CVE-2026-53270

CVE-2026-53270 in the Linux kernel's IPVS path is resolved by clearing the svc->scheduler pointer early during unbind and edit operations. Specifically, in ip_vs_unbind_scheduler(), the scheduler pointer is cleared before the done_service method schedules any RCU callbacks, preventing packets ...

EUVD-2026-39221

In the Linux kernel, the following vulnerability has been resolved: ipvs: clear the svc scheduler ptr early on edit ipvseditservice while unbinding the old scheduler clears the svc-scheduler ptr after the scheduler module initiates RCU callbacks. This can cause packets to use the old scheduler at...

EUVD-2026-39245

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: restore reservation on error in hugetlb folio copy paths Two sites in mm/hugetlb.c allocate a hugetlb folio via allochugetlbfolio consuming a VMA reservation and then call copyuserlargefolio, which became int-returnin...

CVE-2026-53154

CVE-2026-53154 concerns the Linux kernel mm/hugetlb subsystem. The fix restores the per-VMA hugetlb reservation on error during hugetlb folio copy paths (specifically after alloc_hugetlb_folio() and before folio_put()), preventing leaked reservations that could cause a subsequent fault to encount...

EUVD-2026-39234

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11 The v11 MQD manager incorrectly assigned the CP-compute variants of checkpointmqd/restoremqd for KFDMQDTYPESDMA queues. These functions use sizeofstruct...

CVE-2026-53143

CVE-2026-53143 affects the Linux kernel DRM/amdkfd path for SDMA queues on GFX11. The v11 MQD manager incorrectly reused the 2048-byte v11_compute_mqd path for SDMA queues, causing a 1536-byte overflow when checkpointing and restoring MQDs (CRIU context). This led to leaking adjacent GTT memory d...

Important: Red Hat Security Advisory: Red Hat OpenShift API for Data Protection

A new version of OpenShift API for Data Protection OADP is now available. OpenShift API for Data Protection OADP enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and...

CVE-2026-54226

CVE-2026-54226 — Apache Kvrocks (RESTORE IntSet Integer Overflow) * Affects Kvrocks versions 2.6.0 through 2.15.0. The entry title indicates an integer overflow in RESTORE IntSet that can lead to a remote DoS. The fix is to upgrade to version 2.16.0. No exploitation details or in-the-wild status ...

Emlog 2.1.9 - SQL Injection

emlog v2.1.9 contains a SQL injection caused by unsanitized input in the data backup/restore functionality, allowing attackers to execute arbitrary SQL commands through crafted backup files. id: CVE-2023-39121 info: name: Emlog 2.1.9 - SQL Injection author: wjch611 severity: high description: |...

CVE-2026-52923

A flaw was found in the Linux kernel. The ipcidralloc function, used in the checkpoint/restore path for SysV Inter-Process Communication IPC ID allocation, does not properly limit ID allocation to the valid range. This can result in the system attempting to dereference freed memory, leading to a...

EUVD-2026-38726

In the Linux kernel, the following vulnerability has been resolved: ipc: limit nextid allocation to the valid ID range The checkpoint/restore sysctl path can request the next SysV IPC id through ids-nextid. ipcidralloc currently forwards that request to idralloc with an open-ended upper bound. If...

CVE-2026-52923

CVE-2026-52923 concerns the Linux kernel and a bug in the checkpoint/restore path related to SysV IPC id allocation. The issue occurs when ids->next_id is passed to idr_alloc() with an open-ended upper bound, allowing the valid tail of the IPC id space to spill past ipc_mni. The result can be ...

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

Important: Red Hat Security Advisory: redis:7 security update

An update for the redis:7 module is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

GHSA-WJ3P-5H3X-C74Q vulnerabilities

Vulnerabilities for packages: backup-restore-operator, backup-restore-operator-fips...

CVE-2025-62879 vulnerabilities

Vulnerabilities for packages: backup-restore-operator, backup-restore-operator-fips...

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

CVE-2026-41048

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot"...

EUVD-2026-38272

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot"...

CVE-2026-41048

CVE-2026-41048 describes an authentication caching bug in qSnapper prior to version 1.3.3 where caching between different polkit methods could allow a local attacker to perform privileged actions (e.g., restore from a snapshot) even when the user should only be able to delete snapshots. Affected ...