nimiq-blockchain is missing a wall-clock upper bound on block timestamps

Impact Block timestamp validation enforces that timestamp = parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MINPRODUCERTIMEOUT for skip blocks, but there is no visible upper bound check against the wall clock. A malicious block-producing validator can set block timestamps...

CVE-2026-40093 nimiq-blockchain is missing a wall-clock upper bound on block timestamps

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp = parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MINPRODUCERTIMEOUT for skip blocks, but there is no visible upper...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006696)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006696 advisory. In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bamdma: Fix DT error handling for num-channels/ees When we don't have a clock...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006650)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006650 advisory. In the Linux kernel, the following vulnerability has been resolved: rtc: cmos: Fix event handler registration ordering issue Because acpiinstallfixedeventhandler...

Linux Distros Unpatched Vulnerability : CVE-2026-31396

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: macb: fix use-after-free access to PTP clock PTP clock is registered on every opening of the interface and destroyed on every closing. However it may be...

SUSE CVE-2026-31396

In the Linux kernel, the following vulnerability has been resolved: net: macb: fix use-after-free access to PTP clock PTP clock is registered on every opening of the interface and destroyed on every closing. However it may be accessed via gettsinfo ethtool call which is possible while the interfa...

EUVD-2026-18774

In the Linux kernel, the following vulnerability has been resolved: net: macb: fix use-after-free access to PTP clock PTP clock is registered on every opening of the interface and destroyed on every closing. However it may be accessed via gettsinfo ethtool call which is possible while the interfa...

CVE-2026-31396

A flaw was found in the Linux kernel's Media Access Controller MACB Ethernet driver and Precision Time Protocol PTP clock subsystem. A local attacker could exploit a use-after-free vulnerability by accessing the PTP clock via the gettsinfo ethtool call after the PTP clock has been deallocated. Th...

CVE-2026-31396

In the Linux kernel, the following vulnerability has been resolved: net: macb: fix use-after-free access to PTP clock PTP clock is registered on every opening of the interface and destroyed on every closing. However it may be accessed via gettsinfo ethtool call which is possible while the interfa...

UBUNTU-CVE-2026-31396

In the Linux kernel, the following vulnerability has been resolved: net: macb: fix use-after-free access to PTP clock PTP clock is registered on every opening of the interface and destroyed on every closing. However it may be accessed via gettsinfo ethtool call which is possible while the interfa...

CVE-2026-31396

Summary: CVE-2026-31396 affects the Linux kernel’s net/macb and PTP clock subsystem. The root cause is a use-after-free in ptp_clock_index() when the PTP clock is accessed via get_ts_info while the interface’s PTP clock object has been deregistered. This allows a local attacker to trigger a crash...

CVE-2026-31396

In the Linux kernel, the following vulnerability has been resolved: net: macb: fix use-after-free access to PTP clock PTP clock is registered on every opening of the interface and destroyed on every closing. However it may be accessed via gettsinfo ethtool call which is possible while the interfa...

CVE-2026-31396 net: macb: fix use-after-free access to PTP clock

In the Linux kernel, the following vulnerability has been resolved: net: macb: fix use-after-free access to PTP clock PTP clock is registered on every opening of the interface and destroyed on every closing. However it may be accessed via gettsinfo ethtool call which is possible while the interfa...

PT-2026-30179

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.164+ Description The Linux kernel contained a use-after-free issue in the networking subsystem related to the macb driver and the PTP Precision Time Protocol clock. Specifically, the PTP clock could be access...

PT-2026-36432

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Linux kernel's macb network driver during PCI glue driver removal. The platform device unregister function may attempt to use registered clocks durin...

CVE-2026-23266

In the Linux kernel, the following vulnerability has been resolved: fbdev: rivafb: fix divide error in nv3arb A userspace program can trigger the RIVA NV3 arbitration code by calling the FBIOPUTVSCREENINFO ioctl on /dev/fb. When doing so, the driver recomputes FIFO arbitration parameters in nv3ar...

DEBIAN-CVE-2026-23266

In the Linux kernel, the following vulnerability has been resolved: fbdev: rivafb: fix divide error in nv3arb A userspace program can trigger the RIVA NV3 arbitration code by calling the FBIOPUTVSCREENINFO ioctl on /dev/fb. When doing so, the driver recomputes FIFO arbitration parameters in nv3ar...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005760)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005760 advisory. In the Linux kernel, the following vulnerability has been resolved: clk: tegra20: Fix refcount leak in tegra20clockinit offindmatchingnode returns a node pointer wit...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005535)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005535 advisory. In the Linux kernel, the following vulnerability has been resolved: posix-clock: Fix missing timespec64 check in pcclocksettime As Andrew pointed out, it will make...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005758)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005758 advisory. In the Linux kernel, the following vulnerability has been resolved: clk: samsung: Fix memory leak in samsungclkregisterpll If clkregister fails, @pll-ratetable may...