PT-2026-52963

In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pci name for debugfs directory naming Use pci namepdev for the per-device debugfs directory instead of hardcoded "0" for PFs and pci slot namepdev-slot for VFs. The previous approach had two issues: 1. pci slot nam...

PT-2026-52958

In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARN ON ONCE from wbt init enable default wbt init enable default uses WARN ON ONCE to check for failures from wbt alloc and wbt init. However, both are expected failure paths: - wbt alloc can return NULL under...

Oracle Linux 9 : bind (ELSA-2026-24367)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-24367 advisory. - Fix GSS-API resource leak CVE-2026-3039 - Invalid handling of CLASS != IN CVE-2026-5946 Tenable has extracted the preceding description block direct...

SUSE SLES12 Security Update : libpng15 (SUSE-SU-2026:2619-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2619-1 advisory. This update for libpng15 fixes the following issues Security issues: - CVE-2025-64720: buffer overflow in pngimagereadcomposite via incorrect palette...

UBUNTU-CVE-2026-53251

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not releasing hdev reference on isoconnbigsync hcigetroute returns a reference-counted hcidev pointer via hcidevhold. The function exits normally or with an error without ever releasing it...

SUSE SLES16: postgresql16 / postgresql16-contrib / postgresql16-devel / etc (SUSE-SU-2026:22184-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22184-1 advisory. This update for postgresql16 fixes the following issues Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on...

PT-2026-52955

In the Linux kernel, the following vulnerability has been resolved: drm/amd/ras: Fix NULL deref in ras core ras interrupt detected Fixes a NULL pointer dereference when ras core is NULL and ras core-dev is accessed in the error path. Reported by: Dan Carpenter...

PT-2026-52930

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/conexant: Fix missing error check for jack detection In cx probe, the return value of snd hda jack detect enable callback is ignored. This function returns a pointer, and if it fails e.g., due to memory allocation...

UBUNTU-CVE-2026-53179

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix buffer over-read in rtwupdateprotection rtwupdateprotection is called with a pointer offset into the ies buffer but the full ielength is passed, causing a potential buffer over-read...

UBUNTU-CVE-2026-53264

In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: use RCU with deferred freeing for action lifecycle When NEWTFILTER and DELFILTER are run concurrently it is possible to create a race with an associated action. Let's illustrate with CPU0 running NEWTFILTER and...

ROS-20260626-73-0023

The vulnerability of the kdc/dotgsreq.c component of the Kerberos authentication protocol is related to pointer arithmetic errors. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

UBUNTU-CVE-2026-53145

In the Linux kernel, the following vulnerability has been resolved: drm/gem: Try to fix changehandle ioctl, attempt 4 airlied: just added some comments on how to reenable On-list because the cat is out of the bag and we're clearly not good enough to figure this out in private. The story thus far:...

UBUNTU-CVE-2026-53219

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: avoid leaking percpu counter pointers The native and compat get-entries paths copy the fixed rule entry header from the kernelized rule blob to userspace before overwriting the entry's counter fields with a...

UBUNTU-CVE-2026-53214

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix a potential NPD in cleanupprefixroute addrconfgetprefixroute can return the fib6nullentry sentinel entry which has a NULL fib6table pointer. Therefore, before setting the route's expiration time, check that we are not...

UBUNTU-CVE-2026-53262

In the Linux kernel, the following vulnerability has been resolved: l2tp: pppol2tp: hold reference to session in pppol2tpioctl pppol2tpioctl read sock-sk-skuserdata directly without any locks or reference counting. If a controllable sleep was induced during copyfromuser e.g. via a userfaultfd pag...

UBUNTU-CVE-2026-53158

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix NULL pointer dereference in rpmsg callback A NULL pointer dereference was observed on Hawi at boot when the DSP sends a glink message before fastrpcrpmsgprobe has completed initialization: Unable to handle kern...

UBUNTU-CVE-2026-53240

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix use-after-free on firstskb in inputprocesspayload inputprocesspayload stores firstskb into xtfs-ranewskb under droplock when starting partial reassembly, then unlocks and breaks out of the processing loop. The...

UBUNTU-CVE-2026-53175

In the Linux kernel, the following vulnerability has been resolved: inet: frags: fix use-after-free caused by the fqdirpreexit flush On netns teardown, fqdirpreexit walks the fqdir rhashtable and flushes every fragment queue that is not yet complete using inetfragqueueflush. That helper frees all...

SUSE SLES12 Security Update : docker-stable (SUSE-SU-2026:2578-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2578-1 advisory. This update for docker-stable fixes the following issues - CVE-2026-33747: github.com/moby/buildkit: malicious frontends can craft API messages...

UBUNTU-CVE-2026-53193

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Forcibly close timer instances at closing When sndtimer object is freed via sndtimerfree and still pending sndtimerinstance objects are assigned to the timer object, it tries to unlink all instances and just set NULL...