Linux Security
The latest Linux Security coverage — news, analysis, and updates from the WindowsNews.AI desk.
WSL 2 Kernel Lags Behind Critical Linux IPv4 Out-of-Bounds Write Fix
On July 16, 2026, the National Vulnerability Database published CVE-2026-53366, detailing an out-of-bounds write flaw in the Linux kernel's IPv4 networking stack. The fix landed upstream weeks ago,...
Critical Linux Kernel Bug Exposes WSL2 and Container Hosts — Patch Now
A newly disclosed Linux kernel vulnerability, tracked as CVE-2026-43499 and named GhostLock, lets attackers break out of sandboxes and seize root control of affected systems. The flaw reaches beyond...
Linux Kernel Race in nvmet-tcp Threatens Windows NVMe-oF Storage Infrastructure
A critical race condition in the Linux kernel’s nvmet-tcp subsystem, assigned CVE-2026-46135, has quietly emerged as a significant threat to Windows-centric data centers. Microsoft’s Security...
Microsoft flags Linux AMDGPU memory leak that drains system resources each resume cycle
Microsoft has added a seemingly minor Linux kernel bug to its Security Update Guide this week, drawing attention to a vulnerability that affects AMD-powered machines running the company’s...
CVE-2026-40372: ASP.NET Core DataProtection Vulnerability Exposes Runtime Secrets on Linux
Microsoft's April 2026 security disclosure revealed CVE-2026-40372, a critical vulnerability in ASP.NET Core DataProtection that exposes runtime secrets when applications run on Linux systems. This...
CVE-2026-40372: Critical ASP.NET Core Data Protection Vulnerability Exposes Linux Applications
Microsoft has disclosed CVE-2026-40372, a critical vulnerability in ASP.NET Core's Data Protection system that specifically impacts Linux deployments. The security flaw allows attackers to bypass...
CVE-2026-27456: Critical TOCTOU Race Condition in Linux mount Utility Explained
Microsoft's security advisory for CVE-2026-27456 reveals a critical Time-of-Check-Time-of-Use (TOCTOU) vulnerability in the util-linux mount utility that affects Linux systems, including those...
CVE-2026-4897: Polkit DoS Vulnerability Threatens Linux Systems with Complete Availability Loss
A critical denial-of-service vulnerability in polkit, designated CVE-2026-4897, exposes Linux systems to complete availability loss through unbounded stdin input. The flaw allows unprivileged local...
CVE-2025-32776: OpenRazer Driver Vulnerability Exposes Linux Systems to Local Attacks
Microsoft's Security Update Guide returned no usable advisory when queried for CVE-2025-32776, revealing a significant gap in vulnerability tracking for cross-platform security issues. This empty...
CVE-2023-51257: Critical Jasper Library Vulnerability Threatens Linux Systems
A critical security vulnerability in the widely-used Jasper image library has been discovered, posing significant risks to Linux systems and applications that process JPEG-2000 images. Designated as...
X.Org CVE-2024-0409: Critical SELinux Bypass Vulnerability Patched
A critical security vulnerability in the X.Org Server's cursor handling code has been discovered and patched, posing a significant threat to Linux systems with SELinux enabled. Tracked as...
CVE-2024-25176: Critical LuaJIT Stack Overflow Vulnerability Threatens Azure Linux & OpenResty
A critical security vulnerability in LuaJIT, the high-performance just-in-time compiler for the Lua programming language, has been discovered and assigned CVE-2024-25176. This stack-buffer-overflow...