CVE-2026-34194

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of a mapping state maintained for a sparse memory allocation. The product accidentally refers to the wrong memory due to the semantics of how math operations are implicitly scaled acro...

SUSE CVE-2026-46144

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Fix error unwind in manaibcreateqprss Sashiko points out that manaibcfgvportsteering is leaked, the normal destroy path cleans it up...

EUVD-2026-32771

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Fix error unwind in manaibcreateqprss Sashiko points out that manaibcfgvportsteering is leaked, the normal destroy path cleans it up...

CVE-2026-46126

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Fix manadestroywqobj cleanup in manaibcreateqprss Sashiko points out there are two bugs here in the error unwind flow, both related to how the WQ table is unwound. First there is a double i-- on the first failure path...

CVE-2026-46117

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Remove user triggerable WARNON in manaibcreateqprss Sashiko points out that the user can specify WQs sharing the same CQ as a part of the uAPI and this will trigger the WARNON then go on to corrupt the kernel. Just...

RDMA/mana_ib: Disable RX steering on RSS QP destroy

...

CVE-2026-45881

A flaw was found in the MediaTek SVS System Voltage Scaling driver within the Linux kernel. A memory leak occurs in the svsenabledebugwrite function when a buffer, allocated during a debug write operation, is not properly freed if an integer conversion fails. This vulnerability could allow a loca...

PT-2026-44267

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An error unwind issue exists in the RDMA mana component. Specifically, the mana ib create qp rss function fails to properly...

CVE-2026-46084

In the Linux kernel, the following vulnerability has been resolved: RDMA/manaib: Disable RX steering on RSS QP destroy When an RSS QP is destroyed e.g. DPDK exit, manaibdestroyqprss destroys the RX WQ objects but does not disable vPort RX steering in firmware. This leaves stale steering...

CVE-2026-46084

The CVE-2026-46084 issue resides in Linux kernel RDMA/mana_ib handling: when an RSS QP is destroyed, mana_ib_destroy_qp_rss() clears RX WQ objects but fails to disable vPort RX steering in firmware, leaving stale steering configs that may route completions to old RX objects. If traffic persists a...

State of SDLC Security 2026: How Risk Scales in Modern Development

Insights from real-world environments into how code, developer tooling, automation, and AI are reshaping application security...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed the null check for pipectx-planestate in resourcebuildscalingparams. A null pointer dereference issue could occur when pipectx-planestate is null. The fix adds a check to ensure that ‘pipectx-planestate’ is...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM – Check instead of asserting on nested TSC scaling support Check for nested TSC scaling support on nested SVM VMRUN instead of asserting that TSC scaling is exposed to L1 if L1’s MSRAMD64TSCRATIO has diverged from KVM’s...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: msm8998: Fixed the latency and residency issues during CPU/L2 idle states. The entry/exit latency and minimum residency in the idle states of the MSM8998 device were problematic. Firstly, the timings were set fo...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: virtionet: Do not send RSS commands if the feature is not available on the device. There is a bug when setting RSS options in virtionet that can cause the entire machine to become unstable, leading to an infinite loop in the...

Astra Linux - уязвимость в linux-6.1, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: cpufreq: scmi: Fixed a nullptrderef in scmicpufreqgetrate. The cpufreqcpugetraw function may return NULL when the target CPU is not present in the policy-cpus mask. The scmicpufreqgetrate function does not check for this case,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: sfc: fixed a deadlock in the RSS config read operation. Since the referenced commit, core locked the rsslock of netdevice when handling the ethtool -x command. Therefore, the driver’s implementation should no longer lock it. Remo...

CVE-2026-43401

In the Linux kernel, the following vulnerability has been resolved: cpufreq: intelpstate: Fix NULL pointer dereference in updatecpuqosrequest The updatecpuqosrequest function attempts to initialize the 'freq' variable by dereferencing 'cpudata' before verifying if the 'policy' is valid. This issu...

CVE-2026-43260

A flaw was found in the bnxten driver of the Linux kernel. An issue in the RSS Receive Side Scaling context deletion logic can lead to a leak of VNICs Virtual Network Interface Controllers in the firmware. This can cause subsequent attempts to create new VNICs to fail, resulting in the loss of...

EUVD-2026-27820

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix RSS context delete logic We need to free the corresponding RSS context VNIC in FW everytime an RSS context is deleted in driver. Commit 667ac333dbb7 added a check to delete the VNIC in FW only when netifrunning is tru...