security patch

CVE-2026-46209 is a Linux kernel graphics vulnerability published by NVD on May 28, 2026, after kernel.org reported a DRM/GEM framebuffer validation bug that can let an undersized graphics buffer pass checks and later be accessed out of bounds by the GPU. The bug is not in some glamorous remote...

CVE-2026-46090, published by NVD on May 27, 2026, is a Linux kernel flaw in ALSA’s snd-aloop loopback audio driver where a race during format-change stopping can leave the playback path holding a stale capture-stream pointer. The bug is not a headline-grabbing remote-code-execution story, and...

NLnet Labs disclosed CVE-2026-33278 on May 20, 2026, as a critical Unbound DNSSEC validation flaw affecting versions 1.19.1 through 1.25.0, with denial of service and possible remote code execution fixed in Unbound 1.25.1. The short version is simple: if you operate a validating recursive...

Microsoft’s May 12, 2026 security update KB5089549 is failing to complete on some Windows 11 version 24H2 and 25H2 PCs, with installs rolling back around 35–36 percent and showing error 0x800f0922 when the EFI System Partition has too little free space. The failure is narrow enough to avoid...

CVE-2026-31658: Linux Kernel Altera TSE Driver Memory Leak Fixed After DMA Mapping Failure Published: April 26, 2026 CVE: CVE-2026-31658 Component: Linux kernel networking driver, altera-tse Affected area: Altera Triple-Speed Ethernet transmit path Issue type: Memory leak / potential...

The Linux kernel’s ext4 filesystem is now facing a newly published CVE that closes off an unsupported mount configuration before it can do damage. CVE-2026-31447 addresses a specific mismatch between bigalloc and a nonzero s_first_data_block, and the fix is simple in spirit: refuse to mount a...

Linux’s latest scheduler-related security fix, CVE-2026-23379, is a reminder that even “small” arithmetic mistakes in kernel offload code can have outsized consequences. The flaw sits in the ETS traffic scheduler path, where the kernel computes weighted round-robin parameters for hardware...

The disclosure of CVE-2026-23370 is a reminder that not every kernel security issue hinges on memory corruption or a dramatic exploit chain. Sometimes the vulnerability is a much simpler and more dangerous failure of operational hygiene: the Linux kernel’s Dell WMI Sysman path was hex-dumping an...

A logic error in libarchive’s RAR5 decoder can be driven into an infinite loop when a specially crafted RAR5 archive contains a trailing compressed block that produces no output; the loop occurs inside the RAR5 read path and can hang processes that call archive_read_data(), producing a...

A newly assigned vulnerability identifier, CVE-2026-32249, calls attention to a NULL pointer dereference in Vim’s NFA regular expression engine that affects versions prior to 9.2.0137. The flaw can be triggered by crafted input handled by the NFA engine and may cause performance degradation or...

Microsoft released an out‑of‑band hotpatch on March 13, 2026 that fixes a set of remote network‑service vulnerabilities in the Windows Routing and Remote Access Service (RRAS) management tool — and, crucially for enterprises, the package is delivered as a restartless hotpatch to devices enrolled...

The Linux kernel has received a small but important patch that fixes a timing (race) bug in the kernel TLS implementation: CVE-2026-23240 addresses a race in tls_sw_cancel_work_tx() where a worker can be scheduled after the kernel believes the delayed work has been cancelled, allowing the worker...

Microsoft’s security tracking shows CVE-2026-26121 as a server‑side request forgery (SSRF) / spoofing vulnerability in Azure IoT Explorer, and the vendor has flagged it as a real, actionable issue that administrators should treat with urgency. Multiple independent vulnerability aggregators and...

Microsoft released an important security update on March 10, 2026, to address CVE-2026-26105 — a high‑severity spoofing (cross‑site scripting, CWE‑79) vulnerability affecting on‑premises Microsoft SharePoint Server. The flaw allows an unauthenticated remote actor to deliver specially crafted...

Microsoft released an important security update on March 10, 2026, that addresses CVE-2026-25177 — an Active Directory Domain Services (AD DS) elevation-of-privilege vulnerability that Microsoft rates as Important with a CVSS v3.1 base score of 8.8 and that, if left unpatched, can let an...

Microsoft’s February 2026 security updates closed a sensitive gap in Azure’s Confidential Container offering after the vendor recorded an information‑disclosure flaw that could expose secret tokens and cryptographic keys used by Azure Container Instances (ACI) Confidential Containers. The...

The Linux kernel received a small but important defensive patch that closes CVE-2026-23237 — a NULL-pointer robustness bug in the Classmate laptop (cmpc) platform driver — by adding defensive checks to several sysfs and input paths, preventing a kernel oops that could otherwise be triggered if...

The Linux kernel received a narrowly scoped but operationally meaningful security fix this week: a resource-accounting leak in the in‑kernel SMB server (ksmbd) was corrected to ensure the per‑transport connection counter active_num_conn is decremented on connection setup failures, closing...

The Linux kernel received a targeted, surgical fix on 23 January 2026 for a bounds‑checking bug in the Ceph client library (libceph) that could allow an out‑of‑bounds read during authentication processing; the issue has been assigned CVE‑2026‑22984 and is addressed by an explicit check on the...

The Linux kernel’s scheduler subsystem received a targeted fix this month for a subtle-but-real concurrency bug tracked as CVE‑2026‑23225: a logic error in sched/mmcid where code assumed a Concurrency ID (CID) was “CPU‑owned” during a mode transition, producing an out‑of‑bounds access (reported...