EUVD-2026-25455

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dsi: Store driver data before invoking mipidsihostregister The call to mipidsihostregister triggers a callback to mtkdsibind, which uses devgetdrvdata to retrieve the mtkdsi struct, so this structure needs to be...

CVE-2026-31562

Summary: CVE-2026-31562 affects the Linux kernel DRM/mediatek DSI driver. A local attacker could trigger a NULL pointer dereference due to an uninitialized drvdata being read during mipi_dsi_host_register, causing a crash in mediatek-drm probe and blocking subsequent DRM operations. The fixed beh...

CVE-2026-31562 drm/mediatek: dsi: Store driver data before invoking mipi_dsi_host_register

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dsi: Store driver data before invoking mipidsihostregister The call to mipidsihostregister triggers a callback to mtkdsibind, which uses devgetdrvdata to retrieve the mtkdsi struct, so this structure needs to be...

CVE-2026-31549

CVE-2026-31549 relates to the Linux kernel cp2615 I2C driver. The vulnerability arises when the driver uses the USB device serial string as the i2c adapter name but does not ensure the string exists, potentially causing a NULL pointer dereference if a device lacks a serial number. Documented impa...

EUVD-2026-25442

In the Linux kernel, the following vulnerability has been resolved: i2c: cp2615: fix serial string NULL-deref at probe The cp2615 driver uses the USB device serial string as the i2c adapter name but does not make sure that the string exists. Verify that the device has a serial number before...

CVE-2026-31549

In the Linux kernel, the following vulnerability has been resolved: i2c: cp2615: fix serial string NULL-deref at probe The cp2615 driver uses the USB device serial string as the i2c adapter name but does not make sure that the string exists. Verify that the device has a serial number before...

CVE-2026-31549

In the Linux kernel, the following vulnerability has been resolved: i2c: cp2615: fix serial string NULL-deref at probe The cp2615 driver uses the USB device serial string as the i2c adapter name but does not make sure that the string exists. Verify that the device has a serial number before...

CVE-2026-31546 net: bonding: fix NULL deref in bond_debug_rlb_hash_show

In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL deref in bonddebugrlbhashshow rlbclearslave intentionally keeps RLB hash-table entries on the rxhashtblusedhead list with slave set to NULL when no replacement slave is available. However,...

CVE-2026-31546

The CVE-2026-31546 fix applies to the Linux kernel bonding driver: bond_debug_rlb_hash_show could dereference a NULL slave, leading to a kernel NULL pointer dereference and potential DoS. The mitigation is to add a NULL check and print "(none)" for entries with no assigned slave; other code paths...

CVE-2026-31544

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Fix NULL dereference on notify error path Since commit b5daf93b809d1 "firmware: armscmi: Avoid notifier registration for unsupported events" the call chains leading to the helper scmieventhandlergetops expect a...

CVE-2026-31540

CVE-2026-31540 affects the Linux kernel i915 graphics driver. The vulnerability occurs when the i915 firmware binaries are absent and the set_default_submission pointer is not initialized, which can be dereferenced during suspend, causing a kernel NULL pointer dereference and a potential DoS. The...

CVE-2026-31540

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Check setdefaultsubmission before deferencing When the i915 driver firmware binaries are not present, the setdefaultsubmission pointer is not set. This pointer is dereferenced during suspend anyways. Add a check to...

CVE-2026-31540 drm/i915/gt: Check set_default_submission() before deferencing

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Check setdefaultsubmission before deferencing When the i915 driver firmware binaries are not present, the setdefaultsubmission pointer is not set. This pointer is dereferenced during suspend anyways. Add a check to...

SUSE-SU-2026:21440-1 Security update for ovmf

This update for ovmf fixes the following issues: - CVE-2026-25833: mbedtls: buffer overflow in the x509inetptonipv6 function bsc1261476. - CVE-2026-25834: mbedtls: client accepts signature algorithm chosen by server even if not advertised in client hello bsc1261477. - CVE-2026-25835: mbedtls: no...

Security update for openssl-3

This update for openssl-3 fixes the following issue: Security issues fixed: CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc1261678. Other updates and bugfixes: Enable MD2 in legacy provider jscPED-15724. Patch...

CLSA-2026-1777030519 xterm: Fix of CVE-2022-45063

CVE-2022-45063: improve error recovery when setting a bitmap font for the VT100 window - add NULL pointer checks in xstrcasecmp and xstrncasecmp to help with error recovery for a missing font...

CLSA-2026-1777022242 nginx: Fix of 2 CVEs

CVE-2026-32647: fix buffer over-read/over-write in ngxhttpmp4module via integer overflow, off-by-one boundary checks, and zero sync sample validation in stss atom - CVE-2026-27651: fix NULL pointer dereference in ngxmailauthhttpmodule when using CRAM-MD5 or APOP authentication with Auth-Wait...

CLSA-2026-1775726631 binutils: Fix of 9 CVEs

CVE-2023-1972: fix heap buffer overflow in bfdelfslurpversiontables - CVE-2025-11412: fix out-of-bounds read in bfdelfgcrecordvtentry - CVE-2025-11413: fix out-of-bounds read in elflinkaddobjectsymbols - CVE-2025-11839: fix abort in tgtagtype with fuzzed input - CVE-2025-11840: fix SEGV from NULL...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an error in the bnge error path that leads to the dereferencing of a null pointer...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the mtkdsi driver not storing driver data before calling mipidsihostregister, resulting in a null...