linux kernel

A small defensive change landed upstream this month that closes a straightforward—but impactful—NULL-pointer weakness in the Linux kernel’s NVMe-over-TCP target code. Left unpatched, the bug allows crafted NVMe/TCP traffic to cause a kernel NULL-pointer dereference and crash the host, producing...

A subtle reference-counting bug in the Linux kernel’s Controller Area Network (CAN) J1939 stack — tracked as CVE-2026-22997 — can lead to a persistent session leak and local denial-of-service conditions when the kernel receives a second RTS (Request To Send) for an active XTP transfer. The flaw...

The Linux kernel received a small but consequential bugfix in the Ceph client library (libceph) that corrects a missing error return in the authentication completion path — a change tracked as CVE‑2026‑22992 that, if left unpatched, can leave higher layers confused about authentication state and...

The Linux kernel patch addressing CVE-2026-22978 fixes a subtle but meaningful kernel information‑disclosure bug in the wireless (WEXT) code by ensuring the legacy user-facing structure struct iw_point is zero‑initialized before it’s returned to userspace, closing a 32‑bit “hole” on 64‑bit...

A subtle but consequential weakness in the Linux kernel’s socket handling has been assigned CVE‑2026‑22977: a hardened‑usercopy panic in sock_recv_errqueue that can crash systems compiled with usercopy hardening enabled. The defect is not a remote code‑execution hole, but it produces a...

The Linux kernel's QFQ (Quick Fair Queueing) network scheduler was patched this month to fix a NULL pointer dereference that could crash a system when a qdisc reset deactivates an aggregate that is actually inactive — the flaw has been catalogued as CVE-2026-22976 and was published on January...

The Linux kernel’s scheduler subsystem received a targeted fix this month for a subtle-but-real concurrency bug tracked as CVE‑2026‑23225: a logic error in sched/mmcid where code assumed a Concurrency ID (CID) was “CPU‑owned” during a mode transition, producing an out‑of‑bounds access (reported...

A one-line mistake in XFS scrub code has produced a classic memory-safety problem with outsized operational impact: a use-after-free (UAF) in the XFS filesystem’s B-tree checking path, tracked as CVE-2026-23223, has been fixed upstream and is now being rolled into stable kernels and Linux...

EROFS in the Linux kernel has been patched for a race-condition use‑after‑free that can trigger kernel panics when a file‑backed mount is used together with the directio option — tracked as CVE-2026-23224 — and the fix replaces an unsafe free path with a simple reference‑counting discipline that...

A dodgy race in the Linux kernel’s virtio crypto path has been fixed by adding spinlock protection around virtqueue notification handling — a surgical change that closes a denial‑of‑service and hang condition seen when the virtio‑crypto device and the AF_ALG backend are exercised concurrently...

Enterprise storage is quietly rewriting its rules: Linux — in both pure open-source form and as the hidden kernel of proprietary NAS platforms — now sits at the heart of most file-server deployments, and the size of the NAS market is ballooning into the tens of billions as organizations and...

A race in the Linux kernel’s Direct Rendering Manager (DRM) stack — tracked as CVE‑2023‑51043 — can let a nonblocking atomic modeset commit touch freed kernel memory when it races with a driver unload, producing a use‑after‑free that can crash or destabilize systems and has been fixed upstream...

A straightforward NULL-pointer bug in the Linux NFC stack — fixed upstream in the 6.5.9 stable release — created a local denial‑of‑service risk that could crash kernels handling Near‑Field Communication traffic; the defect was tracked as CVE‑2023‑46343 and closed by a one‑line defensive check in...

The Linux kernel received a targeted robustness fix for a device‑mapper ioctl bug tracked as CVE‑2024‑23851: a missing check in copy_params (drivers/md/dm-ioctl.c) could let an ioctl request lead the kernel to try to allocate more than INT_MAX bytes and crash, producing a local denial‑of‑service...

The Linux kernel’s md/raid5 code contained a subtle but dangerous integer‑overflow bug in the function raid5_cache_count() that was tracked as CVE‑2024‑23307 — a defect that can be forced by concurrent modifications of RAID stripe‑count variables and that may lead to a sustained or persistent...

A subtle parse-time error in the Linux in‑kernel SMB server (ksmbd) can let a malformed SMB2 Create request provoke an out‑of‑bounds memory access in kernel space — a defect tracked as CVE‑2024‑22705 that was fixed upstream in the 6.6.10 stable release and that carries real, immediate...

A subtle pointer‑math mistake in the Linux kernel’s Netfilter nf_tables code — tracked as CVE‑2024‑0607 — lets a local actor corrupt internal data by writing eight bytes into a four‑byte slot inside nft_byteorder_eval(), producing memory corruption that leads to kernel instability and reliable...

A subtle memory-management bug deep inside the ext4 remount path—tracked as CVE-2024-0775—can turn routine mount option changes into a kernel-level use-after-free, enabling a local attacker to crash systems or leak kernel memory if left unpatched. Background ext4 is the default filesystem for...

A critical Linux-kernel flaw tracked as CVE-2024-0646 allows the kernel’s kTLS path to write past intended memory bounds when a user calls splice() with a kTLS socket as the destination, producing out‑of‑bounds writes that can crash the system or — in the worst case — be weaponized for local...

A subtle race in the Linux kernel’s Unix-domain socket garbage collector can let the kernel free socket buffers (skbs) while another path still holds a pointer to them, producing a classic use‑after‑free (UAF) that can crash or destabilize systems and — in theory — open the door to more serious...