linux kernel security

Linux kernel maintainers disclosed CVE-2026-45839 on May 27, 2026, after fixing a BPF CO-RE parsing bug that lets a privileged user with CAP_BPF crash kernels built with vmlinux BTF support. The flaw is not a Windows vulnerability, but it matters to WindowsForum readers because Linux is now a...

On May 27, 2026, NVD published CVE-2026-45932, a Linux kernel vulnerability in BPF detach handling that allowed unprivileged users to detach tcx or netkit programs when no program file descriptor was supplied. The bug is narrow, local, and not yet scored by NVD, but it lands in one of the...

CVE-2026-45835 is a Linux kernel Bluetooth vulnerability published by NVD on May 26, 2026, after kernel.org reported a fixed NULL pointer dereference in L2CAP’s l2cap_sock_new_connection_cb() callback, with stable kernel patches already linked but no NVD severity score assigned yet. That dry...

CVE-2026-46018 is a Linux kernel flaw disclosed by kernel.org and published by NVD on May 27, 2026, affecting the ALSA USB-audio driver’s handling of malformed USB Audio Class 2 sample-rate range responses. It is not the sort of vulnerability that screams for emergency unplugging of every...

The Linux kernel vulnerability now tracked as CVE-2026-46088 was published by NVD on May 27, 2026, after kernel.org assigned a flaw in ALSA’s control code involving snd_ctl_elem_init_enum_names() and a missing buffer-length guard before a fortified strnlen() call. The bug is not, on current...

Linux kernel maintainers disclosed CVE-2026-45894 on May 27, 2026, for an Intel VT-d IOMMU bug in which Linux could tear down an active PASID table entry in pieces, letting hardware briefly observe a corrupted translation state. The flaw is not a flashy remote-code-execution story, and NVD has...

CVE-2026-46085 is a newly published Linux kernel vulnerability, received by NVD from kernel.org on May 27, 2026, in the RxRPC rxkad security code, where malformed encrypted packet lengths could trigger incorrect crypto handling and a remotely reachable kernel warning. The record is still...

CVE-2026-46012 is a Linux kernel vulnerability published by NVD on May 27, 2026, after kernel.org assigned a CVE to a memory-leak fix in the rxrpc authentication path, specifically the rxkad_verify_response() function used by the RxRPC subsystem. It is not yet scored by NVD, and the record is...

CVE-2026-45930 is a Linux kernel information-disclosure flaw published by NVD on May 27, 2026, after kernel.org reported that MCTP netlink replies to RTM_GETNEIGH could expose uninitialized padding bytes in ndmsg response data. The bug is not the kind of remote-code-execution thunderclap that...

CVE-2026-46005 is a Linux kernel XFS vulnerability published by NVD on May 27, 2026, after kernel.org assigned a CVE to a fixed resource leak in xfs_alloc_buftarg() where an error path failed to release a DAX device reference. The patch is tiny, but the lesson is not. This is the kind of kernel...

Linux kernel maintainers have assigned CVE-2026-45841 to a netfilter flaw, published by NVD on May 27, 2026, in which a privileged CAP_NET_ADMIN user can load a malformed passive OS fingerprint that later causes a divide-by-zero panic when matching TCP SYN traffic. The bug is small, the patch is...

Microsoft listed CVE-2026-46333 on May 16, 2026, and updated it on May 21, identifying a Linux kernel ptrace flaw in get_dumpable logic that affects Azure Linux 3.0 kernel packages, including the HWE 6.12 line fixed at build 6.12.89.1-1. The dry MSRC page gives the issue the usual bureaucratic...

CVE-2026-43495 is a newly published Linux kernel vulnerability, added to NVD on May 21, 2026, in the MediaTek T7xx 5G WWAN modem driver, where malformed modem messages can trigger out-of-bounds kernel memory reads. The bug is narrow, hardware-specific, and not yet scored by NVD, but it is still...

CVE-2026-43464 is a Linux kernel vulnerability, published by NVD on May 8, 2026 and sourced to kernel.org, affecting Mellanox mlx5 Ethernet receive handling when XDP multi-buffer programs alter packet-buffer layout on affected 6.6, 6.12, 6.17, 6.18, 6.19, and 7.0 release lines. It is not a...

On May 21, 2026, CVE-2026-43497 was published for a Linux kernel flaw in the udlfb framebuffer driver, where mapped DisplayLink-style USB framebuffer memory could remain accessible after the backing kernel pages were freed. The bug is narrow, technical, and not yet scored by NVD, but it lands in...

CVE-2026-43493 is a newly published Linux kernel vulnerability, added to NVD on May 19, 2026, that fixes incorrect handling of asynchronous pcrypt crypto requests using the MAY_BACKLOG flag across multiple stable kernel branches. The bug is not yet scored by NVD, and the public record does not...

CVE-2026-31702 is a high-severity Linux kernel flaw published on May 1, 2026, in F2FS compressed writeback handling, where a local attacker with low privileges could trigger a use-after-free during concurrent filesystem unmount and I/O completion. The bug is not a Windows kernel vulnerability...

CVE-2026-31767 is a Linux kernel vulnerability published on May 1, 2026, affecting Intel’s i915 DSI display path, where a faulty Display Stream Compression timing adjustment can trigger a local divide-by-zero crash on certain systems. The bug is rated medium severity, not because it opens a...

CVE-2026-43500 is a high-severity Linux kernel vulnerability disclosed in May 2026 in the rxrpc networking subsystem, where certain fragmented socket buffers can reach in-place decryption paths without being copied away from externally owned memory, creating a local privilege-escalation risk on...

Microsoft published CVE-2026-43284 in its Security Update Guide on May 8, 2026, tracking a Linux kernel flaw in the xfrm ESP path where encrypted network packets can be decrypted in place over shared socket-buffer fragments. The bug is not a Windows kernel vulnerability, but it matters deeply to...