbd component of the Linux kernel. This out-of-bounds write vulnerability occurs when processing Server Message Block SMB extended attribute EA information. Specifically, the smb2getea function performs an unconditional memory write for alignment padding without checking...

CVE-2026-43055

A flaw was found in the Linux kernel's SCSI target file module. When a write command is executed, the aiocmd-iocb for the kiwritestream is not initialized. This can lead to an incorrect kiwritestream value, causing unintended write failures in the block device. This vulnerability can result in a...

Copy Fail AF_ALG + authencesn Page-Cache Write

CVE-2026-31431 is a logic flaw in the Linux kernel's authencesn AEAD template that, when reached via the AFALG socket interface combined with splice, allows an unprivileged local user to perform a controlled 4-byte write into the page cache of any readable file. Because the corrupted pages are...

CVE-2026-37457

An off-by-one out-of-bounds write vulnerability in the bgpflowspecopdecode function bgpd/bgpflowspecutil.c of FRRouting FRR stable/10.0 allows attackers to cause a Denial of Service DoS via supplying a crafted FlowSpec component...

CVE-2026-37457

An off-by-one out-of-bounds write vulnerability in the bgpflowspecopdecode function bgpd/bgpflowspecutil.c of FRRouting FRR stable/10.0 allows attackers to cause a Denial of Service DoS via supplying a crafted FlowSpec component...

UBUNTU-CVE-2026-37457

An off-by-one out-of-bounds write vulnerability in the bgpflowspecopdecode function bgpd/bgpflowspecutil.c of FRRouting FRR stable/10.0 allows attackers to cause a Denial of Service DoS via supplying a crafted FlowSpec component...

CVE-2026-37534

Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe 2025-11-30 in SAEJ1939ReadTransportProtocolDataTransfer,allows attackers to write to arbitrary memory via crafted sequence number from the CAN frame...

CVE-2026-22166 GPU DDK - Write UAF in KEGLGetPoolBuffers, WebGL reachable

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable subsequent exploit on the...

CVE-2026-22166

CVE-2026-22166 pertains to GPU DDK components where a web page sending anomalous WebGPU content into the GPU GLES render process can trigger a write UAF crash in the GPU GLES user-space shared library (KEGLGetPoolBuffers). The exposed root cause is a write-after-free condition in KEGLGetPoolBuffe...

CVE-2026-22166

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable subsequent exploit on the...

CVE-2026-22165 GPU DDK - UAF read of GLES3Context::psDrawParams and GLES3Context::psMode and UAF read/write of RMJob::apsCCBs

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable further exploits on the...

CVE-2026-22167 GPU DDK - Cache resident PM buffers writable by other GPU requestors, leading to arbitrary write to physical memory

Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel an...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the ddsinput.cpp process. An attacker can execute arbitrary code or cause a denial of service by providing specially crafted DDS image files to the affected component. Remediation A fix was pushed into the master...

CVE-2026-31785

In the Linux kernel, the following vulnerability has been resolved: drm/xe/xepagefault: Disallow writes to read-only VMAs The page fault handler should reject write/atomic access to read only VMAs. Add code to handle this in xepagefaultservice after the VMA lookup. v2: - Apply max line length...

CVE-2026-31702

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix use-after-free of sbi in f2fscompresswriteendio In f2fscompresswriteendio, decpagecountsbi, type can bring the F2FSWBCPDATA counter to zero, unblocking f2fswaitonallpages in f2fsputsuper on a concurrent unmount CPU. The...

CVE-2026-43055

The CVE-2026-43055 issue affects the Linux kernel SCSI target: file implementation. The root cause is that target_core_file does not initialize aio_cmd->iocb for ki_write_stream, which can yield a bogus ki_write_stream value during fd_execute_rw_aio() and lead to unintended write failure statu...

EUVD-2026-26654

In the Linux kernel, the following vulnerability has been resolved: scsi: target: file: Use kzallocflex for aiocmd The targetcorefile doesn't initialize the aiocmd-iocb for the kiwritestream. When a write command fdexecuterwaio is executed, we may get a bogus kiwritestream value, causing unintend...

CVE-2026-31785

Summary: CVE-2026-31785 affects the Linux kernel DRM XE pagefault path. The issue was that the page fault handler could permit write/atomic access to read-only VMAs. Root cause: xe_pagefault_service did not reject writes to read-only VMAs after the VMA lookup. Impact (as described): restoration o...