Malicious Package

Overview @car-loans/wait-task-props is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

PT-2026-45211

The partitioned dag runs endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate partition run state, schedule configuration, and asset wiring for Dags they were not authorized ...

SUSE CVE-2026-46227

In the Linux kernel, the following vulnerability has been resolved: sctp: revalidate list cursor after sctpsendmsgtoasoc in SCTPSENDALL The SCTPSENDALL path in sctpsendmsg iterates ep-asocs with listforeachentrysafe, which caches the next entry in @tmp before the loop body runs. The body calls...

CVE-2026-46015

A flaw was found in the Linux kernel's TCP networking subsystem. When an established network connection is migrated between listener sockets within the same SOREUSEPORT group, applications waiting for new connections may not be properly notified. This can cause poll, epollwait, and blocking accep...

CVE-2026-46187

In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: fix kthread lifetime race between self-exit and external-stop RSI driver use both self-exitkthreadcompleteandexit and external-stop kthreadstop when killing a kthread. Generally, kthreadstop is called first, and in thi...

CVE-2026-46223

CVE-2026-46223 (Linux kernel) affects the cgroups subsystem. The vulnerability description notes that a chain of commits (v7.0 onward) reworked rmdir to satisfy the invariant that ->css_offline() must not run while tasks still run in the cgroup. The fix defers percpu_ref kill for css until the...

EUVD-2026-32814

In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: fix kthread lifetime race between self-exit and external-stop RSI driver use both self-exitkthreadcompleteandexit and external-stop kthreadstop when killing a kthread. Generally, kthreadstop is called first, and in thi...

SUSE CVE-2026-46027

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smcclcwaitmsg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smcclcwaitmsg...

UBUNTU-CVE-2026-46090

In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopbackcheckformat may stop the capture side when playback starts with parameters that no longer match a running capture stream. Commit 826af7fa62e3 "ALSA: aloop: Fix...

UBUNTU-CVE-2026-46073

In the Linux kernel, the following vulnerability has been resolved: hwmon: powerz Fix missing usbkillurb on signal interrupt waitforcompletioninterruptibletimeout returns -ERESTARTSYS when interrupted. This needs to abort the URB and return an error. No data has been received from the device so a...

CVE-2026-46041

CVE-2026-46041 concerns the Linux kernel patch for greybus gb-beagleplay where sleeping in atomic context was fixed. The vulnerability arose because hdlc_append() invoked usleep_range() while holding tx_producer_lock in hdlc_tx_frames(), violating the rule against sleeping under a spinlock and ri...

CVE-2026-46027

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smcclcwaitmsg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smcclcwaitmsg...

EUVD-2026-32408

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smcclcwaitmsg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smcclcwaitmsg...

CVE-2026-46027

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smcclcwaitmsg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smcclcwaitmsg...

CVE-2026-46027

The CVE-2026-46027 fix targets the Linux kernel net/smc path, addressing a race where a CLC decline during an early handshake could trigger updates to link-group level sync state before the link group is fully initialized. The mitigation guards the link-group state update in smc_clc_wait_msg() so...

CVE-2026-46027

net/smc: avoid early lgr access in smcclcwaitmsg...

Linux Distros Unpatched Vulnerability : CVE-2026-46015

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tcp: call skdataready after listener migration When inetcsklistenstop migrates an established child socket from a closing listener to another socket in the same...

PT-2026-43690

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix NULL pointer dereference on panthor fw unplug This patch removes the MCU halt and wait for halt procedures during panthor fw unplug as the MCU can be in a variety of states or the FW may not even be...

PT-2026-43908

In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: fix sleep in atomic context in hdlc tx frames hdlc append calls usleep range to wait for circular buffer space, but it is called with tx producer lock a spinlock held via hdlc tx frames - hdlc append tx...

OESA-2026-2416 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cryptmessage when using async crypto The CVE-2024-50047 fix removed asynchronous crypto handling from cryptmessage, assuming a...