SB2026032450 - Anolis OS update for linux-firmware

Main Vulnerability Database SB2026032450

SB2026032450 - Anolis OS update for linux-firmware

Published: March 24, 2026

Security Bulletin ID SB2026032450

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information exposure through microarchitectural state after transient execution (CVE-ID: CVE-2024-36357)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information leak. A local user can obtain sensitive data from the L1D cache.

Remediation

Install update from vendor's website.

References

https://anas.openanolis.cn/errata/detail/ANSA-2026:0349

Vulnerable Software

Anolis OS: 23
realtek-firmware: before 20260110-1
qcom-firmware: before 20260110-1
nvidia-gpu-firmware: before 20260110-1
netronome-firmware: before 20260110-1
mt7xxx-firmware: before 20260110-1
mrvlprestera-firmware: before 20260110-1
mlxsw_spectrum-firmware: before 20260110-1
liquidio-firmware: before 20260110-1
linux-firmware-whence: before 20260110-1
linux-firmware-doc: before 20260110-1
linux-firmware: before 20260110-1
libertas-firmware: before 20260110-1
iwlwifi-mvm-firmware: before 20260110-1
iwlwifi-dvm-firmware: before 20260110-1
iwlegacy-firmware: before 20260110-1
intel-gpu-firmware: before 20260110-1
dvb-firmware: before 20260110-1
brcmfmac-firmware: before 20260110-1
atheros-firmware: before 20260110-1
amd-ucode-firmware: before 20260110-1
amd-gpu-firmware: before 20260110-1