stable backport

CVE-2026-31497 is another reminder that the most interesting Linux kernel bugs are often the quiet ones. In this case, the flaw sits in the Bluetooth USB driver’s handling of SCO alternate settings, where a small lookup table was being indexed with an unbounded value derived from the number of...

Background Microsoft’s Security Response Guide entry for CVE-2026-23285 points to a Linux kernel issue in DRBD: a null-pointer dereference on local read error. The upstream patch title is unambiguous enough to tell the story at a glance: drbd: fix null-pointer dereference on local read error...

In the Linux kernel, CVE-2026-23368 is a classic example of how a seemingly small initialization change can remove a hard-to-reproduce system hang. The bug sits in the networking PHY and LED trigger interaction path, where enabling both LEDS_TRIGGER_NETDEV and LED_TRIGGER_PHY could produce an...

The Linux kernel received a targeted, low‑level fix addressing a hang in the UFS (Universal Flash Storage) SCSI error handler — a bug that can cause sustained or persistent loss of availability by deadlocking kernel threads during device error recovery. The change is small and surgical at the...

The Linux kernel received a targeted fix for CVE-2025-68344 — an integer overflow in the ALSA wavefront driver's sample-size validation — that closes a corner-case bug where a 32‑bit size field was cast to a signed integer and compared in a way that could wrap and produce incorrect bounds...

The Linux kernel received a small but important patch that removes an unnecessary warning in the ARM64 MTE codepath when copy_highpage copies into a page that may already carry an MTE tag — a fix tracked as CVE-2025-40353 and already merged into the stable trees to prevent spurious WARNs during...

A recently disclosed Linux kernel defect, tracked as CVE‑2025‑40194, fixes an object lifecycle bug in the intel_pstate CPU frequency driver that could — under narrow and largely virtualized scenarios — cause a kernel crash during CPU device hot removal; vendors and the kernel stable trees have...

A subtle but important race-condition in the Linux kernel’s process‑limit handling has been recorded as CVE‑2025‑40201: upstream maintainers changed kernel/sys.c to stop taking task_lock(tsk->group_leader) from unsafe contexts and instead make conditional use of tasklist_lock to avoid...

A recent Linux kernel security fix closes CVE-2025-40244, a KMSAN-detected uninitialized-value bug in the HFS+ (hfsplus) filesystem implementation that was reported by syzbot and patched upstream; operators should treat this as a kernel-level memory-safety correction, install vendor-supplied...

A small change in the OCFS2 kernel code — setting a freed pointer to NULL — resolved a formally assigned CVE but highlights a perennial class of Linux kernel risks: double‑free memory corruption that can destabilize hosts, complicate multi‑tenant environments, and, in some cases, provide a local...