7.8
CVE-2026-31641 - rxrpc: Fix RxGK token loading to check bounds
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix RxGK token loading to check bounds rxrpc_preparse_xdr_yfs_rxgk() reads the raw key length and ticket length from the XDR token as u32 values and passes each through round_up(x, 4) before using the rounded value for valβ¦
9.8
CVE-2026-31637 - rxrpc: reject undecryptable rxkad response tickets
In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxkad response tickets rxkad_decrypt_ticket() decrypts the RXKAD response ticket and then parses the buffer as plaintext without checking whether crypto_skcipher_decrypt() succeeded. A malformed RESPOβ¦
9.1
CVE-2026-31636 - rxrpc: fix RESPONSE authenticator parser OOB read
In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix RESPONSE authenticator parser OOB read rxgk_verify_authenticator() copies auth_len bytes into a temporary buffer and then passes p + auth_len as the parser limit to rxgk_do_verify_authenticator(). Since p is a __be32 *β¦
0.0
CVE-2026-31601 - vfio/xe: Reorganize the init to decouple migration from reset
In the Linux kernel, the following vulnerability has been resolved: vfio/xe: Reorganize the init to decouple migration from reset Attempting to issue reset on VF devices that don't support migration leads to the following: BUG: unable to handle page fault for address: 00000000000011f8 #PF: sβ¦
7.0
CVE-2026-31586 - mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
In the Linux kernel, the following vulnerability has been resolved: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn() cgwb_release_workfn() calls css_put(wb->blkcg_css) and then later accesses wb->blkcg_css again via blkcg_unpin_online(). If css_put() drops the last reference, the blkcβ¦
7.5
CVE-2026-31640 - rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial In rxrpc_post_response(), the code should be comparing the challenge serial number from the cached response before deciding to switch to a newer response, buβ¦
7.0
CVE-2026-31613 - smb: client: fix OOB reads parsing symlink error response
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB reads parsing symlink error response When a CREATE returns STATUS_STOPPED_ON_SYMLINK, smb2_check_message() returns success without any length validation, leaving the symlink parsers as the only defense againsβ¦
4.9
CVE-2026-31050 - CrossβSite Scripting in HostBill Enables Remote Code Execution
Cross Site Scripting vulnerability in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code
5.5
CVE-2026-31573 - media: verisilicon: Fix kernel panic due to __initconst misuse
In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Fix kernel panic due to __initconst misuse Fix a kernel panic when probing the driver as a module: Unable to handle kernel paging request at virtual address ffffd9c18eb05000 of_find_matching_node_and_maβ¦
0.0
CVE-2026-31599 - media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections syzbot reported a general protection fault in vidtv_psi_desc_assign [1]. vidtv_psi_pmt_stream_init() can return NULL on memory allocation failure, buβ¦