security patch

Microsoft’s January 13, 2026 cumulative update for Windows 11—KB5074109—delivers a heavyweight security rollup and several quality fixes, but it also introduced at least one verified enterprise-impacting regression and a raft of community-reported compatibility problems that make careful rollout...

A high‑confidence elevation‑of‑privilege vulnerability has been recorded in the Azure Connected Machine (azcmagent) / Azure Arc agent ecosystem under CVE‑2026‑21224, touching an agent component that bridges on‑host systems with the Azure management plane — a class of flaws that can convert a...

Microsoft's security track for January 2026 includes an advisory for CVE-2026-20934, a Windows SMB Server Elevation of Privilege vulnerability that Microsoft has cataloged in the Security Update Guide. The entry identifies the affected component as the Server Message Block (SMB) Server and...

The Linux kernel received a targeted repair that closes a robustness hole in the gs_usb CAN-over-USB driver: CVE-2025-68307 fixes improper handling of failed bulk URBs in gs_usb_xmit_callback, a defect that could silently consume transmit URBs and eventually halt CAN transmission on affected...

A late probe failure in the Linux kernel’s MOST USB stack has been tracked as CVE-2025-68290 and patched after maintainers fixed a double-free and related use-after-free paths that could crash systems or, in the worst case, be abused for memory-corruption attacks. Background The vulnerability...

A heap-based buffer overflow has been disclosed in the HDF5 library that can be triggered while flushing object messages: the flaw exists in the function H5O_msg_flush in src/H5Omessage.c (tracked as CVE‑2025‑2912) and affects HDF5 releases up to and including 1.14.6. The issue can be provoked...

Capstone, the widely used disassembly framework, contains a memory‑safety bug (CVE‑2025‑68114) in SStream_concat where an unchecked return from vsnprintf can drive the stream index negative or past its end — a flaw fixed upstream in a December 2025 commit but one that can produce stack buffer...

The Apache Log4j Core SocketAppender fails to verify the TLS hostname on peer certificates — a subtle but important omission that can allow a man‑in‑the‑middle to intercept or redirect log traffic when certain conditions are met. Apache has fixed the flaw in Log4j Core 2.25.3 and published a...

Microsoft’s December patch cycle produced a compatibility regression that left Message Queuing (MSMQ) queues inactive, IIS sites throwing opaque “insufficient resources” errors, and enterprise m-driven applications unable to write messages — a problem Microsoft has confirmed and patched...

The Linux kernel has received a targeted fix for CVE-2025-38131 — a race-condition in the CoreSight configfs handling that could allow an active trace configuration to be deactivated while it is being enabled, producing a reliable use‑after‑free (UAF) and a local denial‑of‑service condition...

Google’s December stable update corrected two high‑severity Chromium issues — a use‑after‑free in WebGPU (CVE‑2025‑14765) and an out‑of‑bounds read/write in V8 (CVE‑2025‑14766) — and the fixes were rolled into Chrome stable (143.0.7499.146/.147), with downstream consumers such as Microsoft Edge...

A small but important defensive patch landed in the Linux kernel in mid‑December 2025 that fixes a crash in the AMD DRM display stack: CVE‑2025‑68196 addresses a race where the display code could reference dc->current_state while calling into dc_update_planes_and_stream during link training (LT)...

A recently published Linux-kernel CVE, CVE-2025-68237, patches an integer‑overflow bug in the mtdchar read/write ioctls that — while not described as an immediate remote code‑execution vector — can produce incorrect arithmetic, allocation mistakes, and availability failures; maintainers fixed...

A newly recorded Linux kernel vulnerability, tracked as CVE-2025-68261, fixes a subtle race in ext4 by adding i_data_sem protection to ext4_destroy_inline_data_nolock, closing a window where inline-data teardown and b-mapping can collide and trigger a kernel BUG or panic. Background /...

A recently assigned CVE — CVE-2025-68264 — targets the Linux kernel’s ext4 filesystem and documents a race-condition bug that can let stale inline-data size metadata lead to a kernel BUG_ON crash during writes to tiny “inline” files, prompting immediate patching across kernel trees and...

A small but important fix landed in the Linux kernel’s AMD display stack that corrects a sizing error and closes a local null‑pointer dereference in the DRM amdgpu code — a patch now tracked as CVE‑2025‑40354 that increases the driver’s maximum link count and guards against a NULL encoder access...

A small but sharp fix landed in the Linux kernel this week: the amdgpu DRM driver had two invalid BUG_ON checks removed because they can be triggered trivially by unprivileged userspace, a defect now tracked as CVE‑2025‑68201 and addressed upstream in the stable kernel trees. Background /...

Microsoft shipped a November patch that it said fixed a privilege‑escalation defect in Windows 11’s new Administrator Protection feature — but independent researchers say the remedy was incomplete, and public records show the exchange between Google’s Project Zero and Microsoft has not produced...

A small, easily overlooked piece of memory-management logic in the HDF5 C library has been rewarded with a CVE and a fast upstream fix: CVE-2025-2925 identifies a double‑free in the HDF5 function H5MM_realloc (src/H5MM.c) that can be triggered when a caller passes an effective size of zero. The...

A heap‑based buffer overflow has been disclosed in the HDF5 library: CVE‑2025‑2923 documents a flaw in the function H5F_addr_encode_len (file src/H5Fint.c) that can write past an allocated buffer when processing crafted data, producing a reliable crash and a low‑to‑medium severity local attack...