CVE-2026-31389

A flaw was found in the Linux kernel's Serial Peripheral Interface SPI subsystem. During controller registration, a use-after-free vulnerability can occur if the allocation of per-CPU statistics fails. This could allow a local attacker to cause system instability or a denial of service by accessi...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization debug log endpoint in the API server. An attacker can access sensitive log data belonging to any entity across any model by compromising a workload machine under the controller. Remediation A fix was pushed into...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the resource handler. An attacker can gain unauthorized access and modify application resources across the entire controller by leveraging authenticated access as a user, machine, or controller. Remediation A...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the resource handler. An attacker can gain unauthorized access and modify application resources across the entire controller by leveraging authenticated access as a user, machine, or controller. Remediation A...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the resource handler. An attacker can gain unauthorized access and modify application resources across the entire controller by leveraging authenticated access as a user, machine, or controller. Remediation A...

CVE-2026-2699

Customer Managed ShareFile Storage Zones Controller SZC allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution...

CVE-2026-23475

In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a...

CVE-2026-23464

In the Linux kernel, the following vulnerability has been resolved: soc: microchip: mpfs: Fix memory leak in mpfssyscontrollerprobe In mpfssyscontrollerprobe, if ofgetmtddevicebynode fails, the function returns immediately without freeing the allocated memory for syscontroller, leading to a memor...

CVE-2025-68153

Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, any authenticated user, machine or controller under a Juju...

CVE-2025-68152

Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, it is possible that a compromised workload machine under a Juju...

CVE-2025-68153

Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, any authenticated user, machine or controller under a Juju...

CVE-2026-23434

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: serialize lock/unlock against other NAND operations nandlock and nandunlock call into chip-ops.lockarea/unlockarea without holding the NAND device lock. On controllers that implement SETFEATURES via multiple low-lev...

CVE-2026-23475

In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a...

UBUNTU-CVE-2026-23475

In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a...

UBUNTU-CVE-2026-31389

In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free of...

CVE-2025-68152

Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, it is possible that a compromised workload machine under a Juju...

UBUNTU-CVE-2026-23467

In the Linux kernel, the following vulnerability has been resolved: drm/i915/dmc: Fix an unlikely NULL pointer deference at probe inteldmcupdatedc6allowedcount oopses when DMC hasn't been initialized, and dmc is thus NULL. That would be the case when the call path is intelpowerdomainsinithw -...

CVE-2025-68153 Juju: Resource poisoning

Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, any authenticated user, machine or controller under a Juju...

CVE-2025-68153 Juju: Resource poisoning

Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, any authenticated user, machine or controller under a Juju...

CVE-2025-68153

Juju vulnerability CVE-2025-68153 affects Juju versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19. An authenticated user, a machine, or a controller within a Juju controller could modify resources of an application across the entire controller. The issue is mitigated by upgrades to 2.9.56 or ...