SUSE CVE-2026-9503

A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwgnextentity of the file src/decode.c of the component DWG File Handler. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been releas...

SUSE CVE-2026-9529

A security flaw has been discovered in GNU LibreDWG up to 0.14. The affected element is the function matchBLOCKHEADER of the file dwggrep.c of the component Dwggrep Utility. Performing a manipulation results in null pointer dereference. The attack requires a local approach. The exploit has been...

CVE-2026-46098 net: caif: clear client service pointer on teardown

In the Linux kernel, the following vulnerability has been resolved: net: caif: clear client service pointer on teardown caifconnect can tear down an existing client after remote shutdown by calling caifdisconnectclient followed by caiffreeclient. caiffreeclient releases the service layer referenc...

CVE-2026-46098

CVE-2026-46098 affects the Linux kernel’s CAIF net subsystem. The issue arises when caif_connect() tears down a client via caif_disconnect_client() and caif_free_client(), where caif_free_client() releases the service layer pointer (adap_layer->dn) but leaves the pointer stale. If the socket i...

EUVD-2026-32481

In the Linux kernel, the following vulnerability has been resolved: net: caif: clear client service pointer on teardown caifconnect can tear down an existing client after remote shutdown by calling caifdisconnectclient followed by caiffreeclient. caiffreeclient releases the service layer referenc...

CVE-2026-46098

In the Linux kernel, the following vulnerability has been resolved: net: caif: clear client service pointer on teardown caifconnect can tear down an existing client after remote shutdown by calling caifdisconnectclient followed by caiffreeclient. caiffreeclient releases the service layer referenc...

CVE-2026-46087

In the Linux kernel, the following vulnerability has been resolved: mm/damon/stat: fix memory leak on damonstart failure in damonstatstart Destroy the DAMON context and reset the global pointer when damonstart fails. Otherwise, the context allocated by damonstatbuildctx is leaked, and the stale...

EUVD-2026-32470

In the Linux kernel, the following vulnerability has been resolved: mm/damon/stat: fix memory leak on damonstart failure in damonstatstart Destroy the DAMON context and reset the global pointer when damonstart fails. Otherwise, the context allocated by damonstatbuildctx is leaked, and the stale...

CVE-2026-46087 mm/damon/stat: fix memory leak on damon_start() failure in damon_stat_start()

In the Linux kernel, the following vulnerability has been resolved: mm/damon/stat: fix memory leak on damonstart failure in damonstatstart Destroy the DAMON context and reset the global pointer when damonstart fails. Otherwise, the context allocated by damonstatbuildctx is leaked, and the stale...

CVE-2026-46087

CVE-2026-46087 : In the Linux kernel, the memory leak in mm/damon/stat was fixed by destroying the DAMON context and resetting the global pointer when damon_start() fails, preventing the ctx from leaking and the stale damon_stat_context pointer from being overwritten on the next enable. The fix t...

EUVD-2026-32469

In the Linux kernel, the following vulnerability has been resolved: net: bridge: use a stable FDB dst snapshot in RCU readers Local FDB entries can be rewritten in place by fdbdeletelocal, which updates f-dst to another port or to NULL while keeping the entry alive. Several bridge RCU readers...

CVE-2026-46086

In the Linux kernel, the following vulnerability has been resolved: net: bridge: use a stable FDB dst snapshot in RCU readers Local FDB entries can be rewritten in place by fdbdeletelocal, which updates f-dst to another port or to NULL while keeping the entry alive. Several bridge RCU readers...

CVE-2026-46081 crypto: acomp - fix wrong pointer stored by acomp_save_req()

In the Linux kernel, the following vulnerability has been resolved: crypto: acomp - fix wrong pointer stored by acompsavereq acompsavereq stores &req-chain in req-base.data. When acompreqchaindone is invoked on asynchronous completion, it receives &req-chain as the data argument but casts it...

CVE-2026-46081

CVE-2026-46081 is a Linux kernel vulnerability in the crypto/acomp subsystem. The issue arises when an asynchronous hardware implementation (e.g., QAT) completes a request using the DMA virtual address interface, causing acomp_save_req() to store a pointer to the wrong object in req->base.data...

CVE-2026-46081

In the Linux kernel, the following vulnerability has been resolved: crypto: acomp - fix wrong pointer stored by acompsavereq acompsavereq stores &req-chain in req-base.data. When acompreqchaindone is invoked on asynchronous completion, it receives &req-chain as the data argument but casts it...

CVE-2026-46079

In the Linux kernel, the following vulnerability has been resolved: rbd: fix null-ptr-deref when deviceadddisk fails dorbdadd publishes the device with deviceadd before calling deviceadddisk. If deviceadddisk fails after deviceadd succeeds, the error path calls rbdfreedisk directly and then later...

EUVD-2026-32462

In the Linux kernel, the following vulnerability has been resolved: rbd: fix null-ptr-deref when deviceadddisk fails dorbdadd publishes the device with deviceadd before calling deviceadddisk. If deviceadddisk fails after deviceadd succeeds, the error path calls rbdfreedisk directly and then later...

CVE-2026-46079

CVE-2026-46079 (Linux kernel) : The issue arises in Ceph RBD integration where do_rbd_add() publishes a device with device_add() before calling device_add_disk(). If device_add_disk() fails after device_add() succeeds, the error path tears down with rbd_free_disk() and later rbd_dev_device_releas...

CVE-2026-46079 rbd: fix null-ptr-deref when device_add_disk() fails

In the Linux kernel, the following vulnerability has been resolved: rbd: fix null-ptr-deref when deviceadddisk fails dorbdadd publishes the device with deviceadd before calling deviceadddisk. If deviceadddisk fails after deviceadd succeeds, the error path calls rbdfreedisk directly and then later...

CVE-2026-46079

In the Linux kernel, the following vulnerability has been resolved: rbd: fix null-ptr-deref when deviceadddisk fails dorbdadd publishes the device with deviceadd before calling deviceadddisk. If deviceadddisk fails after deviceadd succeeds, the error path calls rbdfreedisk directly and then later...