7.8
CVE-2026-31447 - ext4: reject mount if bigalloc with s_first_data_block != 0
In the Linux kernel, the following vulnerability has been resolved: ext4: reject mount if bigalloc with s_first_data_block != 0 bigalloc with s_first_data_block != 0 is not supported, reject mounting it.
5.5
CVE-2026-31443 - dmaengine: idxd: Fix crash when the event log is disabled
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix crash when the event log is disabled If reporting errors to the event log is not supported by the hardware, and an error that causes Function Level Reset (FLR) is received, the driver will try to restore the β¦
7.0
CVE-2026-31530 - cxl/port: Fix use after free of parent_port in cxl_detach_ep()
In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use after free of parent_port in cxl_detach_ep() cxl_detach_ep() is called during bottom-up removal when all CXL memory devices beneath a switch port have been removed. For each port in the hierarchy it locks both tβ¦
7.8
CVE-2026-31528 - perf: Make sure to use pmu_ctx->pmu for groups
In the Linux kernel, the following vulnerability has been resolved: perf: Make sure to use pmu_ctx->pmu for groups Oliver reported that x86_pmu_del() ended up doing an out-of-bound memory access when group_sched_in() fails and needs to roll back. This *should* be handled by the transaction callbβ¦
8.1
CVE-2026-31464 - scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done()
In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done() A malicious or compromised VIO server can return a num_written value in the discover targets MAD response that exceeds max_targets. This value is stored directly in vβ¦
7.8
CVE-2026-31449 - ext4: validate p_idx bounds in ext4_ext_correct_indexes
In the Linux kernel, the following vulnerability has been resolved: ext4: validate p_idx bounds in ext4_ext_correct_indexes ext4_ext_correct_indexes() walks up the extent tree correcting index entries when the first extent in a leaf is modified. Before accessing path[k].p_idx->ei_block, there is β¦
7.8
CVE-2026-31455 - xfs: stop reclaim before pushing AIL during unmount
In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushing AIL during unmount The unmount sequence in xfs_unmount_flush_inodes() pushed the AIL while background reclaim and inodegc are still running. This is broken independently of any use-after-free issuβ¦
5.5
CVE-2026-31445 - mm/damon/core: avoid use of half-online-committed context
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: avoid use of half-online-committed context One major usage of damon_call() is online DAMON parameters update. It is done by calling damon_commit_ctx() inside the damon_call() callback function. damon_commit_ctx()β¦
7.8
CVE-2026-31488 - drm/amd/display: Do not skip unrelated mode changes in DSC validation
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not skip unrelated mode changes in DSC validation Starting with commit 17ce8a6907f7 ("drm/amd/display: Add dsc pre-validation in atomic check"), amdgpu resets the CRTC state mode_changed flag to false when recβ¦
7.5
CVE-2026-31477 - ksmbd: fix memory leaks and NULL deref in smb2_lock()
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leaks and NULL deref in smb2_lock() smb2_lock() has three error handling issues after list_del() detaches smb_lock from lock_list at no_check_cl: 1) If vfs_lock_file() returns an unexpected error in the non-UNLβ¦