SUSE CVE-2026-31748

In the Linux kernel, the following vulnerability has been resolved: comedi: medaq: Fix potential overrun of firmware buffer me2600xilinxdownload loads the firmware that was requested by requestfirmware. It is possible for it to overrun the source buffer because it blindly trusts the file format. ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: clk: Fixed clkhwgetclk when dev is NULL. Any registered clkcore structure may have a NULL pointer in its dev field. Although this has never been officially documented, this is evident from the widespread use of clkregister and...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa – Fix for the asyncdisable descriptor leak The paths for disabling asyncdisable in functions like iaacompress and decompress do not free the idxd descriptors when asyncdisable is set. Currently, this issue only occurs...

EUVD-2026-26561

In the Linux kernel, the following vulnerability has been resolved: comedi: medaq: Fix potential overrun of firmware buffer me2600xilinxdownload loads the firmware that was requested by requestfirmware. It is possible for it to overrun the source buffer because it blindly trusts the file format. ...

CVE-2026-31747 comedi: me4000: Fix potential overrun of firmware buffer

In the Linux kernel, the following vulnerability has been resolved: comedi: me4000: Fix potential overrun of firmware buffer me4000xilinxdownload loads the firmware that was requested by requestfirmware. It is possible for it to overrun the source buffer because it blindly trusts the file format...

PT-2026-36383

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer overrun can occur in the me2600 xilinx download function when loading firmware requested by request firmware. The function reads a data stream length into the file length variab...

SUSE CVE-2025-38103

In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhidparse Update struct hiddescriptor to better reflect the mandatory and optional parts of the HID Descriptor as per USB HID 1.11 specification. Note: the kernel currently...

AZL-64610 CVE-2025-38103 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhidparse Update struct hiddescriptor to better reflect the mandatory and optional parts of the HID Descriptor as per USB HID 1.11 specification. Note: the kernel currently...

kernel: maple_tree: correct tree corruption on spanning store

In the Linux kernel, the following vulnerability has been resolved: mapletree: correct tree corruption on spanning store Patch series "mapletree: correct tree corruption on spanning store", v3. There has been a nasty yet subtle maple tree corruption bug that appears to have been in existence sinc...

CVE-2025-21972 net: mctp: unshare packets when reassembling

In the Linux kernel, the following vulnerability has been resolved: net: mctp: unshare packets when reassembling Ensure that the fraglist used for reassembly isn't shared with other packets. This avoids incorrect reassembly when packets are cloned, and prevents a memory leak due to circular...

UBUNTU-CVE-2022-49187

In the Linux kernel, the following vulnerability has been resolved: clk: Fix clkhwgetclk when dev is NULL Any registered clkcore structure can have a NULL pointer in its dev field. While never actually documented, this is evidenced by the wide usage of clkregister and clkhwregister with a NULL...

UBUNTU-CVE-2024-57947

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfsetpipapo: fix initial map fill The initial buffer has to be inited to all-ones, but it must restrict it to the size of the first field, not the total field size. After each round in the map search step, the result a...

SUSE CVE-2024-50200

In the Linux kernel, the following vulnerability has been resolved: mapletree: correct tree corruption on spanning store Patch series "mapletree: correct tree corruption on spanning store", v3. There has been a nasty yet subtle maple tree corruption bug that appears to have been in existence sinc...

DEBIAN-CVE-2024-50200

In the Linux kernel, the following vulnerability has been resolved: mapletree: correct tree corruption on spanning store Patch series "mapletree: correct tree corruption on spanning store", v3. There has been a nasty yet subtle maple tree corruption bug that appears to have been in existence sinc...

UBUNTU-CVE-2024-50200

In the Linux kernel, the following vulnerability has been resolved: mapletree: correct tree corruption on spanning store Patch series "mapletree: correct tree corruption on spanning store", v3. There has been a nasty yet subtle maple tree corruption bug that appears to have been in existence sinc...

DEBIAN-CVE-2024-35926

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix asyncdisable descriptor leak The disableasync paths of iaacompress/decompress don't free idxd descriptors in the asyncdisable case. Currently this only happens in the testcases where req-dst is set to null. Add ...

CLSA-2023-1691576181 Fix CVE(s): CVE-2023-34966

SECURITY UPDATE: infinite loop vulnerability in mdssvc RPC service for Spotlight - debian/patches/CVE-2023-34966.patch: prevents an infinite loop by preventing subcount less than 1. Add test for addressed CVE. - CVE-2023-34966...