Cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CVE-2026-31635, dubbed DirtyDecrypt, is a local privilege escalation vulnerability in the Linux kernel's rxrpc subsystem (rxgk component), allowing an unprivileged user to corrupt page cache and achieve arbitrary file writes, leading to root access on kernels 6.10 to 6.13 with CONFIG_RXGK enabled.

CVE-2026-31704 is a vulnerability in ksmbd related to the use of check_add_overflow() to prevent a u16 DACL size overflow, potentially leading to denial of service or privilege escalation.

CVE-2026-23377 is a reported vulnerability with no further details available from the Microsoft Security Response Center.

CVE-2025-37750 is a use-after-free vulnerability in the SMB client related to decryption with multichannel that could lead to code execution.

CVE-2025-37877 is a vulnerability in the iommu component requiring proper cleanup, affecting Microsoft products.

CVE-2026-31712 is a security vulnerability in ksmbd requiring a minimum ACE size check in smb_check_perm_dacl(), potentially leading to unauthorized access or privilege escalation.

CVE-2026-31706 is a vulnerability in ksmbd related to improper validation of num_aces and insufficient hardening of the ACE walk in smb_inherit_dacl(), potentially leading to unauthorized access or privilege escalation.

CVE-2025-38717 is a race condition vulnerability in the kcm_unattach() function of a Microsoft product, potentially leading to denial of service or privilege escalation.

Microsoft released details for CVE-2024-26756, an unspecified vulnerability affecting Microsoft products, but provided no further information.

CVE-2024-26757 is an unspecified vulnerability in a Microsoft product, potentially allowing an attacker to perform unauthorized actions.

CVE-2026-31718 is a use-after-free vulnerability in the ksmbd kernel module, specifically in the __ksmbd_close_fd() function, which can be triggered via the durable scavenger mechanism, potentially leading to arbitrary code execution.