linux kernel security

CVE-2026-31512 is a small-looking Linux kernel flaw with the kind of security significance that only packet-processing code can really deliver. The issue sits in the Bluetooth L2CAP path, where l2cap_ecred_data_rcv() can read the SDU length field before first confirming that the incoming skb...

In the Linux kernel’s ext4 filesystem, a newly published vulnerability, CVE-2026-31448, exposes a failure path that can leave the filesystem spinning in an infinite loop while holding critical locks. The issue is tied to how ext4 handles extent-tree insertion failures during mkdir and mknod, and...

CVE-2026-31495 is a reminder that some of the most consequential Linux kernel flaws are not dramatic memory-corruption headlines but quiet trust-boundary failures in the networking stack. In this case, the kernel’s ctnetlink path accepted malformed netlink values that should have been rejected...

XFS use-after-free CVE-2026-31454 exposes a familiar kernel trap in a very specific corner of Linux metadata management A newly published Linux kernel vulnerability, tracked as CVE-2026-31454, affects XFS and stems from a classic concurrency mistake: a pointer is dereferenced after the code has...

The Linux kernel’s CAN ISO-TP stack has a newly published security flaw, and while the CVE record is still being enriched, the underlying bug is already clear: a race in isotp_sendmsg can let so->tx.buf be freed while transmit code is still reading from it. Microsoft’s Security Update Guide has...

CVE-2026-31429 is a good example of a kernel security issue that looks small on paper but matters because it sits in a hot, widely exercised networking path. The bug is in Linux’s skb head free logic, where a KFENCE-specific allocation detail could cause the kernel to return memory to the wrong...

A newly published Linux kernel CVE is drawing attention for a deceptively small reason: the X.25 networking stack could let one internal packet counter grow past its safe bounds, and the fix now requires both an overflow check and a reset during queue cleanup. Microsoft’s Security Update Guide...

CVE-2026-31418 is a narrowly scoped Linux kernel bug, but it sits in a part of the stack where small accounting mistakes can still create real operational pain. The flaw affects netfilter ipset and, according to the published description, centers on mtype_del() failing to treat a bucket as empty...

CVE-2026-31428 is a Linux kernel information disclosure flaw in the nfnetlink_log path, and it is a good example of how a very small bookkeeping mistake can still matter in production. The bug comes from manual construction of the NFULA_PAYLOAD netlink attribute: the kernel allocated enough...

Linux administrators have a fresh reason to inspect their kernel patching cadence: CVE-2026-31407 highlights a pair of netfilter conntrack validation gaps that can lead to out-of-bounds memory access in SCTP and ctnetlink handling. The vulnerability was published to the CVE List on April 6...

In Linux’s wireless stack, CVE-2026-23444 is a narrowly scoped but important mac80211 fix that closes an ownership bug around skb cleanup in ieee80211_tx_prepare_skb(). The issue is not a classic remote-code-execution headline, but it is exactly the kind of kernel bug that can destabilize...

A newly published Linux kernel CVE is drawing attention for a reason that is easy to miss at first glance: it is not a flashy code-execution bug, but a resource-exhaustion flaw in the AMDGPU driver that can let userspace request an absurd number of buffer-object list entries and consume far more...

CVE-2026-23068 is a reminder that some of the Linux kernel’s most consequential security issues are not dramatic logic bugs, but lifecycle mistakes in error handling. In this case, the vulnerable code path sits in the spi-sprd-adi driver, where a controller allocated one way and released another...

CVE-2026-23327 is one of those kernel security bugs that looks small at first glance and then turns out to be a revealing case study in how modern driver code fails. The issue sits in the Linux CXL mailbox path, where the cxl_payload_from_user_allowed() helper can reach into message contents...

Microsoft’s advisory for CVE-2026-23356 points to a Linux kernel issue in drbd, specifically a logic bug in drbd_al_begin_io_nonblock(). That wording matters: this is not being presented as a flashy memory-corruption flaw, but as a correctness problem in how the driver handles I/O state, which...

The kernel flaw identified as CVE-2026-23346 is a narrow but important arm64 I/O mapping issue in Linux: the ioremap_prot() path can extract the wrong user memory type, which can lead to incorrect memory attribute selection when the kernel maps regions with user-derived protection semantics. In...

Background Microsoft’s Security Response Guide entry for CVE-2026-23285 points to a Linux kernel issue in DRBD: a null-pointer dereference on local read error. The upstream patch title is unambiguous enough to tell the story at a glance: drbd: fix null-pointer dereference on local read error...

CVE-2026-23365 is a small-looking Linux kernel bug with a large security lesson: USB drivers must never trust the shape of a device they are binding to. In the kalmia network driver, the kernel now checks that the attached USB device exposes the expected endpoints before proceeding, because a...

When Linux kernel developers talk about a “fix” for a race condition, they are often describing more than a simple cleanup: they are closing a timing window that could turn ordinary state management into a use-after-free hazard. That is exactly what happened with CVE-2026-23393, a bridge: cfm...

The Linux kernel’s CVE-2026-23336 is a classic example of a small-looking race condition with outsized consequences: a use-after-free in the Wi-Fi configuration stack, specifically around cfg80211 and rfkill_block work. The upstream fix is straightforward in concept—cancel the pending work...