linux kernel

CVE-2026-31724 is a medium-severity Linux kernel flaw published on May 1, 2026, affecting the USB gadget Ethernet Emulation Model function, where a network device can outlive its parent gadget device and leave broken sysfs links after unbind and rebind cycles. The bug is not a remote Windows...

CVE-2026-31723 is a medium-severity Linux kernel flaw published on May 1, 2026, involving the USB gadget f_subset driver, where a network device can outlive its sysfs parent during bind and unbind cycles and leave broken kernel device links behind. It is not the kind of bug that should send...

CVE-2026-43267 is a newly published Linux kernel vulnerability, disclosed on May 6, 2026, in the Realtek rtw89 Wi-Fi driver, where a zero beacon interval discovered during fuzz testing could trigger a division-by-zero fault in beacon tracking code. The fix is almost comically small: if the...

On May 6, 2026, CVE-2026-43119 was published for a Linux kernel Bluetooth flaw in hci_sync, where unsynchronized reads and writes of hdev->req_status could create a data race across separate kernel workqueues. The fix is small, almost boring: annotate the shared status field with READ_ONCE() and...

CVE-2026-43216 is a Linux kernel networking vulnerability published by NVD on May 6, 2026, after kernel.org assigned a CVE to a fix that removes an unsafe lock acquisition from skb_may_tx_timestamp() in transmit timestamp handling. The bug is not the kind of headline-grabbing...

CVE-2026-43213 is a Linux kernel flaw disclosed by kernel.org and listed by Microsoft’s Security Update Guide on May 6, 2026, affecting the Realtek rtw89 PCI Wi-Fi driver when malformed TX release report sequence numbers trigger an out-of-bounds access and kernel crash. The bug is not the sort...

CVE-2026-43213 is a newly published Linux kernel vulnerability, disclosed by kernel.org and listed by Microsoft’s Security Update Guide on May 6, 2026, affecting the Realtek rtw89 PCI Wi-Fi driver when abnormal transmit-release sequence numbers trigger an out-of-bounds kernel access. The...

CVE-2026-43250 is a Linux kernel vulnerability published on May 6, 2026, affecting the ChipIdea USB Device Controller driver when a USB gadget device is disconnected and reconnected during an active multi-segment DMA transfer. The bug is not a headline-grabbing remote code execution flaw; it is...

CVE-2026-43243 is a newly published Linux kernel vulnerability, disclosed on May 6, 2026, in AMD’s display driver code, where a missing signal-type check in the DCN 4.0.1 display path can crash systems that mishandle DPIA display links. The bug is narrow, technical, and not yet scored by NVD...

CVE-2026-43172 is a newly published Linux kernel vulnerability disclosed on May 6, 2026, affecting Intel’s iwlwifi driver, where malformed firmware reporting for 22000-series wireless hardware could trigger an out-of-bounds array access during shared-memory parsing. The bug is narrow, technical...

CVE-2026-43176 is a newly published Linux kernel vulnerability, disclosed on May 6, 2026, in the Realtek rtw89 PCI Wi-Fi driver where malformed RTL8922DE transmit release-report data could trigger a crash before the driver validated it. The bug is not a flashy remote-code-execution headline, and...

CVE-2026-43191 is a newly published Linux kernel vulnerability from kernel.org, dated May 6, 2026, affecting AMD’s display driver path where DCN35 hardware can hang when TMDS output is disabled and a PHY PLL transition is not handled atomically. It is not a headline-grabbing...

CVE-2026-43153 is a newly published Linux kernel vulnerability, disclosed on May 6, 2026, in the XFS filesystem code, where a confusing helper function called xfs_attr_leaf_hasname() could hand callers an invalid buffer pointer after certain extended-attribute lookup failures. That is the dry...

CVE-2026-31540 is a Linux kernel i915 graphics-driver NULL pointer dereference, published on April 24, 2026, affecting Intel GPU systems where required i915 firmware is missing and suspend triggers an unchecked function-pointer call. It is not a Windows vulnerability in the usual Patch Tuesday...

CVE-2026-31546 is a medium-severity Linux kernel denial-of-service flaw, published by NVD on April 24, 2026 and modified on April 28, that lets a local privileged user crash affected systems through the bonding driver’s debugfs RLB hash display path. The bug is small enough to fit in a...

CVE-2026-31549: Linux Kernel cp2615 NULL Pointer Dereference in I2C Probe Path CVE-2026-31549 is a Linux kernel vulnerability affecting the Silicon Labs CP2615 I2C driver. The issue occurs in the i2c-cp2615 driver during device probing, where the driver uses the USB device’s serial string as the...

CVE-2026-31548 is the kind of Linux kernel flaw that looks narrow at first glance but carries broad operational meaning for anyone managing Wi-Fi-enabled Linux systems, embedded devices, lab workstations, or Linux workloads tied into Windows-heavy environments. The bug sits in cfg80211, the...

CVE-2026-31686 is a small Linux kernel memory-management fix with outsized operational relevance for anyone running POWER, persistent memory, or security-instrumented kernels in enterprise environments. The issue sits in KASAN page-table teardown logic, where an incorrect assumption about...

CVE-2026-23360 is not the sort of Linux kernel flaw that produces dramatic headlines, but it is exactly the kind of storage-layer regression that enterprise administrators ignore at their peril. The issue, now tracked through Microsoft’s security update ecosystem as well as Linux vulnerability...

CVE-2026-23357 is a Linux kernel vulnerability in the SocketCAN mcp251x driver, a driver used for Microchip MCP251x and MCP25625 SPI-based CAN controllers. The issue is a deadlock in the error-handling path of mcp251x_open(), specifically involving free_irq() being called while the driver’s...