SUSE CVE-2026-43405

In the Linux kernel, the following vulnerability has been resolved: libceph: Use u32 for non-negative values in cephmonmapdecode This patch fixes unnecessary implicit conversions that change signedness of bloblen and nummon in cephmonmapdecode. Currently bloblen and nummon are signed int variable...

jq 输入验证错误漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.1 and earlier contain a vulnerability related to input validation errors. This vulnerability stems from the use of signed integers for the stack allocation size in the jq bytecode virtual machine. Wh...

Linux kernel x25_queue_rx_frame function memory misreference vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel. The vulnerability stems from a call to kfreeskb when allocskb fails in x25queuerxframe, which can be exploited b...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pillow (UTSA-2026-017481)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017481 advisory. Pillow before 8.1.2 allows attackers to cause a denial of service memory consumption because the reported size of a contained image is not properly checked for a BLP...

Unity Linux 20.1070e Security Update: netty (UTSA-2026-017795)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017795 advisory. The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large...

SUSE CVE-2025-71286

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls The size of the data behind of scontrol-ipccontroldata for bytes controls is: 1 sizeofstruct sofipc4controldata + // kernel only struct 2 sizeofstruct...

SUSE CVE-2026-43169

In the Linux kernel, the following vulnerability has been resolved: drm/buddy: Prevent BUGON by validating rounded allocation When DRMBUDDYCONTIGUOUSALLOCATION is set, the requested size is rounded up to the next power-of-two via rounduppowoftwo. Similarly, for non-contiguous allocations with lar...

SUSE CVE-2026-43220

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: serialize sequence allocation under concurrent TLB invalidations With concurrent TLB invalidations, completion wait randomly gets timed out because cmdsemval was incremented outside the IOMMU spinlock, allowing...

SUSE CVE-2026-43277

In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ensure that won't go past CPER allocated record The logic at ghesnew prevents allocating too large records, by checking if they're bigger than GHESESTATUSMAXSIZE currently, 64KB. Yet, the allocation is done with the...

GHSA-97WC-2HQC-CJGR smallbitvec: Integer overflow in safe API leads to heap buffer overflow

Summary An integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocation, resulting in a heap buffer overflow through safe APIs only. This allows memory corruption without requiring unsafe code from the caller. Details The issue originates from...

smallbitvec: Integer overflow in safe API leads to heap buffer overflow

Summary An integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocation, resulting in a heap buffer overflow through safe APIs only. This allows memory corruption without requiring unsafe code from the caller. Details The issue originates from...

PT-2026-39309

Name of the Vulnerable Software and Affected Versions smallbitvec affected versions not specified Description An integer overflow occurs during the internal capacity calculation within the buffer lencap function. When the cap variable is close to usize::MAX, unchecked arithmetic causes the value ...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when handling excessively large HTTP request bodies. A malicious pod on the same cluster can exhaust system memory and trigger an OOM condition. Remediation Upgrade...

GHSA-628H-Q48J-JR6Q Phoenix: Long-poll NDJSON body splitting causes large memory allocation

Summary An unauthenticated denial-of-service vulnerability in Phoenix's long-poll transport allows a remote client to allocate a large amount of memory with a HTTP request. A handful of concurrent requests can be sufficient to let the node run out of memory. See also...

CVE-2026-42189 Russh: Pre-auth DoS via unbounded allocation in keyboard-interactive auth

Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...

CVE-2026-43295

A flaw was found in the Linux kernel's rapidio subsystem. When memory allocation for idtab fails within the rioscanallocnet function, the network object is not correctly freed, resulting in a dangling pointer. This improper memory management could lead to system instability or a denial of service...

EUVD-2026-28769

In the Linux kernel, the following vulnerability has been resolved: rxrpc, afs: Fix missing error pointer check after rxrpckernellookuppeer rxrpckernellookuppeer can also return error pointers in addition to NULL, so just checking for NULL is not sufficient. Fix this by: 1 Changing...

EUVD-2026-28760

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Fix for duplicate device in netdev hooks When handling NETDEVREGISTER notification, duplicate device registration must be avoided since the device may have been added by nftnetdevhookalloc already when creati...

EUVD-2026-28711

In the Linux kernel, the following vulnerability has been resolved: libceph: Use u32 for non-negative values in cephmonmapdecode This patch fixes unnecessary implicit conversions that change signedness of bloblen and nummon in cephmonmapdecode. Currently bloblen and nummon are signed int variable...

EUVD-2026-28702

In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Fix user fence leak on alloc failure When dmafencechainalloc fails, properly release the user fence reference to prevent a memory leak. cherry picked from commit a5d5634cde48a9fcd68c8504aa07f89f175074a0...