Linux Distros Unpatched Vulnerability : CVE-2026-31600

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - arm64: mm: Handle invalid large leaf mappings correctly It has been possible for a long time to mark ptes in the linear map as invalid. This is done for...

BIT-ARGO-WORKFLOWS-2026-40886 Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...

SUSE CVE-2026-31600

In the Linux kernel, the following vulnerability has been resolved: arm64: mm: Handle invalid large leaf mappings correctly It has been possible for a long time to mark ptes in the linear map as invalid. This is done for secretmem, kfence, realm dma memory un/share, and others, by simply clearing...

Kyverno Controller Denial of Service via forEach Mutation Panic

Summary An unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller into a persistent CrashLoopBackOff. The same bug also causes the admission controller to drop connections and blo...

CVE-2026-35348

The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces UTF-8 encoding and utilizes expect, causing an immediate crash when encountering valid but non-UTF-8 paths. This diverg...

CVE-2026-31600

A flaw was found in the Linux kernel's memory management for the arm64 architecture. The kernel incorrectly processes invalid large leaf mappings, which are specific entries used to manage system memory. This vulnerability can be triggered by a local user or a guest operating system, leading to a...

CVE-2026-31573

A flaw was found in the Linux kernel's verisilicon hantrovpu media driver. When the driver is built as a module, a misuse of the initconst annotation causes data to be prematurely freed. This freed memory is later accessed during driver probing or unbind-bind cycles, leading to a kernel panic and...

CVE-2026-31542

A flaw was found in the Linux kernel's x86/platform/uv component. When a socket is deconfigured, it is incorrectly mapped to SOCKEMPTY instead of NUMANONODE. This improper handling can lead to a system panic during the allocation of UV hub information structures, resulting in a Denial of Service...

GHSA-82J2-J2CH-GFR8 rustls-webpki: Denial of service via panic on malformed CRL BIT STRING

Summary bitstringflags in src/der.rs panics with an index-out-of-bounds when given a BIT STRING whose content is exactly 0x00 one byte: zero padding bits, zero data bytes. This is reachable through the public API BorrowedCertRevocationList::fromder via the issuingDistributionPoint CRL extension...

CVE-2026-31600

In the Linux kernel, the following vulnerability has been resolved: arm64: mm: Handle invalid large leaf mappings correctly It has been possible for a long time to mark ptes in the linear map as invalid. This is done for secretmem, kfence, realm dma memory un/share, and others, by simply clearing...

DEBIAN-CVE-2026-31600

In the Linux kernel, the following vulnerability has been resolved: arm64: mm: Handle invalid large leaf mappings correctly It has been possible for a long time to mark ptes in the linear map as invalid. This is done for secretmem, kfence, realm dma memory un/share, and others, by simply clearing...

CVE-2026-31593

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU Reject synchronizing vCPU state to its associated VMSA if the vCPU has already been launched, i.e. if the VMSA has already been encrypted. On a host wit...

DEBIAN-CVE-2026-31573

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Fix kernel panic due to initconst misuse Fix a kernel panic when probing the driver as a module: Unable to handle kernel paging request at virtual address ffffd9c18eb05000 offindmatchingnodeandmatch+0x5c/0x1a0...

CVE-2026-31542

In the Linux kernel, the following vulnerability has been resolved: x86/platform/uv: Handle deconfigured sockets When a socket is deconfigured, it's mapped to SOCKEMPTY 0xffff. This causes a panic while allocating UV hub info structures. Fix this by using NUMANONODE, allowing UV hub info structur...

CVE-2026-31600 arm64: mm: Handle invalid large leaf mappings correctly

In the Linux kernel, the following vulnerability has been resolved: arm64: mm: Handle invalid large leaf mappings correctly It has been possible for a long time to mark ptes in the linear map as invalid. This is done for secretmem, kfence, realm dma memory un/share, and others, by simply clearing...

CVE-2026-31600

Summary of CVE-2026-31600 : Linux kernel arm64 memory management vulnerability where invalid large leaf mappings could cause a kernel panic due to mis-handling of cleared PTE_VALID bits. Publicly disclosed details describe the root cause in arm64 mm: handling invalid large leaf mappings and the o...

CVE-2026-31593

CVE-2026-31593 is a Linux kernel KVM SEV SNP issue. The vulnerability arises when updating an already-launched and encrypted vCPU state: attempting to sync the vCPU's VMSA can trigger an SEV-SNP cryptographic memory protection (RMP) violation, causing a host panic/DoS. Technical details across mu...

EUVD-2026-25486

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU Reject synchronizing vCPU state to its associated VMSA if the vCPU has already been launched, i.e. if the VMSA has already been encrypted. On a host wit...

EUVD-2026-25466

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Fix kernel panic due to initconst misuse Fix a kernel panic when probing the driver as a module: Unable to handle kernel paging request at virtual address ffffd9c18eb05000 offindmatchingnodeandmatch+0x5c/0x1a0...

CVE-2026-31573 media: verisilicon: Fix kernel panic due to __initconst misuse

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Fix kernel panic due to initconst misuse Fix a kernel panic when probing the driver as a module: Unable to handle kernel paging request at virtual address ffffd9c18eb05000 offindmatchingnodeandmatch+0x5c/0x1a0...