Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of verification of the vcc pointer in the sigdsend function. This vulnerability could le...

CVE-2026-31411

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigdsend Reproducer available at 1. The ATM send path sendmsg - vccsendmsg - sigdsend reads the vcc pointer from msg-vcc and uses it directly without any validation. This...

PT-2026-31306

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the ATM send path sendmsg - vcc sendmsg - sigd send. The system reads the vcc pointer from msg-vcc without validation, and this pointer originates fro...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006725)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006725 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by...

Linux Distros Unpatched Vulnerability : CVE-2026-31411

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: atm: fix crash due to unvalidated vcc pointer in sigdsend Reproducer available at 1. The ATM send path sendmsg - vccsendmsg - sigdsend reads the vcc point...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006821)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006821 advisory. In the Linux kernel, the following vulnerability has been resolved: vfio/fsl-mc: Block calling interrupt handler without trigger The eventfdctx trigger pointer of th...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006672)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006672 advisory. In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in atatlinkadd In atatlinkadd, the return value of...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006619)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006619 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/cxgb4: Fix potential null-ptr-deref in passestablish If getepfromtid fails to lookup non-NUL...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006769)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006769 advisory. In the Linux kernel, the following vulnerability has been resolved: pcmcia: Fix a NULL pointer dereference in iodynfindioregion In iodynfindioregion,...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006650)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006650 advisory. In the Linux kernel, the following vulnerability has been resolved: rtc: cmos: Fix event handler registration ordering issue Because acpiinstallfixedeventhandler...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006800)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006800 advisory. In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SETIRQS ioctl currently allows...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006711)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006711 advisory. A race condition was found in the Linux kernel's scsi device driver in lpfcunregisterfcfrescan function. This can result in a null pointer dereference issue, possibl...

PT-2026-32542

Name of the Vulnerable Software and Affected Versions jq affected versions not specified Description The strindices builtin in src/builtin.c passes arguments to jv string indexes in src/jv.c without verifying they are strings. Because jv string indexes relies on assert checks that are removed in...

SUSE CVE-2026-28388

Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application...

SUSE CVE-2026-28389

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of...

SUSE CVE-2026-34588

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...

SUSE CVE-2026-34589

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. Fo...

freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()

A null pointer dereference has been discovered in FreeRDP. A NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the delta CRL processing when the required CRLNumber extension is missing. An attacker can cause an application crash by supplying a specially crafted malformed CRL file. Note: This is only exploitable if the...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CMSdecrypt function. An attacker can cause a crash by submitting a specially crafted CMS EnvelopedData message with a missing optional parameters field in the KeyEncryptionAlgorithmIdentifier, leading to ...