30921 matches found
CVE-2026-47145
In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...
CVE-2026-47145 Color Control hue/saturation assertion abort in EmberZNet v9.0.2
In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...
CVE-2026-4526
EmberZNet v9.0.2 and earlier has a vulnerability in the global ZCL command parser due to missing minimum-length validation, which can cause out-of-bounds reads in the framework parsing logic and terminate the process. The issue requires messages to originate from a device that has already joined ...
EUVD-2026-39396
In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...
CVE-2026-4526 Global ZCL command parser missing minimum-length validation in EmberZNet v9.0.2
In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...
CVE-2026-53188
The CVE-2026-53188 entry concerns a Linux kernel RDMA/core flaw where fops passed to ib_get_ucaps() could be spoofed via a block device sharing a dev_t with a character device (char/block alias). The root cause is insufficient validation of f_ops, allowing a local attacker with access to device n...
CVE-2026-53164
The CVE-2026-53164 entry concerns the Linux kernel IOMMU DMA SWIOTLB path. The vulnerability arises when iommu_dma_iova_link_swiotlb() maps an unaligned memory region and, if the middle portion is empty, calls iommu_map() with a 0 size, which the iommu_pt implementation treats as illegal, corrupt...
PT-2026-52400
Name of the Vulnerable Software and Affected Versions EmberZNet versions prior to 9.0.3 Description Malformed Over-the-Air OTA requests can cause the OTA server parser to perform out-of-bounds reads, which occurs when the software reads data outside the intended boundary of a buffer. This allows ...
PT-2026-52403
Name of the Vulnerable Software and Affected Versions EmberZNet versions prior to 9.0.3 Description Malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write, which leads to process termination. This issue specifically affects devices that support the IAS Zone cluster...
Linux Distros Unpatched Vulnerability : CVE-2026-52953
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iommu/vt-d: Fix oops due to out of scope access Below oops triggers when kill QEMU process: Oops: general protection fault, probably for non-canonical address...
CVE-2026-53128
In the Linux kernel, the following vulnerability has been resolved: drbd: Balance RCU calls in drbdadmdumpdevices Make drbdadmdumpdevices call rcureadlock before rcureadunlock is called. This has been detected by the Clang thread-safety analyzer...
CVE-2026-53128
In the Linux kernel, the following vulnerability has been resolved: drbd: Balance RCU calls in drbdadmdumpdevices Make drbdadmdumpdevices call rcureadlock before rcureadunlock is called. This has been detected by the Clang thread-safety analyzer...
CVE-2026-53128
CVE-2026-53128 affects the Linux kernel DRBD path, specifically drbd_adm_dump_devices(). The root cause is that rcu_read_lock() was not held across the RCU read section before rcu_read_unlock(), as flagged by the Clang thread-safety analyzer. The CVE is tracked in OSV and Debian advisories, with ...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: In the chips-media: wave5 module, the order of device cleanup was corrected to prevent kernel panic. The process of removing video devices was moved to the beginning of the removal function to ensure that all video operations are...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: Do not cause a crash when the msc-input field is missing. Fake USB devices can send their own report descriptors, for which the inputmapping hook is not called. In this case, msc-input remains NULL, leading to a...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: HID: prodikeys: Check the presence of pm-inputep82 Fake USB devices can send their own report descriptors, for which the inputmapping hook is not called. In this case, pm-inputep82 remains NULL, leading to a crash later on. This...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecishtp: Fixed a UAF issue after unbinding the driver. After unbinding the driver, another kthread named crosecconsolelogwork still accesses the device, resulting in a UAF and system crash. The driver does no...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: fixed a memory leak in acp3x pdm DMA operations...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: USB: Storage: Fixed memory leak in USB bulk transport A memory leak in the kernel was identified using the ‘ioctlsg01’ test from the Linux Test Project LTP. The following bytes were observed: 0x53425355. When USB storage devices...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd: Check the event before enabling it to avoid a General Protection Fault GPF. On AMD machines, cpuc-eventsidx can become NULL due to a subtle race condition with NMI-throttle-x86pmustop. Check if the event is NULL in...