PT-2026-45039

Summary modules/sso/clients.php validates an adm csrf token on every state-changing branch except enable. The enable case loads the SAML or OIDC client by UUID, calls $client-enable$enabled, and persists the new state with no token check. Because the action is reachable via plain GET parameters, ...

CVE-2026-43392

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix starvation of scxenable under fair-class saturation During scxenable, the READY - ENABLED task switching loop changes the calling thread's schedclass from fair to ext. Since fair has higher priority than ext,...

CVE-2026-43392

Summary (CVE-2026-43392) : In the Linux kernel, the sched_ext vulnerability causes a potential DoS by starving the enable path in scx_enable() when fair-class workloads saturate the system. The root cause is a switch of the calling thread’s sched_class from fair to ext during the READY→ENABLED lo...

kernel: PCI/MSI: Handle lack of irqdomain gracefully

In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Handle lack of irqdomain gracefully Alexandre observed a warning emitted from pcimsisetupmsiirqs on a RISCV platform which does not provide PCI/MSI support: WARNING: CPU: 1 PID: 1 at drivers/pci/msi/msi.h:121...

CVE-2024-56674 virtio_net: correct netdev_tx_reset_queue() invocation point

In the Linux kernel, the following vulnerability has been resolved: virtionet: correct netdevtxresetqueue invocation point When virtnetclose is followed by virtnetopen, some TX completions can possibly remain unconsumed, until they are finally processed during the first NAPI poll after the...

DEBIAN-CVE-2024-47704

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check linkres-hpodplinkenc before using it WHAT & HOW Functions dpenablelinkphy and dpdisablelinkphy can pass linkres without initializing hpodplinkenc and it is necessary to check for null before dereferencing...