VIR Vulnerability Intelligence Relay

Search

Found 30,980 results in 6468ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-31415 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid overflows in ip6_datagram_send_ctl() Yiming Qian reported : <quote> I believe I found a locally triggerable kernel b…
CVE-2026-31414 critical 9.8 9.8 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_expect: use expect->helper Use expect->helper in ctnetlink and /proc to dump the helper name. Using nfct_…
CVE-2026-40354 medium 6.3 6.3 FIX slesdebian debian flatpak 2mo ago Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on g_file_trash.
CVE-2026-40194 low 3.7 3.7 FIX debian debian phpseclib 2mo ago phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()
CVE-2026-40175 medium 4.8 4.8 FIX debian debian axios 2mo ago Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
CVE-2026-34177 unknown FIX debian debian 2mo ago Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limits/permissions.go), which omits raw.apparmor and raw.qemu.conf from the set of k…
CVE-2026-34178 unknown FIX debian debian 2mo ago In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a …
CVE-2026-34179 unknown FIX debian debian 2mo ago In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/{fingerprint…
CVE-2026-40021 unknown slesdebian debian 2mo ago Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.html#layout-list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts…
CVE-2026-34481 unknown FIX debian debian sles google 2mo ago Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout
CVE-2026-34480 unknown debian debian sles google 2mo ago Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 spec…
CVE-2026-34478 unknown FIX debian debian sles google 2mo ago Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility
CVE-2026-40228 low 3.3 3.3 slesdebian debian systemd_project 2mo ago In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set.
CVE-2026-34477 medium 5.9 5.9 FIX debian debian sles apache 2mo ago Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration
CVE-2026-6068 critical 9.6 9.6 slesdebian debian nasm 2mo ago NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response…
CVE-2026-31412 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() The `check_command_size_in_blocks()…
CVE-2026-33551 medium 5.3 5.3 FIX debian debian openstack 2mo ago An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application…
CVE-2026-5460 medium 6.5 6.5 FIX debian debian wolfssl 2mo ago A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography (PQC) hybrid KeyShare processing. In the error handling path of TLSX_KeyShare_ProcessPqcHybridClient() in src/tls.c, the in…
CVE-2026-5448 medium 4.3 4.3 FIX debian debian wolfssl 2mo ago X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility layer API. Th…
CVE-2026-5393 critical 9.1 9.1 FIX debian debian wolfssl 2mo ago Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-ex…
CVE-2026-5392 medium 5.4 5.4 FIX debian debian wolfssl 2mo ago Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the heap. The missing bounds check is in the indefinite-length end-of-content verification loop in PKCS7_V…
CVE-2026-4631 critical 10.0 EXPFIX rheldebian debian sles 2mo ago Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit…
CVE-2026-5507 medium 4.0 4.0 FIX debian debian wolfssl 2mo ago When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary…
CVE-2026-5504 medium 5.3 5.3 FIX debian debian wolfssl 2mo ago A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfS…
CVE-2026-5778 medium 6.5 6.5 FIX debian debian wolfssl 2mo ago Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication…
CVE-2026-5772 medium 5.3 5.3 FIX debian debian wolfssl 2mo ago A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. If a wildcard * e…
CVE-2026-5264 critical 9.8 9.8 FIX debian debian wolfssl 2mo ago Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow.
