Vuldb Updates

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.1.166/6.6.129/6.12.77/6.18.18/6.19.8. This issue affects the function inode_owner_or_capable. Such manipulation leads to privilege escalation. This vulnerability is listed as CVE-2026-43361. The attack must be carried out from within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.18.18/6.19.8. Impacted is an unknown function. Such manipulation leads to missing initialization of a variable. This vulnerability is referenced as CVE-2026-43352. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.77/6.18.18/6.19.8. The affected element is the function set_samp_freq of the component iio. Performing a manipulation results in divide by zero. This vulnerability is identified as CVE-2026-43354. The attack can only be performed from the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.10.252/6.1.166/6.6.129/6.18.18/6.19.8. The impacted element is the function pm_runtime_put_autosuspend of the component iio. Executing a manipulation can lead to improper update of reference count. This vulnerability is tracked as CVE-2026-43355. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.19.8. It has been rated as critical. The impacted element is the function pm_runtime_get_sync of the component iio. This manipulation of the argument return causes unchecked return value. This vulnerability is registered as CVE-2026-43357. The attack requires access to the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.18.18/6.19.8. This impacts the function hci_dma_dequeue_xfer. Performing a manipulation results in deserialization. This vulnerability is reported as CVE-2026-43353. The attacker must have access to the local network to execute the attack. No exploit exists. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.1.166/6.6.129/6.12.77/6.18.18/6.19.8. Affected is an unknown function. Executing a manipulation can lead to integer underflow. This vulnerability appears as CVE-2026-43359. The attacker needs to be present on the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.166/6.6.129/6.12.77/6.18.18/6.19.8. This affects an unknown part of the component btrfs. The manipulation results in out-of-bounds read. This vulnerability is identified as CVE-2026-43360. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.18.24/7.0.1. Affected by this vulnerability is the function f2fs_finish_read_bio of the component f2fs. Executing a manipulation can lead to uninitialized resource. This vulnerability appears as CVE-2026-43349. The attacker needs to be present on the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.19.11. Affected by this issue is the function comedi_device. Executing a manipulation of the argument comedi.comedi_num_legacy_minors can lead to improper initialization. This vulnerability is registered as CVE-2026-43340. The attack requires access to the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.18.23/6.19.13. This vulnerability affects the function ice_get_ctrl_ptp. The manipulation results in improper initialization. This vulnerability is reported as CVE-2026-43346. The attacker must have access to the local network to execute the attack. No exploit exists. You should upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.18.23/6.19.13 and classified as critical. This issue affects the function qhee_hyp_assign_remove_memory of the component arm64. This manipulation causes denial of service. This vulnerability appears as CVE-2026-43347. The attacker needs to be present on the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability has been found in Linux Kernel up to 6.19.11 and classified as critical. The impacted element is the function addrconf_permanent_addr. Performing a manipulation results in use after free. This vulnerability is reported as CVE-2026-43339. The attacker must have access to the local network to execute the attack. No exploit exists. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.1.167/6.6.133/6.12.80/6.18.21/6.19.11. It has been declared as critical. Affected is the function ioam6_fill_trace_data. The manipulation results in buffer overflow. This vulnerability is known as CVE-2026-43341. Access to the local network is required for this attack. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 7.0.1 and classified as critical. Affected is an unknown function of the component mshv_vtl. The manipulation leads to privilege escalation. This vulnerability is documented as CVE-2026-43348. The attack requires being on the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.6.135/6.12.83/6.18.24/7.0.1. It has been classified as critical. Affected by this issue is the function parse_dacl. This manipulation of the argument sub_auth[] causes incorrect comparison. This vulnerability appears as CVE-2026-43350. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.6.135/6.12.82/6.18.23/6.19.13. This affects the function gsi_channel_trans_quiesce of the component net. The manipulation leads to privilege escalation. This vulnerability is documented as CVE-2026-43345. The attack requires being on the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.18.18/6.19.8. It has been classified as critical. Impacted is the function vgic_allocate_private_irqs_locked of the component KVM. The manipulation leads to allocation of resources. This vulnerability is listed as CVE-2026-43351. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.12.80/6.18.21/6.19.11 and classified as critical. This affects the function queue_entity. The manipulation results in memory corruption. This vulnerability is known as CVE-2026-43323. Access to the local network is required for this attack. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.80/6.18.21/6.19.11. It has been classified as critical. This vulnerability affects the function btrfs_run_delayed_refs of the component btrfs. This manipulation causes infinite loop. This vulnerability is handled as CVE-2026-43338. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is recommended.