EUVD-2026-27762

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query Fix a "scheduling while atomic" bug in mlx5eipsecinitmacs by replacing mlx5querymacaddress with etheraddrcopy to get the local MAC address directly from...

EUVD-2026-27725

In the Linux kernel, the following vulnerability has been resolved: udplite: Fix null-ptr-deref in udpenqueuescheduleskb. syzbot reported null-ptr-deref of udpsksk-udpprodqueue. 0 Since the cited commit, udplibinitsock can fail, as can udpinitsock and udpv6initsock. Let's handle the error in...

CVE-2026-43198

In the Linux kernel, the following vulnerability has been resolved: tcp: fix potential race in tcpv6synrecvsock Code in tcpv6synrecvsock after the call to tcpv4synrecvsock is done too late. After tcpv4synrecvsock, the child socket is already visible from TCP ehash table and other cpus might use i...

CVE-2026-43198

CVE-2026-43198 is a Linux kernel race in IPv6 TCP socket handling. The issue occurs in tcp_v6_syn_recv_sock() where the child socket becomes visible before IPv6 state is initialized, allowing other CPUs to access it and potentially triggering instability. The fix moves the problematic code into t...

CVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock()

In the Linux kernel, the following vulnerability has been resolved: tcp: fix potential race in tcpv6synrecvsock Code in tcpv6synrecvsock after the call to tcpv4synrecvsock is done too late. After tcpv4synrecvsock, the child socket is already visible from TCP ehash table and other cpus might use i...

CVE-2026-43164

CVE-2026-43164 affects the Linux kernel UDP-Lite implementation. The issue is a null-pointer dereference in __udp_enqueue_schedule_skb() triggered during UDP-Lite socket initialization, as reported by syzbot. Post-commit changes allow udp_lib_init_sock(), udp_init_sock(), and udpv6_init_sock() to...

CVE-2026-43164 udplite: Fix null-ptr-deref in __udp_enqueue_schedule_skb().

In the Linux kernel, the following vulnerability has been resolved: udplite: Fix null-ptr-deref in udpenqueuescheduleskb. syzbot reported null-ptr-deref of udpsksk-udpprodqueue. 0 Since the cited commit, udplibinitsock can fail, as can udpinitsock and udpv6initsock. Let's handle the error in...

CVE-2026-43152

The CVE-2026-43152 issue is in the Linux kernel HID subsystem (hid-pl): if probe errors during device init are not handled, a NULL pointer dereference can occur when a device using Force Feedback is interacted with. Exploitation details are not provided in the documents, but the vulnerability is ...

CVE-2026-43122

...

SUSE CVE-2026-31721

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: move list and spinlock inits from bind to alloc There was an issue when you did the following: - setup and bind an hid gadget - open /dev/hidg0 - use the resulting fd in EPOLLCTLADD - unbind the UDC - bind the...

org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC4), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC4) +3 more potentially affected by CVE-2026-40982 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0-M1 <=5.0.2)

org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0-M1, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-40982 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-16439043...

PT-2026-37538

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the Linux kernel within the tcp v6 syn recv sock function. The issue occurs because certain operations are performed after the call to tcp v4 syn recv sock, at...

PT-2026-37504

In the Linux kernel, the following vulnerability has been resolved: udplite: Fix null-ptr-deref in udp enqueue schedule skb. syzbot reported null-ptr-deref of udp sksk-udp prod queue. 0 Since the cited commit, udp lib init sock can fail, as can udp init sock and udpv6 init sock. Let's handle the...

PT-2026-37492

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the hid-pl component where errors during initialization are not properly reported. This failure to handle probe errors can lead to a NULL pointer dereference the first...

SUSE CVE-2026-31687

In the Linux kernel, the following vulnerability has been resolved: gpio: omap: do not register driver in probe Commit 11a78b794496 "ARM: OMAP: MPUIO wake updates" registers the omapmpuiodriver from omapmpuioinit, which is called from omapgpioprobe. However, it neither makes sense to register...

Malicious Package

Overview @google-pay-trust/init-google-pay-result is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizati...

Malicious code in @bcs-bank/init (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb2a526cbf1ef79ebdf6126f699f18ffbb6f4520d46fc66f709da256b903e8e1 The package @bcs-bank/init was found to contain malicious code. Source: ghsa-malware e8831b7c4a8b59f53226813d7d4203e4b28fdc08b8df0d5c60bd1d9e78874786...

Malicious Package

Overview @bcs-bank/init is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-3266 Malicious code in @bcs-bank/init (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb2a526cbf1ef79ebdf6126f699f18ffbb6f4520d46fc66f709da256b903e8e1 The package @bcs-bank/init was found to contain malicious code. Source: ghsa-malware e8831b7c4a8b59f53226813d7d4203e4b28fdc08b8df0d5c60bd1d9e78874786...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fixed an oops due to uninitialized variables in smb2unlink. If SMB2openinit or SMB2closeinit fails e.g., due to reconnection, the iovs structure @rqst may remain uninitialized. As a result, calling SMB2openfree,...