Dstack-Capsule: Pod-Level Remote Attestation for Confidential Workloads on Kubernetes

The rise of LLM-as-a-Service and other confidential cloud workloads demands cryptographic proof that user data is processed in a trusted, untampered environment. Existing solutions, notably Confidential Containers CoCo, enforce a strict "one Pod per VM" model that attests only the Guest OS stack,...

CVE-2025-35979

A flaw was found in the kernel. This vulnerability, affecting some IntelR Processors, involves shared microarchitectural predictor state that influences transient execution within VMX non-root guest operation. An unprivileged software adversary with an authenticated user can exploit this locally ...

Updated microcode package fixes security vulnerability

The updated package fixes a security vulnerability: A potential security vulnerability in some Intel® Processors may allow information disclosure. Intel is releasing microcode updates to mitigate this potential vulnerability. CVE-2025-35979...

MGASA-2026-0161 Updated microcode package fixes security vulnerability

The updated package fixes a security vulnerability: A potential security vulnerability in some Intel® Processors may allow information disclosure. Intel is releasing microcode updates to mitigate this potential vulnerability. CVE-2025-35979...

SUSE CVE-2026-46216

In the Linux kernel, the following vulnerability has been resolved: drm/xe/hdcp: Add NULL check for mediagt in intelhdcpgsccheckstatus When media GT is disabled via configfs, there is no allocation for mediagt, which is kept as NULL. In such scenario, intelhdcpgsccheckstatus results in a kernel...

Linux Distros Unpatched Vulnerability : CVE-2026-45896

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mtd: intel-dg: Fix accessing regions before setting nregions The regions array is counted by nregions, but it's set only after accessing it: UBSAN:...

Linux Distros Unpatched Vulnerability : CVE-2026-45851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - efi: Fix reservation of unaccepted memory table The reserveunaccepted function incorrectly calculates the size of the memblock reservation for the unaccepted...

Linux Distros Unpatched Vulnerability : CVE-2026-46216

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/xe/hdcp: Add NULL check for mediagt in intelhdcpgsccheckstatus When media GT is disabled via configfs, there is no allocation for mediagt, which is kept as...

SUSE-SU-2026:21845-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-2058: x86/CPU: Fix FPDSS on Zen1 bsc1243603. - CVE-2024-14027: xattr: switch to CLASSfd bsc1259420. - CVE-2025-40181: x86/kvm: Force legacy PCI hole to UC when...

CVE-2026-46216

In the Linux kernel, the following vulnerability has been resolved: drm/xe/hdcp: Add NULL check for mediagt in intelhdcpgsccheckstatus When media GT is disabled via configfs, there is no allocation for mediagt, which is kept as NULL. In such scenario, intelhdcpgsccheckstatus results in a kernel...

UBUNTU-CVE-2026-46216

In the Linux kernel, the following vulnerability has been resolved: drm/xe/hdcp: Add NULL check for mediagt in intelhdcpgsccheckstatus When media GT is disabled via configfs, there is no allocation for mediagt, which is kept as NULL. In such scenario, intelhdcpgsccheckstatus results in a kernel...

CVE-2026-46216 drm/xe/hdcp: Add NULL check for media_gt in intel_hdcp_gsc_check_status()

In the Linux kernel, the following vulnerability has been resolved: drm/xe/hdcp: Add NULL check for mediagt in intelhdcpgsccheckstatus When media GT is disabled via configfs, there is no allocation for mediagt, which is kept as NULL. In such scenario, intelhdcpgsccheckstatus results in a kernel...

CVE-2026-46216

In the Linux kernel, the following vulnerability has been resolved: drm/xe/hdcp: Add NULL check for mediagt in intelhdcpgsccheckstatus When media GT is disabled via configfs, there is no allocation for mediagt, which is kept as NULL. In such scenario, intelhdcpgsccheckstatus results in a kernel...

SUSE CVE-2026-45877

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: fix NULL-ptr-deref in ishtpbusremoveallclients During a warm reset flow, the cl-device pointer may be NULL if the reset occurs while clients are still being enumerated. Accessing cl-device-referencecount witho...

SUSE CVE-2026-45894

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clear Present bit before tearing down PASID entry The Intel VT-d Scalable Mode PASID table entry consists of 512 bits 64 bytes. When tearing down an entry, the current implementation zeros the entire 64-byte structure...

SUSE CVE-2026-45896

In the Linux kernel, the following vulnerability has been resolved: mtd: intel-dg: Fix accessing regions before setting nregions The regions array is counted by nregions, but it's set only after accessing it: UBSAN: array-index-out-of-bounds in drivers/mtd/devices/mtdinteldg.c:750:15 index 0 is o...

CVE-2026-45896

A flaw was found in the Linux kernel's mtdinteldg driver. This vulnerability occurs because the regions array is accessed before its size nregions is properly set, leading to an out-of-bounds memory access. A local attacker could potentially exploit this issue to cause system instability or a...

CVE-2026-45894

A flaw was found in the Linux kernel's Intel VT-d Virtualization Technology for Directed I/O Scalable Mode. When a Process Address Space ID PASID table entry is being removed, the system may attempt to clear the entry before properly signaling to the hardware that the entry is no longer active...

Linux Distros Unpatched Vulnerability : CVE-2026-45945

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iommu/vt-d: Fix race condition during PASID entry replacement The Intel VT-d PASID table entry is 512 bits 64 bytes. When replacing an active PASID entry e.g.,...

EUVD-2026-32362

In the Linux kernel, the following vulnerability has been resolved: mtd: intel-dg: Fix accessing regions before setting nregions The regions array is counted by nregions, but it's set only after accessing it: UBSAN: array-index-out-of-bounds in drivers/mtd/devices/mtdinteldg.c:750:15 index 0 is o...