EUVD-2026-32411

In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix devicenode leak in mcprobe ofparsephandle returns a devicenode reference that must be released with ofnodeput. The original code never freed r5corenode on any exit path, causing a memory leak. Fix this by usin...

CVE-2026-46030

In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix devicenode leak in mcprobe ofparsephandle returns a devicenode reference that must be released with ofnodeput. The original code never freed r5corenode on any exit path, causing a memory leak. Fix this by usin...

CVE-2026-46030

EDAC/versalnet: Fix devicenode leak in mcprobe...

PT-2026-43897

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A memory leak occurs in the EDAC/versalnet component within the mc probe function. The of parse phandle function returns a device node reference that requires release via of node put. The...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc-bus: Fixed the KASAN use-after-free in fslmcbusremove. In fslmcbusRemove, mc-rootmcbusdev-mcio is passed to fsldestroymcio. However, mc-rootmcbusdev has already been freed in fslmcDeviceRemove. Therefore, referencing...

Malicious code in @mc-xp/mc-monolith-js-src-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 13fafa7ca25af537c9383868398521cf50a086c1055e9451e4a2208de0083923 The OpenSSF Package Analysis project identified '@mc-xp/mc-monolith-js-src-package' @ 99.9.1 npm as malicious. It is considered malicious becaus...

MINI-G2X4-6MC5-GF2H

Bulletin has no description...

GHSA-FW8G-CG8F-9J28 vulnerabilities

Vulnerabilities for packages: agentbeat-fips, cloud-sql-proxy, datadog-agent, opentelemetry-collector-contrib-fips, ld-relay, jaeger, opentelemetry-operator-fips, karma-fips, cloudzero-agent-fips, minio-object-browser, certificate-transparency, beats-fips, cloud-sql-proxy-fips, loki-fips, telegra...

Astra Linux – Vulnerability in libde265

Libde265 v1.0.4 contains a heap buffer overflow in the mcluma function, which can be exploited through a specially crafted file...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: vfio/fsl-mc: Blocking calls to interrupt handlers without triggering them The eventfdctx trigger pointer of the vfiofslmcirq object is initially NULL, and it may become NULL if the user sets the trigger parameter of eventfd to -1...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: bus: fsl-mc: Do not assume that child devices are all fsl-mc devices Changes in VFIO caused a pseudo-device to be created as a child of fsl-mc devices, resulting in a crash when attempting to bind a fsl-mc device to VFIO. This...

CVE-2026-31689

In the Linux kernel, the following vulnerability has been resolved: EDAC/mc: Fix error path ordering in edacmcalloc When the mci-pvtinfo allocation in edacmcalloc fails, the error path will call putdevice which will end up calling the device's release function. However, the init ordering is wrong...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013753)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013753 advisory. In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: Check return value of platformgetresource platformgetresource returns NULL in case o...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013057)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013057 advisory. In the Linux kernel, the following vulnerability has been resolved: media: mc: Clear minor number before put device The device minor should not be cleared after the...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013086)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013086 advisory. In the Linux kernel, the following vulnerability has been resolved: vfio/fsl-mc: Block calling interrupt handler without trigger The eventfdctx trigger pointer of th...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013045)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013045 advisory. In the Linux kernel, the following vulnerability has been resolved: net: read sk-skfamily once in skmcloop syzbot is playing with IPV6ADDRFORM quite a lot these days...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013202)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013202 advisory. In the Linux kernel, the following vulnerability has been resolved: net: read sk-skfamily once in skmcloop syzbot is playing with IPV6ADDRFORM quite a lot these days...

CVE-2026-5450

CVE-2026-5450 affects the GNU C Library (glibc) where using the scanf family with a %mc format specifier and an explicit width greater than 1024 can trigger a one-byte heap buffer overflow in glibc versions 2.7 through 2.43. Exploitation details are not provided in the sources. Red Hat notes that...

CVE-2026-5450

Calling the scanf family of functions with a %mc malloc'd character match in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow...

CVE-2026-40179 vulnerabilities

Vulnerabilities for packages: telegraf, minio-operator, datadog-agent, karma, splunk-otel-collector, istio, mc, tempo, jaeger, keda, certificate-transparency, loki, prometheus-pushgateway, minio, trillian, cloud-sql-proxy, node-problem-detector, minio-object-browser, mcp-grafana, prometheus...