CLSA-2026-1780062116 Fix CVE(s): CVE-2026-41035

SECURITY UPDATE: use-after-free in receivexattr - debian/patches/CVE-2026-41035.patch: replace stale local 'count' with tempxattr.count in the qsort call inside receivexattr, so the sort uses the live size of the rebuilt xattr items list; victim must run rsync with -X / --xattrs - CVE-2026-41035...

SUSE CVE-2026-46197

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: validate SVM ioctl nattr against buffer size Validate nattr field against the buffer size, preventing out-of-bounds buffer access via user-controlled attribute count. cherry picked from commit...

CVE-2026-46197

A flaw was found in the Linux kernel. A local attacker could exploit an out-of-bounds buffer access vulnerability in the AMDGPU kernel driver by providing a specially crafted attribute count during SVM ioctl operations. This improper validation could allow the attacker to cause a system crash,...

CVE-2026-46197

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: validate SVM ioctl nattr against buffer size Validate nattr field against the buffer size, preventing out-of-bounds buffer access via user-controlled attribute count. cherry picked from commit...

CVE-2026-43168

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix reflink preserve cleanup issue commit c06c303832ec "ocfs2: fix xattr array entry countedby error" doesn't handle all cases and the cleanup job for preserved xattr entries still has bug: - the 'last' pointer should be...

SAMSUNG Mobile Chipset 缓冲区错误漏洞

SAMSUNG Mobile Chipset is a series of chips from the South Korean company Samsung SAMSUNG. A security vulnerability exists in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos Auto T5124, which stems from an incorrect checking of the number o...