Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: vim (UTSA-2026-014266)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014266 advisory. Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens ...

PT-2026-34803

Name of the Vulnerable Software and Affected Versions melange versions 0.32.0 through 0.43.3 Description An attacker capable of influencing a configuration file, such as in build-as-a-service or pull-request-driven CI scenarios, can manipulate the pipeline.uses variable to include absolute paths ...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: jq (UTSA-2026-014275)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014275 advisory. jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions,...

Active Debug Code

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Active Debug Code via the git.json.php file. An attacker can obtain sensitive information, including developer email addresses, deployed commit hashes, and commit...

EUVD-2026-24855

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not skip unrelated mode changes in DSC validation Starting with commit 17ce8a6907f7 "drm/amd/display: Add dsc pre-validation in atomic check", amdgpu resets the CRTC state modechanged flag to false when...

EUVD-2026-24788

In the Linux kernel, the following vulnerability has been resolved: ext4: publish jinode after initialization ext4inodeattachjinode publishes ei-jinode to concurrent users. It used to set ei-jinode before jbd2journalinitjbdinode, allowing a reader to observe a non-NULL jinode with ivfsinode still...

EUVD-2026-24779

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: avoid use of half-online-committed context One major usage of damoncall is online DAMON parameters update. It is done by calling damoncommitctx inside the damoncall callback function. damoncommitctx can fail for tw...

CVE-2026-31450

In the Linux kernel, the following vulnerability has been resolved: ext4: publish jinode after initialization ext4inodeattachjinode publishes ei-jinode to concurrent users. It used to set ei-jinode before jbd2journalinitjbdinode, allowing a reader to observe a non-NULL jinode with ivfsinode still...

CVE-2026-31445

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: avoid use of half-online-committed context One major usage of damoncall is online DAMON parameters update. It is done by calling damoncommitctx inside the damoncall callback function. damoncommitctx can fail for tw...

CVE-2026-31450 ext4: publish jinode after initialization

In the Linux kernel, the following vulnerability has been resolved: ext4: publish jinode after initialization ext4inodeattachjinode publishes ei-jinode to concurrent users. It used to set ei-jinode before jbd2journalinitjbdinode, allowing a reader to observe a non-NULL jinode with ivfsinode still...

CVE-2026-31445

In CVE-2026-31445, the Linux kernel vulnerability stems from damon_commit_ctx() potentially failing during online DAMON parameter updates, leaving the damon_ctx partially updated or corrupted. The fix adds damon_ctx->maybe_corrupted and makes kdamond_call() and related code check this flag aft...

CVE-2026-31445 mm/damon/core: avoid use of half-online-committed context

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: avoid use of half-online-committed context One major usage of damoncall is online DAMON parameters update. It is done by calling damoncommitctx inside the damoncall callback function. damoncommitctx can fail for tw...

EUVD-2026-24626

Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes. Affected version is prior to commit 1.30.0...

EUVD-2026-24624

Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bounds access during loop state propagation. Affected version is prior to commit 1.30.0...

EUVD-2026-24620

Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid memory operations with large tensor shapes. Affected version is prior to commit 1.30.0...

EUVD-2026-24628

Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0...

EUVD-2026-24622

Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause incorrect memory initialization for large intermediate tensors. Affected version is prior to commit 1.30.0...

EUVD-2026-24616

Integer overflow in buffer size calculation could result in out of bounds memory access when handling large tensors in Samsung Open Source ONE. Affected version is prior to commit 1.30.0...

CVE-2026-41667

Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes. Affected version is prior to commit 1.30.0...

CVE-2026-6839

Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0...