Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004917)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004917 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt...

CVE-2026-22976

CVE-2026-22976 affects the Linux kernel’s net/sched sch_qfq, where two qfq_class objects can reference the same leaf_qdisc. In certain teardown paths (e.g., when a qdisc is pending destruction via tc_new_tfilter and another qdisc is root-attached), a shared leaf_qdisc may have q.qlen > 0 while...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000993)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000993 advisory. The batadvfragmergepackets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001188)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001188 advisory. The omninetopen function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service tty exhaustion by leveragi...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001635)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001635 advisory. In l2tpsessiondelete and related functions of l2tpcore.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privile...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000646)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000646 advisory. The sndtimerinterrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001396)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001396 advisory. ext4emptydir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4readdirblockinode,0,DIRENTHTREE can be zero. Tenable...

ocfs2: fix kernel BUG in ocfs2_find_victim_chain

...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001819)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001819 advisory. arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACEPOKEUSRAREA...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001866)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001866 advisory. The 1 udprecvmsg and 2 udpv6recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a...

CVE-2025-68771

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix kernel BUG in ocfs2findvictimchain syzbot reported a kernel BUG in ocfs2findvictimchain because the clnextfreerec field of the allocation chain list next free slot in the chain list is 0, triggring the...

kernel: scsi: ses: Fix possible desc_ptr out-of-bounds accesses

A bounds-checking flaw was found in the Linux kernel Small Computer System Interface Enclosure Services driver in the way descriptor pointers are validated while processing enclosure data. Missing checks could allow an out-of-bounds access during parsing. A local user could use this flaw to crash...

CVE-2025-71065

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential deadlock As Jiaming Zhang and syzbot reported, there is potential deadlock in f2fs as below: Chain exists of: &sbi-cprwsem -- fsreclaim -- sbinternal2 Possible unsafe locking scenario: CPU0 CPU1 ----...

CVE-2025-68771

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix kernel BUG in ocfs2findvictimchain syzbot reported a kernel BUG in ocfs2findvictimchain because the clnextfreerec field of the allocation chain list next free slot in the chain list is 0, triggring the...

UBUNTU-CVE-2025-68769

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix return value of f2fsrecoverfsyncdata With below scripts, it will trigger panic in f2fs: mkfs.f2fs -f /dev/vdd mount /dev/vdd /mnt/f2fs touch /mnt/f2fs/foo sync echo 111 /mnt/f2fs/foo f2fsio fsync /mnt/f2fs/foo f2fsio...

CVE-2025-71096

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Check for the presence of LSNLATYPEDGID correctly The netlink response for RDMANLLSOPIPRESOLVE should always have a LSNLATYPEDGID attribute, it is invalid if it does not. Use the nl parsing logic properly and call...

CVE-2025-71085 ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()

In the Linux kernel, the following vulnerability has been resolved: ipv6: BUG in pskbexpandhead as part of calipsoskbuffsetattr There exists a kernel oops caused by a BUGONnhead INTMAX i.e. intskbheadroomskb + lendelta skbheadroomskb is meant to ensure that delta = headroom - skbheadroomskb is...

CVE-2025-68796

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid updating zero-sized extent in extent cache As syzbot reported: F2FS-fs loop0: updateextenttreerange: extent len is zero, type: 0, extent 0, 0, 0, age 0, 0 ------------ cut here ------------ kernel BUG at...

CVE-2025-68796

The CVE-2025-68796 entry concerns the Linux kernel's f2fs filesystem. A zero-sized extent could be added to the extent cache during error handling in f2fs_zero_range, leading to a potential invalid state observed as a kernel BUG in fs/f2fs/extent_cache.c. The publicly documented fix is to avoid i...

CVE-2025-68771 ocfs2: fix kernel BUG in ocfs2_find_victim_chain

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix kernel BUG in ocfs2findvictimchain syzbot reported a kernel BUG in ocfs2findvictimchain because the clnextfreerec field of the allocation chain list next free slot in the chain list is 0, triggring the...