SUSE-SU-2026:1560-1 Security update for the Linux Kernel (Live Patch 32 for SUSE Linux Enterprise 15 SP5)

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.127 fixes various security issues The following security issues were fixed: - CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger bsc1258396. - CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy...

SUSE CVE-2026-31481

In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger frees if kthread creation fails Boot-time trigger registration can fail before the trigger-data cleanup kthread exists. Deferring those frees until late init is fine, but the post-boot fallback mus...

EUVD-2026-24841

In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger frees if kthread creation fails Boot-time trigger registration can fail before the trigger-data cleanup kthread exists. Deferring those frees until late init is fine, but the post-boot fallback mus...

CVE-2026-31481

In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger frees if kthread creation fails Boot-time trigger registration can fail before the trigger-data cleanup kthread exists. Deferring those frees until late init is fine, but the post-boot fallback mus...

CVE-2026-31481 tracing: Drain deferred trigger frees if kthread creation fails

In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger frees if kthread creation fails Boot-time trigger registration can fail before the trigger-data cleanup kthread exists. Deferring those frees until late init is fine, but the post-boot fallback mus...

CVE-2026-31481

CVE-2026-31481 affects the Linux kernel tracing code. The issue arises from boot-time trigger frees not being drained when kthread creation fails, causing boot-time deferred entries to leak and a NULL pointer dereference that crashes the system. The fix drains the entire queued list synchronously...

CVE-2026-33593

A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the iavfgetethtoolstats function using realnumtxqueues, leading to out-of-bounds writes. This...

PT-2026-34386

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the tracing component occurs when boot-time trigger registration fails before the trigger-data cleanup kthread is created. If kthread creation fails, the system fails to drain...

PowerDNS DNSdist 数字错误漏洞

PowerDNS DNSdist is a proxy software provided by PowerDNS, which offers capabilities for DNS traffic load balancing and security protection. PowerDNS DNSdist has a numerical error vulnerability; this vulnerability stems from the ability of clients to trigger a zero error by sending a specially...

CVE-2026-40568

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting XSS vulnerability in the mailbox signature feature. The sanitization function Helper::stripDangerousTags app/Misc/Helper.php:568 uses an incomplete blocklist of only four HTM...

BIT-AIRFLOW-2026-32228 Apache Airflow: Users with asset materialization permisssions could trigger Dags they had no access to

UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006894)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006894 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queuepriorityhint on parking Originally, with strict in order execution, we...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010915)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010915 advisory. In the Linux kernel, the following vulnerability has been resolved: m68k: Only force 030 bus error if PC not in exception table getkernelnofault does copy data in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013086)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013086 advisory. In the Linux kernel, the following vulnerability has been resolved: vfio/fsl-mc: Block calling interrupt handler without trigger The eventfdctx trigger pointer of th...

kernel: ALSA: aloop: Fix racy access at PCM trigger

In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop operations are...

kernel: ALSA: aloop: Fix racy access at PCM trigger

In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop operations are...

CVE-2026-32228

UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue...

CVE-2026-32135 NanoMQ has Heap Buffer Overflow in URI Parameter Parsing

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have a remotely triggerable heap buffer overflow in the uriparamparse function of NanoMQ's REST API. The vulnerability occurs due to an off-by-one error when allocating memory for query parameter keys an...

ALSA-2026:9131 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: scsi: qla2xxx: Fix improper freeing of purex item CVE-2025-68741 kernel: ALSA: aloop: Fix racy access at PCM trigger CVE-2026-23191 For more details about the security issues, including t...