Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011035)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011035 advisory. In the Linux kernel, the following vulnerability has been resolved: hwmon: coretemp Simplify platform device handling Coretemp's platform driver is unconventional. A...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013256)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013256 advisory. In the Linux kernel, the following vulnerability has been resolved: cpu/hotplug: Don't offline the last non-isolated CPU If a system has isolated CPUs via the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013144)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013144 advisory. In the Linux kernel, the following vulnerability has been resolved: firmware: armsdei: Fix sleep from invalid context BUG Running a preempt-rt v6.2-rc3-rt1 based...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007023)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007023 advisory. In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix possible panic during hotplug remove During hotplug remove it is possible that the...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006904)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006904 advisory. In the Linux kernel, the following vulnerability has been resolved: hwmon: coretemp Simplify platform device handling Coretemp's platform driver is unconventional. A...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011048)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011048 advisory. In the Linux kernel, the following vulnerability has been resolved: perf: hisi: Fix use-after-free when register pmu fails When we fail to register the uncore pmu, t...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006989)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006989 advisory. In the Linux kernel, the following vulnerability has been resolved: perf/smmuv3: Fix hotplug callback leak in armsmmupmuinit armsmmupmuinit won't remove the callback...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011049)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011049 advisory. In the Linux kernel, the following vulnerability has been resolved: perf/smmuv3: Fix hotplug callback leak in armsmmupmuinit armsmmupmuinit won't remove the callback...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006698)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006698 advisory. In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix possible panic during hotplug remove During hotplug remove it is possible that the...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006638)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006638 advisory. In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix possible panic during hotplug remove During hotplug remove it is possible that the...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006581)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006581 advisory. In the Linux kernel, the following vulnerability has been resolved: hwmon: coretemp Simplify platform device handling Coretemp's platform driver is unconventional. A...

CVE-2026-30874

A flaw was found in the procd component of OpenWrt. A highly privileged local attacker can bypass environment variable filtering in the hotplugcall function by injecting an arbitrary PATH variable. This vulnerability, caused by an incorrect string comparison, allows the attacker to control which...

CVE-2026-30874

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...

CVE-2026-30874

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...

EUVD-2026-13378

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...

CVE-2026-30874 OpenWrt procd PATH Environment Variable Filter Bypass via Incorrect String Comparison Leads to Privilege Escalation

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...

CVE-2026-30874

OpenWrt procd PATH environment variable filter bypass (CVE-2026-30874). In OpenWrt versions prior to 24.10.6, hotplug_call does not exclude PATH due to a strcmp vs strncmp bug, allowing a local attacker to influence which binaries are executed by procd-invoked scripts with elevated privileges, po...

CVE-2026-30874 OpenWrt procd PATH Environment Variable Filter Bypass via Incorrect String Comparison Leads to Privilege Escalation

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...

CVE-2026-30874 OpenWrt procd PATH Environment Variable Filter Bypass via Incorrect String Comparison Leads to Privilege Escalation

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...

PT-2026-26432

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplug call function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...