Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003537)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003537 advisory. An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an blkdrainqueue use-after-free because a certain error case is mishandled...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003556)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003556 advisory. The blkcginitqueue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service double free or possibly have...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003211)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003211 advisory. Race condition in the queuedelete function in sound/core/seq/seqqueue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service use-after-fr...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002621)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002621 advisory. An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an blkdrainqueue use-after-free because a certain error case is mishandled...

CVE-2024-48077

Nanomq v0.22.7 is affected by a DoS via a crafted request that causes the recv-q queue to grow, leading to broker deadlock and service disruption. The public sources (NVD/Red Hat OSV/PT-Security/etc.) describe the impact but do not provide a confirmed patched version; one PT-Security entry explic...

CVE-2025-71064

In the Linux kernel, the following vulnerability has been resolved: net: hns3: using the numtqps in the vf driver to apply for resources Currently, hdev-htqp is allocated using hdev-numtqps, and kinfo-tqp is allocated using kinfo-numtqps. However, kinfo-numtqps is set to minnewtqps, hdev-numtqps;...

Arbitrary Code Injection

Overview algolia/algoliasearch-magento-2 is an Algolia Search & Discovery extension for Magento 2 Affected versions of this package are vulnerable to Arbitrary Code Injection via the job execution process. An attacker can execute arbitrary PHP code by injecting malicious data into the database...

GHSA-595P-G7XC-C333 Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling

Impact Versions of the Algolia Search & Discovery extension for Magento 2 prior to 3.17.2 and 3.16.2 contain a vulnerability where data read from the database was treated as a trusted source during job execution. If an attacker is able to modify records used by the extension’s indexing queue, thi...

Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling

Impact Versions of the Algolia Search & Discovery extension for Magento 2 prior to 3.17.2 and 3.16.2 contain a vulnerability where data read from the database was treated as a trusted source during job execution. If an attacker is able to modify records used by the extension’s indexing queue, thi...

CVE-2025-71117

In the Linux kernel, the following vulnerability has been resolved: block: Remove queue freezing from several sysfs store callbacks Freezing the request queue from inside sysfs store callbacks may cause a deadlock in combination with the dm-multipath driver and the queueifnopath option...

CVE-2025-71117

In the Linux kernel, the following vulnerability has been resolved: block: Remove queue freezing from several sysfs store callbacks Freezing the request queue from inside sysfs store callbacks may cause a deadlock in combination with the dm-multipath driver and the queueifnopath option...

UBUNTU-CVE-2025-71117

In the Linux kernel, the following vulnerability has been resolved: block: Remove queue freezing from several sysfs store callbacks Freezing the request queue from inside sysfs store callbacks may cause a deadlock in combination with the dm-multipath driver and the queueifnopath option...

CVE-2025-71117 block: Remove queue freezing from several sysfs store callbacks

In the Linux kernel, the following vulnerability has been resolved: block: Remove queue freezing from several sysfs store callbacks Freezing the request queue from inside sysfs store callbacks may cause a deadlock in combination with the dm-multipath driver and the queueifnopath option...

CVE-2025-71117

In the Linux kernel, the following vulnerability has been resolved: block: Remove queue freezing from several sysfs store callbacks Freezing the request queue from inside sysfs store callbacks may cause a deadlock in combination with the dm-multipath driver and the queueifnopath option...

CVE-2025-71117 block: Remove queue freezing from several sysfs store callbacks

In the Linux kernel, the following vulnerability has been resolved: block: Remove queue freezing from several sysfs store callbacks Freezing the request queue from inside sysfs store callbacks may cause a deadlock in combination with the dm-multipath driver and the queueifnopath option...

CVE-2025-71117

In the Linux kernel, the following vulnerability has been resolved: block: Remove queue freezing from several sysfs store callbacks Freezing the request queue from inside sysfs store callbacks may cause a deadlock in combination with the dm-multipath driver and the queueifnopath option...

kernel: can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock

A vulnerability was found in the Linux kernel's Controller Area Network CAN protocol, within the J1939 protocol implementation. This issue occurs due to a potential deadlock caused by a race condition involving three locks: j1939sockslock, activesessionlistlock, and sksessionqueuelock. This issue...

kernel: i40e: add validation for ring_len param

A flaw was identified in the Intel “i40e” Ethernet driver in the Linux Kernel where the ringlen parameter supplied by a VF virtual function is passed unchecked to the hardware memory context. If a malicious Virtual function provides a too-large or misaligned ringlen, it may allow the device to...

kernel: i40e: fix idx validation in config queues msg

A flaw was found in the Linux kernel in the Intel i40e network driver such that in the function i40evcconfigqueuesmsg, when iterating over vf-chidx, the idx value is not properly validated against the range of active/initialized traffic classes TCs. An attacker with local privileges could supply ...

SUSE CVE-2025-71064

In the Linux kernel, the following vulnerability has been resolved: net: hns3: using the numtqps in the vf driver to apply for resources Currently, hdev-htqp is allocated using hdev-numtqps, and kinfo-tqp is allocated using kinfo-numtqps. However, kinfo-numtqps is set to minnewtqps, hdev-numtqps;...