CVE-2026-44394

A flaw was found in OpenStack Keystone. The federated token rescoping mechanism does not correctly propagate the original token's expiry to newly issued tokens. This allows a federated user to repeatedly rescope a token before it expires, effectively maintaining indefinite access and bypassing...

Linux Distros Unpatched Vulnerability : CVE-2026-45931

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - accel/amdxdna: Hold mm structure across iommusvaunbinddevice Some tests trigger a crash in iommusvaunbinddevice due to accessing iommumm after the associated mm...

SUSE CVE-2026-46228

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

Linux Distros Unpatched Vulnerability : CVE-2026-46228

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than...

CVE-2026-44394

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...

UBUNTU-CVE-2026-44394

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...

Missing Release of File Descriptor or Handle after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of File Descriptor or Handle after Effective Lifetime via the ParseFile function. An attacker can cause the process to exhaust available file descriptors and disrupt service by repeatedly triggering schema parsing...

CVE-2026-46228

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

CVE-2026-46187

In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: fix kthread lifetime race between self-exit and external-stop RSI driver use both self-exitkthreadcompleteandexit and external-stop kthreadstop when killing a kthread. Generally, kthreadstop is called first, and in thi...

UBUNTU-CVE-2026-46228

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

CVE-2026-46228

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

EUVD-2026-32855

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

CVE-2026-46228

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

CVE-2026-46228 spi: ch341: fix devres lifetime

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

CVE-2026-46228

CVE-2026-46228 affects the Linux kernel SPI/ch341 USB driver. The issue is a lifetime problem: USB device-managed resources (controller and driver data) were not guaranteed to be released when a driver is unbound, risking memory leaks during probe deferral or configuration changes. The fixes modi...

CVE-2026-46208 batman-adv: stop tp_meter sessions during mesh teardown

In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop tpmeter sessions during mesh teardown TP meter sessions remain linked on batpriv-tplist after the netlink request has already finished. When the mesh interface is removed, batadvmeshfree currently tears down the...

CVE-2026-46208

In the Linux kernel, batman-adv has a vulnerability where tp_meter sessions are not stopped during mesh teardown in batadv_mesh_free(). This allows a running sender thread or late tp_meter packets to keep operating against a mesh instance that is shutting down, potentially causing system instabil...

EUVD-2026-32835

In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop tpmeter sessions during mesh teardown TP meter sessions remain linked on batpriv-tplist after the netlink request has already finished. When the mesh interface is removed, batadvmeshfree currently tears down the...

CVE-2026-46187 wifi: rsi: fix kthread lifetime race between self-exit and external-stop

In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: fix kthread lifetime race between self-exit and external-stop RSI driver use both self-exitkthreadcompleteandexit and external-stop kthreadstop when killing a kthread. Generally, kthreadstop is called first, and in thi...

SUSE CVE-2026-45931

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Hold mm structure across iommusvaunbinddevice Some tests trigger a crash in iommusvaunbinddevice due to accessing iommumm after the associated mm structure has been freed. Fix this by taking an explicit reference t...