LSN-0119-1: Kernel Live Patch Security Notice
In the Linux kernel, the following vulnerability has been
resolved: btrfs: ref-verify: fix use-after-free after invalid ref action At
btrfs_ref_tree_mod() after we successfully inserted the new ref entry
(local variable 'ref') into the respective block entry's rbtree (local
variable 'be'), if we find an unexpected action of BTRFS_DROP_DELAYED_REF,
we error out and free the ref entry without removing it from the block
entry's rbtree.
In the Linux kernel, the following vulnerability has been
resolved: wifi: brcmfmac: Fix oops due to NULL pointer dereference in
brcmf_sdiod_sglist_rw() This patch fixes a NULL pointer dereference bug in
brcmfmac that occurs when a high 'sd_sgentry_align' value applies (e.g.
512) and a lot of queued SKBs are sent from the pkt queue.
In the Linux kernel, the following vulnerability has been
resolved: net/smc: fix LGR and link use-after-free issue We encountered a
LGR/link use-after-free issue, which manifested as the LGR/link refcnt
reaching 0 early and entering the clear process, making resource access
unsafe.
In the Linux kernel, the following vulnerability has been
resolved: usb: cdc-acm: Check control transfer buffer size before access If
the first fragment is shorter than struct usb_cdc_notification, we can't
calculate an expected_size.
In the Linux kernel, the following vulnerability has been
resolved: drm/amdgpu: avoid buffer overflow attach in
smu_sys_set_pp_table() It malicious user provides a small pptable through
sysfs and then a bigger pptable, it may cause buffer overflow attack in
function smu_sys_set_pp_table().)(CVE-2025-21780).
In the Linux kernel, the following vulnerability has been
resolved: netfilter: nf_tables: fix inverted genmask check in
nft_map_catchall_activate() nft_map_catchall_activate() has an inverted
element activity check compared to its non-catchall counterpart
nft_mapelem_activate() and compared to what is logically required.
nft_map_catchall_activate() is called from the abort path to re-activate
catchall map elements that were deactivated during a failed transaction.
Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary AppArmor profiles
causing denial of service, exposure of sensitive information (kernel
memory), local privilege escalation, or possibly escape a container.)(CVE-2026-23268)
Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary AppArmor profiles
causing denial of service, exposure of sensitive information (kernel
memory), local privilege escalation, or possibly escape a container.)(CVE-2026-23269)