SUSE CVE-2026-45930

In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar @farazsth98 from Zellic, and Pumpkin @u1f383 from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTMGETNEIGH will return...

CVE-2026-45930

In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar @farazsth98 from Zellic, and Pumpkin @u1f383 from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTMGETNEIGH will return...

CVE-2026-45930

In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar @farazsth98 from Zellic, and Pumpkin @u1f383 from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTMGETNEIGH will return...

CVE-2026-43107

In the Linux kernel, the following vulnerability has been resolved: xfrm: account XFRMAIFID in aevent size calculation xfrmgetae allocates the reply skb with xfrmaeventmsgsize, then buildaevent appends attributes including XFRMAIFID when x-ifid is set. xfrmaeventmsgsize does not include space for...

SUSE CVE-2026-43035

In the Linux kernel, the following vulnerability has been resolved: net: sched: clsapi: fix tcchainfillnode to initialize tcminfo to zero to prevent an info-leak When building netlink messages, tcchainfillnode never initializes the tcminfo field of struct tcmsg. Since the allocation is not zeroed...

CVE-2026-43035

The CVE affects the Linux kernel net: sched: cls_api code path tc_chain_fill_node, where tcm_info in struct tcmsg was not initialized, leaking heap memory to userspace via a 4-byte field. The fix zeros tcm_info alongside other initialized fields. Affected/patched details from connected docs: upst...

CVE-2026-43035 net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak

In the Linux kernel, the following vulnerability has been resolved: net: sched: clsapi: fix tcchainfillnode to initialize tcminfo to zero to prevent an info-leak When building netlink messages, tcchainfillnode never initializes the tcminfo field of struct tcmsg. Since the allocation is not zeroed...

SUSE CVE-2026-31531

In the Linux kernel, the following vulnerability has been resolved: ipv4: nexthop: allocate skb dynamically in rtmgetnexthop When querying a nexthop object via RTMGETNEXTHOP, the kernel currently allocates a fixed-size skb using NLMSGGOODSIZE. While sufficient for single nexthops and small...

PT-2026-36452

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An information leak occurs in the Linux kernel when building netlink messages. The tc chain fill node function fails to initialize the tcm info field of the struct tcmsg structure. Becau...

CVE-2026-23186

In the Linux kernel, the following vulnerability has been resolved: hwmon: acpipowermeter Fix deadlocks related to acpipowermeternotify The acpipowermeter driver's .notify callback function, acpipowermeternotify, calls hwmondeviceunregister under a lock that is also acquired by callbacks in sysfs...

UBUNTU-CVE-2026-23186

In the Linux kernel, the following vulnerability has been resolved: hwmon: acpipowermeter Fix deadlocks related to acpipowermeternotify The acpipowermeter driver's .notify callback function, acpipowermeternotify, calls hwmondeviceunregister under a lock that is also acquired by callbacks in sysfs...

CVE-2026-23186

CVE-2026-23186 pertains to the Linux kernel hwmon driver for the ACPI power meter. The issue arises when acpi_power_meter_notify() calls hwmon_device_unregister() while holding a lock also acquired by sysfs callbacks, creating potential deadlocks between sysfs access and device removal. Fixes inc...

EUVD-2026-5856

In the Linux kernel, the following vulnerability has been resolved: hwmon: acpipowermeter Fix deadlocks related to acpipowermeternotify The acpipowermeter driver's .notify callback function, acpipowermeternotify, calls hwmondeviceunregister under a lock that is also acquired by callbacks in sysfs...

CVE-2026-23186

In the Linux kernel, the following vulnerability has been resolved: hwmon: acpipowermeter Fix deadlocks related to acpipowermeternotify The acpipowermeter driver's .notify callback function, acpipowermeternotify, calls hwmondeviceunregister under a lock that is also acquired by callbacks in sysfs...

PT-2026-8194

In the Linux kernel, the following vulnerability has been resolved: hwmon: acpi power meter Fix deadlocks related to acpi power meter notify The acpi power meter driver's .notify callback function, acpi power meter notify, calls hwmon device unregister under a lock that is also acquired by...

Azure Linux 3.0 Security Update: kernel (CVE-2025-22075)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22075 advisory. - In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Allocate vfinfo size for VF...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001237)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001237 advisory. The XFRM dump policy implementation in net/xfrm/xfrmuser.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004078)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004078 advisory. A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlin...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004234)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004234 advisory. A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlin...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001495)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001495 advisory. An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsitransportiscsi.c is adversely affected by the ability of an unprivileged user to craft...