USN-8145-3: Linux kernel (GCP) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Cryptographic API; - UDF file system; - NFC subsystem; - Network traffic control;...

USN-8145-3 linux-gcp, linux-gcp-4.15, linux-gcp-fips vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Cryptographic API; - UDF file system; - NFC subsystem; - Network traffic control;...

PT-2026-30926

Name of the Vulnerable Software and Affected Versions Vite versions 6.0.0 through 6.4.1, 7.3.2, and 8.0.5 Description The Vite dev server improperly handles .map requests for optimized dependencies. It resolves file paths and calls readFile without restricting '../' segments in the URL, potential...

CVE-2026-5571

CVE-2026-5571 concerns Technostrobe HI-LED-WR120-G2 with firmware 5.5.0.1R6.03.30. The issue lies in an unknown function within the /fs section of the Configuration Data Handler, where manipulating the File argument disclosure could occur. Reports indicate a remote attack is possible and that an ...

PT-2026-30440

Name of the Vulnerable Software and Affected Versions Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30 Description A vulnerability exists in Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30. Manipulation of the File argument within an unknown function of the /fs file in the Configuration...

Linux Distros Unpatched Vulnerability : CVE-2026-31403

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd The /proc/fs/nfs/exports proc entry is created at module init and persists for the module's...

Linux Distros Unpatched Vulnerability : CVE-2026-23434

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mtd: rawnand: serialize lock/unlock against other NAND operations nandlock and nandunlock call into chip-ops.lockarea/unlockarea without holding the NAND device...

SUSE CVE-2026-23475

In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a...

CVE-2024-44303

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1. A malicious application may be able to modify protected parts of the file system...

CVE-2026-23434

A flaw was found in the mtd: rawnand subsystem of the Linux kernel. This vulnerability occurs because the nandlock and nandunlock functions do not properly coordinate with other NAND operations. This can lead to a race condition where concurrent Universal Block Image UBI or UBIFS background...

CVE-2026-31402

A flaw was found in the Linux kernel's NFSv4.0 server nfsd. A remote, unauthenticated attacker can exploit this heap overflow vulnerability in the NFSv4.0 LOCK replay cache. By using two cooperating NFSv4.0 clients, where one sets a lock with a large owner string and another requests a conflictin...

CLSA-2026-1775224807 Fix of 95 CVEs

CVE-2025-39683 - tracing: Remove unneeded goto out logic CVE-2025-39683 - tracing: Limit access to parser-buffer when tracegetuser failed CVE-2025-39683 CVE-2025-38079 - crypto: algifhash - fix double free in hashaccept CVE-2025-38079 CVE-2025-38159 - wifi: rtw88: fix the 'para' buffer size to...

CVE-2026-31404

A flaw was found in the Linux kernel's Network File System Daemon NFSD component. This vulnerability occurs because certain sub-objects are freed prematurely while still being accessed by other parts of the system. A local attacker could potentially trigger a Use-After-Free UAF condition, leading...

CVE-2026-31403

A flaw was found in the Linux kernel's Network File System Daemon NFSD component. A local user can exploit this vulnerability by opening the /proc/fs/nfs/exports file and then causing the associated network namespace to be destroyed. Subsequent attempts to read from the still-open file descriptor...

CVE-2026-31404

In the Linux kernel, the following vulnerability has been resolved: NFSD: Defer sub-object cleanup in export put callbacks svcexportput calls pathput and authdomainput immediately when the last reference drops, before the RCU grace period. RCU readers in eshow and cshow access both expath via...

CVE-2026-31402

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache The NFSv4.0 replay cache uses a fixed 112-byte inline buffer rpibufNFSD4REPLAYISIZE to store encoded operation responses. This size was calculated based on OPEN responses and...

CVE-2026-23423

A flaw was found in the Linux kernel's btrfs file system. This vulnerability occurs in the btrfsuringreadextent function, where memory allocated for 'pages' is not properly freed when errors occur during read operations. This oversight can lead to resource exhaustion, potentially causing a Denial...

CVE-2026-31402 nfsd: fix heap overflow in NFSv4.0 LOCK replay cache

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache The NFSv4.0 replay cache uses a fixed 112-byte inline buffer rpibufNFSD4REPLAYISIZE to store encoded operation responses. This size was calculated based on OPEN responses and...

CVE-2026-4350 Perfmatters <= 2.5.9.1 - Authenticated (Subscriber+) Arbitrary File Deletion via 'delete' Parameter

The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the PMCS::actionhandler method processing the $GET'delete' parameter without any sanitization, authorization check, or nonce verification...

Ubuntu 14.04 LTS / 16.04 LTS : Linux kernel vulnerabilities (USN-8143-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8143-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update...