0.0
CVE-2026-31580 - bcache: fix cached_dev.sb_bio use-after-free and crash
In the Linux kernel, the following vulnerability has been resolved: bcache: fix cached_dev.sb_bio use-after-free and crash In our production environment, we have received multiple crash reports regarding libceph, which have caught our attention: ``` [6888366.280350] Call Trace: [6888366.280452] β¦
0.0
CVE-2026-31579 - wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit
In the Linux kernel, the following vulnerability has been resolved: wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit wg_netns_pre_exit() manually acquires rtnl_lock() inside the pernet .pre_exit callback. This causes a hung task when another thread holds rtnl_mutβ¦
0.0
CVE-2026-31578 - media: as102: fix to not free memory after the device is registered in as102_usb_probe()
In the Linux kernel, the following vulnerability has been resolved: media: as102: fix to not free memory after the device is registered in as102_usb_probe() In as102_usb driver, the following race condition occurs: ``` CPU0 CPU1 as102_usb_probe() kzalloc(); // alloc as102_dev_t .... β¦
0.0
CVE-2026-31577 - nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map The DAT inode's btree node cache (i_assoc_inode) is initialized lazily during btree operations. However, nilfs_mdt_save_to_shadow_map() assumes i_assoc_inβ¦
0.0
CVE-2026-31576 - media: hackrf: fix to not free memory after the device is registered in hackrf_probe()
In the Linux kernel, the following vulnerability has been resolved: media: hackrf: fix to not free memory after the device is registered in hackrf_probe() In hackrf driver, the following race condition occurs: ``` CPU0 CPU1 hackrf_probe() kzalloc(); // alloc hackrf_dev .... v4l2_deviβ¦
0.0
CVE-2026-31575 - mm/userfaultfd: fix hugetlb fault mutex hash calculation
In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: fix hugetlb fault mutex hash calculation In mfill_atomic_hugetlb(), linear_page_index() is used to calculate the page index for hugetlb_fault_mutex_hash(). However, linear_page_index() returns the index in PAGE_Sβ¦
0.0
CVE-2026-31574 - clockevents: Add missing resets of the next_event_forced flag
In the Linux kernel, the following vulnerability has been resolved: clockevents: Add missing resets of the next_event_forced flag The prevention mechanism against timer interrupt starvation missed to reset the next_event_forced flag in a couple of places: - When the clock event state changesβ¦
0.0
CVE-2026-31573 - media: verisilicon: Fix kernel panic due to __initconst misuse
In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Fix kernel panic due to __initconst misuse Fix a kernel panic when probing the driver as a module: Unable to handle kernel paging request at virtual address ffffd9c18eb05000 of_find_matching_node_and_maβ¦
0.0
CVE-2026-31572 - i2c: designware: amdisp: Fix resume-probe race condition issue
In the Linux kernel, the following vulnerability has been resolved: i2c: designware: amdisp: Fix resume-probe race condition issue Identified resume-probe race condition in kernel v7.0 with the commit 38fa29b01a6a ("i2c: designware: Combine the init functions"),but this issue existed from the begβ¦
0.0
CVE-2026-31571 - drm/i915: Unlink NV12 planes earlier
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Unlink NV12 planes earlier unlink_nv12_plane() will clobber parts of the plane state potentially already set up by plane_atomic_check(), so we must make sure not to call the two in the wrong order. The problem happens wβ¦