656 matches found
EUVD-2026-40981
In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix driver removal with disabled KMS DRM atomic and modesetting aren't initialized if virtio-gpu driver built with disabled KMS, leading to access of uninitialized data on driver removal/unbinding and crashing kernel...
CVE-2026-43676
CVE-2026-43676 affects WebKit-related components used in Safari/WebKit on macOS Tahoe and iOS/iPadOS, with an out-of-bounds access issue addressed by improved bounds checking. The vulnerability leads to potential crashes when processing malicious web content, and is fixed in Safari 26.5.2 (and re...
PT-2026-53716
Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A use-after-free issue, which occurs when a program continues to use a pointer after it has been free...
SUSE CVE-2026-53282
In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Push kjump return address even for non-kjump kexec The version of purgatory code shipped by kexec-tools attempts to look above the top of its stack to find a return address for a kjump, even in a non-kjump kexec. After...
SUSE CVE-2026-53291
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/conexant: Fix missing error check for jack detection In cxprobe, the return value of sndhdajackdetectenablecallback is ignored. This function returns a pointer, and if it fails e.g., due to memory allocation failure, it...
PT-2026-52946
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the pinconf generic parse dt pinmux function where it assumes the pinmux property is not empty when present. If the pinmux property is empty, the allocator returns a...
SUSE-SU-2026:22203-1 Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues Update to version 2.52.4: - CVE-2026-28847: processing maliciously crafted web content may lead to an unexpected process crash or arbitrary code execution due to a heap buffer overflow bsc1267506. - CVE-2026-28883: processing maliciously...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: crypto: akcipher – default implementation for setting a private key Changes from v1: - The default implementation of setpubkey was removed. It is assumed that an implementation must always have this callback defined, as there are...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: Replace physindev with physinif in nfbridgeinfo. A skb can be added to the neigh-arpqueue while waiting for an arp reply. In this case, the skb’s skb-dev may differ from the neigh-dev of the destination. For...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5: Properly linking new fs rules into the tree Previously, addrulefg would only add newly created rules from the handle into the tree when their refcount was 1. On the other hand, createflowhandle attempts to find and...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: Check whether the crossbar pad is non-NULL before accessing it. When translating source streams to sink streams in the crossbar subdev mechanism, the driver attempts to locate the remote subdev connected to...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Keys: Fixed the issue of linking a duplicate key to a keyring’s assocarray. When making a DNS query within the kernel using dnsquery, the request code can, in rare cases, create a duplicate index key in the assocarray of the...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Set merge to zero early in afalgsendmsg. If an error causes afalgsendmsg to abort, ctx-merge may contain a garbage value from the previous loop. This could lead to a crash when afalgsendmsg attempts to perform a...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Synchronize interrupts before suspending the GPU. The runtime PM suspend callback does not know whether the IRQ handler is in progress on a different CPU core and therefore does not wait for it to finish. Dependi...
SUSE CVE-2026-28883
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash...
SUSE CVE-2026-28947
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash...
CVE-2026-46271
CVE-2026-46271 concerns the Linux kernel ath12k Wi‑Fi driver. When a multi‑link connection is active, WoW offloads were enabled on both the primary and secondary links, potentially crashing firmware on WCN7850 devices (denial of service). The fix changes WoW offloads to run only on the primary li...
UBUNTU-CVE-2026-46184
In the Linux kernel, the following vulnerability has been resolved: sound: ua101: fix division by zero at probe Add a missing sanity check for bNrChannels in detectusbformat to prevent a division by zero in playbackurbcomplete and captureurbcomplete. USB core does not validate class-specific...
CVE-2026-45969
In the Linux kernel, the following vulnerability has been resolved: HID: playstation: Add missing check for inputffcreatememless The psgamepadcreate function calls inputffcreatememless without verifying its return value, which can lead to incorrect behavior or potential crashes when FF effects ar...
CVE-2026-46016 remoteproc: xlnx: Only access buffer information if IPI is buffered
In the Linux kernel, the following vulnerability has been resolved: remoteproc: xlnx: Only access buffer information if IPI is buffered In the receive callback check if message is NULL to prevent possibility of crash by NULL pointer dereferencing...