Monthly
CVE-2026-22735 is a security vulnerability (CVSS 2.6). Remediation should follow standard vulnerability management procedures.
Snort 3 Detection Engine in multiple Cisco products can be remotely restarted by unauthenticated attackers through crafted packets sent over established connections, due to improper binder module initialization logic. This denial-of-service vulnerability interrupts packet inspection capabilities and can be triggered without authentication or user interaction. No patch is currently available for this medium-severity flaw.
A revert of a Linux kernel patch introduces a potential deadlock condition in the f2fs filesystem when concurrent write operations and checkpoint operations occur, allowing a local user with write permissions to cause a denial of service through system hang. The vulnerability affects the Linux kernel's f2fs module and requires low privileges to trigger. No patch is currently available to address this issue.
Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. [CVSS 2.5 LOW]
A deadlock vulnerability in the Linux kernel's RISC-V tracing subsystem allows local users with tracing privileges to hang the system by enabling ftrace snapshots on __sbi_ecall functions, causing recursive IPI interrupts that trigger infinite snapshot loops. This issue is particularly easy to exploit on RISC-V systems lacking the SSTC extension, where timer events automatically invoke SBI ecalls. The vulnerability requires local access and is only exploitable if tracing is enabled, making it a denial of service vector for systems with active kernel tracing.
The Linux kernel's acpi_power_meter driver contains a deadlock vulnerability in its notify callback function that can cause a denial of service when device removal races with sysfs attribute access. A local user with privileges to trigger power meter notifications can exploit this to hang or crash the system. No patch is currently available.
The Linux kernel's Saffirecode (sfc) driver contains a deadlock vulnerability in RSS configuration reading where the driver attempts to acquire a lock that the kernel's ethtool subsystem has already locked, causing the system to hang. A local user with sufficient privileges can trigger this denial of service condition by executing ethtool RSS configuration commands. No patch is currently available for this medium-severity issue.
Linux kernel dirty page throttling can cause system hangs when cgroup memory limits are restrictive, as processes become stuck waiting on balance_dirty_pages() io_schedule_timeout() calls. A local user with write permissions can trigger a denial of service by exhausting dirty page limits through intensive file operations, potentially freezing the system. No patch is currently available for affected kernels prior to v6.18.
A deadlock condition in the Linux kernel's ath12k WiFi driver occurs when management frame transmission is blocked by the wiphy lock during flush operations, causing the wireless interface to hang and preventing authentication. Local users with sufficient privileges can trigger this condition by initiating WiFi authentication while pending management frames are being flushed, resulting in a denial of service. No patch is currently available for this medium-severity vulnerability.
In the Linux kernel, the following vulnerability has been resolved: ipvlan: Make the addrs_lock be per port Make the addrs_lock be per port, not per ipvlan dev. Initial code seems to be written in the assumption, that any address change must occur under RTNL.
CVE-2026-22735 is a security vulnerability (CVSS 2.6). Remediation should follow standard vulnerability management procedures.
Snort 3 Detection Engine in multiple Cisco products can be remotely restarted by unauthenticated attackers through crafted packets sent over established connections, due to improper binder module initialization logic. This denial-of-service vulnerability interrupts packet inspection capabilities and can be triggered without authentication or user interaction. No patch is currently available for this medium-severity flaw.
A revert of a Linux kernel patch introduces a potential deadlock condition in the f2fs filesystem when concurrent write operations and checkpoint operations occur, allowing a local user with write permissions to cause a denial of service through system hang. The vulnerability affects the Linux kernel's f2fs module and requires low privileges to trigger. No patch is currently available to address this issue.
Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. [CVSS 2.5 LOW]
A deadlock vulnerability in the Linux kernel's RISC-V tracing subsystem allows local users with tracing privileges to hang the system by enabling ftrace snapshots on __sbi_ecall functions, causing recursive IPI interrupts that trigger infinite snapshot loops. This issue is particularly easy to exploit on RISC-V systems lacking the SSTC extension, where timer events automatically invoke SBI ecalls. The vulnerability requires local access and is only exploitable if tracing is enabled, making it a denial of service vector for systems with active kernel tracing.
The Linux kernel's acpi_power_meter driver contains a deadlock vulnerability in its notify callback function that can cause a denial of service when device removal races with sysfs attribute access. A local user with privileges to trigger power meter notifications can exploit this to hang or crash the system. No patch is currently available.
The Linux kernel's Saffirecode (sfc) driver contains a deadlock vulnerability in RSS configuration reading where the driver attempts to acquire a lock that the kernel's ethtool subsystem has already locked, causing the system to hang. A local user with sufficient privileges can trigger this denial of service condition by executing ethtool RSS configuration commands. No patch is currently available for this medium-severity issue.
Linux kernel dirty page throttling can cause system hangs when cgroup memory limits are restrictive, as processes become stuck waiting on balance_dirty_pages() io_schedule_timeout() calls. A local user with write permissions can trigger a denial of service by exhausting dirty page limits through intensive file operations, potentially freezing the system. No patch is currently available for affected kernels prior to v6.18.
A deadlock condition in the Linux kernel's ath12k WiFi driver occurs when management frame transmission is blocked by the wiphy lock during flush operations, causing the wireless interface to hang and preventing authentication. Local users with sufficient privileges can trigger this condition by initiating WiFi authentication while pending management frames are being flushed, resulting in a denial of service. No patch is currently available for this medium-severity vulnerability.
In the Linux kernel, the following vulnerability has been resolved: ipvlan: Make the addrs_lock be per port Make the addrs_lock be per port, not per ipvlan dev. Initial code seems to be written in the assumption, that any address change must occur under RTNL.