From Our Security Partners
CVE-2026-43416 powerpc, perf: Check that current- >mm is alive before getting user callchain
Information published.
CVE-2026-41889 pgx: SQL Injection via placeholder confusion with dollar quoted string literals
Information published.
CVE-2026-33079 Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles
Information published.
CVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response
Information published.
CVE-2026-4948 Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization
Information published.
Dirty Frag (CVE-2026-43284, CVE-2026-43500): Frequently asked questions about this Linux kernel privilege escalation vulnerability chain
This post was originally published on this site. Weeks after the Copy Fail vulnerability was revealed, a new Linux kernel escalation vulnerability has been uncovered. Dubbed “Dirty Frag,” this flaw could allow a local user to gain root access on affected Linux distributions. Public exploit code has been released prior to patches being made available. […]
Dirty Frag (CVE-2026-43284, CVE-2026-43500): Frequently asked questions about this Linux kernel privilege escalation vulnerability chain
Weeks after the Copy Fail vulnerability was revealed, a new Linux kernel escalation vulnerability has been uncovered. Dubbed “Dirty Frag,” this flaw could allow a local user to gain root access on affected Linux distributions. Public exploit code has been released prior to patches being made available. Key takeaways: CVE-2026-43284 and CVE-2026-43500 are a pair […]
CVE-2025-71289 fs/ntfs3: handle attr_set_size() errors when truncating files
Information published.
CVE-2026-43274 mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()
Information published.