CVE-2025-36194 This Power System update is being released to address

IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 may expose a limited amount of data to a peer partition in specific shared processor configurations during certain operations...

CVE-2025-36194

Summary: CVE-2025-36194 affects IBM PowerVM Hypervisor. The hypervisor may expose a limited amount of data to a peer partition in specific shared processor configurations during certain operations. Affected versions: PowerVM Hypervisor FW1110.00–FW1110.03, FW1060.00–FW1060.51, and FW950.00–FW950....

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

CVE-2025-47359 Use After Free in Secure Processor

Memory Corruption when multiple threads simultaneously access a memory free API...

CVE-2025-47359 Use After Free in Secure Processor

Memory Corruption when multiple threads simultaneously access a memory free API...

CVE-2025-47359

Technical details are not publicly available in the provided documents; monitor for updates.

CVE-2025-47358 Use After Free in Secure Processor

Memory Corruption when user space address is modified and passed to memfree API, causing kernel memory to be freed inadvertently...

CVE-2025-47358

CVE-2025-47358 describes a memory corruption/use-after-free scenario where a modified user-space address passed to mem_free leads to inadvertent kernel memory being freed. Multiple sources identify the issue in the Secure Processor family, with the underlying cause being improper handling of user...

CVE-2025-47358 Use After Free in Secure Processor

Memory Corruption when user space address is modified and passed to memfree API, causing kernel memory to be freed inadvertently...

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

IBM PowerVM Hypervisor 安全漏洞

The IBM PowerVM Hypervisor is a software application developed by International Business Machines IBM. It provides a secure and scalable virtualization environment. These applications are built based on the advanced RAS capabilities and leading performance of the Power Systems platform. Security...

PT-2026-5698

IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 may expose a limited amount of data to a peer partition in specific shared processor configurations during certain operations...

CVE-2026-23028

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvmdevice leak in kvmipidestroy In kvmioctlcreatedevice, kvmdevice has allocated memory, kvmdevice-destroy seems to be supposed to free its kvmdevice struct, but kvmipidestroy is not currently doing this, that...

CVE-2026-23028 LoongArch: KVM: Fix kvm_device leak in kvm_ipi_destroy()

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvmdevice leak in kvmipidestroy In kvmioctlcreatedevice, kvmdevice has allocated memory, kvmdevice-destroy seems to be supposed to free its kvmdevice struct, but kvmipidestroy is not currently doing this, that...

CVE-2026-23025

In the Linux kernel, the following vulnerability has been resolved: mm/pagealloc: prevent pcp corruption with SMP=n The kernel test robot has reported: BUG: spinlock trylock failure on UP on CPU0, kcompactd0/28 lock: 0xffff888807e35ef0, .magic: dead4ead, .owner: kcompactd0/28, .ownercpu: 0 CPU: 0...

CVE-2026-1188

In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this function was incorrectly sized, failing to...

SUSE SLES12 Security Update : xen (SUSE-SU-2026:0328-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0328-1 advisory. Security fixes: - CVE-2025-58150: Fixed buffer overrun with shadow paging and tracing XSA-477 bsc1256745 - CVE-2026-23553: Fixed incomplete IBP...

CVE-2026-1188

In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this function was incorrectly sized, failing to...

CVE-2026-1188

In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this function was incorrectly sized, failing to...