SUSE CVE-2026-32606

IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the...

CVE-2026-1709 Keylime: keylime: authentication bypass allows unauthorized administrative operations due to missing client-side tls authentication

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

CVE-2026-24882

In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys...

Threat Modeling for Enhancing Security of IoT Audio Classification Devices under a Secure Protocols Framework

The rapid proliferation of IoT nodes equipped with microphones and capable of performing on-device audio classification exposes highly sensitive data while operating under tight resource constraints. To protect against this, we present a defence-in-depth architecture comprising a security protoco...

kernel: tpm: infoleak

The tpmread function in the Linux kernel 2.6 does not properly clear memory, which might allow local users to read the results of the previous TPM command...