CVE-2026-0038 In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0038
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0038
CVE-2026-3336 PKCS7_verify Certificate Chain Validation Bypass in AWS-LC
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3336
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3336
CVE-2026-23238 romfs: check sb_set_blocksize() return value
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23238
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23238
CVE-2026-23237 platform/x86: classmate-laptop: Add missing NULL pointer checks
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23237
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23237
CVE-2026-23235 f2fs: fix out-of-bounds access in sysfs attribute read/write
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23235
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23235
CVE-2026-23234 f2fs: fix to avoid UAF in f2fs_write_end_io()
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23234
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23234
CVE-2025-37745 PM: hibernate: Avoid deadlock in hibernate_compressor_param_set()
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-37745
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-37745
CVE-2024-57875 block: RCU protect disk->conv_zones_bitmap
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-57875
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-57875
CVE-2024-42317 mm/huge_memory: avoid PMD-size page cache if needed
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-42317
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-42317
CVE-2025-21985 drm/amd/display: Fix out-of-bound accesses
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21985
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21985
CVE-2024-46754 bpf: Remove tst_run from lwt_seg6local_prog_ops.
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-46754
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-46754
CVE-2022-4543 A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4543
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4543
CVE-2025-38656 wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start()
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-38656
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-38656
CVE-2025-8732 libxml2 xmlcatalog xmlParseSGMLCatalog recursion
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8732
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8732
CVE-2024-53219 virtiofs: use pages instead of pointer for kernel direct IO
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-53219
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-53219
CVE-2026-24821 A heap-based buffer over-read that might affect a system that compiles untrusted Lua code in turanszkij/WickedEngine.
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24821
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24821
CVE-2025-68121 Unexpected session resumption in crypto/tls
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68121
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68121
CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27141
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27141
CVE-2026-26122 Microsoft ACI Confidential Containers Information Disclosure Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26122
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26122
CVE-2026-26125 Payment Orchestrator Service Elevation of Privilege Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26125
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26125
CVE-2026-26124 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26124
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26124