CVE-2026-53277

KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT emulation...

CVE-2026-53276

Bluetooth: ISO: Fix a use-after-free of the hciconn pointer...

CVE-2026-53275

ipv6: mcast: Fix use-after-free when processing MLD queries...

CVE-2026-53274

net/smc: fix sleep-inside-lock in smcsetsockopt causing local DoS...

CVE-2026-53272

erofs: fix use-after-free on sbi-syncdecompress...

CVE-2026-53273

tee: optee: prevent use-after-free when the client exits before the supplicant...

CVE-2026-53271

ksmbd: fix NULL-deref of opinfo-conn in oplock/lease break notifiers...

CVE-2026-53269

netfilter: synproxy: add mutex to guard hook reference counting...

CVE-2026-53270

ipvs: clear the svc scheduler ptr early on edit...

CVE-2026-53268

netfilter: conntrackirc: fix possible out-of-bounds read...

CVE-2026-53266

netfilter: bridge: make ebtsnat ARP rewrite writable...

CVE-2026-53267

netfilter: nftct: bail out on template ct in get eval...

CVE-2026-53265

dm cache policy smq: check allocation under invalidate lock...

CVE-2026-53263

6lowpan: fix off-by-one in multicast context address compression...

CVE-2026-53264

net/sched: actapi: use RCU with deferred freeing for action lifecycle...

CVE-2026-53262

l2tp: pppol2tp: hold reference to session in pppol2tpioctl...

CVE-2026-53260

tcp: Add preemptdisable,enablenested in reqskqueuehashreq...

CVE-2026-53261

devlink: Release nested relation on devlink free...

CVE-2026-53259

ipv6: anycast: insert aca into global hash under idev-lock...

CVE-2026-53257

wifi: cfg80211: enforce HE/EHT cap/oper consistency...

CVE-2026-53258

wifi: fix leak if split 6 GHz scanning fails...

CVE-2026-53256

Bluetooth: RFCOMM: hold listener socket in rfcommconnectind...

CVE-2026-53254

Bluetooth: RFCOMM: validate skb length in MCC handlers...

CVE-2026-53255

Bluetooth: MGMT: validate advertising TLV before type checks...

CVE-2026-53253

Bluetooth: bnep: reject short frames before parsing...

CVE-2026-53252

Bluetooth: fix memory leak in error path of hciallocdev...

CVE-2026-53251

Bluetooth: ISO: Fix not releasing hdev reference on isoconnbigsync...

CVE-2026-53250

xsk: cache csumstart/csumoffset to fix TOCTOU in xskskbmetadata...

CVE-2026-53249

ipv4: restrict IPOPTSSRR and IPOPTLSRR options...

CVE-2026-53248

net: airoha: Fix use-after-free in metadata dst teardown...

CVE-2026-53247

net: ethernet: mtkethsoc: Fix use-after-free in metadata dst teardown...

CVE-2026-53245

net/802/mrp: fix vector attribute parsing in mrppduparsevecattr...

CVE-2026-53246

sctp: validate cached peer INIT chunk length in COOKIEECHO processing...

CVE-2026-53244

VFS: fix possible failure to unlock in nfsd4createfile...

CVE-2026-53242

ALSA: PCM: Fix wait queue list corruption in sndpcmdrain on linked streams...

CVE-2026-53243

rseq: Fix using an uninitialized stack variable in rseqexituserupdate...

CVE-2026-53241

ALSA: seq: dummy: fix UMP event stack overread...

CVE-2026-53240

xfrm: iptfs: fix use-after-free on firstskb in inputprocesspayload...

CVE-2026-53239

xfrm: policy: fix use-after-free on inexact bin in xfrmpolicybyselctx...

CVE-2026-53238

netlabel: validate unlabeled address and mask attribute lengths...

CVE-2026-53236

tcp: restrict SOATTACHFILTER to priv users...

CVE-2026-53237

gpio: mvebu: fix NULL pointer dereference in suspend/resume...

CVE-2026-53235

net: add pskbmaypull to skbgroreceivelist...

CVE-2026-53233

netdev: fix double-free in netdevnlbindrxdoit...

CVE-2026-53234

net: ibm: emac: Fix use-after-free during device removal...

CVE-2026-53232

net: phy: clean the sfp upstream if phy probing fails...

CVE-2026-53231

net: phy: don't try to setup PHY-driven SFP cages when using genphy...

CVE-2026-53230

net/mlx5: Fix slab-out-of-bounds in mlx5querynicvportmaclist...

CVE-2026-53229

net/mlx5e: xsk: Fix DMA and xdpframe leak on XDPTX xmit failure...

CVE-2026-53228

ipv6: sit: reload inner IPv6 header after GSO offloads...