312 matches found
DEBIAN-CVE-2026-53283
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Bounds-check devid in rlookupamdiommu iommudeviceregister walks every device on the PCI bus via busforeachdev and calls amdiommuprobedevice for each. The inlined checkdevice path computes the device's sbdf, calls...
CVE-2026-53283
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Bounds-check devid in rlookupamdiommu iommudeviceregister walks every device on the PCI bus via busforeachdev and calls amdiommuprobedevice for each. The inlined checkdevice path computes the device's sbdf, calls...
CVE-2026-53182
In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject oversized EMA RNR lists nl80211parsernrelems stores the parsed element count in a u8-backed cfg80211rnrelems::cnt field and uses that count to size the flexible array allocation. Reject nested...
UBUNTU-CVE-2026-53182
In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject oversized EMA RNR lists nl80211parsernrelems stores the parsed element count in a u8-backed cfg80211rnrelems::cnt field and uses that count to size the flexible array allocation. Reject nested...
CVE-2026-53186
CVE-2026-53186 affects the Linux kernel SRP path in RDMA: the SRP_RSP data length (resp_data_len) is not bounded by the actual received bytes, risking an out-of-bounds read when processing sense data. The copy is capped to 96 bytes, but the source offset can point far past the received data, pote...
CVE-2026-53182
CVE-2026-53182 affects the Linux kernel nl80211: rejects oversized EMA RNR lists in nl80211_parse_rnr_elems, using a u8 counter and capping at 255 to align with the underlying data structure. Several advisories (Red Hat, Debian family, Ubuntu OSV entries, and Root) confirm patches are released in...
CVE-2026-53182 wifi: nl80211: reject oversized EMA RNR lists
In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject oversized EMA RNR lists nl80211parsernrelems stores the parsed element count in a u8-backed cfg80211rnrelems::cnt field and uses that count to size the flexible array allocation. Reject nested...
CVE-2026-53182 wifi: nl80211: reject oversized EMA RNR lists
In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject oversized EMA RNR lists nl80211parsernrelems stores the parsed element count in a u8-backed cfg80211rnrelems::cnt field and uses that count to size the flexible array allocation. Reject nested...
SUSE-SU-2026:22270-1 Security update for libgcrypt
This update for libgcrypt fixes the following issue - CVE-2026-41990: lack of bound check can lead to mishandling of Dilithium signing bsc1262693...
SUSE-SU-2026:22355-1 Security update for libgcrypt
This update for libgcrypt fixes the following issue - CVE-2026-41990: lack of bound check can lead to mishandling of Dilithium signing bsc1262693...
OPENSUSE-SU-2026:21047-1 Security update for libgcrypt
This update for libgcrypt fixes the following issue - CVE-2026-41990: lack of bound check can lead to mishandling of Dilithium signing bsc1262693...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: - svcrdma: The bound check of rqpages index in the inline path. - svcrdmacopyInlineRange: Indexing rqstp-rqpagesrccurpage without verifying that rccurpage remains within the allocated page array. Add guards before the first us...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.0, a client-side heap buffer overflow occurred in the FreeRDP client’s AVC420/AVC444 YUV-to-RGB conversion process. This issue arose due to a lack of validation of the horizontal bounds of the H.264 metablock...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: validate numifs to prevent out-of-bounds write The driver obtains swattr.numifs from the firmware via dpswgetattributes, but never validates it against DPSWMAXIF 64. This value controls the iteration in...
CVE-2026-49295
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...
UBUNTU-CVE-2026-36499
A missing upper-bound check in the udpifsetthreads function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service DoS via resource exhaustion...
CVE-2026-36499
A missing upper-bound check in the udpifsetthreads function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service DoS via resource exhaustion...
EUVD-2026-34317
A missing upper-bound check in the udpifsetthreads function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service DoS via resource exhaustion...
CVE-2026-36499
A missing upper-bound check in the udpifsetthreads function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service DoS via resource exhaustion...
CVE-2026-36499
Open vSwitch v3.6.90 contains a missing upper-bound check in udpif_set_threads(); with OVSDB write access, an attacker can request excessive handler/revalidation threads, causing DoS via resource exhaustion. Documented across NVD entries and vuln lists; exploitation status is not detailed in the ...