22 matches found
CVE-2026-57436 Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node type
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Documentroot= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The result is a heap use-after-free during garbage...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: scsi: megaraidsas: Fixed an invalid node index issue. On systems with DRAM interleave enabled, out-of-bound access was detected: megaraidsas 0000:3f:00.0: Requested/available msix 128/128 pollqueue 0 ------------ Cut here...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm/damon/ops-common: Add a target node validity check in damonmigratepages. This validation is taken from dopagesmove, which is used in the movepages system call. The bug occurs when damonmigratepages attempts to migrate pages ev...
Linux Distros Unpatched Vulnerability : CVE-2026-46020
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/damon/core: validate damosquotagoal-nid for nodememused,freebp Patch series mm/damon/core: validate damosquotagoal-nid. nodememcgused,freebp DAMOS quota goal...
CVE-2026-46020
A flaw was found in the Linux kernel's DAMON Data Access MONitor core. A privileged local user can exploit this vulnerability by providing an invalid node ID to damosquotagoal-nid for nodememused,freebp via the DAMON user-space tool. This improper validation can lead to an out-of-bounds memory...
CVE-2026-46067
A flaw was found in the Linux kernel's DAMON Data Access MONitor core component. A local user could exploit this vulnerability by providing an invalid node identifier nid when configuring memory usage tracking goals. This lack of validation allows for out-of-bounds memory access, which can lead t...
CVE-2026-46067
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damosquotagoal-nid for nodememcgused,freebp Users can set damosquotagoal-nid with arbitrary value for nodememcgused,freebp. But DAMON core is using those for NODE-DATA without a validation of the value. Th...
CVE-2026-46067 mm/damon/core: validate damos_quota_goal->nid for node_memcg_{used,free}_bp
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damosquotagoal-nid for nodememcgused,freebp Users can set damosquotagoal-nid with arbitrary value for nodememcgused,freebp. But DAMON core is using those for NODE-DATA without a validation of the value. Th...
CVE-2026-46020 mm/damon/core: validate damos_quota_goal->nid for node_mem_{used,free}_bp
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damosquotagoal-nid for nodememused,freebp Patch series "mm/damon/core: validate damosquotagoal-nid". nodememcgused,freebp DAMOS quota goals receive the node id. The node id is used for simeminfonode and...
CVE-2026-23555
Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...
CVE-2025-39700
In the Linux kernel, the following vulnerability has been resolved: mm/damon/ops-common: ignore migration request to invalid nodes damonmigratepages tries migration even if the target node is invalid. If users mistakenly make such invalid requests via DAMOSMIGRATEHOT,COLD action, the below kernel...
UBUNTU-CVE-2025-39700
In the Linux kernel, the following vulnerability has been resolved: mm/damon/ops-common: ignore migration request to invalid nodes damonmigratepages tries migration even if the target node is invalid. If users mistakenly make such invalid requests via DAMOSMIGRATEHOT,COLD action, the below kernel...
scsi: megaraid_sas: Fix invalid node index
...
SUSE CVE-2025-38239
In the Linux kernel, the following vulnerability has been resolved: scsi: megaraidsas: Fix invalid node index On a system with DRAM interleave enabled, out-of-bound access is detected: megaraidsas 0000:3f:00.0: requested/available msix 128/128 pollqueue 0 ------------ cut here ------------ UBSAN:...
DEBIAN-CVE-2025-38239
In the Linux kernel, the following vulnerability has been resolved: scsi: megaraidsas: Fix invalid node index On a system with DRAM interleave enabled, out-of-bound access is detected: megaraidsas 0000:3f:00.0: requested/available msix 128/128 pollqueue 0 ------------ cut here ------------ UBSAN:...
AZL-64856 CVE-2025-38239 affecting package kernel for versions less than 6.6.96.1-1
In the Linux kernel, the following vulnerability has been resolved: scsi: megaraidsas: Fix invalid node index On a system with DRAM interleave enabled, out-of-bound access is detected: megaraidsas 0000:3f:00.0: requested/available msix 128/128 pollqueue 0 ------------ cut here ------------ UBSAN:...
UBUNTU-CVE-2025-38239
In the Linux kernel, the following vulnerability has been resolved: scsi: megaraidsas: Fix invalid node index On a system with DRAM interleave enabled, out-of-bound access is detected: megaraidsas 0000:3f:00.0: requested/available msix 128/128 pollqueue 0 ------------ cut here ------------ UBSAN:...
SUSE CVE-2010-0415
The dopagesmove function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service OOPS, and possibly have unspecified other impact by specifying a node that is not part of the...
PYSEC-2022-87
Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize. Here, we set item-kernel to nullptr but it is a simple OpKernel pointer so the memory that was previously allocated to it...
hivex: Buffer overflow when provided invalid node key length
A flaw was found in the hivex library. It is caused due to a lack of bounds check within the hivexopen function. An attacker could input a specially crafted Windows Registry hive file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat...