CVE-2025-71299

CVE-2025-71299 affects the Linux kernel driver spi_cadence_quadspi. The root cause is a runtime PM interaction during probe: a pm_runtime_disable in error paths could lead to duplicate clock disables when PM is active, especially with missing/broken DT descriptions for flash devices. The document...

CVE-2025-71299 spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing

In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing The recent refactoring of where runtime PM is enabled done in commit f1eb4e792bb1 "spi: spi-cadence-quadspi: Enable pm runtime earlier to avoid imbalance"...

CVE-2026-8149 GCM chunking can lead to bad tag exception on decryption

A vulnerability in Legion of the Bouncy Castle Inc. BC-LTS on Linux, X8664, AVX, AVX-512f. This vulnerability is associated with program files gcm128w, gcm512w. This issue affects BC-LTS: from 2.73.0 before 2.73.11...

CVE-2026-8149 GCM chunking can lead to bad tag exception on decryption

A vulnerability in Legion of the Bouncy Castle Inc. BC-LTS on Linux, X8664, AVX, AVX-512f. This vulnerability is associated with program files gcm128w, gcm512w. This issue affects BC-LTS: from 2.73.0 before 2.73.11...

[slackware-security] libgpg-error

New libgpg-error packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libgpg-error-1.61-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues: Fix possible stack overflow in...

SUSE CVE-2026-31737

In the Linux kernel, the following vulnerability has been resolved: net: ftgmac100: fix ring allocation unwind on open failure ftgmac100allocrings allocates rxskbs, txskbs, rxdes, txdes, and rxscratch in stages. On intermediate failures it returned -ENOMEM directly, leaking resources allocated...

SUSE CVE-2026-43150

In the Linux kernel, the following vulnerability has been resolved: perf/arm-cmn: Reject unsupported hardware configurations So far we've been fairly lax about accepting both unknown CMN models at least with a warning, and unknown revisions of those which we do know, as although things do...

SUSE CVE-2026-43211

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix pcislottrylock error handling Commit a4e772898f8b "PCI: Add missing bridge lock to pcibuslock" delegates the bridge device's pcidevtrylock to pcibustrylock in pcislottrylock, but it forgets to remove the corresponding...

SUSE CVE-2026-43282

In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic: Fix potential NULL pointer dereference in ionicqueryport The function ionicqueryport calls ibdevicegetnetdev without checking the return value which could lead to NULL pointer dereference, Fix it by checking the retur...

PT-2026-39252

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The Network Exposure Function NEF in free5GC contains a nil-pointer dereference issue within the PatchIndividualApplicationPFDManagement function. This occurs when a PATCH request is sent to the...

PT-2026-39101

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Linux kernel within the mana gd setup function error path. The problem occurs because the service wq pointer is not set to NULL after destroy workque...

PT-2026-39122

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description DMA mapping error handling issues exist in the aml sfc dma buffer setup function. These include an unnecessary jump during the first DMA mapping failure, a double-unmap bug where sfc-dad...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which triggers a WARN message when the nvmsetnestedstate function fails. This vulnerability can be easily exploite...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a synchronization error in the USB dummy-hcd driver. This error may lead to race conditions and...

PT-2026-39305

Name of the Vulnerable Software and Affected Versions eml parser version 3.0.0 Description A recursion denial of service exists in the get raw body text function within eml parser/parser.py. The function recurses unconditionally for every nested message/rfc822 attachment without a depth limit. An...

PT-2026-38979

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double free issue exists in the cpufreq dbs governor init function error path. When the kobject init and add function fails, the system calls kobject put&dbs data-attr set.kobj, which...

PT-2026-39127

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the net/mlx5e component where a DMA FIFO desynchronization occurs during error CQE SQ recovery. When a TX error CQE triggers a recovery flow, the function mlx5e reset...

PT-2026-38968

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak occurs in the core component of the most module during early registration failures. Specifically, the first error path fails to release the resources associated with the...

PT-2026-38999

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mshv vtl component when registering VTL0 memory via 'MSHV ADD VTL0 MEMORY'. The kernel calculates pgmap-vmemmap shift based on the trailing zeros of start pfn and...

Linux Distros Unpatched Vulnerability : CVE-2026-43328

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpufreq: governor: fix double free in cpufreqdbsgovernorinit error path When kobjectinitandadd fails, cpufreqdbsgovernorinit calls...