CVE-2026-31663
- EPSS 0.21%
- Veröffentlicht 24.04.2026 14:45:13
- Zuletzt bearbeitet 30.06.2026 03:18:26
In the Linux kernel, the following vulnerability has been resolved: xfrm: hold dev ref until after transport_finish NF_HOOK After async crypto completes, xfrm_input_resume() calls dev_put() immediately on re-entry before the skb reaches transport_f...
CVE-2026-31664
- EPSS 0.11%
- Veröffentlicht 24.04.2026 14:45:13
- Zuletzt bearbeitet 01.06.2026 17:16:54
In the Linux kernel, the following vulnerability has been resolved: xfrm: clear trailing padding in build_polexpire() build_expire() clears the trailing padding bytes of struct xfrm_user_expire after setting the hard field via memset_after(), but t...
CVE-2026-31662
- EPSS 0.39%
- Veröffentlicht 24.04.2026 14:45:12
- Zuletzt bearbeitet 27.04.2026 20:17:55
In the Linux kernel, the following vulnerability has been resolved: tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG The GRP_ACK_MSG handler in tipc_group_proto_rcv() currently decrements bc_ackers on every inbound group ACK, even when the sa...
CVE-2026-31660
- EPSS 0.11%
- Veröffentlicht 24.04.2026 14:45:11
- Zuletzt bearbeitet 27.04.2026 20:17:30
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: allocate rx skb before consuming bytes pn532_receive_buf() reports the number of accepted bytes to the serdev core. The current code consumes bytes into recv_skb and ma...
CVE-2026-31661
- EPSS 0.11%
- Veröffentlicht 24.04.2026 14:45:11
- Zuletzt bearbeitet 27.04.2026 20:17:46
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmsmac: Fix dma_free_coherent() size dma_alloc_consistent() may change the size to align it. The new size is saved in alloced. Change the free size to match the allocation...
CVE-2026-31659
- EPSS 0.4%
- Veröffentlicht 24.04.2026 14:45:10
- Zuletzt bearbeitet 27.04.2026 20:17:17
In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized global TT response buffers batadv_tt_prepare_tvlv_global_data() builds the allocation length for a global TT response in 16-bit temporaries. When a rem...
CVE-2026-31658
- EPSS 0.11%
- Veröffentlicht 24.04.2026 14:45:09
- Zuletzt bearbeitet 27.04.2026 20:17:08
In the Linux kernel, the following vulnerability has been resolved: net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit() When dma_map_single() fails in tse_start_xmit(), the function returns NETDEV_TX_OK without freeing the skb. S...
CVE-2026-31657
- EPSS 0.4%
- Veröffentlicht 24.04.2026 14:45:08
- Zuletzt bearbeitet 01.06.2026 17:16:54
In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbone gateways by reference batadv_bla_add_claim() can replace claim->backbone_gw and drop the old gateway's last reference while readers still follow the...
CVE-2026-31656
- EPSS 0.12%
- Veröffentlicht 24.04.2026 14:45:07
- Zuletzt bearbeitet 01.06.2026 17:16:54
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat A use-after-free / refcount underflow is possible when the heartbeat worker and intel_engine_park_heartbeat() rac...
CVE-2026-31651
- EPSS 0.11%
- Veröffentlicht 24.04.2026 14:45:03
- Zuletzt bearbeitet 27.04.2026 20:14:45
In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix NULL-deref on disconnect Make sure to deregister the controller before dropping the reference to the driver data on disconnect to avoid NULL-pointer dereferences o...