53 matches found
PYSEC-2026-722 Divide By Zero in OpenCV.
An issue was discovered in OpenCV 4.1.0 OpenCV-Python 4.1.0.25. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp...
Linux Distros Unpatched Vulnerability : CVE-2026-53196
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - USB: serial: ioti: fix heap overflow in getmanufinfo getmanufinfo reads le16tocpuromdesc-Size bytes from the device I2C EEPROM into a buffer allocated with...
CVE-2026-53196
In the Linux kernel USB: serial: io_ti driver, CVE-2026-53196 describes a heap overflow in get_manuf_info() caused by reading rom_desc->Size bytes from an I2C EEPROM into a 10-byte buffer (kmalloc_obj()). Size is only checked against TI_MAX_I2C_SIZE (16384), allowing a malicious device to set ...
EUVD-2026-38831
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI endpoint descriptor scans sndusbmidigetmsinfo validates the internal MIDIStreaming endpoint descriptor size before using baAssocJackID, but the descriptor walker can still return a class-specific...
EUVD-2026-36408
A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...
CVE-2026-48914 Qemu-kvm: heap buffer overflow in virtio-blk scsi request handling
A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...
PT-2026-48843
Name of the Vulnerable Software and Affected Versions QEMU affected versions not specified Description A flaw exists in the virtio-blk device where the system fails to properly validate the size of input descriptors before writing data. A malicious guest with high privileges can exploit this by...
FreeBSD 安全漏洞
FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. There is a security vulnerability in FreeBSD, which stems from the lack of verification that the socket descriptors are within the FDSETSIZE limit, potentially leading to stack corruption. If the target application runs...
Astra Linux – Vulnerability in OpenCV
A issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in the modules/objdetect/src/hog.cpp module...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: dmaengine: zynqmpdma: In struct zynqmpdmachan, the descsize data type was fixed. In the zynqmpdmaalloc/freechanresources functions, there is a potential overflow in the following expressions: dmaalloccoherentchan-dev, 2...
EUVD-2026-24913
In the Linux kernel, the following vulnerability has been resolved: HID: asus: avoid memory leak in asusreportfixup The asusreportfixup function was returning a newly allocated kmemdup-allocated buffer, but never freeing it. Switch to devmkzalloc to ensure the memory is managed and freed...
CVE-2026-31524
In the Linux kernel, the following vulnerability has been resolved: HID: asus: avoid memory leak in asusreportfixup The asusreportfixup function was returning a newly allocated kmemdup-allocated buffer, but never freeing it. Switch to devmkzalloc to ensure the memory is managed and freed...
CVE-2026-31524
CVE-2026-31524 affects the Linux kernel HID ASUS driver. The asus_report_fixup() function allocated memory with kmemdup() but did not free it, causing a memory leak; the fix switches to devm_kzalloc() so memory is automatically freed with the device. A harmless out-of-bounds read was also correct...
PT-2026-34429
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the asus report fixup function, which returns a buffer allocated via kmemdup without subsequently freeing it. Additionally, an out-of-bounds read exists where the...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: fix slab out-of-bounds access in mtreportfixup A malicious HID device can trigger a slab out-of-bounds during mtreportfixup by passing in report descriptor smaller than 607 bytes. mtreportfixup attempts to patch...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002733)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002733 advisory. An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to...
kernel: HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()
A flaw exists in the Linux kernel’s HID multitouch driver function mtreportfixup in drivers/hid/hid-multitouch.c. A malicious HID device may supply a report descriptor smaller than 607 bytes; the function then attempts to access and patch byte offset 607 without first verifying the descriptor...
kernel: HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()
A flaw exists in the Linux kernel’s HID multitouch driver function mtreportfixup in drivers/hid/hid-multitouch.c. A malicious HID device may supply a report descriptor smaller than 607 bytes; the function then attempts to access and patch byte offset 607 without first verifying the descriptor...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989817)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989817 advisory. In the Linux kernel, the following vulnerability has been resolved: dmaengine: zynqmpdma: In struct zynqmpdmachan fix descsize data type In...
CVE-2025-39948
In the Linux kernel, the following vulnerability has been resolved: ice: fix Rx page leak on multi-buffer frames The iceputrxmbuf function handles calling iceputrxbuf for each buffer in the current frame. This function was introduced as part of handling multi-buffer XDP support in the ice driver...