CVE-2026-23235 f2fs: fix out-of-bounds access in sysfs attribute read/write

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23235

CVE-2026-23234 f2fs: fix to avoid UAF in f2fs_write_end_io()

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23234

CVE-2025-37745 PM: hibernate: Avoid deadlock in hibernate_compressor_param_set()

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-37745

CVE-2024-57875 block: RCU protect disk->conv_zones_bitmap

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-57875

CVE-2024-42317 mm/huge_memory: avoid PMD-size page cache if needed

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-42317

CVE-2025-21985 drm/amd/display: Fix out-of-bound accesses

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21985

CVE-2024-46754 bpf: Remove tst_run from lwt_seg6local_prog_ops.

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-46754

CVE-2022-4543 A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4543

CVE-2025-38656 wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start()

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-38656

CVE-2025-8732 libxml2 xmlcatalog xmlParseSGMLCatalog recursion

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8732

CVE-2024-53219 virtiofs: use pages instead of pointer for kernel direct IO

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-53219

CVE-2026-24821 A heap-based buffer over-read that might affect a system that compiles untrusted Lua code in turanszkij/WickedEngine.

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24821

CVE-2025-68121 Unexpected session resumption in crypto/tls

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68121

CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27141

CVE-2026-26122 Microsoft ACI Confidential Containers Information Disclosure Vulnerability

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26122

CVE-2026-26125 Payment Orchestrator Service Elevation of Privilege Vulnerability

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26125

CVE-2026-26124 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26124

CVE-2026-21536 Microsoft Devices Pricing Program Remote Code Execution Vulnerability

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21536

CVE-2026-23651 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability

Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23651

CVE-2025-68146 filelock has TOCTOU race condition that allows symlink attacks during lock file creation

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68146

CVE-2026-22701 filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-22701