Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2022-49979: net: fix refcount bug in skpsockget bsc1245109. CVE-2023-20585: x86/CPU: Fix FPDSS on Zen1 bsc1243603. CVE-2026-23239: espintcp: Fix race condition in...

Linux Distros Unpatched Vulnerability : CVE-2026-45851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: efi: Fix reservation of unaccepted memory table The reserveunaccepted function incorrectly...

PT-2026-43718

In the Linux kernel, the following vulnerability has been resolved: efi: Fix reservation of unaccepted memory table The reserve unaccepted function incorrectly calculates the size of the memblock reservation for the unaccepted memory table. It aligns the size of the table, but fails to account fo...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Fixed the handling of the host-controlled quote buffer length. The host-controlled value quotebuf-outlen is validated to determine how many bytes of the quote are copied to the guest userspace. In TDX environment...

Astra Linux - уязвимость в intel-microcode

Improper input validation in some IntelR TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Panic on bad configs that VE on "private" memory access All normal kernel memory is "TDX private memory". This includes everything from kernel stacks to kernel text. Handling exceptions on arbitrary accesses to kernel...

SUSE CVE-2026-31561

In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Remove X86CR4FRED from the CR4 pinned bits mask Commit in Fixes added the FRED CR4 bit to the CR4 pinned bits mask so that whenever something else modifies CR4, that bit remains set. Which in itself is a perfectly fine...

DEBIAN-CVE-2026-31561

In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Remove X86CR4FRED from the CR4 pinned bits mask Commit in Fixes added the FRED CR4 bit to the CR4 pinned bits mask so that whenever something else modifies CR4, that bit remains set. Which in itself is a perfectly fine...

SUSE CVE-2026-31470

In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Fix handling of host controlled 'quote' buffer length Validate host controlled value quotebuf-outlen that determines how many bytes of the quote are copied out to guest userspace. In TDX environments with remote...

CVE-2026-31470 virt: tdx-guest: Fix handling of host controlled 'quote' buffer length

In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Fix handling of host controlled 'quote' buffer length Validate host controlled value quotebuf-outlen that determines how many bytes of the quote are copied out to guest userspace. In TDX environments with remote...

Linux Distros Unpatched Vulnerability : CVE-2026-31470

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - virt: tdx-guest: Fix handling of host controlled 'quote' buffer length Validate host controlled value quotebuf-outlen that determines how many bytes of the quot...

CVE-2026-27908

Use after free in Windows TDI Translation Driver tdx.sys allows an authorized attacker to elevate privileges locally...

CVE-2026-33697 CoCoS attested TLS is vulnerable to relay attacks via extracted ephemeral TLS keys

Cocos AI is a confidential computing system for AI. The current implementation of attested TLS aTLS in CoCoS is vulnerable to a relay attack affecting all versions from v0.4.0 through v0.8.2. This vulnerability is present in both the AMD SEV-SNP and Intel TDX deployment targets supported by CoCoS...

CVE-2026-33697 CoCoS attested TLS is vulnerable to relay attacks via extracted ephemeral TLS keys

Cocos AI is a confidential computing system for AI. The current implementation of attested TLS aTLS in CoCoS is vulnerable to a relay attack affecting all versions from v0.4.0 through v0.8.2. This vulnerability is present in both the AMD SEV-SNP and Intel TDX deployment targets supported by CoCoS...

PT-2026-28509

Name of the Vulnerable Software and Affected Versions Cocos AI versions 0.4.0 through 0.8.2 Description Cocos AI, a confidential computing system for AI, has a weakness in its attested TLS aTLS implementation. This allows for a relay attack where an attacker may be able to extract the ephemeral T...

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2025-32007

Out-of-bounds read for some TDX before version tdx module 1.5.24 within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a low complexity attack may enable data exposure. This result may potentially occur via local access when attac...

CVE-2025-22885

Improper buffer restrictions in the firmware for the TDX Module may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack...

CVE-2025-31944

Race condition for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow a denial of service. Authorized adversary with a privileged user combined with a high complexity attack may enable denial of service. This result may potentially occur via local access when attack...

CVE-2025-30513

Race condition for some TDX Module within Ring 0: Hypervisor may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements...