Lucene search
+L

46235 matches found

NVD
NVD
added 1 hour ago3 views

CVE-2026-64081

In the Linux kernel, the following vulnerability has been resolved: firmware: armffa: Validate framework notification message layout Framework notifications carry an indirect message in the shared RX buffer. Validate the reported offset and size before using them, reject zero-length payloads, and...

Exploits0References3
NVD
NVD
added 1 hour ago3 views

CVE-2026-63909

In the Linux kernel, the following vulnerability has been resolved: ksmbd: OOB read regression in smbcheckpermdacl ACE-walk loops Commit d07b26f39246 "ksmbd: require minimum ACE size in smbcheckpermdacl" introduced a transposed bounds check: if offsetofstruct smbace, sid + acessize size offset 2...

Exploits0References7
Cvelist
Cvelist
added 2 hours ago4 views

CVE-2026-64097 drm/amd/display: Validate GPIO pin LUT table size before iterating

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Validate GPIO pin LUT table size before iterating Why&How The GPIO pin table parsers in getgpioi2cinfo and biosparsergetgpiopininfo derive an element count from the VBIOS tableheader.structuresize field, then...

Exploits0References6
ATTACKERKB
ATTACKERKB
added 2 hours ago1 views

CVE-2026-64097

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Validate GPIO pin LUT table size before iterating Why&How The GPIO pin table parsers in getgpioi2cinfo and biosparsergetgpiopininfo derive an element count from the VBIOS tableheader.structuresize field, then...

5.3AI score
Exploits0References7
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-63949 auxdisplay: line-display: fix OOB read on zero-length message_store()

In the Linux kernel, the following vulnerability has been resolved: auxdisplay: line-display: fix OOB read on zero-length messagestore linedispdisplay unconditionally reads msgcount - 1 before checking whether count is zero, so a write of zero bytes to the message sysfs attribute hits msg-1:...

Exploits0References6
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-63947 Bluetooth: HIDP: fix missing length checks in hidp_input_report()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HIDP: fix missing length checks in hidpinputreport hidpinputreport reads keyboard and mouse payload data from an skb without first verifying that skb-len contains enough data. hidprecvintrframe pulls the 1-byte HIDP...

Exploits0References7
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-45688

In the Linux kernel, the following vulnerability has been resolved: nfc: hci: fix out-of-bounds read in HCP header parsing Both nfchcirecvfromllc and ncihcidatareceivedcb read packet-header from skb-data at function entry without first checking that the buffer holds at least one byte. A malicious...

5.6AI score
Exploits0References8
CVE
CVE
added 2 hours ago4 views

CVE-2026-63915

The CVE concerns the Linux kernel NFC HCI code: nfc_hci_recv_from_llc() and nci_hci_data_received_cb() read packet->header from skb->data at entry without verifying buffer length, enabling an out-of-bounds heap read from a 0-byte HCP frame and risking skb_over_panic if fragmented. The fix a...

5.6AI score
Exploits0References8
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-63915 nfc: hci: fix out-of-bounds read in HCP header parsing

In the Linux kernel, the following vulnerability has been resolved: nfc: hci: fix out-of-bounds read in HCP header parsing Both nfchcirecvfromllc and ncihcidatareceivedcb read packet-header from skb-data at function entry without first checking that the buffer holds at least one byte. A malicious...

Exploits0References8
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-63909 ksmbd: OOB read regression in smb_check_perm_dacl() ACE-walk loops

In the Linux kernel, the following vulnerability has been resolved: ksmbd: OOB read regression in smbcheckpermdacl ACE-walk loops Commit d07b26f39246 "ksmbd: require minimum ACE size in smbcheckpermdacl" introduced a transposed bounds check: if offsetofstruct smbace, sid + acessize size offset 2...

Exploits0References7
CVE
CVE
added 2 hours ago2 views

CVE-2026-63902

The CVE-2026-63902 issue affects the Linux kernel USB-serial Cypress M8 driver. cypress_read_int_callback() parses the interrupt-in buffer for two Cypress packet formats (format 1: two-byte status/count header; format 2: one-byte combined header). The interrupt buffer is sized from the endpoint w...

5.6AI score
Exploits0References8
CVE
CVE
added 2 hours ago4 views

CVE-2026-63903

The CVE-2026-63903 entry concerns the Linux kernel USB-serial Belkin sa driver. The vulnerability arises from belkin_sa_read_int_callback() treating the interrupt data as a four-byte status report and reading LSR/MSR fields from offsets 2 and 3, with the interrupt-in buffer length derived from en...

5.6AI score
Exploits0References8
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-63902 USB: serial: cypress_m8: validate interrupt packet headers

In the Linux kernel, the following vulnerability has been resolved: USB: serial: cypressm8: validate interrupt packet headers cypressreadintcallback parses the interrupt-in buffer according to the selected Cypress packet format. Format 1 has a two-byte status/count header and format 2 has a...

Exploits0References8
NVD
NVD
added 5 hours ago5 views

CVE-2026-63815

In the Linux kernel, the following vulnerability has been resolved: f2fs: bound iinlinexattrsize for non-inline-xattr inodes When the flexibleinlinexattr feature is enabled, doreadinode loads the on-disk iinlinexattrsize unconditionally: if f2fssbhasflexibleinlinexattrsbi fi-iinlinexattrsize =...

Exploits0References4
NVD
NVD
added 5 hours ago5 views

CVE-2026-53402

In the Linux kernel, the following vulnerability has been resolved: fbdev: fbcon: fix out-of-bounds read in errout of fbcondosetfont When fbcondosetfont fails e.g., due to a memory allocation failure inside vcresize under heavy memory pressure, it jumps to the errout label to roll back the consol...

Exploits0References4
CVE
CVE
added 5 hours ago4 views

CVE-2026-53402

The CVE-2026-53402 vulnerability affects the Linux kernel fbdev/fbcon path. When fbcon_do_set_font() fails and jumps to err_out to rollback the console state, the rollback omits restoring hi_font state (vc_hi_font_mask) and the screen buffer. This can leave the terminal desynchronized and cause v...

5.6AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 5 hours ago4 views

CVE-2026-53390

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds read in smbcheckpermdacl The permission-check ACE walk in smbcheckpermdacl validates the ACE header size and caps sid.numsubauth at SIDMAXSUBAUTHORITIES, but it never checks that ace-size is actually larg...

5.5AI score
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 17 hours ago6 views

PT-2026-61107

In the Linux kernel, the following vulnerability has been resolved: fbdev: fbcon: fix out-of-bounds read in err out of fbcon do set font When fbcon do set font fails e.g., due to a memory allocation failure inside vc resize under heavy memory pressure, it jumps to the err out label to roll back t...

5.6AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 17 hours ago1 views

PT-2026-61232

In the Linux kernel, the following vulnerability has been resolved: nfc: hci: fix out-of-bounds read in HCP header parsing Both nfc hci recv from llc and nci hci data received cb read packet-header from skb-data at function entry without first checking that the buffer holds at least one byte. A...

5.5AI score
Exploits0References9
Positive Technologies
Positive Technologies
added 17 hours ago1 views

PT-2026-61331

In the Linux kernel, the following vulnerability has been resolved: Input: usbtouchscreen - clamp NEXIO data len/x len to URB buffer size nexio read data pulls data len and x len from a packed be16 header in the device's interrupt packet and then walks packet-data0..x len and packet-datax len..da...

5.5AI score
Exploits0References9
Rows per page
Query Builder