2.9
CVE-2026-27171 - zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions
zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.
7.8
CVE-2026-23225 - sched/mmcid: Don't assume CID is CPU owned on mode switch
In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Don't assume CID is CPU owned on mode switch Shinichiro reported a KASAN UAF, which is actually an out of bounds access in the MMCID management code. CPU0 CPU1 T1 runs in userspace T0: fork(T4) -β¦
5.5
CVE-2026-23211 - mm, swap: restore swap_space attr aviod kernel panic
In the Linux kernel, the following vulnerability has been resolved: mm, swap: restore swap_space attr aviod kernel panic commit 8b47299a411a ("mm, swap: mark swap address space ro and add context debug check") made the swap address space read-only. It may lead to kernel panic if arch_prepare_to_β¦
5.5
CVE-2025-71237 - nilfs2: Fix potential block overflow that cause system hang
In the Linux kernel, the following vulnerability has been resolved: nilfs2: Fix potential block overflow that cause system hang When a user executes the FITRIM command, an underflow can occur when calculating nblocks if end_block is too small. Since nblocks is of type sector_t, which is u64, a neβ¦
7.1
CVE-2025-71231 - crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode The local variable 'i' is initialized with -EINVAL, but the for loop immediately overwrites it and -EINVAL is never returned. If no empty compression mode β¦
5.3
CVE-2025-71225 - md: suspend array while updating raid_disks via sysfs
In the Linux kernel, the following vulnerability has been resolved: md: suspend array while updating raid_disks via sysfs In raid1_reshape(), freeze_array() is called before modifying the r1bio memory pool (conf->r1bio_pool) and conf->raid_disks, and unfreeze_array() is called after the update isβ¦
5.5
CVE-2026-23214 - btrfs: reject new transactions if the fs is fully read-only
In the Linux kernel, the following vulnerability has been resolved: btrfs: reject new transactions if the fs is fully read-only [BUG] There is a bug report where a heavily fuzzed fs is mounted with all rescue mount options, which leads to the following warnings during unmount: BTRFS: Transactiβ¦
5.5
CVE-2025-71230 - hfs: ensure sb->s_fs_info is always cleaned up
In the Linux kernel, the following vulnerability has been resolved: hfs: ensure sb->s_fs_info is always cleaned up When hfs was converted to the new mount api a bug was introduced by changing the allocation pattern of sb->s_fs_info. If setup_bdev_super() fails after a new superblock has been alloβ¦
5.5
CVE-2026-23228 - smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()
In the Linux kernel, the following vulnerability has been resolved: smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection() On kthread_run() failure in ksmbd_tcp_new_connection(), the transport is freed via free_transport(), which does not decrement active_num_conn, leaking this coβ¦
5.5
CVE-2025-71227 - wifi: mac80211: don't WARN for connections on invalid channels
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't WARN for connections on invalid channels It's not clear (to me) how exactly syzbot managed to hit this, but it seems conceivable that e.g. regulatory changed and has disabled a channel between scanning (chanβ¦