CVE-2026-23354

In the Linux kernel, the following vulnerability has been resolved: x86/fred: Correct speculative safety in fredextint arrayindexnospec is no use if the result gets spilled to the stack, as it makes the believed safe-under-speculation value subject to memory predictions. For all practical purpose...

CVE-2026-23354

CVE-2026-23354 concerns the Linux kernel x86/fred speculative safety. The fix removes the index variable and repositions array_index_nospec() so it’s calculated immediately before the array access, addressing the incorrect placement that allowed the result to be spilled to the stack across irqent...

SUSE CVE-2025-3031

An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability was fixed in Firefox 137 and Thunderbird 137...

CVE-2025-3031

An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability affects Firefox 137 and Thunderbird 137...

CVE-2025-3031

An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability affects Firefox 137 and Thunderbird 137...

OESA-2024-2448 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: bpf: support non-r10 register spill/fill to/from stack in precision tracking Use instruction jump history to record instructions that performed register spill/fi...

kernel: bpf: fix check for attempt to corrupt spilled pointer

A flaw was found in the Linux kernel. When the register is spilled onto a stack as a 1/2/4-byte register, the slottypeBPFREGSIZE - 1 is set, possibly including a few more below it, depending on the actual spill size. To confirm if some stack slots have a spilled register, consult slottype7, not...