CVE-2026-43348

In the Linux kernel, the following vulnerability has been resolved: mshvvtl: Fix vmemmapshift exceeding MAXFOLIOORDER When registering VTL0 memory via MSHVADDVTL0MEMORY, the kernel computes pgmap-vmemmapshift as the number of trailing zeros in the OR of startpfn and lastpfn, intending to use the...

CVE-2026-43348

The CVE-2026-43348 issue affects the Linux kernel’s mshv_vtl path: when registering VTL0 memory via MSHV_ADD_VTL0_MEMORY, the calculation of pgmap->vmemmap_shift can exceed MAX_FOLIO_ORDER, causing a WARN and -EINVAL during memremap_pages(). The root cause is failing to clamp the computed shif...

SUSE CVE-2026-7943

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-7943

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Medium...

chromium -- security fixes

Chrome Releases reports: This update includes 26 security fixes: 475877320 Critical CVE-2026-4439: Out of bounds memory access in WebGL. Reported by Goodluck on 2026-01-15 485935305 Critical CVE-2026-4440: Out of bounds read and write in WebGL. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on...

SUSE CVE-2023-52449

In the Linux kernel, the following vulnerability has been resolved: mtd: Fix gluebi NULL pointer dereference caused by ftl notifier If both ftl.ko and gluebi.ko are loaded, the notifier of ftl triggers NULL pointer dereference when trying to access 'gluebi-desc' in gluebiread. ubigluebiinit...

passt bug fix update

An update is available for passt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list passt implements a translation layer between a Layer-2 network interface and...

CVE-2021-28699

inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status tracking table can b...

UBUNTU-CVE-2021-28699

inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status tracking table can b...

CVE-2021-28699

inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status tracking table can b...

Google Chrome Almost Native Graphics Layer Engine Buffer Overflow Vulnerability

Google Chrome is a web browser from Google.Almost Native Graphics Layer Engine ANGLE is a graphics layer engine that allows Windows users to run WebGL and other OpenGL ES 2.0 content by translating the OpenGL ES 2.0 API to DirectX 9 or DirectX 11 API calls. DirectX 11 API calls to run WebGL and...