1680 matches found
BELL-CVE-2026-43463
Bulletin has no description...
BELL-CVE-2026-43449
Bulletin has no description...
BELL-CVE-2026-43415
Bulletin has no description...
BELL-CVE-2026-43395
Bulletin has no description...
BELL-CVE-2026-43373
Bulletin has no description...
BELL-CVE-2026-43466
Bulletin has no description...
BELL-CVE-2026-43405
Bulletin has no description...
MINI-FV7X-8V4X-H4RQ
Bulletin has no description...
DEBIAN-CVE-2026-43462
In the Linux kernel, the following vulnerability has been resolved: net: spacemit: Fix error handling in emactxmemmap The DMA mappings were leaked on mapping error. Free them with the existing emacfreetxbuf function...
DEBIAN-CVE-2026-43453
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: fix stack out-of-bounds read in pipapodrop pipapodrop passes rulemapi + 1.n to pipapounmap as the tooffset argument on every iteration, including the last one where i == m-fieldcount - 1. This reads one...
DEBIAN-CVE-2026-43458
In the Linux kernel, the following vulnerability has been resolved: serial: caif: hold tty-link reference in ldiscopen and serrelease A reproducer triggers a KASAN slab-use-after-free in ptywriteroom when caifserial's TX path calls ttywriteroom. The faulting access is on tty-link-port. Hold an...
DEBIAN-CVE-2026-43447
In the Linux kernel, the following vulnerability has been resolved: iavf: fix PTP use-after-free during reset Commit 7c01dbfc8a1c5f "iavf: periodically cache PHC time" introduced a worker to cache PHC time, but failed to stop it during reset or disable. This creates a race condition where...
DEBIAN-CVE-2026-43433
In the Linux kernel, the following vulnerability has been resolved: rustbinder: avoid reading the written value in offsets array When sending a transaction, its offsets array is first copied into the target proc's vma, and then the values are read back from there. This is normally fine because th...
DEBIAN-CVE-2026-43419
In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leaks in cephmdscbuildpath Add putname calls to error code paths that did not free the "path" pointer obtained by getname. If ownership of this pointer is not passed to the caller via pathinfo.path, the function...
DEBIAN-CVE-2026-43417
In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Handle vfork/CLONEVM correctly Matthieu and Jiri reported stalls where a task endlessly loops in mmgetcid when scheduling in. It turned out that the logic which handles vfork'ed tasks is broken. It is invoked when th...
DEBIAN-CVE-2026-43408
In the Linux kernel, the following vulnerability has been resolved: ceph: add a bunch of missing cephpathinfo initializers cephmdscbuildpath must be called with a zero-initialized cephpathinfo parameter, or else the following cephmdscfreepathinfo may crash. Example crash on Linux 6.18.12:...
DEBIAN-CVE-2026-43411
In the Linux kernel, the following vulnerability has been resolved: tipc: fix divide-by-zero in tipcskfilterconnect A user can set conntimeout to any value via setsockoptTIPCCONNTIMEOUT, including values less than 4. When a SYN is rejected with TIPCERROVERLOAD and the retry path in...
DEBIAN-CVE-2026-43402
In the Linux kernel, the following vulnerability has been resolved: kthread: consolidate kthread exit paths to prevent use-after-free Guillaume reported crashes via corrupted RCU callback function pointers during KUnit testing. The crash was traced back to the pidfs rhashtable conversion which...
DEBIAN-CVE-2026-43400
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add upper bound check on user inputs in signal ioctl Huge input values in amdgpuuserqsignalioctl can lead to a OOM and could be exploited. So check these input value against AMDGPUUSERQMAXHANDLES which is big enough...
DEBIAN-CVE-2026-43399
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix reference leak in amdgpuuserqwaitioctl Drop reference to syncobj and timeline fence when aborting the ioctl due output array being too small. cherry picked from commit 68951e9c3e6bb22396bc42ef2359751c8315dd2...