SUSE-SU-2026:21912-1 Security update for qemu

This update for qemu fixes the following issues - CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto bsc1255400. - CVE-2026-0665: out-of-bounds heap access can lead to a denial of service or potential memory corruption bsc1256484. - CVE-2026-2243: incorrect bounds check leads to heap...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Fixed a use-after-free in sndsocexit KASAN reported a use-after-free: BUG: KASAN: Use-after-free in devicedel+0xb5b/0xc60 A size 8 byte read at address ffff888008655050 was performed by the task rmmod/387. CPU: 2; PID...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fixed a possible null-pointer dereference due to a data race in sndhdacregmapsync. The variable codec-regmap is often protected by the codec-regmaplock when accessed. However, it is accessed without holding the lock wh...

CVE-2026-43478

CVE-2026-43478 affects the Linux kernel ASoC: codecs for the rt1011 driver. The vulnerability stems from using an incorrect helper to obtain the DAPM context in spk_mode_put(): the code should call snd_soc_component_to_dapm() , otherwise a NULL pointer may be returned from kcontrol. The connected...

CVE-2026-43257

In the Linux kernel, the following vulnerability has been resolved: media: cx88: Add missing unmap in sndcx88hwparams In error path, add cx88alsadmaunmap to release resource acquired by cx88alsadmamap...

CVE-2026-43257 media: cx88: Add missing unmap in snd_cx88_hw_params()

In the Linux kernel, the following vulnerability has been resolved: media: cx88: Add missing unmap in sndcx88hwparams In error path, add cx88alsadmaunmap to release resource acquired by cx88alsadmamap...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

A race condition was found in the Linux kernel's sound/hda device driver in sndhdacregmapsync function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq – Use sndcardfreewhenclosed when there is a disconnection. The USB disconnection callback should be short and not too long. Alternatively, the current code uses sndcardfree when there is a disconnection, but this wait...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fix race condition to UAF in sndusbmidifree The previous commit 0718a78f6a9f "ALSA: usb-audio: Kill timer properly at removal" patched a UAF issue caused by the error timer. However, because the error timer kill...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ASoC: dapm: Fix UAF for sndsocpcmruntime object When using kernel with the following extra config, - CONFIGKASAN=y - CONFIGKASANGENERIC=y - CONFIGKASANINLINE=y - CONFIGKASANVMALLOC=y - CONFIGFRAMEWARN=4096 kernel detects that...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ASoC: atmel: Fix error handling in sndprotoprobe The devicenode pointer is returned by ofparsephandle with refcount incremented. We should use ofnodeput on it when done. This function only calls ofnodeput in the regular path. And...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mptcp: Ensure that snduna is properly initialized upon connection. This issue is strictly related to the commit fb7a0d334894 „mptcp: Ensure that sndnxt is properly initialized upon connection“. It turns out that syzkaller can...

CVE-2026-31700

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix TOCTOU race on mmap'd vnethdr in tpacketsnd In tpacketsnd, when PACKETVNETHDR is enabled, vnethdr points directly into the mmap'd TX ring buffer shared with userspace. The kernel validates the header via...

CVE-2026-31700

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix TOCTOU race on mmap'd vnethdr in tpacketsnd In tpacketsnd, when PACKETVNETHDR is enabled, vnethdr points directly into the mmap'd TX ring buffer shared with userspace. The kernel validates the header via...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011230)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011230 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: ymfpci: Fix BUGON in probe function The snddmabuffer.bytes field now contains the aligned...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010775)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010775 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: mts64: fix possible null-ptr-defer in sndmts64interrupt I got a null-ptr-defer error report...

Unity Linux 20.1050e / 20.1060e Security Update: kernel (UTSA-2026-013407)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013407 advisory. In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure sndnxt is properly initialized on connect Christoph reported a splat hinting at a...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006947)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006947 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: ymfpci: Fix BUGON in probe function The snddmabuffer.bytes field now contains the aligned...

SUSE-SU-2026:21354-1 Security update for qemu

This update for qemu fixes the following issues: Update to version 10.0.9. Security issues fixed: - CVE-2026-3196: unbounded memory allocation and host denial-of-service via PCMINFO requests sent from the guest bsc1259079. - CVE-2026-3195: heap out-of-bounds write when reading input audio in the...

OPENSUSE-SU-2026:20567-1 Security update for qemu

This update for qemu fixes the following issues: Update to version 10.0.9. Security issues fixed: - CVE-2026-3196: unbounded memory allocation and host denial-of-service via PCMINFO requests sent from the guest bsc1259079. - CVE-2026-3195: heap out-of-bounds write when reading input audio in the...