kernel security

The AppArmor bug tracked as CVE-2026-23407 is a serious kernel memory-safety issue that can turn a malformed policy into a system-level denial of service, and in some cases a broader integrity and confidentiality problem. The flaw sits in verify_dfa(), where the kernel fails to apply a bounds...

Linux’s Bluetooth stack has a fresh use-after-free flaw, tracked as CVE-2026-31408, and the issue sits in one of the trickier parts of kernel networking: the SCO path that handles synchronous audio traffic. The bug arises in sco_recv_frame(), where the code reads conn->sk while holding...

In early 2026, the Linux kernel’s NFC stack gained a security fix that is easy to overlook at a glance but important in practice: CVE-2026-23372 closes a race in the rawsock path where transmit work could outlive the socket teardown sequence. The bug sits in a classic kernel danger...

The Linux networking stack is getting a small but important hardening fix that matters well beyond its one-line title. Microsoft has cataloged the issue as CVE-2026-23343, and the underlying upstream change is a Linux XDP patch that now warns when a calculated tailroom goes negative instead of...

CVE-2026-23395 is a reminder that some of the most consequential kernel bugs are not dramatic memory-corruption exploits, but protocol-state mistakes that quietly break invariants the code was relying on. In this case, the Linux Bluetooth stack’s L2CAP Enhanced Credit-Based Flow Control path...

CVE-2026-23213 is a good example of how a small-looking kernel fix can carry outsized operational consequences for AMD GPU users. The underlying issue, titled “drm/amd/pm: Disable MMIO access during SMU Mode 1 reset,” centers on a brief but dangerous window in which the ASIC is resetting and...

A recent upstream Linux kernel patch fixed a silent but important auditing gap: the "at" variants of two extended-attribute read syscalls—getxattrat() and listxattrat()—were not listed in the kernel's audit read class, allowing reads of extended attributes to bypass file-read audit rules on...

A subtle locking bug in the kernel's RxRPC recvpath can corrupt internal socket queues and lead to use-after-free and refcount underruns — a flaw tracked as CVE-2026-23066 that was introduced by incorrect requeue logic in rxrpc_recvmsg() and fixed upstream by a targeted patch in early 2026...

Bring Your Own Vulnerable Driver (BYOVD) is no longer a theoretical red-team trick — it has become a practical, high-impact play in real-world intrusions that turns Windows’ own trust model into an offensive asset. Over the past two years operators from commodity ransomware groups to...

A small defensive change landed upstream this month that closes a straightforward—but impactful—NULL-pointer weakness in the Linux kernel’s NVMe-over-TCP target code. Left unpatched, the bug allows crafted NVMe/TCP traffic to cause a kernel NULL-pointer dereference and crash the host, producing...

The Linux kernel's QFQ (Quick Fair Queueing) network scheduler was patched this month to fix a NULL pointer dereference that could crash a system when a qdisc reset deactivates an aggregate that is actually inactive — the flaw has been catalogued as CVE-2026-22976 and was published on January...

A subtle pointer‑math mistake in the Linux kernel’s Netfilter nf_tables code — tracked as CVE‑2024‑0607 — lets a local actor corrupt internal data by writing eight bytes into a four‑byte slot inside nft_byteorder_eval(), producing memory corruption that leads to kernel instability and reliable...

A subtle memory-management bug deep inside the ext4 remount path—tracked as CVE-2024-0775—can turn routine mount option changes into a kernel-level use-after-free, enabling a local attacker to crash systems or leak kernel memory if left unpatched. Background ext4 is the default filesystem for...

A recently disclosed robustness bug in the Linux kernel’s Btrfs implementation can trigger an assertion failure and a kernel crash when a newly created subvolume is read before the filesystem has finished the final steps of subvolume creation, producing a local-denial-of-service condition that...

Microsoft’s brief public attestation that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate — but it is a product‑scoped inventory statement, not proof that Azure Linux is the only Microsoft product that can contain the vulnerable code tracked by...

Microsoft’s one-line advisory that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate — but it is a product‑scoped attestation, not a guarantee that no other Microsoft product could include the same vulnerable GFS2 code. Background / Overview The...

Microsoft’s one-line attestation that “Azure Linux includes this open‑source library and is therefore potentially affected” is an important, actionable statement — but it is not a technical guarantee that no other Microsoft product contains the same vulnerable NFS server code. The fix for...

Microsoft’s public mapping for CVE-2024-39484 correctly flags Azure Linux as a product that “includes this open‑source library and is therefore potentially affected,” but that carefully worded statement is a product‑scoped inventory attestation — not a technical guarantee that no other Microsoft...

A small change in the Intel i915 graphics stack — a decision to “get rid of devm” in the hwmon path — produced a classic kernel lifecycle bug with outsized operational impact: tracked as CVE‑2024‑39479, the defect creates a use‑after‑free (UAF) and local denial‑of‑service vector by letting hwmon...

A subtle accounting error inside the OCFS2 filesystem’s Direct I/O path has been fixed as CVE-2024-42077 — a bug that could exhaust journaling transaction credits during large or heavily fragmented DIO writes and force the filesystem to abort, producing kernel panics and a complete loss of...