SUSE CVE-2026-45839

In the Linux kernel, the following vulnerability has been resolved: bpf: reject negative CO-RE accessor indices in bpfcoreparsespec CO-RE accessor strings are colon-separated indices that describe a path from a root BTF type to a target field, e.g. "0:1:2" walks through nested struct members...

CVE-2026-46063

The CVE-2026-46063 issue affects the Linux kernel (x86/shstk) where a deadlock could occur during sigreturn while popping the shadow stack frame. The root cause was reading the shadow stack with the mmap lock held; a page fault could trigger a recursive mmap lock acquisition, risking deadlock if ...

CVE-2026-46062

In the Linux kernel ntfs3 driver, CVE-2026-46062 arises from an integer overflow in run_unpack() where the volume boundary check uses raw addition (lcn + len) against sbi->used.bitmap.nbits. This can wrap for large lcn/len values, bypassing validation. A fix uses check_add_overflow() (consiste...

SUSE CVE-2026-45841

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix divide-by-zero in OSFWSSMODULO nfosfmatchone computes ctx-window % f-wss.val in the OSFWSSMODULO branch with no guard for f-wss.val == 0. A CAPNETADMIN user can add such a fingerprint via nfnetlink; a...

EUVD-2026-32444

In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix integer overflow in rununpack volume boundary check The volume boundary check lcn + len sbi-used.bitmap.nbits uses raw addition which can wrap around for large lcn and len values, bypassing the validation. Use...

CVE-2026-46062

In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix integer overflow in rununpack volume boundary check The volume boundary check lcn + len sbi-used.bitmap.nbits uses raw addition which can wrap around for large lcn and len values, bypassing the validation. Use...

SUSE CVE-2026-45842

In the Linux kernel, the following vulnerability has been resolved: slip: reject VJ receive packets on instances with no rstate array slhcinit accepts rslots == 0 as a valid configuration, with the documented meaning of 'no receive compression'. In that case the allocation loop in slhcinit is...

EUVD-2026-32443

In the Linux kernel, the following vulnerability has been resolved: jbd2: fix deadlock in jbd2journalcancelrevoke Commit f76d4c28a46a "fs/jbd2: use sleeping version of findgetblock" changed jbd2journalcancelrevoke to use findgetblocknonatomic which holds the folio lock instead of iprivatelock. Th...

SUSE CVE-2026-45843

In the Linux kernel, the following vulnerability has been resolved: slip: bound decode reads against the compressed packet length slhcuncompress parses a VJ-compressed TCP header by advancing a pointer through the packet via decode and pull16. Neither helper bounds-checks against isize, and decod...

CVE-2026-46060

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix IRQ cleanup on 6xxx probe failure When adfdevup partially completes and then fails, the IRQ handlers registered during adfisrresourcealloc are not detached before the MSI-X vectors are released. Since the device...

SUSE CVE-2026-45844

In the Linux kernel, the following vulnerability has been resolved: netfilter: arptables: fix IEEE1394 ARP payload parsing Weiming Shi says: "arppacketmatch unconditionally parses the ARP payload assuming two hardware addresses are present source and target. However, IPv4-over-IEEE1394 ARP RFC 27...

EUVD-2026-32442

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix IRQ cleanup on 6xxx probe failure When adfdevup partially completes and then fails, the IRQ handlers registered during adfisrresourcealloc are not detached before the MSI-X vectors are released. Since the device...

SUSE CVE-2026-45845

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: fix NULL pointer dereference in class dump When a TAPRIO child qdisc is deleted via RTMDELQDISC, tapriograft is called with new == NULL and stores NULL into q-qdiscscl - 1. Subsequent RTMGETTCLASS dump operatio...

EUVD-2026-32440

In the Linux kernel, the following vulnerability has been resolved: media: amphion: Fix race between m2m jobabort and devicerun Fix kernel panic caused by race condition where v4l2m2mctxrelease frees m2mctx while v4l2m2mtryrun is about to call devicerun with the same context. Race sequence:...

CVE-2026-46058

In the Linux kernel, the following vulnerability has been resolved: media: amphion: Fix race between m2m jobabort and devicerun Fix kernel panic caused by race condition where v4l2m2mctxrelease frees m2mctx while v4l2m2mtryrun is about to call devicerun with the same context. Race sequence:...

CVE-2026-46056 Bluetooth: hci_event: fix potential UAF in SSP passkey handlers

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: fix potential UAF in SSP passkey handlers hciconn lookup and field access must be covered by hdev lock in hciuserpasskeynotifyevt and hcikeypressnotifyevt, otherwise the connection can be freed concurrently...

CVE-2026-46056

The CVE-2026-46056 entry documents a Linux kernel Bluetooth UAF vulnerability in the SSP passkey handlers (hci_event path). The issue arises when hci_conn lookup and field access are performed without holding the hdev lock, creating a window where a connection could be freed concurrently in hci_u...

CVE-2026-46055

CVE-2026-46055 affects the Linux kernel AppArmor LSM. The issue is a missing string terminator in aa_dfa_match, causing a slab-out-of-bounds read/write during path mounting on ARM64 Ubuntu 26.04 with Linux 7.0-rc4 (Snapdragon X1). Reported impact includes potential DoS or information disclosure. ...

CVE-2026-46055 apparmor: Fix string overrun due to missing termination

In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix string overrun due to missing termination When booting Ubuntu 26.04 with Linux 7.0-rc4 on an ARM64 Qualcomm Snapdragon X1 we see a string buffer overrun: BUG: KASAN: slab-out-of-bounds in aadfamatch...

CVE-2026-46054

In the Linux kernel, the following vulnerability has been resolved: selinux: fix overlayfs mmap and mprotect access checks The existing SELinux security model for overlayfs is to allow access if the current task is able to access the top level file the "user" file and the mounter's credentials ar...