Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002131)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002131 advisory. Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service use-after-free by leveraging...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the processing of XML catalogs containing repeated elements. An attacker can cause excessive CPU consumption and degrade application availability by supplying specially crafted XM...

PT-2026-3107

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 21.2R3-S9 Juniper Networks Junos OS versions 21.4 before 21.4R3-S10 Juniper Networks Junos OS versions 22.2 before 22.2R3-S7 Juniper Networks Junos OS versions 22.3 before 22.3R3-S4 Juniper Networks...

PT-2026-3125

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS Evolved versions prior to 21.4R3-S7-EVO Juniper Networks Junos OS Evolved versions 22.2 through 22.2R3-S4-EVO Juniper Networks Junos OS Evolved versions 22.3 through 22.3R3-S3-EVO Juniper Networks Junos OS Evolved...

PT-2026-3093

Name of the Vulnerable Software and Affected Versions Svelte devalue versions 5.1.0 through 5.6.1 Description Certain inputs can cause the devalue.parse function to consume excessive CPU time and/or memory, potentially leading to a denial of service. This affects applications using devalue.parse ...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002898)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002898 advisory. In the flushtmregstothread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001911)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001911 advisory. Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service use-after-free by leveraging...

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the decompression chain. An attacker can cause high CPU usage and excessive memory allocation by...

CVE-2026-22036

Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...

CVE-2025-71142

In the Linux kernel, the following vulnerability has been resolved: cpuset: fix warning when disabling remote partition A warning was triggered as follows: WARNING: kernel/cgroup/cpuset.c:1651 at remotepartitiondisable+0xf7/0x110 RIP: 0010:remotepartitiondisable+0xf7/0x110 RSP:...

UBUNTU-CVE-2025-71115

In the Linux kernel, the following vulnerability has been resolved: um: init cputasks earlier This is currently done in umlfinishsetup, but e.g. with KCOV enabled we'll crash because some init code can call into e.g. memparse, which has coverage annotations, and then the checks in checkkcovmode...

CVE-2025-71119

In the Linux kernel, the following vulnerability has been resolved: powerpc/kexec: Enable SMT before waking offline CPUs If SMT is disabled or a partial SMT state is enabled, when a new kernel image is loaded for kexec, on reboot the following warning is observed: kexec: Waking offline cpu 228...

CVE-2025-71142

In the Linux kernel, the following vulnerability has been resolved: cpuset: fix warning when disabling remote partition A warning was triggered as follows: WARNING: kernel/cgroup/cpuset.c:1651 at remotepartitiondisable+0xf7/0x110 RIP: 0010:remotepartitiondisable+0xf7/0x110 RSP:...

CVE-2025-71119 powerpc/kexec: Enable SMT before waking offline CPUs

In the Linux kernel, the following vulnerability has been resolved: powerpc/kexec: Enable SMT before waking offline CPUs If SMT is disabled or a partial SMT state is enabled, when a new kernel image is loaded for kexec, on reboot the following warning is observed: kexec: Waking offline cpu 228...

Denial-of-Service (DoS)

Marshmallow is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to inefficient processing in Schema.loaddata, many=True, where moderately sized inputs can trigger excessive CPU consumption, allowing attackers to degrade service availability through crafted requests...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001720)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001720 advisory. With shadow paging enabled, the INVPCID instruction results in a call to kvmmmuinvpcidgva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and t...

CVE-2025-58411 GPU DDK - Reservation::psMappedPMR can change while used by a freelist -> UAF

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources reference counting creating a potential use after free scenario. Improper resource management and reference counting on an internal resource caused scenario where potentia...

CVE-2025-58409 GPU DDK - Disguised freelist buffers passed to RGXCreateHWRTDataSet can cause arbitrary physical memory writes corrupting memory

Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kern...

CVE-2025-25176

The CVE-2025-25176 entry pertains to Imagination Graphics DDK GPU driver vulnerabilities; described issue is exfiltration of intermediate register values from secure workloads into non-secure world when scheduled by applications in the non-secure environment. Affected component: GPU driver/SDK (I...

CVE-2025-25176 GPU DDK - GPU Register value contents leaked from secure workloads to non-secure world

Intermediate register values of secure workloads can be exfiltrated in workloads scheduled from applications running in the non-secure environment of a platform...