SUSE CVE-2026-45930

In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar @farazsth98 from Zellic, and Pumpkin @u1f383 from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTMGETNEIGH will return...

CVE-2026-45930

In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar @farazsth98 from Zellic, and Pumpkin @u1f383 from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTMGETNEIGH will return...

CVE-2026-45930

In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar @farazsth98 from Zellic, and Pumpkin @u1f383 from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTMGETNEIGH will return...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: rtnetlink: Allocate sufficient vfinfo size for VF GUIDs when supported. Commit 30aad41721e0 "net/core: Add support for getting VF GUIDs" added support for obtaining VF port and node GUIDs in netlink’s ifinfo messages. However,...

CVE-2026-43107

In the Linux kernel, the following vulnerability has been resolved: xfrm: account XFRMAIFID in aevent size calculation xfrmgetae allocates the reply skb with xfrmaeventmsgsize, then buildaevent appends attributes including XFRMAIFID when x-ifid is set. xfrmaeventmsgsize does not include space for...

SUSE CVE-2026-43035

In the Linux kernel, the following vulnerability has been resolved: net: sched: clsapi: fix tcchainfillnode to initialize tcminfo to zero to prevent an info-leak When building netlink messages, tcchainfillnode never initializes the tcminfo field of struct tcmsg. Since the allocation is not zeroed...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: sched: actconnmark: initialize struct tcife to prevent kernel leaks. In tcfconnmarkdump, the variable ‘opt’ was partially initialized using a specified initializer. As a result, the padding bytes remained uninitialized. The...

CVE-2026-43035 net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak

In the Linux kernel, the following vulnerability has been resolved: net: sched: clsapi: fix tcchainfillnode to initialize tcminfo to zero to prevent an info-leak When building netlink messages, tcchainfillnode never initializes the tcminfo field of struct tcmsg. Since the allocation is not zeroed...

CVE-2026-43035

The CVE affects the Linux kernel net: sched: cls_api code path tc_chain_fill_node, where tcm_info in struct tcmsg was not initialized, leaking heap memory to userspace via a 4-byte field. The fix zeros tcm_info alongside other initialized fields. Affected/patched details from connected docs: upst...

PT-2026-36452

In the Linux kernel, the following vulnerability has been resolved: net: sched: cls api: fix tc chain fill node to initialize tcm info to zero to prevent an info-leak When building netlink messages, tc chain fill node never initializes the tcm info field of struct tcmsg. Since the allocation is n...

SUSE CVE-2026-31531

In the Linux kernel, the following vulnerability has been resolved: ipv4: nexthop: allocate skb dynamically in rtmgetnexthop When querying a nexthop object via RTMGETNEXTHOP, the kernel currently allocates a fixed-size skb using NLMSGGOODSIZE. While sufficient for single nexthops and small...

CVE-2026-23186

In the Linux kernel, the following vulnerability has been resolved: hwmon: acpipowermeter Fix deadlocks related to acpipowermeternotify The acpipowermeter driver's .notify callback function, acpipowermeternotify, calls hwmondeviceunregister under a lock that is also acquired by callbacks in sysfs...

UBUNTU-CVE-2026-23186

In the Linux kernel, the following vulnerability has been resolved: hwmon: acpipowermeter Fix deadlocks related to acpipowermeternotify The acpipowermeter driver's .notify callback function, acpipowermeternotify, calls hwmondeviceunregister under a lock that is also acquired by callbacks in sysfs...

CVE-2026-23186

CVE-2026-23186 pertains to the Linux kernel hwmon driver for the ACPI power meter. The issue arises when acpi_power_meter_notify() calls hwmon_device_unregister() while holding a lock also acquired by sysfs callbacks, creating potential deadlocks between sysfs access and device removal. Fixes inc...

EUVD-2026-5856

In the Linux kernel, the following vulnerability has been resolved: hwmon: acpipowermeter Fix deadlocks related to acpipowermeternotify The acpipowermeter driver's .notify callback function, acpipowermeternotify, calls hwmondeviceunregister under a lock that is also acquired by callbacks in sysfs...

CVE-2026-23186

In the Linux kernel, the following vulnerability has been resolved: hwmon: acpipowermeter Fix deadlocks related to acpipowermeternotify The acpipowermeter driver's .notify callback function, acpipowermeternotify, calls hwmondeviceunregister under a lock that is also acquired by callbacks in sysfs...

PT-2026-8194

In the Linux kernel, the following vulnerability has been resolved: hwmon: acpi power meter Fix deadlocks related to acpi power meter notify The acpi power meter driver's .notify callback function, acpi power meter notify, calls hwmon device unregister under a lock that is also acquired by...

Azure Linux 3.0 Security Update: kernel (CVE-2025-22075)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22075 advisory. - In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Allocate vfinfo size for VF...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001507)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001507 advisory. An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004234)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004234 advisory. A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlin...