244 matches found
USN-8488-1 linux, linux-aws, linux-gcp, linux-ibm, linux-oracle, linux-realtime vulnerabilities
It was discovered that some AMD processors did not properly clear data in the floating point divider unit during speculative execution. A local attacker could use this to expose sensitive information. CVE-2025-54505 Several security issues were discovered in the Linux kernel. An attacker could...
SUSE-SU-2026:22458-1 Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-10263: arm64: errata: Mitigate TLBI errata on various Arm CPUs bsc1266290. - CVE-2025-38549: efivarfs: Fix memory leak of efivarfsfsinfo in...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: Platform/x86: classmate-laptop: Added NULL pointer checks where necessary. In several places within the Classmate laptop driver, code that uses the accel object may execute before its address is stored in the driver’s data...
[SECURITY] Fedora 44 Update: libinput-1.31.3-1.fc44
libinput is a library that handles input devices for display servers and other applications that need to directly deal with input devices. It provides device detection, device handling, input device event processing and abstraction so minimize the amount of custom input code the user of libinput...
CVE-2026-46232
In the Linux kernel, the following vulnerability has been resolved: HID: playstation: Clamp numtouchreports A device would never lie about the number of touch reports would it? If it does the loop in dualshock4parsereport will read off the end of the touchreports array, up to about 2 KiB for the...
CVE-2026-48792
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event nodes, causing pusbhasvirtualinputdevice to return 0 no virtual devices found even when every open call failed due to...
CVE-2026-48792 pam_usb: pusb_has_virtual_input_device() silently discards EACCES, disabling remote desktop detection under non-root execution
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event nodes, causing pusbhasvirtualinputdevice to return 0 no virtual devices found even when every open call failed due to...
CVE-2026-48792
The connected sources confirm a vulnerability in pam_usb for Linux prior to 0.9.1: evdev.c silently ignores EACCES when opening /dev/input/event* nodes, causing pusb_has_virtual_input_device() to incorrectly report no virtual devices even if opens fail due to insufficient permissions. As a result...
CVE-2026-48792 pam_usb: pusb_has_virtual_input_device() silently discards EACCES, disabling remote desktop detection under non-root execution
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event nodes, causing pusbhasvirtualinputdevice to return 0 no virtual devices found even when every open call failed due to...
UBUNTU-CVE-2026-46097
In the Linux kernel, the following vulnerability has been resolved: Input: edt-ft5x06 - fix use-after-free in debugfs teardown The commit 68743c500c6e "Input: edt-ft5x06 - use per-client debugfs directory" removed the manual debugfs teardown, relying on the I2C core to handle it. However, this...
pam_usb 安全漏洞
pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.9.1 contained security vulnerabilities. These vulnerabilities stemmed from the silent ignoring of EACCES errors in the src/evdev.c file. This could lead t...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: HID: nvidia-shield: Reference to hiddevice for devm allocation of the inputdev name. Using hiddevice for devm allocation of the inputdev name helps prevent use-after-free issues. inputunregisterdevice will trigger the cleanup of...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: The reference to the devm device for the hidinput inputdevice name must be corrected. Instead of referring to the input device, the correct device should be used. Referring to the inputdevice would lead to a...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Input: appletouch – Initialize work before device registration. Syzbot has reported a warning in flushwork. This warning occurs due to work-func == NULL, which indicates that work initialization was missed. This issue can occur...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: ALSA: jack: Access to inputdev under a mutex It is possible when using ASoC that the inputdev is not properly registered while calling sndjackreport, which can lead to a NULL pointer derefrence. To prevent this type of serialized...
USN-8245-1 linux-azure, linux-azure-6.17, linux-oem-6.17 vulnerabilities
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...
PT-2026-37226
Name of the Vulnerable Software and Affected Versions Sandboxie-Plus versions prior to 1.17.3 Description The SbieSvc proxy service's GetRawInputDeviceInfoSlave handler contains an information leak and a stack buffer overflow. An information leak occurs when a sandboxed process sends an IPC reque...
DEBIAN-CVE-2026-31667
In the Linux kernel, the following vulnerability has been resolved: Input: uinput - fix circular locking dependency with ff-core A lockdep circular locking dependency warning can be triggered reproducibly when using a force-feedback gamepad with uinput for example, playing ELDEN RING under Wine...
Ubuntu Pro Realtime 24.04 LTS : Linux kernel (Raspberry Pi Real-time) vulnerabilities (USN-8204-1)
"The remote Ubuntu Pro Realtime 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8204-1 advisory. Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013846)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013846 advisory. In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is...