CVE-2026-23228 smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()
Published February 28, 2026
Information published.
Microsoft Security Response Center Blog Alerts
CVE-2026-23222 crypto: omap – Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly
Published February 28, 2026
Information published.
CVE-2026-23212 bonding: annotate data-races around slave->last_rx
Published February 28, 2026
Information published.
CVE-2026-23216 scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()
Published February 28, 2026
Information published.
CVE-2025-68725 bpf: Do not let BPF test infra emit invalid GSO types to stack
Published February 28, 2026
Information published.
CVE-2025-68223 drm/radeon: delete radeon_fence_process in is_signaled, no deadlock
Published February 28, 2026
Information published.
CVE-2025-40164 usbnet: Fix using smp_processor_id() in preemptible code warnings
Published February 28, 2026
Information published.
CVE-2025-40005 spi: cadence-quadspi: Implement refcount to handle unbind during busy
Published February 28, 2026
Information published.
CVE-2025-38162 netfilter: nft_set_pipapo: prevent overflow in lookup table allocation
Published February 28, 2026
Information published.
CVE-2026-28364 In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data.
Published February 28, 2026
Information published.
