656 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-44362
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology...
DEBIAN-CVE-2026-44362
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20.0 and prior to version 4.11.0, a vulnerability in OP-TEE’s subkey rollback protection allows the use of revoked ...
CVE-2026-44362
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20.0 and prior to version 4.11.0, a vulnerability in OP-TEE’s subkey rollback protection allows the use of revoked ...
EUVD-2026-41911
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20.0 and prior to version 4.11.0, a vulnerability in OP-TEE’s subkey rollback protection allows the use of revoked ...
CVE-2026-44362
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20.0 and prior to version 4.11.0, a vulnerability in OP-TEE’s subkey rollback protection allows the use of revoked ...
CVE-2026-44362
OP-TEE (trusted execution environment for Arm TrustZone) has a vulnerability in subkey rollback protection affecting versions 3.20.0 through 4.10.x; during TA loading, shdr_load_pub_key() fails to propagate subkey_version into the runtime structure, so key->version stays zero. When check_updat...
CVE-2026-44362 OP-TEE's subkey rollback protection can be bypassed with older subkey versions
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20.0 and prior to version 4.11.0, a vulnerability in OP-TEE’s subkey rollback protection allows the use of revoked ...
PT-2026-55976
Name of the Vulnerable Software and Affected Versions OP-TEE versions 3.20.0 through 4.10.x Description OP-TEE is a Trusted Execution Environment TEE designed as a companion to a non-secure Linux kernel running on Arm Cortex-A cores using TrustZone technology. A flaw in the subkey rollback...
CVE-2026-53348
In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: fix NULL pointer dereference in sdcadevunregisterfunctions sdcadevunregisterfunctions iterates over all SDCA function descriptors and calls sdcadevunregister on each funcdev without checking for NULL. When a function...
UBUNTU-CVE-2026-53348
In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: fix NULL pointer dereference in sdcadevunregisterfunctions sdcadevunregisterfunctions iterates over all SDCA function descriptors and calls sdcadevunregister on each funcdev without checking for NULL. When a function...
EUVD-2026-40982
In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: fix NULL pointer dereference in sdcadevunregisterfunctions sdcadevunregisterfunctions iterates over all SDCA function descriptors and calls sdcadevunregister on each funcdev without checking for NULL. When a function...
CVE-2026-53348
CVE-2026-53348 concerns the Linux kernel ASoC SDCA subsystem. A NULL pointer dereference in sdca_dev_unregister_functions (due to func_dev entries that may be NULL when cleanup occurs) could trigger a kernel oops during device cleanup. The issue arises when a function registration partially fails...
CVE-2026-49319
CVE-2026-49319 concerns a roll-back attack on a Remote Keyless Entry System (RKES) using the 433 MHz key fob with FCC ID CWTR53R0 from ALPS ALPINE CO., LTD. The described vulnerability allows an attacker within RF range to record two consecutive lock/unlock transmissions and replay them to cause ...
PT-2026-52445
Name of the Vulnerable Software and Affected Versions Remote Keyless Entry System RKES using 433 MHz key fob FCC ID CWTR53R0 affected versions not specified Description The system is susceptible to a roll-back attack targeting its rolling-code authentication. An attacker within radio frequency...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net: octeonep VF: Fixed the issue where the devid used in the freeirq function did not match the original devid during the IRQ rollback process. The octepvfrequestirqs function requests MSI-X queues for IRQs using ioqvector as th...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: In hns3setringparam, a temporary copy of the ring structure tmprings is created for rollback purposes. However, the txspare pointer in the original ring handle points incorrectly to the old backup memory. Later, if memory...
CVE-2026-52929
In the Linux kernel, the following vulnerability has been resolved: sctp: stream: fully roll back denied add-stream state When ADDOUTSTREAMS is denied, SCTP only shrinks the queued chunks and then lowers outcnt. That leaves removed stream metadata behind, so a later re-add can reuse a stale ext a...
CVE-2026-52929
In the Linux kernel, the following vulnerability has been resolved: sctp: stream: fully roll back denied add-stream state When ADDOUTSTREAMS is denied, SCTP only shrinks the queued chunks and then lowers outcnt. That leaves removed stream metadata behind, so a later re-add can reuse a stale ext a...
EUVD-2026-38699
In the Linux kernel, the following vulnerability has been resolved: sctp: stream: fully roll back denied add-stream state When ADDOUTSTREAMS is denied, SCTP only shrinks the queued chunks and then lowers outcnt. That leaves removed stream metadata behind, so a later re-add can reuse a stale ext a...
CVE-2026-52929
The CVE affects the Linux kernel SCTP stream handling. When ADD_OUT_STREAMS is denied, the rollback only shrinks queued chunks and lowers outcnt, leaving removed stream metadata behind. A subsequent re-add can reuse a stale ext and trigger a null-pointer dereference in the scheduler get path, pot...