5.5
CVE-2026-31577 - nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map The DAT inode's btree node cache (i_assoc_inode) is initialized lazily during btree operations. However, nilfs_mdt_save_to_shadow_map() assumes i_assoc_inβ¦
4.7
CVE-2026-31572 - i2c: designware: amdisp: Fix resume-probe race condition issue
In the Linux kernel, the following vulnerability has been resolved: i2c: designware: amdisp: Fix resume-probe race condition issue Identified resume-probe race condition in kernel v7.0 with the commit 38fa29b01a6a ("i2c: designware: Combine the init functions"),but this issue existed from the begβ¦
7.1
CVE-2026-31568 - s390/mm: Add missing secure storage access fixups for donated memory
In the Linux kernel, the following vulnerability has been resolved: s390/mm: Add missing secure storage access fixups for donated memory There are special cases where secure storage access exceptions happen in a kernel context for pages that don't have the PG_arch_1 bit set. That bit is set for nβ¦
5.5
CVE-2026-31564 - LoongArch: KVM: Fix base address calculation in kvm_eiointc_regs_access()
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix base address calculation in kvm_eiointc_regs_access() In function kvm_eiointc_regs_access(), the register base address is caculated from array base address plus offset, the offset is absolute value from the baβ¦
5.5
CVE-2026-31562 - drm/mediatek: dsi: Store driver data before invoking mipi_dsi_host_register
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dsi: Store driver data before invoking mipi_dsi_host_register The call to mipi_dsi_host_register triggers a callback to mtk_dsi_bind, which uses dev_get_drvdata to retrieve the mtk_dsi struct, so this structure needβ¦
5.5
CVE-2026-31559 - LoongArch: Fix missing NULL checks for kstrdup()
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix missing NULL checks for kstrdup() 1. Replace "of_find_node_by_path("/")" with "of_root" to avoid multiple calls to "of_node_put()". 2. Fix a potential kernel oops during early boot when memory allocation fails whiβ¦
5.5
CVE-2026-31556 - xfs: scrub: unlock dquot before early return in quota scrub
In the Linux kernel, the following vulnerability has been resolved: xfs: scrub: unlock dquot before early return in quota scrub xchk_quota_item can return early after calling xchk_fblock_process_error. When that helper returns false, the function returned immediately without dropping dq->q_qlock,β¦
5.5
CVE-2026-31555 - futex: Clear stale exiting pointer in futex_lock_pi() retry path
In the Linux kernel, the following vulnerability has been resolved: futex: Clear stale exiting pointer in futex_lock_pi() retry path Fuzzying/stressing futexes triggered: WARNING: kernel/futex/core.c:825 at wait_for_owner_exiting+0x7a/0x80, CPU#11: futex_lock_pi_s/524 When futex_lock_pi_atoβ¦
7.8
CVE-2026-31554 - futex: Require sys_futex_requeue() to have identical flags
In the Linux kernel, the following vulnerability has been resolved: futex: Require sys_futex_requeue() to have identical flags Nicholas reported that his LLM found it was possible to create a UaF when sys_futex_requeue() is used with different flags. The initial motivation for allowing different β¦
7.5
CVE-2026-31552 - wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom
In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom Since upstream commit e75665dd0968 ("wifi: wlcore: ensure skb headroom before skb_push"), wl1271_tx_allocate() and with it wl1271_prepare_tx_frame() β¦