kernel security

The Linux kernel’s BPF interpreter has a newly disclosed flaw, tracked as CVE-2026-31525, that exposes a subtle but important mismatch between the interpreter and the verifier when handling signed 32-bit division and modulo on INT_MIN. The bug is not a dramatic memory corruption primitive on its...

Linux systems picked up another networking CVE this week, and CVE-2026-31503 is a good reminder that some of the most consequential kernel bugs are not dramatic memory corruption flaws but logic failures in trusted packet paths. The issue lives in UDP bind conflict checking, where the kernel can...

The AppArmor bug tracked as CVE-2026-23407 is a serious kernel memory-safety issue that can turn a malformed policy into a system-level denial of service, and in some cases a broader integrity and confidentiality problem. The flaw sits in verify_dfa(), where the kernel fails to apply a bounds...

Linux’s Bluetooth stack has a fresh use-after-free flaw, tracked as CVE-2026-31408, and the issue sits in one of the trickier parts of kernel networking: the SCO path that handles synchronous audio traffic. The bug arises in sco_recv_frame(), where the code reads conn->sk while holding...

In early 2026, the Linux kernel’s NFC stack gained a security fix that is easy to overlook at a glance but important in practice: CVE-2026-23372 closes a race in the rawsock path where transmit work could outlive the socket teardown sequence. The bug sits in a classic kernel danger...

The Linux networking stack is getting a small but important hardening fix that matters well beyond its one-line title. Microsoft has cataloged the issue as CVE-2026-23343, and the underlying upstream change is a Linux XDP patch that now warns when a calculated tailroom goes negative instead of...

CVE-2026-23395 is a reminder that some of the most consequential kernel bugs are not dramatic memory-corruption exploits, but protocol-state mistakes that quietly break invariants the code was relying on. In this case, the Linux Bluetooth stack’s L2CAP Enhanced Credit-Based Flow Control path...

CVE-2026-23213 is a good example of how a small-looking kernel fix can carry outsized operational consequences for AMD GPU users. The underlying issue, titled “drm/amd/pm: Disable MMIO access during SMU Mode 1 reset,” centers on a brief but dangerous window in which the ASIC is resetting and...

A recent upstream Linux kernel patch fixed a silent but important auditing gap: the "at" variants of two extended-attribute read syscalls—getxattrat() and listxattrat()—were not listed in the kernel's audit read class, allowing reads of extended attributes to bypass file-read audit rules on...

A subtle locking bug in the kernel's RxRPC recvpath can corrupt internal socket queues and lead to use-after-free and refcount underruns — a flaw tracked as CVE-2026-23066 that was introduced by incorrect requeue logic in rxrpc_recvmsg() and fixed upstream by a targeted patch in early 2026...

Bring Your Own Vulnerable Driver (BYOVD) is no longer a theoretical red-team trick — it has become a practical, high-impact play in real-world intrusions that turns Windows’ own trust model into an offensive asset. Over the past two years operators from commodity ransomware groups to...

A small defensive change landed upstream this month that closes a straightforward—but impactful—NULL-pointer weakness in the Linux kernel’s NVMe-over-TCP target code. Left unpatched, the bug allows crafted NVMe/TCP traffic to cause a kernel NULL-pointer dereference and crash the host, producing...

The Linux kernel's QFQ (Quick Fair Queueing) network scheduler was patched this month to fix a NULL pointer dereference that could crash a system when a qdisc reset deactivates an aggregate that is actually inactive — the flaw has been catalogued as CVE-2026-22976 and was published on January...

A subtle pointer‑math mistake in the Linux kernel’s Netfilter nf_tables code — tracked as CVE‑2024‑0607 — lets a local actor corrupt internal data by writing eight bytes into a four‑byte slot inside nft_byteorder_eval(), producing memory corruption that leads to kernel instability and reliable...

A subtle memory-management bug deep inside the ext4 remount path—tracked as CVE-2024-0775—can turn routine mount option changes into a kernel-level use-after-free, enabling a local attacker to crash systems or leak kernel memory if left unpatched. Background ext4 is the default filesystem for...

A recently disclosed robustness bug in the Linux kernel’s Btrfs implementation can trigger an assertion failure and a kernel crash when a newly created subvolume is read before the filesystem has finished the final steps of subvolume creation, producing a local-denial-of-service condition that...

Microsoft’s brief public attestation that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate — but it is a product‑scoped inventory statement, not proof that Azure Linux is the only Microsoft product that can contain the vulnerable code tracked by...

Microsoft’s one-line advisory that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate — but it is a product‑scoped attestation, not a guarantee that no other Microsoft product could include the same vulnerable GFS2 code. Background / Overview The...

Microsoft’s one-line attestation that “Azure Linux includes this open‑source library and is therefore potentially affected” is an important, actionable statement — but it is not a technical guarantee that no other Microsoft product contains the same vulnerable NFS server code. The fix for...

Microsoft’s public mapping for CVE-2024-39484 correctly flags Azure Linux as a product that “includes this open‑source library and is therefore potentially affected,” but that carefully worded statement is a product‑scoped inventory attestation — not a technical guarantee that no other Microsoft...