Microsoft discloses multiple Linux kernel flaws affecting filesystems, networking, and drivers
Microsoft published a batch of Security Update Guide entries for Linux kernel vulnerabilities spanning core subsystems including ext4, xfs, memory management, networking, virtualization, and device drivers. The listed issues include memory-safety and stability flaws such as a use-after-free in ext4 tracked as CVE-2026-31446, an smc double-free in CVE-2026-31507, a teardown-order use-after-free in the spi-fsl-lpspi driver in CVE-2026-31485, and a Bluetooth L2CAP bug in CVE-2026-31498 that could trigger an infinite loop. Additional entries cover fixes in af_key, netfilter ctnetlink, nfc nci, perf, and memory-management code paths.
The disclosures also include filesystem and virtual networking fixes such as CVE-2026-31452 in ext4, CVE-2026-31454 in xfs, and two openvswitch issues, CVE-2026-31678 and **CVE-2026-31679, addressing tunnel device release handling and MPLS payload-length validation. Microsoft further listed **CVE-2026-31601** in vfio/xe` and CVE-2026-31589 in the kernel MM subsystem, indicating broad exposure across Linux environments that rely on affected kernel components. The set of advisories points to patch activity focused on preventing use-after-free, double-free, locking, validation, and resource-lifecycle errors in widely deployed kernel code.
Timeline
Apr 26, 2026
Microsoft publishes CVE-2026-31679 for Open vSwitch MPLS validation flaw
Microsoft added CVE-2026-31679 to its Security Update Guide for an Open vSwitch issue involving validation of MPLS set/set_masked payload length. The advisory was published on 2026-04-26.
Apr 26, 2026
Microsoft publishes CVE-2026-31678 for Open vSwitch tunnel netdev flaw
Microsoft published CVE-2026-31678, describing an Open vSwitch issue addressed by deferring tunnel netdev_put to RCU release. The vulnerability appeared in the Security Update Guide on 2026-04-26.
Apr 26, 2026
Microsoft publishes CVE-2026-31601 for vfio/xe initialization flaw
Microsoft added CVE-2026-31601 to the Security Update Guide for a vfio/xe issue involving reorganization of initialization to decouple migration from reset. The advisory was published on 2026-04-26.
Apr 26, 2026
Microsoft publishes CVE-2026-31589 for mm free_folio handling flaw
Microsoft published CVE-2026-31589 in the Security Update Guide for an mm issue involving direct calls to free_folio() in folio_unmap_invalidate(). The listing was published on 2026-04-26.
Apr 23, 2026
Microsoft publishes CVE-2026-31528 for perf PMU context flaw
Microsoft added CVE-2026-31528 to its Security Update Guide for a perf issue involving use of pmu_ctx->pmu for groups. The advisory was published on 2026-04-23.
Apr 23, 2026
Microsoft publishes CVE-2026-31515 for af_key migration validation flaw
Microsoft published CVE-2026-31515, describing an af_key issue requiring validation of families in pfkey_send_migrate(). The vulnerability was listed in the Security Update Guide on 2026-04-23.
Apr 23, 2026
Microsoft publishes CVE-2026-31509 for NFC locking flaw
Microsoft added CVE-2026-31509 to the Security Update Guide for an nfc/nci circular locking dependency in nci_close_device. This represents the public advisory date for the issue.
Apr 23, 2026
Microsoft publishes CVE-2026-31507 for SMC double-free flaw
Microsoft published CVE-2026-31507 for a net/smc double-free condition affecting smc_spd_priv when tee() duplicates a splice pipe buffer. The entry appeared in the Security Update Guide on 2026-04-23.
Apr 23, 2026
Microsoft publishes CVE-2026-31498 for Bluetooth L2CAP infinite-loop flaw
Microsoft added CVE-2026-31498 to its Security Update Guide for a Bluetooth L2CAP issue involving ERTM re-initialization and a zero pdu_len infinite loop. The advisory was published on 2026-04-23.
Apr 23, 2026
Microsoft publishes CVE-2026-31495 for netfilter ctnetlink validation flaw
Microsoft published CVE-2026-31495, describing a netfilter ctnetlink issue addressed by using netlink policy range checks. The listing reflects public disclosure in the Security Update Guide.
Apr 23, 2026
Microsoft publishes CVE-2026-31485 for SPI driver use-after-free flaw
Microsoft added CVE-2026-31485 to the Security Update Guide for a teardown order use-after-free issue in the spi-fsl-lpspi driver. The advisory was published on 2026-04-23.