CVE-2026-5263 medium 6.5 6.5 FIX debian debian wolfssl 2mo ago URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf cert…
CVE-2026-34500 medium 5.5 FIX slesdebian debian 2mo ago CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20…
CVE-2026-34487 unknown FIX slesdebian debian google 2mo ago Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat…
CVE-2026-34483 unknown FIX slesdebian debian 2mo ago Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 1…
CVE-2026-32990 unknown FIX debian debian 2mo ago Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, fro…
CVE-2026-29146 unknown FIX slesdebian debian google 2mo ago Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from …
CVE-2026-29145 critical 9.5 FIX slesdebian debian 2mo ago CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0…
CVE-2026-25854 unknown FIX slesdebian debian 2mo ago Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, fro…
CVE-2026-5194 critical 9.1 9.1 FIX debian debian wolfssl 2mo ago Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature ver…
CVE-2026-40046 unknown FIX debian debian 2mo ago Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT vulnerable to Integer Overflow or Wraparound
CVE-2026-34757 medium 4.4 4.4 FIX debian debian sles libpng 2mo ago LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained fro…
CVE-2025-62718 critical 9.9 9.9 FIX slesdebian debian axios 2mo ago Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback…
CVE-2026-21717 medium 5.9 5.9 FIX rhel slesdebian debian 2mo ago RHSA-2026:7670: nodejs:24 security update (Important)
CVE-2026-21713 medium 5.9 5.9 FIX rhel slesdebian debian 2mo ago RHSA-2026:7670: nodejs:24 security update (Important)
CVE-2026-21712 medium 5.7 5.7 FIX rhel slesdebian debian 2mo ago RHSA-2026:7670: nodejs:24 security update (Important)
CVE-2026-5919 medium 6.5 6.5 FIX debian debian linux-kernelmacos macos google 2mo ago Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a …
CVE-2026-5911 medium 4.3 4.3 FIX debian debian linux-kernelmacos macos google 2mo ago Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-5890 medium 5.3 5.3 FIX debian debianmacos macos linux-kernel google 2mo ago Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severit…
CVE-2026-5867 medium 4.3 4.3 FIX debian debian linux-kernelmacos macos google 2mo ago Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium secu…
CVE-2026-39892 unknown FIX slesdebian debian 2mo ago Cryptography vulnerable to buffer overflow if non-contiguous buffers were passed to APIs
CVE-2026-39883 unknown FIX debian debian google 2mo ago OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command us…
CVE-2026-39882 unknown FIX debian debian 2mo ago OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory bytes.Buffer without a si…
CVE-2026-5795 unknown debian debian sles 2mo ago Eclipse Jetty: Early return from the JASPIAuthenticator code can potentially no clear ThreadLocal variables
CVE-2026-31411 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigd_send() Reproducer available at [1]. The ATM send path (sendmsg -> vcc…
CVE-2026-39395 unknown FIX debian debian sles 2mo ago Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with…
CVE-2026-39324 critical 9.5 FIX slesdebian debian 2mo ago Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization
CVE-2026-32289 unknown FIX debian debian sles google 2mo ago Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS …
CVE-2026-32288 unknown FIX debian debian sles google 2mo ago tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format.
CVE-2026-31789 critical 9.8 9.8 FIX slesdebian debian opensslgoogle 2mo ago Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a cr…
CVE-2026-35406 unknown FIX debian debian sles 2mo ago Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable…
CVE-2026-29181 unknown FIX debian debian google 2mo ago OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across va…
CVE-2026-5745 medium 5.5 5.5 debian debian sles rhel libarchiveredhat 2mo ago A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL …
CVE-2026-33816 critical 9.8 9.8 FIX debian debian sles jackc 2mo ago Memory-safety vulnerability in github.com/jackc/pgx/v5.
CVE-2026-33815 critical 9.8 9.8 FIX debian debian sles jackc 2mo ago Memory-safety vulnerability in github.com/jackc/pgx/v5.
CVE-2026-34444 critical 10.0 10.0 debian debian scoder 2mo ago Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr
CVE-2026-4292 unknown FIX slesdebian debian 2mo ago Django vulnerable to privilege abuse in ModelAdmin.list_editable
CVE-2026-4277 unknown FIX slesdebian debian 2mo ago Django vulnerable to privilege abuse in GenericInlineModelAdmin
CVE-2026-3902 unknown FIX slesdebian debian 2mo ago Django vulnerable to ASGI header spoofing via underscore/hyphen conflation
CVE-2026-33034 unknown FIX slesdebian debian 2mo ago Django: SGI requests with a missing or understated `Content-Length` header could bypass the `DATA_UPLOAD_MAX_MEMORY_SIZE` limit
CVE-2026-33033 unknown FIX slesdebian debian 2mo ago Django has potential DoS via MultiPartParser through crafted multipart uploads
CVE-2026-5735 critical 9.8 9.8 FIX debian debian sles mozilla 2mo ago Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exp…
CVE-2026-28808 unknown FIX debian debian sles 2mo ago Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by directory rules when served via script_alias. When script_alias maps a U…
CVE-2026-32144 unknown FIX debian debian sles 2mo ago Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP respons…
CVE-2026-34197 unknown 2.5 KEVEXP debian debian 2mo ago Apache ActiveMQ contains an improper input validation vulnerability that allows for code injection.
