wsl and containers

Microsoft’s Security Response Center is tracking CVE-2026-6843, a medium-severity GNU nano vulnerability disclosed in April 2026 in which a local attacker can crash the editor by luring it into displaying a specially named directory containing printf-style format specifiers. The bug is not a...

CVE-2026-46234 is a newly published Linux kernel vulnerability, received by NVD from kernel.org on May 28, 2026, that fixes a vsock buffer-size clamping bug where a misordered minimum and maximum check could let a socket buffer exceed its configured maximum. It is not, at least from the public...

CVE-2026-46170 is a newly published Linux kernel vulnerability from kernel.org, entered into the NVD on May 28, 2026, involving Multipath TCP address retransmission cleanup logic that can mishandle a final socket reference during an ADD_ADDR timer callback. The bug is not a flashy...

CVE-2026-46137 was published by NVD on May 28, 2026, for a Linux kernel Multipath TCP path-manager race in the ADD_ADDR retransmission timer, fixed upstream by taking the socket lock in softirq context and retrying shortly when user context owns the socket. The terse advisory makes it look like...

CVE-2026-46033 is a Linux kernel cryptographic API vulnerability, published by NVD on May 27, 2026, in which malformed authencesn instances can inherit an invalid one-to-three-byte authentication tag and let AF_ALG reach an out-of-bounds access path. The bug is not a Windows flaw, but it matters...

Linux kernel maintainers disclosed CVE-2026-45839 on May 27, 2026, after fixing a BPF CO-RE parsing bug that lets a privileged user with CAP_BPF crash kernels built with vmlinux BTF support. The flaw is not a Windows vulnerability, but it matters to WindowsForum readers because Linux is now a...

On May 27, 2026, NVD published CVE-2026-45932, a Linux kernel vulnerability in BPF detach handling that allowed unprivileged users to detach tcx or netkit programs when no program file descriptor was supplied. The bug is narrow, local, and not yet scored by NVD, but it lands in one of the...

CVE-2026-43303 is a Linux kernel use-after-free vulnerability published by NVD on May 8, 2026, sourced from kernel.org, affecting kernel versions from 5.18 through pre-fixed stable releases and rated High by kernel.org under CVSS 3.1. The bug sits in the memory allocator, not in a flashy network...

CVE-2026-31729 is a high-severity Linux kernel flaw published on May 1, 2026, in the USB Type-C UCSI driver, where a bogus connector number from hardware can trigger an out-of-bounds array access before fixed kernel builds reject it. For WindowsForum readers, the point is not that Windows...

CVE-2026-43474 is a Linux kernel filesystem bug, published in early May 2026 and tracked by Microsoft’s Security Update Guide, that fixes an uninitialized flags_valid field before vfs_fileattr_get() calls into filesystem-specific file attribute handlers such as FUSE on affected modern kernels...

CVE-2026-43010 is a Linux kernel BPF vulnerability published by NVD on May 1, 2026, affecting kprobe.multi attachment handling where sleepable BPF programs could be accepted in atomic/RCU context and trigger a kernel availability failure. The bug is not a glamorous remote code execution...

CVE-2026-43101 is a newly published Linux kernel vulnerability, disclosed on May 6, 2026, in the IPv6 IOAM tracing path where __ioam6_fill_trace_data() could hit potential NULL dereferences before stable kernel fixes added safer checks and reads. It is not a blockbuster remote-code-execution...

CVE-2026-31639 is a small-looking Linux kernel fix with the kind of operational footprint that administrators should not ignore: an rxrpc key reference count leak tied to client call teardown. The issue, published on April 24, 2026 and still awaiting full NVD enrichment, centers on a missing...

CVE-2026-31570: Linux Kernel CAN Gateway Heap Out-of-Bounds Access in cgw_csum_crc8_rel() Short version: CVE-2026-31570 is a Linux kernel vulnerability in the SocketCAN CAN gateway code, specifically in the CRC8 checksum handling path in net/can/gw.c. The bug can cause out-of-bounds heap reads...