Linux Distros Unpatched Vulnerability : CVE-2026-31670

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: rfkill: prevent unlimited numbers of rfkill events from being created Userspace can create an unlimited number of rfkill events if the system is so...

net: rfkill: prevent unlimited numbers of rfkill events from being created

...

clockevents: Add missing resets of the next_event_forced flag

...

Insufficient Verification of Data Authenticity

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the cron process. An attacker can cause untrusted events to be labeled as trusted system events by triggering isolated cron agent runs...

NPM: OpenClaw: Isolated cron awareness events were recorded as trusted system events

NPM: OpenClaw: Isolated cron awareness events were recorded as trusted system events vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...

GHSA-57R2-H2WJ-G887 OpenClaw: Isolated cron awareness events were recorded as trusted system events

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact Output from webhook-triggered isolated cron agent runs could be queued into the main session awareness stream without trusted: false. That made the event render as a trusted...

OpenClaw: Isolated cron awareness events were recorded as trusted system events

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact Output from webhook-triggered isolated cron agent runs could be queued into the main session awareness stream without trusted: false. That made the event render as a trusted...

GHSA-72Q8-JCMC-97WX OpenClaw: Feishu card actions could misclassify DMs and skip dmPolicy

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact Feishu card-action callbacks could synthesize a message event with DM conversations classified as group conversations. That skipped dmPolicy enforcement for card actions, so a...

SUSE CVE-2026-31557

In the Linux kernel, the following vulnerability has been resolved: nvmet: move async event work off nvmet-wq For target nvmetctrlfree flushes ctrl-asynceventwork. If nvmetctrlfree runs on nvmet-wq, the flush re-enters workqueue completion for the same worker:- A. Async event work queued on...

SUSE CVE-2026-31574

In the Linux kernel, the following vulnerability has been resolved: clockevents: Add missing resets of the nexteventforced flag The prevention mechanism against timer interrupt starvation missed to reset the nexteventforced flag in a couple of places: - When the clock event state changes. That ca...

SUSE CVE-2026-31670

In the Linux kernel, the following vulnerability has been resolved: net: rfkill: prevent unlimited numbers of rfkill events from being created Userspace can create an unlimited number of rfkill events if the system is so configured, while not consuming them from the rfkill file descriptor, causin...

CVE-2026-31670

A flaw was found in the Linux kernel's rfkill component. A local user can exploit this by creating an excessive number of rfkill events without properly consuming them. This can lead to a denial of service DoS due to an out-of-memory condition, impacting system stability and availability...

CVE-2026-31625

A flaw was found in the Linux kernel's HID Human Interface Device alps driver. This vulnerability, a NULL pointer dereference, occurs because the driver attempts to process raw events without properly verifying if the device has been claimed. An attacker could potentially exploit this to cause a...

Malicious Package

Overview modern-events is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2026-6911

creationtimestamp| type| source ---|---|--- 2026-04-24 19:23:03+00:00| published-proof-of-concept| Telegram/KzwiN8QhKmj3TuqYtGeX9siiyoqjfAY8f7zipbEz0Wiqhk 2026-04-25 07:30:26+00:00| seen| https://infosec.exchange/users/offseq/statuses/116464171469215765 2026-04-25 07:30:28+00:00| seen|...

DEBIAN-CVE-2026-31670

In the Linux kernel, the following vulnerability has been resolved: net: rfkill: prevent unlimited numbers of rfkill events from being created Userspace can create an unlimited number of rfkill events if the system is so configured, while not consuming them from the rfkill file descriptor, causin...

CVE-2026-31670

In the Linux kernel, the following vulnerability has been resolved: net: rfkill: prevent unlimited numbers of rfkill events from being created Userspace can create an unlimited number of rfkill events if the system is so configured, while not consuming them from the rfkill file descriptor, causin...

CVE-2026-31574

In the Linux kernel, the following vulnerability has been resolved: clockevents: Add missing resets of the nexteventforced flag The prevention mechanism against timer interrupt starvation missed to reset the nexteventforced flag in a couple of places: - When the clock event state changes. That ca...

CVE-2026-31670

Summary: CVE-2026-31670 affects the Linux kernel rfkill subsystem. The vulnerability allows a local attacker to create an unbounded number of rfkill events (without consuming them from the rfkill descriptor), potentially leading to memory exhaustion and DoS. The issue is fixed by bounding the num...

CVE-2026-31670 net: rfkill: prevent unlimited numbers of rfkill events from being created

In the Linux kernel, the following vulnerability has been resolved: net: rfkill: prevent unlimited numbers of rfkill events from being created Userspace can create an unlimited number of rfkill events if the system is so configured, while not consuming them from the rfkill file descriptor, causin...