linux kernel security

CVE-2026-23447 is a narrow Linux kernel bug with broader implications for anyone running USB networking stacks on affected systems. The flaw sits in the cdc_ncm driver’s NDP32 verification path, where the kernel failed to account for ndpoffset when checking the bounds of the descriptor pointer...

The Linux kernel has disclosed CVE-2026-31531, a networking bug in the IPv4 nexthop path that can trigger a kernel warning when users query very large nexthop groups through RTM_GETNEXTHOP. The issue is not a dramatic memory-corruption headline, but it is still a meaningful correctness and...

A newly published Linux kernel vulnerability in the macb Ethernet driver is a reminder that even small accounting mistakes in networking code can become memory-safety bugs. CVE-2026-31494 covers an out-of-bounds write in gem_get_ethtool_stats, where the driver copies statistics for the maximum...

CVE-2026-31498 is a reminder that some of the most consequential kernel bugs are not dramatic buffer overflows or headline-grabbing remote exploits, but state-machine failures and validation gaps buried in long-lived protocol code. In this case, the Linux kernel’s Bluetooth L2CAP layer can be...

In the Linux kernel’s ext4 filesystem, a small logic change has been turned into a security-relevant reliability fix: the code path that reads inline data now avoids a kernel-panic-style BUG_ON() when the inline payload is larger than a page. Instead of crashing the system, the kernel now logs...

In the Linux kernel, CVE-2026-31507 exposes a deceptively small-looking bug with outsized consequences: a double-free of smc_spd_priv when tee() duplicates an SMC splice pipe buffer. The flaw sits in net/smc, where smc_rx_splice() allocates one private object per pipe_buffer and stores it in...

CVE-2026-31446 is a reminder that some of the most dangerous Linux kernel flaws are not dramatic crashes or headline-grabbing remote exploits, but small timing mistakes in teardown code that only appear under real operational pressure. In this case, the ext4 filesystem can hit a use-after-free...

CVE-2026-31446 is the sort of Linux kernel bug that looks deceptively narrow until you follow the race all the way through the teardown path. The flaw sits in ext4’s update_super_work logic, where a work item can still call into sysfs after unmount has already torn down the kobject backing...

CVE-2026-31449 is a reminder that some of the most consequential Linux kernel bugs are not flashy exploit chains, but narrow trust failures inside core filesystem machinery. In this case, the flaw sits in ext4’s extent-tree correction logic, where an unchecked pointer can drift past the end of...

The Linux kernel’s newly published CVE-2026-31489 is a small-looking bug with a very familiar shape: a reference-counting mistake in driver teardown that can become a correctness and stability problem in production. The public description says the meson-spicc SPI controller driver registers...

CVE-2026-31497 is a small Linux kernel Bluetooth bug with outsized meaning for maintainers and downstream vendors. The issue sits in the btusb driver, where the kernel maps the number of active SCO links to USB alternate settings through a fixed lookup table, but failed to clamp the index before...

Linux has published another network-stack security fix that underscores how small lifetime bugs can become serious kernel problems. In CVE-2026-31504, the issue is a use-after-free risk in the packet socket fanout path, where a NETDEV_UP race can re-register a socket into a fanout group after...

CVE-2026-31458 is a small-looking Linux kernel flaw with very practical consequences: a privileged user can trigger a NULL pointer dereference in DAMON’s sysfs control path by shrinking the context list to zero and then issuing certain state updates while the daemon is running. The bug is now...

The Linux kernel has disclosed CVE-2026-31506, a bug in the bcmasp network driver that can trigger a double free of the Wake-on-LAN IRQ if the cleanup path frees an interrupt that was already managed by devm_request_irq(). Because the device-managed IRQ framework automatically releases...

CVE-2026-31506 has landed in the Linux kernel security stream as another reminder that even small cleanup mistakes in driver error paths can matter. In this case, the issue is a double free in the bcmasp Ethernet driver’s Wake-on-LAN interrupt handling, where the code tried to free an IRQ that...

CVE-2026-31488 is a narrowly scoped but operationally serious Linux kernel bug in AMD’s display stack, and it shows how a small state-management mistake can ripple into memory leaks and use-after-free conditions. The flaw centers on drm/amd/display and the way DSC validation handled mode_changed...

CVE-2026-31488 is a reminder that in the Linux graphics stack, seemingly small state-machine mistakes can cascade into serious memory-safety failures. The flaw sits in amdgpu’s Display Core path, where DSC validation incorrectly clears the CRTC mode_changed flag even when other, unrelated mode...

The Linux kernel’s latest netfilter CVE, tracked as CVE-2026-31496, is a small-sounding change with outsized importance for anyone who relies on conntrack visibility in production. The bug lives in nf_conntrack_expect, where the kernel could expose expectations from a different network namespace...

Linux has published another small but important kernel security fix in CVE-2026-31487, and on the surface it looks like the kind of change that only kernel maintainers and driver authors would notice. Underneath that modest title, though, lies a classic use-after-free risk in the SPI subsystem...

CVE-2026-31487 is a reminder that some of the most consequential Linux kernel bugs are not loud crashes or dramatic memory-corruption chains, but quiet lifetime mistakes hidden inside core infrastructure. In this case, the issue sits in the SPI subsystem’s interaction with the kernel’s...