7.8
CVE-2026-31525 - bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN The BPF interpreter's signed 32-bit division and modulo handlers use the kernel abs() macro on s32 operands. The abs() macro documentation (include/linux/math.h) exβ¦
7.8
CVE-2026-31494 - net: macb: use the current queue number for stats
In the Linux kernel, the following vulnerability has been resolved: net: macb: use the current queue number for stats There's a potential mismatch between the memory reserved for statistics and the amount of memory written. gem_get_sset_count() correctly computes the number of stats based on theβ¦
0.0
CVE-2026-31439 - dmaengine: xilinx: xdma: Fix regmap init error handling
In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix regmap init error handling devm_regmap_init_mmio returns an ERR_PTR() upon error, not NULL. Fix the error check and also fix the error message. Use the error code from ERR_PTR() instead of the wrong vβ¦
6.5
CVE-2026-31192 - Insufficient Validation of Chrome Extension Identifiers Leading to Sensitive Data Exposure
Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6.76.0 allows attackers to obtain sensitive user data via a crafted request.
9.8
CVE-2026-31444 - ksmbd: fix use-after-free and NULL deref in smb_grant_oplock()
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and NULL deref in smb_grant_oplock() smb_grant_oplock() has two issues in the oplock publication sequence: 1) opinfo is linked into ci->m_op_list (via opinfo_add) before add_lease_global_list() is caβ¦
9.8
CVE-2026-31436 - dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc()
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() At the end of this function, d is the traversal cursor of flist, but the code completes found instead. This can lead to issues such as NULL pointer dβ¦
7.0
CVE-2026-31493 - RDMA/efa: Fix use of completion ctx after free
In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix use of completion ctx after free On admin queue completion handling, if the admin command completed with error we print data from the completion context. The issue is that we already freed the completion context in β¦
0
CVE-2026-41144 - FΒ΄ (F Prime) has Integer Overflow in FileUplink
FΒ΄ (F Prime) is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize > fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with byteOffset=0xFFβ¦
5.5
CVE-2026-41136 - free5GC AMF missing default case in Content-Type switch in HTTPUEContextTransfer
free5GC AMF provides Access & Mobility Management Function (AMF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. Prior to version 1.4.3, the `HTTPUEContextTransfer` handler in `internal/sbi/api_communication.go` does not include a `default` case in the `Content-β¦
7.5
CVE-2026-41135 - free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service
free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. A memory leak vulnerability in versions prior to 1.4.3 allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory β¦