CVE-2026-43326 sched_ext: Fix SCX_KICK_WAIT deadlock by deferring wait to balance callback

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix SCXKICKWAIT deadlock by deferring wait to balance callback SCXKICKWAIT busy-waits in kickcpusirqworkfn using smpcondloadacquire until the target CPU's kicksync advances. Because the irqwork runs in hardirq context,...

CVE-2026-43294 drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panels

In the Linux kernel, the following vulnerability has been resolved: drm: renesas: rz-du: mipidsi: fix kernel panic when rebooting for some panels Since commit 56de5e305d4b "clk: renesas: r9a07g044: Add MSTOP for RZ/G2L" we may get the following kernel panic, for some panels, when rebooting:...

PT-2026-38978

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A locking and synchronization error exists in the USB dummy-hcd component. A race condition can occur between a USB reset and a driver unbind process. Specifically, the stop activity...

PT-2026-38988

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference in dcn401 init hw dcn401 init hw assumes that update bw bounding box is valid when entering the update path. However, the existing condition: !fams2 enable && update bw bounding box |...

PT-2026-38977

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock occurs in the sched ext component due to the SCX KICK WAIT mechanism. The kick cpus irq workfn function performs a busy-wait using smp cond load acquire until the target CPU's...

Linux Distros Unpatched Vulnerability : CVE-2026-43326

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - schedext: Fix SCXKICKWAIT deadlock by deferring wait to balance callback SCXKICKWAIT busy-waits in kickcpusirqworkfn using smpcondloadacquire until the target...

Linux Distros Unpatched Vulnerability : CVE-2026-43327

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - USB: dummy-hcd: Fix locking/synchronization error Syzbot testing was able to provoke an addressing exception and crash in the usbgadgetudcreset routine in...

PT-2026-39250

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The Network Exposure Function NEF in free5GC mounts the 'nnef-callback' route group without inbound OAuth2 or bearer-token authorization. This allows an attacker to reach the SMF-callback handler usi...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the spirockchip-sfc component calling spiunregistercontroller in the remove callback, resulting in doub...

pyOpenSSL: DTLS cookie callback buffer overflow

A flaw was found in pyOpenSSL. The setcookiegeneratecallback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a...

pyOpenSSL: DTLS cookie callback buffer overflow

A flaw was found in pyOpenSSL. The setcookiegeneratecallback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a...

pyOpenSSL: DTLS cookie callback buffer overflow

A flaw was found in pyOpenSSL. The setcookiegeneratecallback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a...

CLSA-2026-1778148827 nghttp2: Fix of CVE-2023-35945

CVE-2023-35945: fix memory leak in nghttp2sessionmemsendinternal when onstreamclosecallback returns a fatal error during send-failure handling...

SUSE CVE-2026-43056

In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free in addadev error path If auxiliarydeviceadd fails, addadev jumps to addfail and calls auxiliarydeviceuninitadev. The auxiliary device has its release callback set to adevrelease, which frees the...

GHSA-FCX8-PH5R-MXR4 Flight has reflected XSS through an unvalidated JSONP callback in Flight::jsonp()

Summary Flight::jsonp concatenates the ?jsonp= query parameter directly into an application/javascript response body without validating that the value is a legal JavaScript identifier. An attacker can inject arbitrary JavaScript that executes in the response origin, enabling reflected cross-site...

Flight has reflected XSS through an unvalidated JSONP callback in Flight::jsonp()

Summary Flight::jsonp concatenates the ?jsonp= query parameter directly into an application/javascript response body without validating that the value is a legal JavaScript identifier. An attacker can inject arbitrary JavaScript that executes in the response origin, enabling reflected cross-site...

CVE-2026-44109 OpenClaw < 2026.4.15 - Authentication Bypass in Feishu Webhook and Card-Action Validation

OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to reach command dispatch. Missing encryptKey configuration and blank callback tokens fail open instead of rejecting requests, enabling...

CVE-2026-44109

OpenClaw CVE-2026-44109 affects OpenClaw prior to 2026.4.15, with an authentication bypass in Feishu webhook and card-action validation. The issue arises from a missing encryptKey configuration and blank callback tokens that fail open, allowing unauthenticated requests to reach command dispatch a...

EUVD-2026-27672

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix double destroyworkqueue on service rescan PCI path While testing corner cases in the driver, a use-after-free crash was found on the service rescan PCI path. When manaservreset calls managdsuspend, managdcleanup...

EUVD-2026-27761

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix swapped parameters in pciprimary/secondaryepcepfunlink functions struct configfsitemoperations callbacks are defined like the following: int allowlinkstruct configitem src, struct configitem target; void...