SUSE-SU-2026:0163-1 Security update for the Linux Kernel (Live Patch 36 for SUSE Linux Enterprise 15 SP4)

This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.150 fixes various security issues The following security issues were fixed: - CVE-2022-50233: bluetooth: device name can cause reading kernel memory by not supplying terminal \0 bsc1249242. - CVE-2022-50327: ACPI: processor: idle:...

SUSE-SU-2026:0154-1 Security update for the Linux Kernel (Live Patch 63 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise kernel 4.12.14-122.237 fixes various security issues The following security issues were fixed: - CVE-2022-50233: bluetooth: device name can cause reading kernel memory by not supplying terminal \0 bsc1249242. - CVE-2022-50327: ACPI: processor: idle: Check...

gpsd: gpsd: Denial of Service due to malformed NAVCOM packet parsing

A flaw was found in gpsd. A remote attacker can exploit this vulnerability by sending a specially crafted NAVCOM packet. When parsing the packet, an error in calculating the payload length can cause the system to attempt to process an extremely large amount of data. This leads to excessive CPU...

SUSE CVE-2025-71121

In the Linux kernel, the following vulnerability has been resolved: parisc: Do not reprogram affinitiy on ASP chip The ASP chip is a very old variant of the GSP chip and is used e.g. in HP 730 workstations. When trying to reprogram the affinity it will crash with a HPMC as the relevant registers...

MiracleLinux 8 : microcode_ctl-20190618-1.20191115.3.el8 (AXEA:2020-144:03)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXEA:2020-144:03 advisory. - Insufficient access control in protected memory subsystem for IntelR SGX for 6th, 7th, 8th, 9th Generation IntelR CoreTM Processor Families; IntelR...

ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value

...

CVE-2026-22036

A flaw was found in Undici, an HTTP/1.1 client for Node.js. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP response with an unbounded number of links in the decompression chain. This could lead to high CPU usage and excessive memory allocation, resulting in...

SUSE CVE-2025-71140

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Use spinlock for context list protection lock Previously a mutex was added to protect the encoder and decoder context lists from unexpected changes originating from the SCP IP block, causing the context...

SimFuzz: Similarity-Guided Block-Level Mutation for RISC-V Processor Fuzzing

The Instruction Set Architecture ISA defines processor operations and serves as the interface between hardware and software. As an open ISA, RISC-V lowers the barriers to processor design and encourages widespread adoption, but also exposes processors to security risks such as functional bugs...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004756)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004756 advisory. A NULL pointer dereference flaw was found in the Linux kernels KVM module, which can lead to a denial of service in the x86emulateinsn in arch/x86/kvm/emulate.c. Thi...

MiracleLinux 4 : kernel-2.6.32-754.14.2.el6 (AXSA:2019-3892:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3892:03 advisory. A flaw was found in the implementation of the fill buffer, a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker...

MiracleLinux 4 : qemu-kvm-0.12.1.2-2.506.AXS4.3 (AXSA:2019-3878:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3878:01 advisory. A flaw was found in the implementation of the fill buffer, a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000793)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000793 advisory. Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service use-after-free by leveraging...

MiracleLinux 7 : kernel-3.10.0-957.12.2.el7 (AXSA:2019-3891:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3891:04 advisory. A flaw was found in the implementation of the fill buffer, a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker...

devalue vulnerable to denial of service due to memory/CPU exhaustion in devalue.parse

Summary Certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse input from untrusted sources. This affects applications using devalue.parse on externally-supplied data. The root cause is the ArrayBuffer...

CVE-2026-21914

CVE-2026-21914 describes an Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series. A specially crafted GTP Modify Bearer Request can cause a lock to be acquired and never released, preventing other threads from acquiring it, triggering a watchdog timeout and ...

CVE-2026-21914 Junos OS: SRX Series: A specifically malformed GTP message will cause an FPC crash

An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service Dos. If an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol GTP Modify Bearer Request message, ...

CVE-2026-21911

CVE-2026-21911 affects Juniper Networks Junos OS Evolved via an Incorrect Calculation in the Layer 2 Control Protocol Daemon (l2cpd). An unauthenticated, network-adjacent attacker can flap the management interface to disrupt MAC learning over label-switched interfaces (LSI). Impact described in t...

CVE-2026-0992

CVE-2026-0992 in libxml2 describes an uncontrolled resource consumption vulnerability. A remote attacker can supply crafted XML catalogs containing repeated elements pointing to the same downstream catalog, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU us...

spi: fsl-cpm: Check length parity before switching to 16 bit mode

...