EUVD-2026-39532

CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn function in analyzer/pgn.c that allows remote attackers to crash the application. Attackers can deliver a crafted NMEA-2000 message with an out-of-range PGN value over CAN bus or...

kernel: can: isotp: fix tx.buf use-after-free in isotp_sendmsg()

A flaw was found in the Linux kernel's Controller Area Network CAN ISO-TP isotp module. This vulnerability, known as a use-after-free, occurs when the system attempts to free a memory region while it is still being used. A local attacker could trigger this condition by sending a signal that...

kernel: can: isotp: fix tx.buf use-after-free in isotp_sendmsg()

A flaw was found in the Linux kernel's Controller Area Network CAN ISO-TP isotp module. This vulnerability, known as a use-after-free, occurs when the system attempts to free a memory region while it is still being used. A local attacker could trigger this condition by sending a signal that...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: can: mcan: pci: added the missing mcanclassfreedev function in probe/remove methods. In mcanpciremove and the error handling path of mcanpciprobe, mcanclassfreedev should be called to release resources allocated by...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcanclassallocatedev – The spin lock in struct mcanclassdev is not being initialized. This causes issues with spinlocks, as seen in complaints from the kernel, such as when trying to send CAN frames using cansend from...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/sched: actskbmod: Skip non-Ethernet packets Currently, tcfskbmodact assumes that packets use Ethernet as their L2 protocol, which is not always the case. For example, for CAN devices: bash $ ip link add dev vcan0 type vcan $ ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: can: dev: fix skb drop check In commit a6d190f8c767 “can: skb: drop txskb if in listen-only mode”, the priv-ctrlmode element is read even on virtual CAN interfaces that do not create the structcanpriv structure during startup. Th...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In isotpsendmsg, cmpxchg is used to serialize access to so-tx.buf. isotprelease waits for ISOTPIDLE via waiteventinterruptible and then calls kfreeso-tx.buf. If a signal interrupts waiteventinterruptible inside close when tx.stat...

CVE-2026-7273

CVE-2026-7273 affects Zyxel GS1900-48HPv2 devices with firmware up to 2.90(ABTQ.1)C0. The flaw is a stack-based buffer overflow in the CGI program, enabling a LAN-based, unauthenticated attacker to potentially execute OS commands via a crafted HTTP request. Impact is described in the CVE metrics ...

PT-2026-50084

Name of the Vulnerable Software and Affected Versions TL-WR940N version v6 Description An authenticated OS command injection exists in the BigPond Cable BPA WAN configuration module due to improper sanitization of user input. An attacker with administrative access can exploit this flaw to execute...

PT-2026-49603

Name of the Vulnerable Software and Affected Versions Zyxel GS1900-48HPv2 versions prior to 2.90ABTQ.1C0 Description A stack-based buffer overflow exists in the CGI program. This flaw allows an unauthenticated attacker on the local area network LAN to potentially execute operating system commands...

kernel: can: j1939: j1939_session_new(): fix skb reference counting

In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939sessionnew: fix skb reference counting Since j1939sessionskbqueue does an extra skbget for each new skb, do the same for the initial one in j1939sessionnew to avoid refcount underflow. mkl: clean up commit messag...

kernel: can: raw: fix ro->uniq use-after-free in raw_rcv()

A flaw was found in the Linux kernel's Controller Area Network CAN raw socket implementation. A use-after-free vulnerability can occur due to a timing window during the unregistration of CAN receive filters, allowing a freed memory region to be accessed. This could lead to system instability or a...

kernel: can: raw: fix ro->uniq use-after-free in raw_rcv()

A flaw was found in the Linux kernel's Controller Area Network CAN raw socket implementation. A use-after-free vulnerability can occur due to a timing window during the unregistration of CAN receive filters, allowing a freed memory region to be accessed. This could lead to system instability or a...

kernel: can: raw: fix ro->uniq use-after-free in raw_rcv()

A flaw was found in the Linux kernel's Controller Area Network CAN raw socket implementation. A use-after-free vulnerability can occur due to a timing window during the unregistration of CAN receive filters, allowing a freed memory region to be accessed. This could lead to system instability or a...

CVE-2026-53476

A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network LAN, can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary files to the system. Thi...

EUVD-2026-36057

Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inettlsdist:checkip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead...

EEF-CVE-2026-48860 Distribution-over-TLS LAN allowlist silently bypassed due to sockname/peername confusion in inet_tls_dist

Summary Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inet\tls\dist module allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inet\tls\dist:check\ip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls...

CVE-2026-53476

The CVE-2026-53476 vulnerability affects the assisted-migration-agent and is triggered by an unauthenticated attacker on the same LAN who crafts a gzipped tarball to exploit a path traversal flaw, bypassing security checks and writing arbitrary files to the system. This leads to potential unautho...

PT-2026-48449

A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network LAN, can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary files to the system. Thi...