CVE-2026-22165 GPU DDK - UAF read of GLES3Context::psDrawParams and GLES3Context::psMode and UAF read/write of RMJob::apsCCBs

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable further exploits on the...

CVE-2026-22167 GPU DDK - Cache resident PM buffers writable by other GPU requestors, leading to arbitrary write to physical memory

Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel an...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the ddsinput.cpp process. An attacker can execute arbitrary code or cause a denial of service by providing specially crafted DDS image files to the affected component. Remediation A fix was pushed into the master...

CVE-2026-31785

In the Linux kernel, the following vulnerability has been resolved: drm/xe/xepagefault: Disallow writes to read-only VMAs The page fault handler should reject write/atomic access to read only VMAs. Add code to handle this in xepagefaultservice after the VMA lookup. v2: - Apply max line length...

CVE-2026-31702

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix use-after-free of sbi in f2fscompresswriteendio In f2fscompresswriteendio, decpagecountsbi, type can bring the F2FSWBCPDATA counter to zero, unblocking f2fswaitonallpages in f2fsputsuper on a concurrent unmount CPU. The...

CVE-2026-43055

The CVE-2026-43055 issue affects the Linux kernel SCSI target: file implementation. The root cause is that target_core_file does not initialize aio_cmd->iocb for ki_write_stream, which can yield a bogus ki_write_stream value during fd_execute_rw_aio() and lead to unintended write failure statu...

EUVD-2026-26654

In the Linux kernel, the following vulnerability has been resolved: scsi: target: file: Use kzallocflex for aiocmd The targetcorefile doesn't initialize the aiocmd-iocb for the kiwritestream. When a write command fdexecuterwaio is executed, we may get a bogus kiwritestream value, causing unintend...

CVE-2026-31785

Summary: CVE-2026-31785 affects the Linux kernel DRM XE pagefault path. The issue was that the page fault handler could permit write/atomic access to read-only VMAs. Root cause: xe_pagefault_service did not reject writes to read-only VMAs after the VMA lookup. Impact (as described): restoration o...

CVE-2026-31720

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fuac1legacy: validate control request size faudiocomplete copies req-length bytes into a 4-byte stack variable: u32 data = 0; memcpy, req-buf, req-length; req-length is derived from the host-controlled USB request...

CVE-2026-31715

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF caused by decrementing sbi-nrpages in f2fswriteendio The xfstests case "generic/107" and syzbot have both reported a NULL pointer dereference. The concurrent scenario that triggers the panic is as follows:...

CVE-2026-31715

In Linux kernel (f2fs), CVE-2026-31715 is a use-after-free triggered by decrementing sbi->nr_pages[] during F2FS_WB_CP_DATA handling. The root cause is that f2fs_put_super() calls iput(sbi->node_inode) and NULLs the node_inode after the counter reaches zero, allowing f2fs_in_warm_node_list(...

EUVD-2026-26524

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF caused by decrementing sbi-nrpages in f2fswriteendio The xfstests case "generic/107" and syzbot have both reported a NULL pointer dereference. The concurrent scenario that triggers the panic is as follows:...

EUVD-2026-26511

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix use-after-free of sbi in f2fscompresswriteendio In f2fscompresswriteendio, decpagecountsbi, type can bring the F2FSWBCPDATA counter to zero, unblocking f2fswaitonallpages in f2fsputsuper on a concurrent unmount CPU. The...

CVE-2026-31702

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix use-after-free of sbi in f2fscompresswriteendio In f2fscompresswriteendio, decpagecountsbi, type can bring the F2FSWBCPDATA counter to zero, unblocking f2fswaitonallpages in f2fsputsuper on a concurrent unmount CPU. The...

CVE-2026-31702

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix use-after-free of sbi in f2fscompresswriteendio In f2fscompresswriteendio, decpagecountsbi, type can bring the F2FSWBCPDATA counter to zero, unblocking f2fswaitonallpages in f2fsputsuper on a concurrent unmount CPU. The...

EUVD-2026-26532

A vulnerability was detected in AcademySoftwareFoundation OpenImageIO up to 3.2.0.1-dev. This vulnerability affects unknown code of the file src/dds.imageio/ddsinput.cpp of the component DDS Image Handler. The manipulation results in out-of-bounds write. The attack needs to be approached locally...

CVE-2026-7582

CVE-2026-7582 affects AcademySoftwareFoundation OpenImageIO prior to 3.2.0.1-dev in the DDS Image Handler, specifically the file src/dds.imageio/ddsinput.cpp. The issue is an out-of-bounds write in the DDS input handling. Exploitation is described as local, with a public exploit available. A patc...

CVE-2026-7582 AcademySoftwareFoundation OpenImageIO DDS Image ddsinput.cpp out-of-bounds write

A vulnerability was detected in AcademySoftwareFoundation OpenImageIO up to 3.2.0.1-dev. This vulnerability affects unknown code of the file src/dds.imageio/ddsinput.cpp of the component DDS Image Handler. The manipulation results in out-of-bounds write. The attack needs to be approached locally...

Exploit for CVE-2026-31431

Copy Fail - CVE-2026-31431 This repository provides a Go port...

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues The following security issues were fixed: CVE-2024-26584: net/tls: return ENOTSUPP on tlsinit bsc1220186. CVE-2025-38234: sched/rt: Fix race in pushrttask bsc1246057. CVE-2025-39759: btrfs: qgroup: fix race between...