SUSE CVE-2025-71302

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: fix for dma-fence safe access rules Commit 506aa8b02a8d6 "dma-fence: Add safe access helpers and document the rules" details the dma-fence safe access rules. The most common culprit is that drmschedfencegettimelinena...

SUSE CVE-2026-43466

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery In case of a TX error CQE, a recovery flow is triggered, mlx5eresettxqsqccpc resets dmafifocc to 0 but not dmafifopc, desyncing the DMA FIFO producer and consumer. After...

IBM MQ 9.1 < 9.1.0.34 LTS / 9.2 < 9.2.0.41 LTS / 9.3 < 9.3.0.37 LTS / 9.3 < 9.4.5.0 CD / 9.4 LTS / 9.4.5.0 (7269378)

The version of IBM MQ Server running on the remote host is affected by multiple vulnerabilities as referenced in the 7269378 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: RMI. Supported versions that...

CVE-2026-31235

The CVE-2026-31235 issue affects the imgaug library up to version 0.4.0, specifically the BackgroundAugmenter class in multicore.py. The vulnerability arises from deserializing data with Python pickle via a multiprocessing queue in the _augment_images_worker method without safety checks. An attac...

PT-2026-40122

The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses Python's pickle module to deserialize data received via a multiprocessing queue in the augment images worker method without any safety...

CVE-2026-31235

The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses Python's pickle module to deserialize data received via a multiprocessing queue in the augmentimagesworker method without any safety...

openSUSE 16 Security Update : tor (openSUSE-SU-2026:20709-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20709-1 advisory. Changes in tor: - Update to 0.4.9.8 Fix out-of-bounds read boo1264341, CVE-2026-44597, TROVE-2026-011 Do not attempt or accept BEGINDIR via...

Linux kernel x25_queue_rx_frame function memory misreference vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel. The vulnerability stems from a call to kfreeskb when allocskb fails in x25queuerxframe, which can be exploited b...

SUSE CVE-2026-43174

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix post open error handling Closing a queue doesn't guarantee that all associated page pools are terminated right away, let the refcounting do the work instead of releasing the zcrx ctx directly...

SUSE CVE-2026-43195

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate user queue size constraints Add validation to ensure user queue sizes meet hardware requirements: - Size must be a power of two for efficient ring buffer wrapping - Size must be at least AMDGPUGPUPAGESIZE to...

CVE-2026-43468

A flaw was found in the net/mlx5 component of the Linux kernel. This vulnerability involves a deadlock condition that can occur when the eswitchmodeset function attempts to acquire a devlink lock while the esw-workqueue is executing and also trying to acquire the same lock. This concurrent lock...

CVE-2026-43444

A flaw was found in the Linux kernel's drm/amdkfd component. This vulnerability arises from improper error handling where a buffer object bo is not released if a queue update fails. This could lead to a resource leak, potentially causing system instability or a denial of service DoS for a local...

CVE-2026-43442

A flaw was found in the Linux kernel's iouring subsystem. An incorrect bounds check for 128-byte Submission Queue Entry SQE operations, when IORINGSETUPSQEMIXED is used without IORINGSETUPNOSQARRAY, allows an unprivileged local user to remap logical SQE positions to arbitrary physical indices. Th...

CVE-2026-43400

A flaw was found in the Linux kernel's drm/amdgpu module. A local user could exploit this vulnerability by providing excessively large input values to the amdgpuuserqsignalioctl function. This lack of proper input validation can lead to an Out-Of-Memory OOM condition, causing a Denial of Service...

CVE-2026-43382

A flaw was found in the batman-adv module of the Linux kernel. This vulnerability occurs when the batadvvelpgetthroughput function attempts to acquire a network lock RTNL lock that is already held, particularly during the cancellation of a work queue item. This can lead to a deadlock, causing a...

Zebra has Permanent Block Discovery Halt via Gossip Queue Saturation and Syncer Poisoning

Summary A composite denial-of-service vulnerability in Zebra's block discovery pipeline allows an unauthenticated remote attacker to permanently halt all new block discovery on a targeted node. The attack exploits three independent weaknesses in the gossip, syncer, and download subsystems — all...

CVE-2026-43296

A flaw was found in the Linux kernel's octeontx2-af driver. This vulnerability arises from issues within the NIX SQ Send Queue manager's sticky mode and the PSE Packet Stream Engine, which can lead to system stalls, deadlocks, and credit drops. When multiple Send Queues share a Send Message Queue...

EUVD-2026-28777

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix possible NULL pointer dereference in ufshcdaddcommandtrace The kernel log indicates a crash in ufshcdaddcommandtrace, due to a NULL pointer dereference when accessing hwq-id. This can happen if...

EUVD-2026-28757

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: fix entry leak in bridge verdict error path nfqnlrecvverdict calls finddequeueentry to remove the queue entry from the queue data structures, taking ownership of the entry. For PFBRIDGE packets, it then...

EUVD-2026-28750

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Unreserve bo if queue update failed Error handling path should unreserve bo then return failed. cherry picked from commit c24afed7de9ecce341825d8ab55a43a254348b33...