CVE-2026-23995

EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ 16 to CAN open routines overflows ifreq.ifrname, corrupting adjacent stack data and enabling potential code execution. ...

CVE-2026-23995

EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ 16 to CAN open routines overflows ifreq.ifrname, corrupting adjacent stack data and enabling potential code execution. ...

CVE-2026-23995 EVerest has stack buffer overflow in ifreq.ifr_name when interface name exceeds IFNAMSIZ

EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ 16 to CAN open routines overflows ifreq.ifrname, corrupting adjacent stack data and enabling potential code execution. ...

EUVD-2026-16199

EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ 16 to CAN open routines overflows ifreq.ifrname, corrupting adjacent stack data and enabling potential code execution. ...

PT-2026-28335

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0 Description EVerest is an EV charging software stack. A stack-based buffer overflow exists in the CAN interface initialization process. This occurs when an interface name exceeding IFNAMSIZ 16 characters is...

CVE-2026-22997

In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: j1939xtprxrtssessionactive: deactivate session upon receiving the second rts Since j1939sessiondeactivateactivatenext in j1939tprxtimer is called only when the timer is enabled, we need to call...

EUVD-2025-12932

Malicious code in bioql PyPI...

PT-2025-43616

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the peak usb CAN driver related to a shift-out-of-bounds issue. The driver did not explicitly use a 64-bit constant when shifting bits, which is...

CVE-2022-49844

In the Linux kernel, the following vulnerability has been resolved: can: dev: fix skb drop check In commit a6d190f8c767 "can: skb: drop tx skb if in listen only mode" the priv-ctrlmode element is read even on virtual CAN interfaces that do not create the struct canpriv at startup. This...

CVE-2024-56651

In the Linux kernel, the following vulnerability has been resolved: can: hi311x: hi3110canist: fix potential use-after-free The commit a22bd630cfff "can: hi311x: do not report txerr and rxerr during bus-off" removed the reporting of rxerr and txerr even in case of correct operation i. e. not...

UBUNTU-CVE-2024-42076

In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: Initialize unused data in j1939sendone syzbot reported kernel-infoleak in rawrecvmsg 1. j1939sendone creates full frame including unused data, but it doesn't initialize it. This causes the kernel-infoleak issue...

DEBIAN-CVE-2021-47519

In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcanreadfifo: fix memory leak in error branch In mcanreadfifo, if the second call to mcanfiforead fails, the function jump to the outfail label and returns without calling mcanreceiveskb. This means that the skb...

kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c

A double-free flaw was found in the Linux kernel's USB2CAN interface implementation. This issue could allow a local user to crash the system...

kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c

A double-free flaw was found in the Linux kernel's USB2CAN interface implementation. This issue could allow a local user to crash the system...

SUSE CVE-2017-8066

drivers/net/can/usb/gsusb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.2 interacts incorrectly with the CONFIGVMAPSTACK option, which allows local users to cause a denial of service system crash or memory corruption or possibly have unspecified other impact by leveraging use of more than on...

Ubuntu: Security Advisory (USN-4228-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5539-1 linux-bluefield, linux-gcp-5.4, linux-gke-5.4 vulnerabilities

It was discovered that the implementation of the 6pack and mkiss protocols in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service system crash. CVE-2022-1195...

LSN-0072-1: Kernel Live Patch Security Notice

It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information kernel memory. CVE-2020-0067 It was discovered that the Serial CAN interfa...

LSN-0072-1 Kernel Live Patch Security Notice

It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information kernel memory. CVE-2020-0067 It was discovered that the Serial CAN interfa...

LSN-0068-1: Kernel Live Patch Security Notice

It was discovered that the virtual terminal implementation in the Linux kernel did not properly handle resize events. A local attacker could use this to expose sensitive information. CVE-2020-8647 It was discovered that the virtual terminal implementation in the Linux kernel contained a race...