0.0
CVE-2026-31765 - drm/amdgpu: Change AMDGPU_VA_RESERVED_TRAP_SIZE to 64KB
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Change AMDGPU_VA_RESERVED_TRAP_SIZE to 64KB Currently, AMDGPU_VA_RESERVED_TRAP_SIZE is hardcoded to 8KB, while KFD_CWSR_TBA_TMA_SIZE is defined as 2 * PAGE_SIZE. On systems with 4K pages, both values match (8KB), so aβ¦
7.1
CVE-2026-31774 - io_uring/net: fix slab-out-of-bounds read in io_bundle_nbufs()
In the Linux kernel, the following vulnerability has been resolved: io_uring/net: fix slab-out-of-bounds read in io_bundle_nbufs() sqe->len is __u32 but gets stored into sr->len which is int. When userspace passes sqe->len values exceeding INT_MAX (e.g. 0xFFFFFFFF), sr->len overflows to a negativβ¦
8.8
CVE-2026-31739 - crypto: tegra - Add missing CRYPTO_ALG_ASYNC
In the Linux kernel, the following vulnerability has been resolved: crypto: tegra - Add missing CRYPTO_ALG_ASYNC The tegra crypto driver failed to set the CRYPTO_ALG_ASYNC on its asynchronous algorithms, causing the crypto API to select them for users that request only synchronous algorithms. Thβ¦
7.8
CVE-2026-31720 - usb: gadget: f_uac1_legacy: validate control request size
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_uac1_legacy: validate control request size f_audio_complete() copies req->length bytes into a 4-byte stack variable: u32 data = 0; memcpy(&data, req->buf, req->length); req->length is derived from the host-coβ¦
7.8
CVE-2026-43049 - HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure
In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure Presently, if the force feedback initialisation fails when probing the Logitech G920 Driving Force Racing Wheel for Xbox One, an error number wiβ¦
5.5
CVE-2026-43014 - net: macb: properly unregister fixed rate clocks
In the Linux kernel, the following vulnerability has been resolved: net: macb: properly unregister fixed rate clocks The additional resources allocated with clk_register_fixed_rate() need to be released with clk_unregister_fixed_rate(), otherwise they are lost.
8.6
CVE-2026-42469 - Buffer Overflow in OVMS3 CANswitch DLC Parsing Allows Remote Denial or Code Execution
Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_canswitch.cpp the parser does not properly validate a CANswitch DLC value, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted CANswitch frames.
7.5
CVE-2026-37554 - Denial of Service via Unchecked OpenSSL Exceptions in Vanetza V2X
An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists in the GeoNetworking packet processing pipeline where OpenSSL exceptions from ECC point validation (invalid compressed point, point not on curve) are not propeβ¦
7.8
CVE-2026-31715 - f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io()
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io() The xfstests case "generic/107" and syzbot have both reported a NULL pointer dereference. The concurrent scenario that triggers the panic is as follows:β¦
7.8
CVE-2026-43016 - bpf: sockmap: Fix use-after-free of sk->sk_socket in sk_psock_verdict_data_ready().
In the Linux kernel, the following vulnerability has been resolved: bpf: sockmap: Fix use-after-free of sk->sk_socket in sk_psock_verdict_data_ready(). syzbot reported use-after-free of AF_UNIX socket's sk->sk_socket in sk_psock_verdict_data_ready(). [0] In unix_stream_sendmsg(), the peer socketβ¦