SUSE-SU-2026:2085-1 Security update for postgresql15

This update for postgresql15 fixes the following issues Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard against malicious time zone...

SUSE-SU-2026:1999-1 Security update for postgresql15

This update for postgresql15 fixes the following issues Update to version 15.18. Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard again...

Security update for postgresql17

This update for postgresql17 fixes the following issues Update to version 17.10. Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against...

CVE-2026-31487 spi: use generic driver_override infrastructure

In the Linux kernel, the following vulnerability has been resolved: spi: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which can cause ...

PT-2026-34392

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the SPI subsystem. When a driver is probed via the driver attach function, the bus match callback is executed without holding the device lock. This...

com.linkedin.transport:transportable-udfs-test-trino (>=0.1.19 <=0.1.22), io.github.baptistegh:trino-http-group-provider (=1.0.2) +93 more potentially affected by CVE-2026-34214 via io.trino:trino-spi (>=439 <=479)

io.trino:trino-spi MAVEN version =439, =0.1.19, =1.0, =439, =471, =439, =439, =439, =439, =439, =439, =439, =439, =439, =470, =475 and more Source cves: CVE-2026-34214 Source advisory: SNYK:JAVA-IOTRINO-15857193...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989218)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989218 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: Fix use-after-free with devmspialloc We can't rely on the contents of the devres list during...

EUVD-2022-54663

Malicious code in bioql PyPI...

CVE-2022-49475 spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname()

In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-qspi: check return value after calling platformgetresourcebyname It will cause null-ptr-deref if platformgetresourcebyname returns NULL, we need check the return value...

The vulnerability of the mmc_spi component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the mmcspi component in the Linux operating system’s kernel is related to improper error handling in the mmcspiprobe function. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2024-36477 tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer

In the Linux kernel, the following vulnerability has been resolved: tpmtisspi: Account for SPI header when allocating TPM SPI xfer buffer The TPM SPI transfer mechanism uses MAXSPIFRAMESIZE for computing the maximum transfer length and the size of the transfer buffer. As such, it does not account...

CVE-2024-36477

CVE-2024-36477 refers to a Linux kernel vulnerability where the TPM SPI transfer did not account for the 4-byte header prepended to the SPI data frame, potentially causing out-of-bounds accesses. The root cause was the use of MAX_SPI_FRAMESIZE to compute the maximum transfer length and buffer siz...

CVE-2022-48723

In the Linux kernel, the following vulnerability has been resolved: spi: uniphier: fix reference count leak in uniphierspiprobe The issue happens in several error paths in uniphierspiprobe. When either dmagetslavecaps or devmspiregistermaster returns an error code, the function forgets to decreas...

CVE-2022-48723 spi: uniphier: fix reference count leak in uniphier_spi_probe()

In the Linux kernel, the following vulnerability has been resolved: spi: uniphier: fix reference count leak in uniphierspiprobe The issue happens in several error paths in uniphierspiprobe. When either dmagetslavecaps or devmspiregistermaster returns an error code, the function forgets to decreas...

CVE-2024-36930

In the Linux kernel, the following vulnerability has been resolved: spi: fix null pointer dereference within spisync If spisync is called with the non-empty queue and the same spimessage is then reused, the complete callback for the message remains set while the context is cleared, leading to a...

CVE-2024-36930

In CVE-2024-36930, the Linux kernel SPI subsystem spi_sync is affected. When a non-empty SPI queue is used and the same spi_message is reused, the complete callback remains set after context clear, causing a null pointer dereference during spi_finalize_current_message(). The provided connectivity...

CVE-2024-36930 spi: fix null pointer dereference within spi_sync

In the Linux kernel, the following vulnerability has been resolved: spi: fix null pointer dereference within spisync If spisync is called with the non-empty queue and the same spimessage is then reused, the complete callback for the message remains set while the context is cleared, leading to a...

CVE-2021-47469

In the Linux kernel, the following vulnerability has been resolved: spi: Fix deadlock when adding SPI controllers on SPI buses Currently we have a global spiaddlock which we take when adding new devices so that we can check that we're not trying to reuse a chip select that's already controlled...

CVE-2021-47282

In the Linux kernel, the following vulnerability has been resolved: spi: bcm2835: Fix out-of-bounds access with more than 4 slaves Commit 571e31fa60b3 "spi: bcm2835: Cache CS register value for -preparemessage" limited the number of slaves to 3 at compile-time. The limitation was necessitated by ...

CVE-2021-47195 spi: fix use-after-free of the add_lock mutex

In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free of the addlock mutex Commit 6098475d4cb4 "spi: Fix deadlock when adding SPI controllers on SPI buses" introduced a per-controller mutex. But mutexunlock of said lock is called after the controller is alrea...