MSRC Reports
@msrcreports
61 subscribers
2.97K links
Microsoft Security Response Center Reports
(Unofficial).

Reports usually come in bursts, because that's just how Microsoft releases them.
Download Telegram
About
Blog
Apps
Platform
Join
MSRC Reports
61 subscribers
MSRC Reports
CVE-2026-23228 smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23228
6 views
MSRC Reports
CVE-2026-23222 crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23222
5 views
MSRC Reports
CVE-2026-23216 scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23216
5 views
MSRC Reports
CVE-2026-28364 In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data.

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-28364
5 views
MSRC Reports
CVE-2025-71232 scsi: qla2xxx: Free sp in error path to fix system crash

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71232
6 views
MSRC Reports
CVE-2026-23220 ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23220
6 views
MSRC Reports
CVE-2026-23212 bonding: annotate data-races around slave->last_rx

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23212
6 views
MSRC Reports
CVE-2026-22999 net/sched: sch_qfq: do not free existing class in qfq_change_class()

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-22999
5 views
MSRC Reports
CVE-2026-22991 libceph: make free_choose_arg_map() resilient to partial allocation

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-22991
6 views
MSRC Reports
CVE-2026-22990 libceph: replace overzealous BUG_ON in osdmap_apply_incremental()

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-22990
7 views
MSRC Reports
CVE-2026-22984 libceph: prevent potential out-of-bounds reads in handle_auth_done()

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-22984
8 views
MSRC Reports
CVE-2026-22982 net: mscc: ocelot: Fix crash when adding interface under a lag

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-22982
7 views
MSRC Reports
CVE-2026-22980 nfsd: provide locking for v4_end_grace

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-22980
7 views
MSRC Reports
CVE-2026-22979 net: fix memory leak in skb_segment_list for GRO packets

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-22979
6 views
MSRC Reports
CVE-2025-71162 dmaengine: tegra-adma: Fix use-after-free

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71162
7 views
MSRC Reports
CVE-2025-71150 ksmbd: Fix refcount leak when invalid session is found on session lookup

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71150
8 views
MSRC Reports
CVE-2025-71089 iommu: disable SVA when CONFIG_X86 is set

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71089
9 views
MSRC Reports
CVE-2026-22998 nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-22998
11 views
MSRC Reports
CVE-2026-22997 net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-22997
10 views
MSRC Reports
CVE-2026-22996 net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-22996
10 views
MSRC Reports
CVE-2026-28420 Vim has Heap-based Buffer Overflow and OOB Read in :terminal

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-28420
10 views