VYPR
Vypr IntelligenceAI-generatedJul 2, 2026· 23 CVEs

Linux Kernel: 23 Vulnerabilities Disclosed Together Across Multiple Subsystems

A batch of 23 vulnerabilities affecting the Linux Kernel was disclosed on July 1-2, 2026, spanning Bluetooth, memory management, and networking subsystems.

Key findings

  • 23 CVEs disclosed in Linux Kernel between July 1-2, 2026 across multiple subsystems.
  • Moderate severity vulnerabilities include Use-After-Free flaws in Bluetooth and fhandle components.
  • Multiple fixes target memory management, networking, and ARM architecture-specific issues.
  • Low severity flaws address NULL pointer dereferences and context allocation failures.
  • Patching is crucial for maintaining the integrity of diverse Linux kernel components.

On July 1st and 2nd, 2026, a batch of 23 vulnerabilities was disclosed in the Linux Kernel. These issues span various subsystems including Bluetooth, memory management, networking, and ARM architecture-specific components. While most of these vulnerabilities are rated low to moderate in severity, their collective disclosure highlights the ongoing need for diligent patching and security maintenance within the Linux ecosystem.

Several vulnerabilities were identified within the Bluetooth subsystem. CVE-2026-53357, a moderate severity Use-After-Free flaw in l2cap_sock_cleanup_listen() versus l2cap_conn_del(), and CVE-2026-53358, which addresses channel closure in cleanup_listen() using a channel timer, were both disclosed on July 2nd.

Memory management (mm) and debugging components also saw multiple fixes. CVE-2026-53326 addresses an issue in debugobjects by preventing fill_pool() calls in early boot hardirq contexts. Within the mm subsystem, CVE-2026-53333 and CVE-2026-53334 report context allocation failures in damon/reclaim and damon/lru_sort respectively. Additionally, CVE-2026-53334 and CVE-2026-53335 address context allocation failures in DAMON reclaim and LRU sort.

Networking components were affected by several issues. CVE-2026-53337, a NULL pointer dereference in bond_do_ioctl() within the net:bonding driver, and CVE-2026-53339, a NULL pointer dereference in cci_remove() for the qcom-cci i2c driver, were among the low-severity flaws. CVE-2026-53340 fixes clock and pinctrl state inconsistencies in the imx i2c driver's runtime PM.

The ARM architecture was the focus of specific fixes. CVE-2026-53342 addresses calling the pagetable destructor when freeing hot-removed page tables on arm64. Furthermore, CVE-2026-53354 mitigates TLBI errata on various Arm CPUs.

Other notable disclosures include CVE-2026-53341, a moderate severity Use-After-Free flaw in the fhandle component due to an unlocked read of mnt_ns in may_decode_fh(), and CVE-2026-53357, a moderate severity Use-After-Free in the Bluetooth L2CAP cleanup functions.

The majority of these vulnerabilities appear to have been addressed in subsequent kernel releases. Users are advised to ensure their systems are running updated kernel versions to mitigate these risks. The broad range of affected subsystems underscores the complexity of the Linux kernel and the importance of continuous security updates.

The disclosures on July 1st and 2nd, 2026, represent a significant, albeit fragmented, set of fixes for the Linux kernel. While no single vulnerability stands out as critically severe, the sheer number of distinct issues across multiple subsystems warrants attention from system administrators and security professionals managing Linux environments. Staying current with kernel patches remains a fundamental practice for maintaining system integrity.

AI-written article. Grounded in 23 CVE records listed below.