CVE-2026-46176

The CVE-2026-46176 issue affects the Linux kernel RDMA mlx5 path (mlx5_ib_dev_res_srq_init): when ib_create_srq() fails for s1, the error path can end up with freed s0 and ERR_PTR s1 assigned to devr->s0/devr->s1, leading to use-after-free/double-free risk in subsequent access. The fix adds...

PT-2026-44250

In the Linux kernel, the following vulnerability has been resolved: RDMA/ocrdma: Don't NULL deref uctx on errors in ocrdma copy pd uresp Sashiko points out that pd-uctx isn't initialized until late in the function so all these error flow references are NULL and will crash. Use the uctx that isn't...

EUVD-2025-11221

Malicious code in bioql PyPI...

EUVD-2023-23779

Malicious code in bioql PyPI...

RLSA-2025:12662 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: padata: fix UAF in padatareorder CVE-2025-21727 kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtphidremove CVE-2025-21928 kernel: HID: intel-ish-hid: Fix use-after-free issue ...

Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005568 fixes several issues. The following security issues were fixed: CVE-2024-53146: NFSD: Prevent a potential integer overflow bsc1234854. CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability bsc1235005. CVE-2024-53173:...

CVE-2025-38022

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix "KASAN: slab-use-after-free Read in ibregisterdevice" problem Call Trace: dumpstack lib/dumpstack.c:94 inline dumpstacklvl+0x116/0x1f0 lib/dumpstack.c:120 printaddressdescription mm/kasan/report.c:408 inline...

CVE-2025-22085 RDMA/core: Fix use-after-free when rename device name

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix use-after-free when rename device name Syzbot reported a slab-use-after-free with the following call trace: ================================================================== BUG: KASAN: slab-use-after-free in...

UBUNTU-CVE-2025-21888

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix a WARN during deregmr for DM type Memory regions MR of type DM device memory do not have an associated umem. In the mlx5ibderegmr - mlx5freeprivdescs flow, the code incorrectly takes the wrong branch, attempting to...

UBUNTU-CVE-2024-47750

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix Use-After-Free of rsvqp on HIP08 Currently rsvqp is freed before ibunregisterdevice is called on HIP08. During the time interval, users can still dereg MR and rsvqp will be used in this process, leading to a UAF. Mo...

Ubuntu 20.04 LTS / 22.04 LTS : QEMU regression (USN-6567-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6567-2 advisory. USN-6567-1 fixed vulnerabilities QEMU. The fix for CVE-2023-2861 was too restrictive and introduced a behaviour change leading to a regression in...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : qemu (SUSE-SU-2024:1103-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1103-1 advisory. - A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw...

EulerOS 2.0 SP9 : qemu (EulerOS-SA-2023-2906)

According to the versions of the qemu package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands whe...

Ubuntu: Security Advisory (USN-6567-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6567-1: QEMU vulnerabilities

Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI controller device. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2020-14394 It w...

NewStart CGSL MAIN 6.06 : qemu Multiple Vulnerabilities (NS-SA-2023-0132)

The remote NewStart CGSL host, running version MAIN 6.06, has qemu packages installed that are affected by multiple vulnerabilities: - In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 fixed, when executing script in...

Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2023-2906)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : qemu (SUSE-SU-2023:3721-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3721-1 advisory. - hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an...

SUSE SLES15 Security Update : qemu (SUSE-SU-2023:0840-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0840-1 advisory. - An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request...

EulerOS Virtualization 2.9.1 : qemu (EulerOS-SA-2022-1598)

According to the versions of the qemu package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue...