linux kernel

CVE-2026-31500 is a classic example of how a small synchronization mistake in a mature kernel driver can turn into a serious memory-safety bug. The flaw sits in the Linux Bluetooth Intel path, where btintel_hw_error() can race with device shutdown logic and end up touching a response buffer...

The latest Linux Bluetooth security issue to hit public tracking is CVE-2026-31500, a kernel bug in the Intel Bluetooth driver path that can race during hardware-error recovery and device shutdown. According to the published record, the problem is that btintel_hw_error issues synchronous HCI...

The Linux kernel’s SMC networking stack is back in the security spotlight with CVE-2026-31507, a flaw that can turn a seemingly ordinary tee operation into a double-free and, in practice, a kernel crash. The bug sits in the splice-based receive path, where SMC’s smc_rx_splice attaches private...

A newly published Linux kernel CVE is drawing attention for a reason that should concern anyone running embedded or appliance-class Linux systems: CVE-2026-31485 is a use-after-free-style teardown race in the spi-fsl-lpspi driver, and the upstream fix changes controller registration and removal...

Linux administrators received a fresh reminder this week that ext4’s maturity does not make it immune to memory-safety bugs. CVE-2026-31449 is a slab-out-of-bounds read in the Linux kernel’s ext4 extent-tree logic, and it appears in a code path that corrects index entries after leaf extents are...

Linux has published another Bluetooth kernel fix that looks small on the surface but matters for anyone tracking availability and stability risks in the network stack. CVE-2026-31510 covers a null-pointer dereference in l2cap_sock_ready_cb, where the kernel now checks whether the sk pointer is...

Linux has published CVE-2026-31510 for a Bluetooth L2CAP bug that can crash the kernel when l2cap_sock_ready_cb touches a sk pointer without first checking whether it is NULL. The published record includes a KASAN-backed null-pointer dereference trace and ties the issue to an l2cap_info_timeout...

CVE-2026-31489 is a classic Linux kernel lifetime bug with outsized operational meaning: a seemingly small double-put in the Meson SPI controller driver can still turn into a crash, a teardown failure, or a hard-to-debug stability problem when a system removes the device. The issue is simple on...

In the Linux kernel, CVE-2026-31431 marks a small but telling correction in the algif_aead crypto interface: the code is being pushed back toward out-of-place operation after a prior attempt to optimize for in-place handling proved unnecessary. The published description says the fix mostly...

CVE-2026-31497 is another reminder that the most interesting Linux kernel bugs are often the quiet ones. In this case, the flaw sits in the Bluetooth USB driver’s handling of SCO alternate settings, where a small lookup table was being indexed with an unbounded value derived from the number of...

In the Linux graphics stack, CVE-2026-31462 is a reminder that even a small ordering bug in an advanced driver can ripple into visible instability, especially when the GPU is juggling multiple compute contexts in rapid succession. The flaw in drm/amdgpu centers on PASID reuse, where a newly...

CVE-2026-31462 is a small-looking Linux kernel flaw with a very specific failure mode, but it sits in exactly the kind of plumbing that can cause outsized disruption when it misbehaves. The vulnerability in drm/amdgpu is about immediate PASID reuse after a process exits, where the GPU can...

The Linux kernel’s networking stack has a new memory-safety problem on its hands, and this one sits in an especially sensitive place: AF_PACKET fanout teardown. CVE-2026-31504 describes a race in packet_release where a concurrent NETDEV_UP event can re-register a socket into a fanout group after...

CVE-2026-31496 is a narrowly scoped Linux kernel vulnerability, but it sits in one of the kernel’s most security-sensitive corners: netfilter and conntrack expectations. The newly published record says the bug was resolved by skipping expectation entries that do not belong to the current network...

The Linux kernel has a new CVE tied to a subtle but important synchronization bug in the PMBus regulator path, and this one is a good example of how a seemingly narrow race condition can ripple into broader reliability concerns. CVE-2026-31486 covers a fix in hwmon: (pmbus/core) Protect...

CVE-2026-31486 is a useful reminder that some of the most serious Linux kernel bugs are not glamorous memory-corruption exploits but plain old synchronization failures that can still destabilize a system. In this case, the flaw sits in the hwmon pmbus/core path, where regulator voltage...

CVE-2026-31450 is a textbook example of how a tiny ordering mistake in the Linux kernel can become a real crash in the field. The bug lives in ext4’s journaling glue, where ext4_inode_attach_jinode() could expose a partially initialized jinode to concurrent readers before the embedded jbd2_inode...

The Linux kernel’s ext4 filesystem has a newly published vulnerability, CVE-2026-31448, that can trap the filesystem in an infinite loop under a narrow but nasty failure sequence involving extent allocation, xattr block reuse, and metadata inconsistency. NVD published the record on April 22...

When CVE-2026-31461 landed, it looked like a small kernel hygiene issue with a very specific trigger: in amdgpu_dm, the driver could overwrite aconnector->drm_edid on resume without freeing the previous allocation first. The result was a memory leak in the Linux kernel’s AMD display path, and...

The Linux kernel has a new security issue on the radar, and this one is a reminder that even highly specialized storage and virtualization paths can leak sensitive state when a single bounds check is missed. CVE-2026-31464 affects the ibmvfc SCSI driver, where a malicious or compromised VIO...