CVE-2026-31481

In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger frees if kthread creation fails Boot-time trigger registration can fail before the trigger-data cleanup kthread exists. Deferring those frees until late init is fine, but the post-boot fallback mus...

CVE-2026-31481 tracing: Drain deferred trigger frees if kthread creation fails

In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger frees if kthread creation fails Boot-time trigger registration can fail before the trigger-data cleanup kthread exists. Deferring those frees until late init is fine, but the post-boot fallback mus...

CVE-2026-31481

CVE-2026-31481 affects the Linux kernel tracing code. The issue arises from boot-time trigger frees not being drained when kthread creation fails, causing boot-time deferred entries to leak and a NULL pointer dereference that crashes the system. The fix drains the entire queued list synchronously...

CVE-2026-0539 Local Privilege Escalation in pcvisit service client

Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\SYSTEM privileges on boot. This issue affects all...

CVE-2026-0539 Local Privilege Escalation in pcvisit service client

Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\SYSTEM privileges on boot. This issue affects all...

CVE-2026-0539

Summary: CVE-2026-0539 describes a local privilege escalation in the pcvisit Windows service. The issue arises from incorrect default permissions on the pcvisit service binary, allowing a low-privileged local attacker to replace the binary with arbitrary contents. The service binary runs with SYS...

be.appify.prefab:prefab-security (>=0.2.0 <=0.7.5), ch.admin.bit.jeap:jeap-audit-command-builder (>=7.0.0-alpha-springboot4 <=7.1.0-alpha-springboot4) +1093 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=7.0.0-M1 <=7.0.4)

org.springframework.security:spring-security-core MAVEN version =7.0.0-M1, =0.2.0, =7.0.0-alpha-springboot4, =2.0.0-alpha-springboot4, =5.0.0-alpha-springboot4, =9.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4,...

Oracle Linux 8 : osbuild-composer (ELSA-2026-8456)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-8456 advisory. 101.4-5.0.1 - Support using repository definitons with OCI variables JIRA: OLDIS-38657 - Update repositories to contain OCI variables - Remove image types...

Oracle Linux 9 : osbuild-composer (ELSA-2026-9044)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-9044 advisory. 149-5.0.1 - Add missing dependency over dracut-config-rescue for image-installer ORABUG: 38587453 - Switch to UEKR8 repositories for OL9.6 Orabug: 37962207 - Ad...

PT-2026-34330

Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NTSYSTEM privileges on boot. This issue affects all...

PT-2026-34386

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the tracing component occurs when boot-time trigger registration fails before the trigger-data cleanup kthread is created. If kthread creation fails, the system fails to drain...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013843)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013843 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix bugon in estreesearch caused by bad boot loader inode We got a issue as fllows:...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013478)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013478 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Panic on bad configs that VE on private memory access All normal kernel memory is TDX...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013162)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013162 advisory. In the Linux kernel, the following vulnerability has been resolved: Revert mmc: dwmmc: Fix IDMAC operation with pages bigger than 4K The commit 8396c793ffdf mmc:...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010870)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010870 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Panic on bad configs that VE on private memory access All normal kernel memory is TDX...

osbuild-composer security update

149-5.0.1 - Add missing dependency over dracut-config-rescue for image-installer ORABUG: 38587453 - Switch to UEKR8 repositories for OL9.6 Orabug: 37962207 - Add support to create OpenScap images JIRA: OLDIS-35301 - Simplify repository names JIRA: OLDIS-35893 - Refactor patches to fix some naming...

osbuild-composer security update

101.4-5.0.1 - Support using repository definitons with OCI variables JIRA: OLDIS-38657 - Update repositories to contain OCI variables - Remove image types Minimal-raw and wsl JIRA: OLDIS-38123 - Increase default /boot size to 1GB Orabug: 36827079 - support for building OL8/9 images on Oracle Linu...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012983)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012983 advisory. In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bamdma: Fix DT error handling for num-channels/ees When we don't have a clock...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013257)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013257 advisory. DISPUTED An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. physefisetvirtualaddressmap in arch/x86/platform/efi/efi.c and...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013195)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013195 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Map EFI-reserved memory as encrypted for SEV Some drivers require memory that is...