Microsoft Discloses Linux Kernel Flaws in NFC USB Handling and eBPF
Microsoft published security advisories for CVE-2026-23291 and CVE-2026-23319, two vulnerabilities affecting Linux kernel components tracked through the Security Update Guide. CVE-2026-23291 is tied to the nfc: pn533 driver and describes improper release of a USB interface reference during device disconnect, a flaw that can lead to resource-management and memory-safety issues in systems using the PN533 NFC stack.
The second issue, CVE-2026-23319, affects bpf and is described as a use-after-free bug in bpf_trampoline_link_cgroup_shim, pointing to a memory corruption risk in the eBPF subsystem. Together, the advisories highlight kernel-level weaknesses in both hardware interface handling and programmable packet-processing infrastructure, underscoring the need for organizations running affected Linux-based environments to review Microsoft guidance and apply relevant updates or downstream vendor patches.
Timeline
Mar 26, 2026
Microsoft publishes advisories for CVE-2026-23291 and CVE-2026-23319
Microsoft's Security Update Guide listed CVE-2026-23291, involving improper release of a USB interface reference in nfc: pn533 on disconnect, and CVE-2026-23319, a use-after-free issue in bpf_trampoline_link_cgroup_shim. Both advisories were published on the same date.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
Related Stories
Microsoft Discloses Broad Set of Linux Kernel Vulnerabilities
Microsoft published a broad batch of Security Update Guide entries for Linux kernel flaws affecting memory management, networking, virtualization, device drivers, and subsystem input validation. The listed issues include use-after-free, NULL dereference, integer underflow, refcount underflow, information disclosure, and bounds-checking failures tracked as **`CVE-2026-31496`**, **`CVE-2026-31458`**, **`CVE-2026-31689`**, **`CVE-2026-31615`**, **`CVE-2026-31664`**, **`CVE-2026-31656`**, **`CVE-2026-31611`**, **`CVE-2026-31671`**, **`CVE-2026-31612`**, and others. Affected components span `nf_conntrack_expect`, `damon`, `edac_mc`, `renesas_usb3`, `xfrm`, `drm/i915`, `ksmbd`, `stmmac`, `tipc`, `mptcp`, `NFC`, `HID`, `KVM`, `mmc`, `x86/CPU`, `PCI endpoint`, `blk-cgroup`, `media/as102`, and `altera-tse`. Several entries point to bugs that could lead to kernel crashes, memory corruption, or data leakage if triggered through malformed input, protocol handling, or device interaction. Notable examples include a slab use-after-free in `mptcp`, information leaks in `xfrm_user` and `xfrm`, validation flaws in `ksmbd`, endpoint index handling in `usb: gadget: renesas_usb3`, and multiple underflow and teardown-ordering bugs across networking and driver code. The disclosures indicate a coordinated publication of upstream Linux kernel fixes through Microsoft's advisory channel, underscoring the need for organizations running Linux workloads in Microsoft-connected environments to review affected kernel versions and apply vendor patches promptly.
Yesterday
Microsoft discloses multiple Linux kernel flaws affecting filesystems, networking, and drivers
Microsoft published a batch of Security Update Guide entries for Linux kernel vulnerabilities spanning core subsystems including `ext4`, `xfs`, memory management, networking, virtualization, and device drivers. The listed issues include memory-safety and stability flaws such as a use-after-free in `ext4` tracked as **CVE-2026-31446**, an `smc` double-free in **CVE-2026-31507**, a teardown-order use-after-free in the `spi-fsl-lpspi` driver in **CVE-2026-31485**, and a Bluetooth `L2CAP` bug in **CVE-2026-31498** that could trigger an infinite loop. Additional entries cover fixes in `af_key`, `netfilter` `ctnetlink`, `nfc` `nci`, `perf`, and memory-management code paths. The disclosures also include filesystem and virtual networking fixes such as **CVE-2026-31452** in `ext4`, **CVE-2026-31454** in `xfs`, and two `openvswitch` issues, **CVE-2026-31678** and **CVE-2026-31679`, addressing tunnel device release handling and MPLS payload-length validation. Microsoft further listed **CVE-2026-31601** in `vfio/xe` and **CVE-2026-31589** in the kernel MM subsystem, indicating broad exposure across Linux environments that rely on affected kernel components. The set of advisories points to patch activity focused on preventing use-after-free, double-free, locking, validation, and resource-lifecycle errors in widely deployed kernel code.
3 days ago
Microsoft Discloses Linux Kernel Flaws Affecting SMB, KVM, Virtio, BPF, and Networking
Microsoft added several CVEs to its Security Update Guide for Linux kernel components, including **CVE-2026-31609** in SMB, **CVE-2026-31591** in KVM SEV/SNP handling, **CVE-2026-31469** in `virtio_net`, **CVE-2026-31525** in BPF, and **CVE-2026-31494** in the `macb` network driver. The listed issues span memory-safety and logic flaws such as a double-free in `smbd_free_send_io()` after `smbd_send_batch_flush()`, a use-after-free in `virtio_net`, and undefined behavior in the BPF interpreter for signed division and modulo involving `INT_MIN`. The disclosures also include a KVM fix that locks all vCPUs while synchronizing VMSAs during SEV-SNP launch completion, indicating impact in confidential computing and virtualization workflows, alongside a `macb` driver correction for queue statistics handling. Taken together, the entries show Microsoft tracking upstream Linux kernel vulnerabilities across file sharing, virtualization, packet processing, and network drivers, with several bugs carrying potential stability or security impact in environments running affected kernel code paths.
3 days ago