EulerOS Virtualization 2.10.0 : kernel (EulerOS-SA-2026-2049)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : ACPI: CPPC: Avoid out of bounds access when parsing CPC dataCVE-2022-49145 scsi: libsas: Fix use-after-free bug in...

CVE-2026-43916

pamauthnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peerlookuptcp src/peerlookup.c:134, prior to the fix allowed a crafted NETLINKSOCKDIAG reply to slip past the message-size check, then...

kernel: nbd: defer config unlock in nbd_genl_connect

In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbdgenlconnect There is one use-after-free warning when running NBDCMDCONNECT and NBDCLEARSOCK: nbdgenlconnect nbdallocandinitconfig // configrefs=1 nbdstartdevice // configrefs=2 set NBDRTHASCONFIGREF...

dirtyfrag

Dirty Frag Overview Dirty Frag is a class of Linux ke...

SUSE CVE-2026-46132

In the Linux kernel, the following vulnerability has been resolved: net: rtnetlink: zero iflavfbroadcast to avoid stack infoleak in rtnlfillvfinfo rtnlfillvfinfo declares struct iflavfbroadcast on the stack without initialisation: struct iflavfbroadcast vfbroadcast; The struct contains a single...

SUSE CVE-2026-46208

In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop tpmeter sessions during mesh teardown TP meter sessions remain linked on batpriv-tplist after the netlink request has already finished. When the mesh interface is removed, batadvmeshfree currently tears down the...

CVE-2026-46165

In the Linux kernel, the following vulnerability has been resolved: openvswitch: vport: fix self-deadlock on release of tunnel ports vports are used concurrently and protected by RCU, so netdevput must happen after the RCU grace period. So, either in an RCU call or after the synchronizenet. The...

UBUNTU-CVE-2026-46132

In the Linux kernel, the following vulnerability has been resolved: net: rtnetlink: zero iflavfbroadcast to avoid stack infoleak in rtnlfillvfinfo rtnlfillvfinfo declares struct iflavfbroadcast on the stack without initialisation: struct iflavfbroadcast vfbroadcast; The struct contains a single...

CVE-2026-46208

In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop tpmeter sessions during mesh teardown TP meter sessions remain linked on batpriv-tplist after the netlink request has already finished. When the mesh interface is removed, batadvmeshfree currently tears down the...

CVE-2026-46208

In the Linux kernel, batman-adv has a vulnerability where tp_meter sessions are not stopped during mesh teardown in batadv_mesh_free(). This allows a running sender thread or late tp_meter packets to keep operating against a mesh instance that is shutting down, potentially causing system instabil...

EUVD-2026-32835

In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop tpmeter sessions during mesh teardown TP meter sessions remain linked on batpriv-tplist after the netlink request has already finished. When the mesh interface is removed, batadvmeshfree currently tears down the...

CVE-2026-46165

The CVE concerns the Linux kernel openvswitch vport handling during tunnel-port release. It explains a self-deadlock risk when deleting a device: vports are protected by RCU, so netdev_put() must occur after the RCU grace period, either in an RCU callback or after synchronize_net(). The rtnl_dele...

CVE-2026-46165 openvswitch: vport: fix self-deadlock on release of tunnel ports

In the Linux kernel, the following vulnerability has been resolved: openvswitch: vport: fix self-deadlock on release of tunnel ports vports are used concurrently and protected by RCU, so netdevput must happen after the RCU grace period. So, either in an RCU call or after the synchronizenet. The...

CVE-2026-46132

In the Linux kernel, the following vulnerability has been resolved: net: rtnetlink: zero iflavfbroadcast to avoid stack infoleak in rtnlfillvfinfo rtnlfillvfinfo declares struct iflavfbroadcast on the stack without initialisation: struct iflavfbroadcast vfbroadcast; The struct contains a single...

CVE-2026-46132 net: rtnetlink: zero ifla_vf_broadcast to avoid stack infoleak in rtnl_fill_vfinfo

In the Linux kernel, the following vulnerability has been resolved: net: rtnetlink: zero iflavfbroadcast to avoid stack infoleak in rtnlfillvfinfo rtnlfillvfinfo declares struct iflavfbroadcast on the stack without initialisation: struct iflavfbroadcast vfbroadcast; The struct contains a single...

CVE-2026-46132

CVE-2026-46132 : The Linux kernel vulnerability in net: rtnetlink/vf broadcast handling arises from an uninitialized on-stack vf_broadcast struct in rtnl_fill_vfinfo(). Only the first 6 bytes of the 32-byte field are written on Ethernet SR-IOV NICs, leaving 26 bytes of stack data exposed to users...

EUVD-2026-32891

In the Linux kernel, the following vulnerability has been resolved: net: rtnetlink: zero iflavfbroadcast to avoid stack infoleak in rtnlfillvfinfo rtnlfillvfinfo declares struct iflavfbroadcast on the stack without initialisation: struct iflavfbroadcast vfbroadcast; The struct contains a single...

CVE-2026-46132

In the Linux kernel, the following vulnerability has been resolved: net: rtnetlink: zero iflavfbroadcast to avoid stack infoleak in rtnlfillvfinfo rtnlfillvfinfo declares struct iflavfbroadcast on the stack without initialisation: struct iflavfbroadcast vfbroadcast; The struct contains a single...

SUSE CVE-2026-45930

In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar @farazsth98 from Zellic, and Pumpkin @u1f383 from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTMGETNEIGH will return...

PT-2026-44331

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the batman-adv module, TP meter sessions remain linked on bat priv-tp list after a netlink request finishes. When the mesh interface is removed, the batadv mesh free function tears do...