SUSE CVE-2026-46257

In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/timer-sp804: Fix an Oops when readcurrenttimer is called on ARM32 platforms where the SP804 is not registered as the schedclock. On SP804, the delay timer shares the same clkevt instance with schedclock. On so...

CVE-2026-46257

A flaw was found in the Linux kernel's SP804 timer driver. On ARM32 platforms where the SP804 is not registered as the scheduling clock, the delay timer's clock event instance may not be properly initialized. This can lead to a kernel Oops, which is a system crash, when the system attempts to rea...

CVE-2026-40290

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior to 4.11.0, a user-after-free UAF race condition exists in the shared memory teardown logic of FF-A...

EUVD-2026-34160

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.3.0 and prior to version 4.11.0, a type confusion vulnerability exists in OP-TEE OS when processing an FFAMEMSHARE...

CVE-2026-46257 clocksource/drivers/timer-sp804: Fix an Oops when read_current_timer is called on ARM32 platforms where the SP804 is not registered as the sched_clock.

In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/timer-sp804: Fix an Oops when readcurrenttimer is called on ARM32 platforms where the SP804 is not registered as the schedclock. On SP804, the delay timer shares the same clkevt instance with schedclock. On so...

CVE-2026-46257

The CVE-2026-46257 entry concerns the Linux kernel SP804 timer on ARM32. The root cause was that the delay timer shared a clkevt instance with sched_clock; when sp804_clocksource_and_sched_clock_init used use_sched_clock != 1, sched_clkevt was not properly initialized, and read_current_timer invo...

PT-2026-46046

Name of the Vulnerable Software and Affected Versions OP-TEE versions 4.3.0 through 4.10.x Description A type confusion occurs in OP-TEE OS when processing an 'FFA MEM SHARE' request from the normal world. This issue specifically affects configurations where OP-TEE is set as a Secure Partition...

Unbreakable Enterprise kernel security update

5.4.17-2136.356.4.1 - smb: client: reject userspace cifs.spnego descriptions Asim Viladi Oglu Manizada Orabug: 39463669 5.4.17-2136.356.4 - tun: free page on buildskb failure in tunxdpone Weiming Shi Orabug: 39429147 - tap: free page on error paths in tapgetuserxdp Weiming Shi Orabug: 39429147 -...

PT-2026-46020

In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/timer-sp804: Fix an Oops when read current timer is called on ARM32 platforms where the SP804 is not registered as the sched clock. On SP804, the delay timer shares the same clkevt instance with sched clock. O...

PT-2026-46045

Name of the Vulnerable Software and Affected Versions OP-TEE versions prior to 4.11.0 Description OP-TEE is a Trusted Execution Environment designed as a companion to a non-secure Linux kernel running on Arm Cortex-A cores using TrustZone technology. In several ECDH shared secret paths, the publi...

EUVD-2026-34005

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

Exploit for Out-of-bounds Write in Redis

Docker Operations Create a Docker container docker comp...

EUVD-2018-21953

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through...

EUVD-2018-21957

Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the structured exception...

CVE-2018-25427

Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the structured exception...

CVE-2018-25432 Arm Whois 3.11 Buffer Overflow via ASLR Bypass

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through...

CVE-2018-25432 Arm Whois 3.11 Buffer Overflow via ASLR Bypass

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through...

CVE-2018-25427

CVE-2018-25427 pertains to Arm Whois 3.11, where a stack-based buffer overflow allows remote code execution by sending oversized input to the IP address or domain field. Input longer than 658 bytes with shellcode can overwrite the Structured Exception Handler, enabling command execution during pr...

CVE-2018-25427 Arm Whois 3.11 Buffer Overflow via SEH Overwrite

Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the structured exception...

CVE-2018-25427 Arm Whois 3.11 Buffer Overflow via SEH Overwrite

Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the structured exception...