CVE-2026-22988 arp: do not assume dev_hard_header() does not change skb->head

In the Linux kernel, the following vulnerability has been resolved: arp: do not assume devhardheader does not change skb-head arpcreate is the only devhardheader caller making assumption about skb-head being unchanged. A recent commit broke this assumption. Initialize @arp pointer after...

CVE-2026-22986 gpiolib: fix race condition for gdev->srcu

In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix race condition for gdev-srcu If two drivers were calling gpiochipadddatawithkey, one may be traversing the srcu-protected list in gpionametodesc, meanwhile other has just added its gdev in gpiodevaddtolistunlocked...

CVE-2026-22986 gpiolib: fix race condition for gdev->srcu

In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix race condition for gdev-srcu If two drivers were calling gpiochipadddatawithkey, one may be traversing the srcu-protected list in gpionametodesc, meanwhile other has just added its gdev in gpiodevaddtolistunlocked...

CVE-2026-22986

In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix race condition for gdev-srcu If two drivers were calling gpiochipadddatawithkey, one may be traversing the srcu-protected list in gpionametodesc, meanwhile other has just added its gdev in gpiodevaddtolistunlocked...

CVE-2026-22981

CVE-2026-22981 pertains to the Linux kernel driver for IDPF (Intel Ethernet 800/900-series? context in the doc refers to idpf) where, during reset handling, netdev interfaces are detached/closed to protect the reset path. The vulnerability description states that if reset handling succeeds, netde...

CVE-2025-71156

In the Linux kernel, the following vulnerability has been resolved: gve: defer interrupt enabling until NAPI registration Currently, interrupts are automatically enabled immediately upon request. This allows interrupt to fire before the associated NAPI context is fully initialized and cause...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2025-38321: smb: Log an error when closeallcacheddirs fails bsc1246328. CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd bsc1249256. CVE-2025-39977...

CVE-2025-71156

In the Linux kernel, the following vulnerability has been resolved: gve: defer interrupt enabling until NAPI registration Currently, interrupts are automatically enabled immediately upon request. This allows interrupt to fire before the associated NAPI context is fully initialized and cause...

CVE-2025-71156 gve: defer interrupt enabling until NAPI registration

In the Linux kernel, the following vulnerability has been resolved: gve: defer interrupt enabling until NAPI registration Currently, interrupts are automatically enabled immediately upon request. This allows interrupt to fire before the associated NAPI context is fully initialized and cause...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004876)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004876 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvs: fix WARNING in ipvscleanupbatch During the initialization of ipvsconnnetinit, if file...

Linux Distros Unpatched Vulnerability : CVE-2025-71156

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: gve: defer interrupt enabling until NAPI registration Currently, interrupts are automaticall...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004849)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004849 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fwlevel Though...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004830)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004830 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: fcoe: Fix transport not deattached when fcoeifinit fails fcoeinit calls...

CVE-2026-23630

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...

External Initialization of Trusted Variables or Data Stores

Overview ch.qos.logback:logback-core is a logback-core module. Affected versions of this package are vulnerable to External Initialization of Trusted Variables or Data Stores during the configuration file processing. An attacker can instantiate arbitrary classes already present on the class path ...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37878)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37878 advisory. - In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix WARNON!ctx in freeevent f...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38078)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38078 advisory. - In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix race of buffer access at...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37792)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37792 advisory. - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: Prevent potential NULL...

Azure Linux 3.0 Security Update: kernel (CVE-2024-47728)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47728 advisory. - In the Linux kernel, the following vulnerability has been resolved: bpf: Zero former ARGPTRTOLONG,INT args i...

Azure Linux 3.0 Security Update: kernel (CVE-2024-57906)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-57906 advisory. - In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads8688: fix information le...