SB2026031306 - Debian update for linux

Main Vulnerability Database SB2026031306

SB2026031306 - Debian update for linux

Published: March 13, 2026

Security Bulletin ID SB2026031306

Severity

Low

Patch available

YES

Number of vulnerabilities 9

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.

1) Double free (CVE-ID: CVE-2025-71238)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the qla2x00_update_optrom() function in drivers/scsi/qla2xxx/qla_bsg.c. A local user can perform a denial of service (DoS) attack.

2) Incorrect calculation (CVE-ID: CVE-2026-23100)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the include/linux/hugetlb.h. A local user can perform a denial of service (DoS) attack.

3) Use-after-free (CVE-ID: CVE-2026-23221)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the driver_override_show() function in drivers/bus/fsl-mc/fsl-mc-bus.c. A local user can escalate privileges on the system.

4) Buffer overflow (CVE-ID: CVE-2026-23233)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the check_swap_activate() function in fs/f2fs/data.c. A local user can perform a denial of service (DoS) attack.

5) Use-after-free (CVE-ID: CVE-2026-23234)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the f2fs_write_end_io() function in fs/f2fs/data.c. A local user can escalate privileges on the system.

6) Out-of-bounds read (CVE-ID: CVE-2026-23235)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the main_blkaddr_show(), f2fs_sbi_show() and __sbi_store() functions in fs/f2fs/sysfs.c. A local user can perform a denial of service (DoS) attack.

7) Memory leak (CVE-ID: CVE-2026-23236)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ufx_ops_ioctl() function in drivers/video/fbdev/smscufx.c. A local user can perform a denial of service (DoS) attack.

8) NULL pointer dereference (CVE-ID: CVE-2026-23237)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cmpc_accel_sensitivity_show_v4(), cmpc_accel_sensitivity_store_v4(), cmpc_accel_g_select_show_v4(), cmpc_accel_g_select_store_v4(), cmpc_accel_open_v4(), cmpc_accel_sensitivity_show() and cmpc_accel_sensitivity_store() functions in drivers/platform/x86/classmate-laptop.c. A local user can perform a denial of service (DoS) attack.

9) Improper error handling (CVE-ID: CVE-2026-23238)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the romfs_fill_super() function in fs/romfs/super.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://lists.debian.org/debian-security-announce/2026/msg00072.html