RLSA-2026:18868 Important: linux-sgx security update

The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SGX enabled applications in C/C++. Security Fixes: qs: qs: Denial of Service via improper input validation in array parsing CVE-2025-15284 node-tar: tar: node-ta...

MAL-2026-5027 Malicious code in @neon-i18n/core-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis dbdc5bd090d8e85771f77fa3a7a113e08fbfb31de54ae399ed92565bdac246df The OpenSSF Package Analysis project identified '@neon-i18n/core-ui' @ 99.99.99 npm as malicious. It is considered malicious because: - The...

MAL-2026-4854 Malicious code in @service-suppliers/set_suppliers_data (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0469f2493e0faa6db2b4dd70c85c58062f538457a60d4d4b77b44c861f665665 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4852 Malicious code in @service-suppliers/set_initial_loaded (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2bd44f16d8e16a982d3d1b38f7956db80de10ef3c0c176e7079e684926c1c3c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview @service-user-notifications/setnotificationsnotremovable is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between...

MAL-2026-4856 Malicious code in @service-suppliers/set_suppliers_loading_stop (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 52d21512cf72b6b9822978fa95b217f0412f0d8ec55e5667addf4a486ad0965b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4849 Malicious code in @service-suppliers/fetch_suppliers_country_list_action_saga (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1019aabd4bb69e25840cb292802f34974e93eb6c61d783cd8e1bb054a33d182a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @polka-ui/reco (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 748e9209b5841d7276bc8325c476b21c3061fdc37dc9db0280f033ba9badc8c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @service-suppliers/fetch_suppliers_country_list_action_saga (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1019aabd4bb69e25840cb292802f34974e93eb6c61d783cd8e1bb054a33d182a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview @loans/vehicles-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview @service-suppliers/select-supplier-watcher-saga is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

EUVD-2026-32866

In the Linux kernel, the following vulnerability has been resolved: dm-thin: fix metadata refcount underflow There's a bug in dm-thin in the function rebalancechildren. If the internal btree node has one entry, the code tries to copy all btree entries from the node's child to the node itself and...

CVE-2026-46175

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix fsck inconsistency caused by FGGC of node block During FGGC node block migration, fsck may incorrectly treat the migrated node block as fsync-written data. The reproduction scenario: root@vm:/mnt/f2fs seq 1 2048 | xargs...

CVE-2026-46107

In the Linux kernel, the following vulnerability has been resolved: dm-thin: fix metadata refcount underflow There's a bug in dm-thin in the function rebalancechildren. If the internal btree node has one entry, the code tries to copy all btree entries from the node's child to the node itself and...

UBUNTU-CVE-2026-46175

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix fsck inconsistency caused by FGGC of node block During FGGC node block migration, fsck may incorrectly treat the migrated node block as fsync-written data. The reproduction scenario: root@vm:/mnt/f2fs seq 1 2048 | xargs...

UBUNTU-CVE-2026-46107

In the Linux kernel, the following vulnerability has been resolved: dm-thin: fix metadata refcount underflow There's a bug in dm-thin in the function rebalancechildren. If the internal btree node has one entry, the code tries to copy all btree entries from the node's child to the node itself and...

CVE-2026-46194 f2fs: fix node_cnt race between extent node destroy and writeback

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix nodecnt race between extent node destroy and writeback f2fsdestroyextentnode does not set FINOEXTENT before clearing extent nodes. When called from f2fsdropinode with ISYNC set, concurrent kworker writeback can insert n...

CVE-2026-46194

CVE-2026-46194 is a Linux kernel/f2fs race condition where f2fs_destroy_extent_node() clears extent nodes without FI_NO_EXTENT, allowing concurrent writeback to insert nodes and trigger a bug check. The issue arises when dropping inodes with I_SYNC during writeback, leading to a potential crash/D...

CVE-2026-46194

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix nodecnt race between extent node destroy and writeback f2fsdestroyextentnode does not set FINOEXTENT before clearing extent nodes. When called from f2fsdropinode with ISYNC set, concurrent kworker writeback can insert n...

CVE-2026-46175

Summary of CVE-2026-46175 (f2fs FGGC issue) : In the Linux kernel’s f2fs filesystem, Foreground Garbage Collection (FGGC) of node blocks could leave the fsync and dentry marks uncleared, causing fsck to misinterpret migrated data as fsync-written. The root cause is that the marks were not cleared...