SB20260515113 - Debian update for linux

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20260515113

SB20260515113 - Debian update for linux

Published: May 15, 2026

Security Bulletin ID SB20260515113
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 17% Low 83%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 vulnerabilities.


1) Deadlock (CVE-ID: CVE-2026-31499)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper locking in l2cap_conn_del() when canceling delayed work items. A local user can trigger Bluetooth L2CAP connection deletion while the associated timer work is executing to cause a denial of service.


2) Use of uninitialized resource (CVE-ID: CVE-2026-43088)

The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to an information exposure caused by uninitialized memory in PF_KEY export paths when exporting aligned sockaddr payloads for certain PF_KEY messages. A local user can trigger affected PF_KEY message handling to disclose sensitive information.

The issue affects the SADB_ACQUIRE, SADB_X_NAT_T_NEW_MAPPING, and SADB_X_MIGRATE export paths, while state and policy dump builders are not affected.


3) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2026-43109)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper exception handling in shstk_pop_sigframe() when handling signal frames. A local user can trigger an error from mmap_read_lock_killable() to cause a denial of service.


4) Race condition (CVE-ID: CVE-2026-43220)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to a race condition in the amd iommu tlb invalidation handling when processing concurrent tlb invalidations. A local user can trigger concurrent invalidation activity to cause a denial of service.

The issue can cause completion waits to time out because command completion wait operations may be queued out of sequence.


5) Out-of-bounds read (CVE-ID: CVE-2026-43490)

The vulnerability allows a remote user to cause a denial of service.

The vulnerability exists due to an out-of-bounds read and out-of-bounds write in smb_inherit_dacl() when processing a parent directory DACL from the security descriptor xattr during ACE inheritance. A remote user can provide a malformed inheritable ACE with an invalid SID length to cause a denial of service.

The issue occurs because the ACE can advertise more SID subauthorities than are actually present, which can lead to reads past the ACE and incorrect inherited ACE size accounting.


6) Improper access control (CVE-ID: CVE-2026-46333)

The vulnerability allows a local privileged user to disclose sensitive information.

The vulnerability exists due to improper access control in ptrace_may_access() when checking dumpability for tasks without an associated mm pointer. A local privileged user can inspect kernel thread details to disclose sensitive information.

The issue affects cases involving threads that no longer have a VM or never had one, such as kernel threads.


Remediation

Install update from vendor's website.

References