CVE-2026-43477

In the Linux kernel, the following vulnerability has been resolved: drm/i915/vrr: Configure VRR timings after enabling TRANSDDIFUNCCTL Apparently ICL may hang with an MCE if we write TRANSVRRVMAX/FLIPLINE before enabling TRANSDDIFUNCCTL. Personally I was only able to reproduce a hang on an Dell X...

UBUNTU-CVE-2026-43485

In the Linux kernel, the following vulnerability has been resolved: nouveau/gsp: drop WARNON in ACPI probes These WARNONs seem to trigger a lot, and we don't seem to have a plan to fix them, so just drop them, as they are most likely harmless...

CVE-2026-43485

In the Linux kernel, the following vulnerability has been resolved: nouveau/gsp: drop WARNON in ACPI probes These WARNONs seem to trigger a lot, and we don't seem to have a plan to fix them, so just drop them, as they are most likely harmless...

CVE-2026-43485

In the Linux kernel, the following vulnerability has been resolved: nouveau/gsp: drop WARNON in ACPI probes These WARNONs seem to trigger a lot, and we don't seem to have a plan to fix them, so just drop them, as they are most likely harmless...

CVE-2026-43485

In the Linux kernel, the following vulnerability has been resolved: nouveau/gsp: drop WARNON in ACPI probes These WARNONs seem to trigger a lot, and we don't seem to have a plan to fix them, so just drop them, as they are most likely harmless...

CVE-2026-43477 drm/i915/vrr: Configure VRR timings after enabling TRANS_DDI_FUNC_CTL

In the Linux kernel, the following vulnerability has been resolved: drm/i915/vrr: Configure VRR timings after enabling TRANSDDIFUNCCTL Apparently ICL may hang with an MCE if we write TRANSVRRVMAX/FLIPLINE before enabling TRANSDDIFUNCCTL. Personally I was only able to reproduce a hang on an Dell X...

CVE-2026-43477

In the Linux kernel, the following vulnerability has been resolved: drm/i915/vrr: Configure VRR timings after enabling TRANSDDIFUNCCTL Apparently ICL may hang with an MCE if we write TRANSVRRVMAX/FLIPLINE before enabling TRANSDDIFUNCCTL. Personally I was only able to reproduce a hang on an Dell X...

RLSA-2026:15892 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-6754 firefox: thunderbird: Spoofing...

SUSE CVE-2026-43302

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Set DMA segment size to avoid debug warnings When using V3D rendering with CONFIGDMAAPIDEBUG enabled, the kernel occasionally reports a segment size mismatch. This is because 'maxsegsize' is not set. The kernel defaults ...

SUSE CVE-2026-43368

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential overflow of shmem scatterlist length When a scatterlists table of a GEM shmem object of size 4 GB or more is populated with pages allocated from a folio, unsigned int .length attribute of a scatterlist may...

JLSEC-2026-494 WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation.

ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob...

PT-2026-40613

Unrestricted IP address binding in the AMD Device Metrics Exporter ROCm ecosystem could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability...

AlmaLinux 9 : thunderbird (ALSA-2026:15892)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:15892 advisory. firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScrip...

PT-2026-40692

In the Linux kernel, the following vulnerability has been resolved: nouveau/gsp: drop WARN ON in ACPI probes These WARN ONs seem to trigger a lot, and we don't seem to have a plan to fix them, so just drop them, as they are most likely harmless...

PT-2026-40684

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/i915/vrr component where writing to TRANS VRR VMAX or FLIPLINE before enabling TRANS DDI FUNC CTL can cause a system hang with a Machine Check Exception MCE on...

CVE-2025-27850

CVE-2025-27850 affects Garmin WDU servers (versions v1 1.4.6 and v2 5.0). A symlink attack is possible when a malicious graphics package containing symlinks is uploaded; the web server follows the provided links while serving content, and there are no restrictions on link targets. This allows an ...

CVE-2025-27850

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the...

CVE-2025-27850

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the...

PT-2026-40795

Name of the Vulnerable Software and Affected Versions Garmin WDU version 1.4.6 Garmin WDU version 5.0 Description The locally served web site allows a symlink attack, which occurs when a system follows a symbolic link a file that points to another file or directory to access locations outside the...

CVE-2025-27850

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the...