5.5
CVE-2026-23430 - drm/vmwgfx: Don't overwrite KMS surface dirty tracker
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Don't overwrite KMS surface dirty tracker We were overwriting the surface's dirty tracker here causing a memory leak.
7.0
CVE-2026-23471 - kernel: drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
7.8
CVE-2026-23429 - iommu/sva: Fix crash in iommu_sva_unbind_device()
In the Linux kernel, the following vulnerability has been resolved: iommu/sva: Fix crash in iommu_sva_unbind_device() domain->mm->iommu_mm can be freed by iommu_domain_free(): iommu_domain_free() mmdrop() __mmdrop() mm_pasid_drop() After iommu_domain_free() returns, accessing β¦
0.0
CVE-2026-23460 - net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect
In the Linux kernel, the following vulnerability has been resolved: net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect syzkaller reported a bug [1], and the reproducer is available at [2]. ROSE sockets use four sk->sk_state values: TCP_CLOSE, TCP_LISTEN, TCP_SYN_SENT, and β¦
7.8
CVE-2026-23422 - dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler
In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler Commit 31a7a0bbeb00 ("dpaa2-switch: add bounds check for if_id in IRQ handler") introduces a range check for if_id to avoid an out-of-bounds access. If anβ¦
5.5
CVE-2026-23420 - wifi: wlcore: Fix a locking bug
In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: Fix a locking bug Make sure that wl->mutex is locked before it is unlocked. This has been detected by the Clang thread-safety analyzer.
5.5
CVE-2026-23431 - spi: amlogic-spisg: Fix memory leak in aml_spisg_probe()
In the Linux kernel, the following vulnerability has been resolved: spi: amlogic-spisg: Fix memory leak in aml_spisg_probe() In aml_spisg_probe(), ctlr is allocated by spi_alloc_target()/spi_alloc_host(), but fails to call spi_controller_put() in several error paths. This leads to a memory leak wβ¦
8.8
CVE-2025-59710 - Remote Code Execution via DLL Injection in BizTalk360
An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code execution on the servβ¦
7.8
CVE-2026-31403 - NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd
In the Linux kernel, the following vulnerability has been resolved: NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd The /proc/fs/nfs/exports proc entry is created at module init and persists for the module's lifetime. exports_proc_open() captures the caller's current network β¦
7.8
CVE-2026-23437 - net: shaper: protect late read accesses to the hierarchy
In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect late read accesses to the hierarchy We look up a netdev during prep of Netlink ops (pre- callbacks) and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual prβ¦