kernel hardening

A newly published Linux kernel CVE is drawing attention for a deceptively small reason: the X.25 networking stack could let one internal packet counter grow past its safe bounds, and the fix now requires both an overflow check and a reset during queue cleanup. Microsoft’s Security Update Guide...

The CVE in question, CVE-2026-23383, concerns the Linux bpf subsystem on arm64, where Microsoft’s advisory describes a fix to “force 8-byte alignment for JIT buffer to prevent atomic tearing.” That is a very small change on the surface, but it addresses a class of bugs that can be surprisingly...

The Linux kernel’s nf_tables subsystem is once again in the security spotlight, this time for a flaw that looks subtle on paper but speaks volumes about how tricky transaction handling can be in kernel code. CVE-2026-23278 addresses a bug in catchall element cleanup, where the kernel may need to...

Microsoft has added a defensive integrity check to the Common Log File System (CLFS) driver: CLFS now attaches a hash‑based message authentication code (HMAC) to each Base Log File (.blf) and its containers, validates that HMAC before parsing, and will refuse to open any logfile whose...

A new Linux-kernel vulnerability tracked as CVE-2025-40135 has been closed upstream by adding Read‑Copy‑Update (RCU) protection to the IPv6 transmit path: the ip6_xmit code now uses RCU-aware device access (dst_dev_rcu to avoid a possible use‑after‑free (UAF) that could otherwise trigger kernel...

The Linux kernel received a targeted fix for CVE-2025-40057 — a resource‑allocation/validation bug in the PTP (Precision Time Protocol) subsystem that adds an upper bound to the user‑controlled max_vclocks parameter so that kernel allocations performed with kcalloc cannot be overflowed or...