Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003002)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003002 advisory. Double free vulnerability in drivers/net/usb/cdcncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service system crash ...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002886)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002886 advisory. Double free vulnerability in drivers/net/usb/cdcncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service system crash ...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002750)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002750 advisory. Double free vulnerability in the sndusbmidicreate function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial...

CVE-2023-54119

CVE-2023-54119 (inotify) is addressed by kernel updates in SUSE advisories (e.g., SUSE-SU-2026:0316-1 and related). The issue was a race between inotify_freeing_mark() and inotify_handle_inode_event() where an i_mark->wd could be reset to -1, causing userspace to see an invalid wd; fix validat...

kernel: inotify: Avoid reporting event with invalid wd

A race condition was found in the Linux kernel's inotify subsystem. When inotifyfreeingmark races with inotifyhandleinodeevent, the event handler may read imark-wd after it has been reset to -1. This causes an invalid watch descriptor value of -1 to be reported to userspace applications,...

SUSE CVE-2024-40999

In the Linux kernel, the following vulnerability has been resolved: net: ena: Add validation for completion descriptors consistency Validate that first flag is set only for the first descriptor in multi-buffer packets. In case of an invalid descriptor, a reset will occur. A new reset reason for R...

SUSE CVE-2019-14835

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when...

QEMU: net: e1000: infinite loop while processing transmit descriptors

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits tx descriptors in processtxdesc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial o...

dpdk: librte_vhost Malicious guest could cause segfault by sending invalid Virtio descriptor

A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity chec...

kernel: double-free in usb-audio triggered by invalid USB descriptor

A flaw was found in the USB-MIDI Linux kernel driver: a double-free error could be triggered for the 'umidi' object. An attacker with physical access to the system could use this flaw to escalate their privileges...

Linux kernel usbnet driver denial of service vulnerability

Linux kernel is an open source operating system. usbnet is one of the drivers used to create network card devices on USB devices. A denial of service vulnerability exists in the Linux kernel's usbnet driver, which allows a local attacker to conduct denial of service attacks by inserting a USB...

Kernel: HID: off by one error in various _report_fixup routines

Multiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled HID reports with an invalid...

NULL pointer dereference triggered by ptrace

The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid LDT segment selector in %cs the xcs field during ptrace single-step operations, which allows local users to cause a denial of service NULL dereference and OOPS via certain code that makes ptrace PTRACESETREGS and...