CVE-2026-22982

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix crash when adding interface under a lag Commit 15faa1f67ab4 "lan966x: Fix crash when adding interface under a lag" fixed a similar issue in the lan966x driver caused by a NULL pointer dereference. The...

CVE-2026-22987

In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: avoid dereferencing ERRPTR in tcfidrinfodestroy syzbot reported a crash in tcactinhw during netns teardown where tcfidrinfodestroy passed an ERRPTR-EBUSY value as a tcaction pointer, leading to an invalid...

CVE-2026-22982 net: mscc: ocelot: Fix crash when adding interface under a lag

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix crash when adding interface under a lag Commit 15faa1f67ab4 "lan966x: Fix crash when adding interface under a lag" fixed a similar issue in the lan966x driver caused by a NULL pointer dereference. The...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004874)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004874 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in stigdpatomiccheck The return value of...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004916)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004916 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers The return value of drmatomicgetcrtcstate...

CVE-2026-23955

EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwing errors. This results in pointers arithmetic instead of printing the integer value as expected, like most of interpreted languages. This can be...

Azure Linux 3.0 Security Update: kernel (CVE-2024-58002)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-58002 advisory. - In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Remove dangling pointer...

Azure Linux 3.0 Security Update: kernel (CVE-2024-58098)

"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-58098 advisory. - In the Linux kernel, the following vulnerability has been resolved: bpf: track changespktdata property for...

Azure Linux 3.0 Security Update: kernel (CVE-2024-58237)

"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-58237 advisory. - In the Linux kernel, the following vulnerability has been resolved: bpf: consider that tail calls invalidat...

CLSA-2026-1768589696 ImageMagick: Fix of CVE-2025-55160

CVE-2025-55160: fix function pointer type mismatch in Clone functions...

MiracleLinux 9 : kernel-5.14.0-362.24.1.el9_3 (AXSA:2024-7637:09)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7637:09 advisory. kernel: inactive elements in nftpipapowalk CVE-2023-6817 kernel: netfilter: use-after-free in nfttransgccatchallsync leads to privilege escalation...

ImageMagick security vulnerabilities

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-13 contained security vulnerabilities, which stemmed from improper initialization of buffers,...

kernel: scsi: ses: Fix possible desc_ptr out-of-bounds accesses

A bounds-checking flaw was found in the Linux kernel Small Computer System Interface Enclosure Services driver in the way descriptor pointers are validated while processing enclosure data. Missing checks could allow an out-of-bounds access during parsing. A local user could use this flaw to crash...

SUSE CVE-2025-71130

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Zero-initialize the eb.vma array in i915gemdoexecbuffer Initialize the eb.vma array with values of 0 when the eb structure is first set up. In particular, this sets the eb-vmai.vma pointers to NULL, simplifying...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004777)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004777 advisory. kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain ORNULL...

media: vidtv: initialize local pointers upon transfer of memory ownership

...

PT-2026-3059

Name of the Vulnerable Software and Affected Versions Ludashi driver versions prior to 5.1025 Description A local information disclosure issue exists in the Ludashi driver due to insufficient access control within the IOCTL handler. The driver provides a device interface accessible to standard...

UBUNTU-CVE-2025-71130

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Zero-initialize the eb.vma array in i915gemdoexecbuffer Initialize the eb.vma array with values of 0 when the eb structure is first set up. In particular, this sets the eb-vmai.vma pointers to NULL, simplifying...

CVE-2025-71130

CVE-2025-71130 affects the Linux kernel drm/i915/gem path. The vulnerability was fixed by zero-initializing the eb.vma array (eb->vma[i].vma) to NULL when the eb structure is set up, ensuring all entries start NULL and are properly cleared if eb_add_vma() or related steps fail. The fix prevent...

CVE-2025-71125 tracing: Do not register unsupported perf events

In the Linux kernel, the following vulnerability has been resolved: tracing: Do not register unsupported perf events Synthetic events currently do not have a function to register perf events. This leads to calling the tracepoint register functions with a NULL function pointer which triggers:...