Apr 23, 2026
Microsoft publishes CVE-2026-31454 for XFS AIL lock handling flaw
Microsoft published CVE-2026-31454, covering an XFS issue related to saving ailp before dropping the AIL lock in push callbacks. This marks the vulnerability's appearance in the Security Update Guide.
Apr 23, 2026
Microsoft publishes CVE-2026-31452 for ext4 inline-data truncation flaw
Microsoft published CVE-2026-31452 in its Security Update Guide for an ext4 issue involving conversion of inline data to extents when truncate exceeds inline size. The entry indicates public tracking of the vulnerability on that date.
Apr 23, 2026
Microsoft publishes CVE-2026-31446 for ext4 use-after-free flaw
Microsoft added CVE-2026-31446 to its Security Update Guide, describing an ext4 use-after-free issue in update_super_work when racing with umount. The advisory was published alongside other Linux kernel-related CVEs.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
5 more from sources like msrc security advisories
Related Stories
Microsoft Discloses Broad Set of Linux Kernel Vulnerabilities
Microsoft published a broad batch of Security Update Guide entries for Linux kernel flaws affecting memory management, networking, virtualization, device drivers, and subsystem input validation. The listed issues include use-after-free, NULL dereference, integer underflow, refcount underflow, information disclosure, and bounds-checking failures tracked as **`CVE-2026-31496`**, **`CVE-2026-31458`**, **`CVE-2026-31689`**, **`CVE-2026-31615`**, **`CVE-2026-31664`**, **`CVE-2026-31656`**, **`CVE-2026-31611`**, **`CVE-2026-31671`**, **`CVE-2026-31612`**, and others. Affected components span `nf_conntrack_expect`, `damon`, `edac_mc`, `renesas_usb3`, `xfrm`, `drm/i915`, `ksmbd`, `stmmac`, `tipc`, `mptcp`, `NFC`, `HID`, `KVM`, `mmc`, `x86/CPU`, `PCI endpoint`, `blk-cgroup`, `media/as102`, and `altera-tse`. Several entries point to bugs that could lead to kernel crashes, memory corruption, or data leakage if triggered through malformed input, protocol handling, or device interaction. Notable examples include a slab use-after-free in `mptcp`, information leaks in `xfrm_user` and `xfrm`, validation flaws in `ksmbd`, endpoint index handling in `usb: gadget: renesas_usb3`, and multiple underflow and teardown-ordering bugs across networking and driver code. The disclosures indicate a coordinated publication of upstream Linux kernel fixes through Microsoft's advisory channel, underscoring the need for organizations running Linux workloads in Microsoft-connected environments to review affected kernel versions and apply vendor patches promptly.
Yesterday
Microsoft Discloses Linux Kernel Flaws Affecting SMB, KVM, Virtio, BPF, and Networking
Microsoft added several CVEs to its Security Update Guide for Linux kernel components, including **CVE-2026-31609** in SMB, **CVE-2026-31591** in KVM SEV/SNP handling, **CVE-2026-31469** in `virtio_net`, **CVE-2026-31525** in BPF, and **CVE-2026-31494** in the `macb` network driver. The listed issues span memory-safety and logic flaws such as a double-free in `smbd_free_send_io()` after `smbd_send_batch_flush()`, a use-after-free in `virtio_net`, and undefined behavior in the BPF interpreter for signed division and modulo involving `INT_MIN`. The disclosures also include a KVM fix that locks all vCPUs while synchronizing VMSAs during SEV-SNP launch completion, indicating impact in confidential computing and virtualization workflows, alongside a `macb` driver correction for queue statistics handling. Taken together, the entries show Microsoft tracking upstream Linux kernel vulnerabilities across file sharing, virtualization, packet processing, and network drivers, with several bugs carrying potential stability or security impact in environments running affected kernel code paths.
3 days ago
Microsoft Discloses Linux Kernel Flaws in NFC USB Handling and eBPF
Microsoft published security advisories for **CVE-2026-23291** and **CVE-2026-23319**, two vulnerabilities affecting Linux kernel components tracked through the Security Update Guide. **CVE-2026-23291** is tied to the `nfc: pn533` driver and describes improper release of a USB interface reference during device disconnect, a flaw that can lead to resource-management and memory-safety issues in systems using the PN533 NFC stack. The second issue, **CVE-2026-23319**, affects `bpf` and is described as a **use-after-free** bug in `bpf_trampoline_link_cgroup_shim`, pointing to a memory corruption risk in the eBPF subsystem. Together, the advisories highlight kernel-level weaknesses in both hardware interface handling and programmable packet-processing infrastructure, underscoring the need for organizations running affected Linux-based environments to review Microsoft guidance and apply relevant updates or downstream vendor patches.
1 months ago