126 matches found
Astra Linux - уязвимость в ffmpeg
In FFmpeg versions prior to 5.1.2, the libavcodec/pthreadframe.c file, used in VLC and other products, leaves stale hwaccel state in worker threads. This allows attackers to trigger a use-after-free and execute arbitrary code under certain circumstances e.g., during hardware reinitialization upon...
CVE-2026-40618 BIG-IP SSL/TLS vulnerability
When an SSL profile is configured on a virtual server on BIG-IP Virtual Edition VE without Intel QuickAssist Technology QAT or on BIG-IP hardware platforms with the database variable crypto.hwacceleration set to disabled, undisclosed traffic can cause the Traffic Management Microkernel TMM to...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Net: Ethernet: Cortina: Use TOE/TSO on all TCP. It is desirable to enable the hardware accelerator to also process non-segmented TCP frames. We pass the skb-len value to the “TOE/TSO” offloader, which will handle those frames...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: btrfs: zlib: fix the folio leak on S390 hardware acceleration BUG After commit aa60fe12b4f4 "btrfs: zlib: refactor S390x HW acceleration buffer preparation", we no longer release the folio of the page cache of folio returned by...
JLSEC-2026-262 Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware...
Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...
[SECURITY] Fedora 44 Update: qt6-qtgraphs-6.10.3-1.fc44
The Qt Graphs module enables you to visualize data in 3D as bar, scatter, and surface graphs. It's especially useful for visualizing depth maps and large quantities of rapidly changing data, such as data received from multiple sensors. The look and feel of graphs can be customized by using themes...
K000160557: OpenSSL vulnerability CVE-2025-69418
Security Advisory Description Issue summary: When using the low-level OCB API directly with AES-NI or other hardware-accelerated code paths, inputs whose length is not a multiple of 16 bytes can leave the final partial block unencrypted and unauthenticated. Impact summary: The trailing 1-15 bytes...
OESA-2026-1751 edk2 security update
EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based...
OESA-2026-1663 edk2 security update
EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: When using the low-level OCB API directly with AES-NI orbrother hardware-accelerated code paths, inputs whose length is not a multiplebrof 16 bytes...
CVE-2026-23147
In the Linux kernel, the following vulnerability has been resolved: btrfs: zlib: fix the folio leak on S390 hardware acceleration BUG After commit aa60fe12b4f4 "btrfs: zlib: refactor S390x HW acceleration buffer preparation", we no longer release the folio of the page cache of folio returned by...
Intel Quick Assist Technology 授权问题漏洞
Intel Quick Assist Technology is a hardware acceleration technology developed by Intel, a company in the United States. There are issues with authorization in Intel Quick Assist Technology; this vulnerability stems from improper authorization procedures and can lead to denial-of-service attacks...
AZL-78546 CVE-2025-69418 affecting package openssl-fips-provider 3.1.2-1
Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...
AZL-75272 CVE-2025-69418 affecting package openssl for versions less than 3.3.5-3
Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...
ALPINE-CVE-2025-69418
Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...
AZL-76128 CVE-2025-69418 affecting package edk2 for versions less than 20230301gitf80f052277c8-47
Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...
AZL-75783 CVE-2025-69418 affecting package openssl for versions less than 1.1.1k-38
Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...
AZL-75899 CVE-2025-69418 affecting package edk2 for versions less than 20240524git3e722403cd16-14
Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...
EUVD-2025-206396
Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...
CVE-2025-69418
Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...
CVE-2025-69418
CVE-2025-69418 affects OpenSSL when using the low-level OCB API (CRYPTO_ocb128_encrypt/decrypt) with non-block-aligned lengths on hardware-accelerated builds. The trailing 1–15 bytes of a message may be left unencrypted and unauthenticated, exposing or tampering with data. The issue does not affe...