linux kernel cve

Linux kernel maintainers published CVE-2026-46113 on May 28, 2026, describing a KVM x86 shadow paging use-after-free flaw that can leave stale reverse-map entries after an unexpected guest frame number appears in a shadow page. The bug is ugly not because it has a catchy exploit name, but...

On May 28, 2026, NVD published CVE-2026-46147, a Linux kernel vulnerability from kernel.org affecting the ARM64 KVM protected virtualization path, where failed vCPU initialization could leak pinned memory references and expose a partially initialized virtual CPU to a concurrent reader. It is not...

Linux kernel CVE-2026-46219 was published by NVD on May 28, 2026, for a use-after-free flaw in the Freescale MPC52xx SPI controller driver, fixed by reordering cleanup during device unbind so queued work is cancelled only after interrupts are disabled. This is not the sort of bug that should...

CVE-2026-46071 is a Linux kernel KVM vulnerability published by NVD on May 27, 2026, affecting AMD nested virtualization code where KVM’s nSVM path incorrectly dirtied the LBR clean bit in a guest-owned VMCB during nested VM exit handling. The fix is small, but the signal is not: modern...

CVE-2026-46032 is a newly published Linux kernel KVM vulnerability, disclosed by NVD on May 27, 2026, affecting AMD nested virtualization code where a failed CR3 restore during nested VM exit could leave a guest running with corrupted virtual CPU state. The bug is narrow, deeply technical, and...

On May 8, 2026, CVE-2026-43338 was published for a Linux kernel Btrfs flaw in which qgroup ioctl operations failed to reserve enough transaction space, allowing quota-heavy operations near low-space conditions to trigger a transaction abort. The bug is not a glamorous remote-code-execution...

CVE-2026-43219 is a newly published Linux kernel vulnerability, reported by kernel.org and listed by Microsoft’s Security Update Guide, that fixes a Texas Instruments CPSW Ethernet driver cleanup bug disclosed on May 6, 2026, with NVD scoring still awaiting enrichment. That dry sentence is the...

CVE-2026-31508 is a high-severity Linux kernel vulnerability, published April 22, 2026 and modified April 28, affecting Open vSwitch teardown paths where a network device can be freed before unregistration completes, particularly under PREEMPT_RT timing on kernels carrying the vulnerable change...

Background A newly published Linux kernel CVE is drawing attention to a subtle but very real Btrfs failure mode: subvolumes can wind up with broken dentries, making them appear present to the VFS while behaving like dead entries underneath. In the reported scenario, ls shows a subvolume name in...

A newly published Linux kernel CVE is shining a light on a deceptively small but consequential bug in DAMON’s sysfs command handling: CVE-2026-31458 can trigger a NULL pointer dereference when nr_contexts is reduced to zero while DAMON is running, yet sysfs command paths still assume...

A newly published Linux kernel CVE is drawing attention for a familiar but dangerous reason: a trusted control path accepted attacker-controlled data without enforcing a hard ceiling. In CVE-2026-31464, the ibmvfc driver can take a num_written value from a VIO server’s discover-targets MAD...

The phrase “There is total loss of availability…” is the key severity language that Microsoft is attaching to CVE-2026-23411, a Linux kernel AppArmor flaw that has been described as a race between freeing data and filesystem code still accessing it. In practical terms, that means an unprivileged...

CVE-2026-23409 is the kind of Linux kernel issue that looks deceptively small from the outside but matters because it sits in a trust boundary that very few users think about until something breaks. Microsoft’s Security Update Guide has surfaced the vulnerability as an AppArmor flaw involving...

Microsoft’s security guidance for CVE-2026-23406 points to an AppArmor bug in the Linux kernel, described as a side-effect issue in the match_char() macro usage. In practical terms, that kind of bug matters because a security-critical parser or matcher can behave differently than the programmer...

Microsoft has added CVE-2026-23403 to its Security Update Guide as an AppArmor flaw in the Linux kernel, describing it as a memory leak in verify_header. The headline matters because memory leaks in kernel-facing security code are rarely just housekeeping mistakes: they can create reliability...

In the Linux kernel’s own security model, CVE-2026-23284 is the kind of bug that looks small on paper but matters because it sits in driver state management, one of the most failure-prone layers of the stack. The issue is described as a fix for mtk_eth_soc’s mtk_xdp_setup() path: if mtk_open()...