PT-2026-44091

pam usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event nodes, causing pusb has virtual input device to return 0 no virtual devices found even when every open call failed due to...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021543)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021543 advisory. In the Linux kernel, the following vulnerability has been resolved: xhci: Remove device endpoints from bandwidth list when freeing the device Endpoints are normally...

SUSE CVE-2026-31724

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: feem: Fix netdevice lifecycle with devicemove The netdevice is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbinds, t...

SUSE CVE-2026-31725

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fecm: Fix netdevice lifecycle with devicemove The netdevice is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbinds, t...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec cleanup over MPV device When we do mlx5edetachnetdev we eventually disable blocking events notifier, among those events are IPsec MPV events from IB to core. So before disabling those blocking events, make sur...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: xhci: Remove device endpoints from the bandwidth list when freeing the device. Endpoints are normally deleted from the bandwidth list when they are dropped, before the virt device is freed. If the xHCI host is dying or being...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvmdevice leak in kvmipidestroy In kvmioctlcreatedevice, kvmdevice has allocated memory, kvmdevice-destroy seems to be supposed to free its kvmdevice struct, but kvmipidestroy is not currently doing this, that...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix release of uninitialized resources on error path The commit in the fixes tag made sure that mlx5vdpafree is the single entrypoint for removing the vdpa device resources added in mlx5vdpadevadd, even in the cleanup...

CVE-2026-31724 usb: gadget: f_eem: Fix net_device lifecycle with device_move

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: feem: Fix netdevice lifecycle with devicemove The netdevice is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbinds, t...

CVE-2026-31722 usb: gadget: f_rndis: Fix net_device lifecycle with device_move

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: frndis: Fix netdevice lifecycle with devicemove The netdevice is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbinds,...

EUVD-2026-26535

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: frndis: Fix netdevice lifecycle with devicemove The netdevice is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbinds,...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006954)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006954 advisory. In the Linux kernel, the following vulnerability has been resolved: xhci: Remove device endpoints from bandwidth list when freeing the device Endpoints are normally...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005607)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005607 advisory. In the Linux kernel, the following vulnerability has been resolved: xhci: Remove device endpoints from bandwidth list when freeing the device Endpoints are normally...

CVE-2026-23042

CVE-2026-23042 concerns the Linux kernel: the idpf driver may dereference a NULL vdev_info during unplugging of an aux device if RDMA is not enabled on the vport (VIRTCHNL2_VPORT_ENABLE_RDMA). The vulnerability arises when the driver does not allocate vdev_info for a vport lacking RDMA support, l...

CVE-2026-23042 idpf: fix aux device unplugging when rdma is not supported by vport

In the Linux kernel, the following vulnerability has been resolved: idpf: fix aux device unplugging when rdma is not supported by vport If vport flags do not contain VIRTCHNL2VPORTENABLERDMA, driver does not allocate vdevinfo for this vport. This leads to kernel NULL pointer dereference in...

CVE-2021-31431

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw...

CVE-2021-31432

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw...

CVE-2020-17401

This vulnerability allows local attackers to disclose sensitive informations on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists...

CVE-2021-31422

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists withi...

CVE-2022-35867

This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000 virtual devic...