7.0
CVE-2026-31527 - driver core: platform: use generic driver_override infrastructure
In the Linux kernel, the following vulnerability has been resolved: driver core: platform: use generic driver_override infrastructure When a driver is probed through __driver_attach(), the bus' match() callback is called without the device lock held, thus accessing the driver_override field withoβ¦
5.5
CVE-2026-31514 - erofs: set fileio bio failed in short read case
In the Linux kernel, the following vulnerability has been resolved: erofs: set fileio bio failed in short read case For file-backed mount, IO requests are handled by vfs_iocb_iter_read(). However, it can be interrupted by SIGKILL, returning the number of bytes actually copied. Unused folios in biβ¦
5.5
CVE-2026-31465 - writeback: don't block sync for filesystems with no data integrity guarantees
In the Linux kernel, the following vulnerability has been resolved: writeback: don't block sync for filesystems with no data integrity guarantees Add a SB_I_NO_DATA_INTEGRITY superblock flag for filesystems that cannot guarantee data persistence on sync (eg fuse). For superblocks with this flag sβ¦
0.0
CVE-2026-31459 - mm/damon/sysfs: fix param_ctx leak on damon_sysfs_new_test_ctx() failure
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix param_ctx leak on damon_sysfs_new_test_ctx() failure Patch series "mm/damon/sysfs: fix memory leak and NULL dereference issues", v4. DAMON_SYSFS can leak memory under allocation failure, and do NULL pointer dβ¦
8.8
CVE-2026-31433 - ksmbd: fix potencial OOB in get_file_all_info() for compound requests
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial OOB in get_file_all_info() for compound requests When a compound request consists of QUERY_DIRECTORY + QUERY_INFO (FILE_ALL_INFORMATION) and the first command consumes nearly the entire max_trans_size, get_fiβ¦
7.8
CVE-2026-31446 - ext4: fix use-after-free in update_super_work when racing with umount
In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in update_super_work when racing with umount Commit b98535d09179 ("ext4: fix bug_on in start_this_handle during umount filesystem") moved ext4_unregister_sysfs() before flushing s_sb_upd_work to prevent nβ¦
7.8
CVE-2026-31511 - Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete This fixes the condition checking so mgmt_pending_valid is executed whenever status != -ECANCELED otherwise calling mgmt_pending_free(cmd) would kfreβ¦
7.8
CVE-2026-31502 - team: fix header_ops type confusion with non-Ethernet ports
In the Linux kernel, the following vulnerability has been resolved: team: fix header_ops type confusion with non-Ethernet ports Similar to commit 950803f72547 ("bonding: fix type confusion in bond_setup_by_slave()") team has the same class of header_ops type confusion. For non-Ethernet ports, teβ¦
7.1
CVE-2026-31484 - io_uring/fdinfo: fix OOB read in SQE_MIXED wrap check
In the Linux kernel, the following vulnerability has been resolved: io_uring/fdinfo: fix OOB read in SQE_MIXED wrap check __io_uring_show_fdinfo() iterates over pending SQEs and, for 128-byte SQEs on an IORING_SETUP_SQE_MIXED ring, needs to detect when the second half of the SQE would be past theβ¦
9.8
CVE-2026-31478 - ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()
In the Linux kernel, the following vulnerability has been resolved: ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len() After this commit (e2b76ab8b5c9 "ksmbd: add support for read compound"), response buffer management was changed to use dynamic iov array. In the newβ¦