CVE-2026-43299

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT when the fs flips RO inside btrfsrepairiofailure BUG There is a bug report that when btrfs hits ENOSPC error in a critical path, btrfs flips RO this part is expected, although the ENOSPC bug still needs to be...

CVE-2026-43297 media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init()

In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rga: Fix possible ERRPTR dereference in rgabufinit rgagetframe can return ERRPTR-EINVAL when buffer type is unsupported or invalid. rgabufinit does not check the return value and unconditionally dereferences the...

CVE-2026-43297

The CVE-2026-43297 issue affects the Linux kernel rockchip: rga driver. rga_get_frame() can return ERR_PTR(-EINVAL) for unsupported/invalid buffer types, and rga_buf_init() may dereference that pointer without checking the error, leading to a crash. The fix adds proper ERR_PTR checking in rga_buf...

CVE-2026-43297

In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rga: Fix possible ERRPTR dereference in rgabufinit rgagetframe can return ERRPTR-EINVAL when buffer type is unsupported or invalid. rgabufinit does not check the return value and unconditionally dereferences the...

CVE-2026-43290

Summary (CVE-2026-43290) A flaw in the Linux kernel's media subsystem (uvcvideo) can occur when start_streaming() fails due to an error in uvc_pm_get(), causing queued buffers to not be returned. The issue can lead to system instability or a denial of service by triggering a USB host controller f...

CVE-2026-43290 media: uvcvideo: Return queued buffers on start_streaming() failure

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Return queued buffers on startstreaming failure Return buffers if streaming fails to start due to uvcpmget error. This bug may be responsible for a warning I got running while :; do yavta -c3 /dev/video0; done on...

CVE-2025-71299 spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing

In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing The recent refactoring of where runtime PM is enabled done in commit f1eb4e792bb1 "spi: spi-cadence-quadspi: Enable pm runtime earlier to avoid imbalance"...

CVE-2025-71299

CVE-2025-71299 affects the Linux kernel driver spi_cadence_quadspi. The root cause is a runtime PM interaction during probe: a pm_runtime_disable in error paths could lead to duplicate clock disables when PM is active, especially with missing/broken DT descriptions for flash devices. The document...

CVE-2026-8149 GCM chunking can lead to bad tag exception on decryption

A vulnerability in Legion of the Bouncy Castle Inc. BC-LTS on Linux, X8664, AVX, AVX-512f. This vulnerability is associated with program files gcm128w, gcm512w. This issue affects BC-LTS: from 2.73.0 before 2.73.11...

CVE-2026-8149 GCM chunking can lead to bad tag exception on decryption

A vulnerability in Legion of the Bouncy Castle Inc. BC-LTS on Linux, X8664, AVX, AVX-512f. This vulnerability is associated with program files gcm128w, gcm512w. This issue affects BC-LTS: from 2.73.0 before 2.73.11...

[slackware-security] libgpg-error

New libgpg-error packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libgpg-error-1.61-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues: Fix possible stack overflow in...

SUSE CVE-2026-31737

In the Linux kernel, the following vulnerability has been resolved: net: ftgmac100: fix ring allocation unwind on open failure ftgmac100allocrings allocates rxskbs, txskbs, rxdes, txdes, and rxscratch in stages. On intermediate failures it returned -ENOMEM directly, leaking resources allocated...

SUSE CVE-2026-43150

In the Linux kernel, the following vulnerability has been resolved: perf/arm-cmn: Reject unsupported hardware configurations So far we've been fairly lax about accepting both unknown CMN models at least with a warning, and unknown revisions of those which we do know, as although things do...

SUSE CVE-2026-43211

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix pcislottrylock error handling Commit a4e772898f8b "PCI: Add missing bridge lock to pcibuslock" delegates the bridge device's pcidevtrylock to pcibustrylock in pcislottrylock, but it forgets to remove the corresponding...

SUSE CVE-2026-43282

In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic: Fix potential NULL pointer dereference in ionicqueryport The function ionicqueryport calls ibdevicegetnetdev without checking the return value which could lead to NULL pointer dereference, Fix it by checking the retur...

PT-2026-39066

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the libceph component where the ceph monmap decode function uses signed int variables for blob len and num mon. Because these variables are intended to hold non-negati...

Linux Distros Unpatched Vulnerability : CVE-2026-43466

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery In case of a TX error CQE, a recovery flow is triggered, mlx5eresettxqsqccpc resets dmafifocc to 0 but n...

Linux Distros Unpatched Vulnerability : CVE-2026-43310

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC For the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and g2 VPU cannot deco...

PT-2026-39105

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/amdkfd component where the error handling path fails to unreserve the buffer object bo when a queue update fails. Recommendations At the moment, there is no...

PT-2026-39101

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Linux kernel within the mana gd setup function error path. The problem occurs because the service wq pointer is not set to NULL after destroy workque...