Microsoft Discloses Broad Set of Linux Kernel Vulnerabilities
Microsoft published a broad batch of Security Update Guide entries for Linux kernel flaws affecting memory management, networking, virtualization, device drivers, and subsystem input validation. The listed issues include use-after-free, NULL dereference, integer underflow, refcount underflow, information disclosure, and bounds-checking failures tracked as CVE-2026-31496, CVE-2026-31458, CVE-2026-31689, CVE-2026-31615, CVE-2026-31664, CVE-2026-31656, CVE-2026-31611, CVE-2026-31671, CVE-2026-31612, and others. Affected components span nf_conntrack_expect, damon, edac_mc, renesas_usb3, xfrm, drm/i915, ksmbd, stmmac, tipc, mptcp, NFC, HID, KVM, mmc, x86/CPU, PCI endpoint, blk-cgroup, media/as102, and altera-tse.
Several entries point to bugs that could lead to kernel crashes, memory corruption, or data leakage if triggered through malformed input, protocol handling, or device interaction. Notable examples include a slab use-after-free in mptcp, information leaks in xfrm_user and xfrm, validation flaws in ksmbd, endpoint index handling in usb: gadget: renesas_usb3, and multiple underflow and teardown-ordering bugs across networking and driver code. The disclosures indicate a coordinated publication of upstream Linux kernel fixes through Microsoft's advisory channel, underscoring the need for organizations running Linux workloads in Microsoft-connected environments to review affected kernel versions and apply vendor patches promptly.
Timeline
Apr 29, 2026
Microsoft publishes CVE-2026-31689 advisory
Microsoft added CVE-2026-31689 to its Security Update Guide, describing a Linux kernel EDAC/mc issue involving error-path ordering in edac_mc_alloc().
Apr 26, 2026
Microsoft publishes batch of Linux kernel CVE advisories
Microsoft published a large set of Security Update Guide entries for Linux kernel vulnerabilities, including issues in USB, xfrm, ksmbd, networking, HID, KVM, MMC, PCI, memory management, media, and CPU components. The disclosures include CVE-2026-31578, CVE-2026-31586, CVE-2026-31588, CVE-2026-31594, CVE-2026-31611, CVE-2026-31612, CVE-2026-31615, CVE-2026-31622, CVE-2026-31624, CVE-2026-31628, CVE-2026-31649, CVE-2026-31651, CVE-2026-31656, CVE-2026-31658, CVE-2026-31662, CVE-2026-31664, CVE-2026-31669, and CVE-2026-31671.
Apr 23, 2026
Microsoft publishes CVE-2026-31496 advisory
Microsoft added CVE-2026-31496 to its Security Update Guide, covering a Linux kernel netfilter nf_conntrack_expect issue related to skipping expectations across network namespaces via proc.
Apr 23, 2026
Microsoft publishes CVE-2026-31458 advisory
Microsoft added CVE-2026-31458 to its Security Update Guide, describing a Linux kernel issue in mm/damon/sysfs involving access to contexts_arr[0] without checking contexts->nr first.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
5 more from sources like msrc security advisories
Related Stories
Microsoft discloses multiple Linux kernel flaws affecting filesystems, networking, and drivers
Microsoft published a batch of Security Update Guide entries for Linux kernel vulnerabilities spanning core subsystems including `ext4`, `xfs`, memory management, networking, virtualization, and device drivers. The listed issues include memory-safety and stability flaws such as a use-after-free in `ext4` tracked as **CVE-2026-31446**, an `smc` double-free in **CVE-2026-31507**, a teardown-order use-after-free in the `spi-fsl-lpspi` driver in **CVE-2026-31485**, and a Bluetooth `L2CAP` bug in **CVE-2026-31498** that could trigger an infinite loop. Additional entries cover fixes in `af_key`, `netfilter` `ctnetlink`, `nfc` `nci`, `perf`, and memory-management code paths. The disclosures also include filesystem and virtual networking fixes such as **CVE-2026-31452** in `ext4`, **CVE-2026-31454** in `xfs`, and two `openvswitch` issues, **CVE-2026-31678** and **CVE-2026-31679`, addressing tunnel device release handling and MPLS payload-length validation. Microsoft further listed **CVE-2026-31601** in `vfio/xe` and **CVE-2026-31589** in the kernel MM subsystem, indicating broad exposure across Linux environments that rely on affected kernel components. The set of advisories points to patch activity focused on preventing use-after-free, double-free, locking, validation, and resource-lifecycle errors in widely deployed kernel code.
3 days ago
Microsoft Discloses Linux Kernel Flaws Affecting SMB, KVM, Virtio, BPF, and Networking
Microsoft added several CVEs to its Security Update Guide for Linux kernel components, including **CVE-2026-31609** in SMB, **CVE-2026-31591** in KVM SEV/SNP handling, **CVE-2026-31469** in `virtio_net`, **CVE-2026-31525** in BPF, and **CVE-2026-31494** in the `macb` network driver. The listed issues span memory-safety and logic flaws such as a double-free in `smbd_free_send_io()` after `smbd_send_batch_flush()`, a use-after-free in `virtio_net`, and undefined behavior in the BPF interpreter for signed division and modulo involving `INT_MIN`. The disclosures also include a KVM fix that locks all vCPUs while synchronizing VMSAs during SEV-SNP launch completion, indicating impact in confidential computing and virtualization workflows, alongside a `macb` driver correction for queue statistics handling. Taken together, the entries show Microsoft tracking upstream Linux kernel vulnerabilities across file sharing, virtualization, packet processing, and network drivers, with several bugs carrying potential stability or security impact in environments running affected kernel code paths.
3 days ago
Microsoft Discloses Linux Kernel Flaws in NFC USB Handling and eBPF
Microsoft published security advisories for **CVE-2026-23291** and **CVE-2026-23319**, two vulnerabilities affecting Linux kernel components tracked through the Security Update Guide. **CVE-2026-23291** is tied to the `nfc: pn533` driver and describes improper release of a USB interface reference during device disconnect, a flaw that can lead to resource-management and memory-safety issues in systems using the PN533 NFC stack. The second issue, **CVE-2026-23319**, affects `bpf` and is described as a **use-after-free** bug in `bpf_trampoline_link_cgroup_shim`, pointing to a memory corruption risk in the eBPF subsystem. Together, the advisories highlight kernel-level weaknesses in both hardware interface handling and programmable packet-processing infrastructure, underscoring the need for organizations running affected Linux-based environments to review Microsoft guidance and apply relevant updates or downstream vendor patches.
1 months ago