CVE-2026-33227 unknown debian debian 2mo ago Apache ActiveMQ: Improper validation and restriction of a classpath path name
CVE-2026-28810 unknown FIX debian debian sles 2mo ago Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning. The built-in DNS resolver (inet_res) uses a sequential, pr…
CVE-2026-22675 medium 6.1 6.1 debian debian ocsinventory-ng 2mo ago OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User…
CVE-2026-31410 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION Use sb->s_uuid for a proper volume identifier as the primary choice. For files…
CVE-2026-31405 critical 9.8 9.8 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ule_mandatory_ext_handlers[] and ule_optional_ext_handlers[] ta…
CVE-2026-35201 medium 5.5 debian debian sles 2mo ago rdiscount has an Out-of-bounds Read
CVE-2026-23210 medium 5.5 FIX rhel slesdebian debian 2mo ago Moderate: kernel security update
CVE-2025-71238 medium 5.5 FIX slesdebian debian rocky 2mo ago In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsg_done() causing double free Kernel panic observed on system, [5353358.825191] BUG: unable to handle page f…
CVE-2025-38109 medium 5.5 FIX rhel slesdebian debian 2mo ago Moderate: kernel security update
CVE-2026-35166 unknown FIX debian debian sles 2mo ago Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or…
CVE-2026-3184 medium 5.3 5.3 slesdebian debian kernelredhat 2mo ago A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A …
CVE-2026-2625 medium 5.5 5.5 FIX rheldebian debian redhatsequoia-pgp 2mo ago A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager (RPM) file. During the RPM signature verification process, th…
CVE-2026-31400 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix cache_request leak in cache_release When a reader's file descriptor is closed while in the middle of reading a cache_…
CVE-2026-31394 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations ieee80211_chan_bw_change() iterates all stations and accesse…
CVE-2026-31391 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix OOM ->tfm_count leak If memory allocation fails, decrement ->tfm_count to avoid blocking future reads.
CVE-2026-31390 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix memory leak in xe_vm_madvise_ioctl When check_bo_args_are_sane() validation fails, jump to the new free_vmas cleanup …
CVE-2026-23475 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered …
CVE-2026-23474 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: mtd: Avoid boot crash in RedBoot partition table parser Given CONFIG_FORTIFY_SOURCE=y and a recent compiler, commit 439a1bcac648 …
CVE-2026-23472 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN uart_write_room() and uart_write() behave inconsistently when xmi…
CVE-2026-23470 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix deadlock in soft reset sequence The soft reset sequence is currently executed from the threaded IRQ handler,…
CVE-2026-23469 medium 4.7 4.7 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Synchronize interrupts before suspending the GPU The runtime PM suspend callback doesn't know whether the IRQ ha…
CVE-2026-23468 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Limit BO list entry count to prevent resource exhaustion Userspace can pass an arbitrary number of BO list entries vi…
CVE-2026-23467 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: drm/i915/dmc: Fix an unlikely NULL pointer deference at probe intel_dmc_update_dc6_allowed_count() oopses when DMC hasn't been in…
CVE-2026-23465 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: btrfs: log new dentries when logging parent dir of a conflicting inode If we log the parent directory of a conflicting inode, we …
CVE-2026-23464 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: soc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe() In mpfs_sys_controller_probe(), if of_get_mtd_device_by_node…
CVE-2026-23463 medium 4.7 4.7 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: fix race condition in qman_destroy_fq When QMAN_FQ_FLAG_DYNAMIC_FQID is set, there's a race condition between fq…
CVE-2026-23460 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect syzkaller reported a bug [1], and the reproducer is ava…
CVE-2026-23455 critical 9.1 9.1 FIX sles rheldebian debian 2mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() In DecodeQ931(), the UserUserIE code path reads a 16-bit leng…
CVE-2026-23452 medium 4.7 4.7 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pm_runtime_work() may dereference the dev->pare…