OPENSUSE-SU-2026:20855-1 Security update for ffmpeg-4

This update for ffmpeg-4 fixes the following issues: Changes in ffmpeg-4: - Add check for the return value of avmallocarray to avoid potential NULL pointer dereference. CVE-2025-10256, bsc1249431 - Update to version 4.4.7: Codecs, filters and other various bugfixes aacenctns: clamp filter directi...

SUSE CVE-2026-46234

In the Linux kernel, the following vulnerability has been resolved: vsock: fix buffer size clamping order In vsockupdatebuffersize, the buffer size was being clamped to the maximum first, and then to the minimum. If a user sets a minimum buffer size larger than the maximum, the minimum check...

Linux Distros Unpatched Vulnerability : CVE-2026-46234

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vsock: fix buffer size clamping order In vsockupdatebuffersize, the buffer size was being clamped to the maximum first, and then to the minimum. If a user sets ...

kernel: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events

In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdepread could write more bytes to the user buffer than requested, when a user provides a buffer smaller than the event header...

UBUNTU-CVE-2026-46232

In the Linux kernel, the following vulnerability has been resolved: HID: playstation: Clamp numtouchreports A device would never lie about the number of touch reports would it? If it does the loop in dualshock4parsereport will read off the end of the touchreports array, up to about 2 KiB for the...

CVE-2026-46234

In the Linux kernel, the following vulnerability has been resolved: vsock: fix buffer size clamping order In vsockupdatebuffersize, the buffer size was being clamped to the maximum first, and then to the minimum. If a user sets a minimum buffer size larger than the maximum, the minimum check...

CVE-2026-46232

In the Linux kernel, the following vulnerability has been resolved: HID: playstation: Clamp numtouchreports A device would never lie about the number of touch reports would it? If it does the loop in dualshock4parsereport will read off the end of the touchreports array, up to about 2 KiB for the...

CVE-2026-46232

In the Linux kernel, the following vulnerability has been resolved: HID: playstation: Clamp numtouchreports A device would never lie about the number of touch reports would it? If it does the loop in dualshock4parsereport will read off the end of the touchreports array, up to about 2 KiB for the...

CVE-2026-46123

Summary: CVE-2026-46123 affects the Linux kernel Bluetooth virtio_bt driver. The issue arises when virtbt_rx_work() skb_put(skb, len) uses an unvalidated len sourced from virtqueue_get_buf(), with the device exposing a 1000-byte RX buffer. Since alloc_skb() tailroom can exceed 1000, a malicious/b...

CVE-2026-46123 Bluetooth: virtio_bt: clamp rx length before skb_put

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: clamp rx length before skbput virtbtrxwork calls skbputskb, len where len comes directly from virtqueuegetbuf with no validation against the buffer we posted to the device. The RX skb is allocated in...

CVE-2026-46123

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: clamp rx length before skbput virtbtrxwork calls skbputskb, len where len comes directly from virtqueuegetbuf with no validation against the buffer we posted to the device. The RX skb is allocated in...

PT-2026-44357

In the Linux kernel, the following vulnerability has been resolved: vsock: fix buffer size clamping order In vsock update buffer size, the buffer size was being clamped to the maximum first, and then to the minimum. If a user sets a minimum buffer size larger than the maximum, the minimum check...

UBUNTU-CVE-2026-46064

In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix heap over-read in ibmasmsendi2omessage The ibmasmsendi2omessage function uses getdotcommandsize to compute the byte count for memcpytoio, but this value is derived from user-controlled fields in the dotcommandheader...

EUVD-2026-32446

In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix heap over-read in ibmasmsendi2omessage The ibmasmsendi2omessage function uses getdotcommandsize to compute the byte count for memcpytoio, but this value is derived from user-controlled fields in the dotcommandheader...

CVE-2026-46064

The CVE-2026-46064 issue affects the Linux kernel’s ibmasm path. The ibmasm_send_i2o_message() helper derives the memcpy_toio() byte count from user-controlled dot_command_header fields (command_size: u8, data_size: u16) via get_dot_command_size(), but does not validate against the actual allocat...

EUVD-2026-31830

FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...

CLSA-2026-1779271781 vim: Fix of 6 CVEs

CVE-2022-4292: also check winvalidanytab in didsetspelllang after SpellFileMissing autocmd - CVE-2023-4751: resetVIsualandresel at start of exbufferall to prevent UAF on Visual mark - CVE-2023-0054: bail out of dostringsub when vimregsub returns sublen = 0 - CVE-2022-2206: clamp cmdlinerow/msgrow...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: sched: Fixed out-of-bound access in uclamp. Util-clamp places tasks into different buckets based on their clamp values for performance reasons. However, the size of the buckets is currently computed using a rounding division, whi...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: netfs: Only call foliostartfscache once for each folio. If a network filesystem using netfs implements a clamplength function, it can set subrequest lengths that are smaller than the page size. When we loop through the folios in...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021546)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021546 advisory. In the Linux kernel, the following vulnerability has been resolved: thermal: intelpowerclamp: Use getcpu instead of smpprocessorid to avoid crash When CPU 0 is offli...