314 matches found
UBUNTU-CVE-2026-53329
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Use kreallocarray in dalvectorreserve Why & How dalvectorreserve computes the allocation size as "capacity vector-structsize" using uint32t arithmetic, which can silently wrap to a small value on overflow. This...
EUVD-2026-40963
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Use kreallocarray in dalvectorreserve Why & How dalvectorreserve computes the allocation size as "capacity vector-structsize" using uint32t arithmetic, which can silently wrap to a small value on overflow. This...
CVE-2026-53329
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Use kreallocarray in dalvectorreserve Why & How dalvectorreserve computes the allocation size as "capacity vector-structsize" using uint32t arithmetic, which can silently wrap to a small value on overflow. This...
TencentOS Server 3: kernel (TSSA-2026:0544)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0544 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
UBUNTU-CVE-2026-53203
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add buffer overflow check in MS getinfoioctl Add validation that the info size returned from the metric stream info query is not exceeded when checked against the allocated buffer size. If the firmware returns a size...
EUVD-2026-39294
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add buffer overflow check in MS getinfoioctl Add validation that the info size returned from the metric stream info query is not exceeded when checked against the allocated buffer size. If the firmware returns a size...
EUVD-2026-38889
In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix integer overflow in UNMAP bounds check sbcexecuteunmap checks LBA + range does not exceed the device capacity, but does not guard against LBA + range wrapping around on 64-bit overflow. Add an overflow che...
CVE-2026-53068 drm/komeda: fix integer overflow in AFBC framebuffer size check
In the Linux kernel, the following vulnerability has been resolved: drm/komeda: fix integer overflow in AFBC framebuffer size check The AFBC framebuffer size validation calculates the minimum required buffer size by adding the AFBC payload size to the framebuffer offset. This addition is performe...
EUVD-2026-38936
In the Linux kernel, the following vulnerability has been resolved: drm/komeda: fix integer overflow in AFBC framebuffer size check The AFBC framebuffer size validation calculates the minimum required buffer size by adding the AFBC payload size to the framebuffer offset. This addition is performe...
EUVD-2026-38927
In the Linux kernel, the following vulnerability has been resolved: dm log: fix out-of-bounds write due to regioncount overflow The local variable regioncount in createlogcontext is declared as unsigned int 32-bit, but dmsectordivup returns sectort 64-bit. When a device-mapper target has a...
CVE-2026-53059 dm log: fix out-of-bounds write due to region_count overflow
In the Linux kernel, the following vulnerability has been resolved: dm log: fix out-of-bounds write due to regioncount overflow The local variable regioncount in createlogcontext is declared as unsigned int 32-bit, but dmsectordivup returns sectort 64-bit. When a device-mapper target has a...
CVE-2026-53059
CVE-2026-53059 affects the Linux kernel device-mapper log (dm_log) component. The root cause is an integer overflow: region_count is 32-bit, while dm_sector_div_up() returns 64-bit, so a large ti->len with a small region_size can overflow UINT_MAX. This truncation leads to undersized bitsets a...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Enhanced the attribute size check This combines the overflow and boundary check so that all attribute sizes will be properly examined during enumeration. 169.181521 BUG: KASAN: Out-of-bounds access in...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Added a overflow check for attribute size. The offset addition could cause an overflow, potentially passing the used size check when parsing MFT attributes with very large sizes e.g., 0xffffff7f. This could lead to...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: iommufd: Check for uptr overflow syzkaller discovered that setting up a page with a user VA that exceeds zero can trigger WARNONs, especially when pinuserpages returns 0 due to invalid arguments. This issue prevents the creati...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: xsk: Added a missing overflow check in xdpumemreg. The number of chunks can exceed the range of u32. Ensure that the value -EINVAL is returned in case of an overflow. Additionally, removed a redundant u32 cast when assigning...
CVE-2026-46331 net/sched: fix pedit partial COW leading to page cache corruption
In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcfpeditact computes the COW range for skbensurewritable once before the key loop using tcfpoffmaxhint, but the hint does not account for the runtime header offset...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: A overflow issue was identified in IOMMUTESTOPADDRESERVED. syzkaller discovered that this could lead to an overflow in the test infrastructure and cause a WARN message by corrupting the reserved interval tree...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Use checkaddoverflow to prevent overflow of the u16 DACL size. The functions setposixaclentriesdacl and setntacldacl accumulate the ACE sizes in u16 variables. When a file has many POSIX ACL entries, the accumulated size c...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: udf: The use of uninit-value in udfgetfileshortad has been fixed. A check for overflow was added when calculating alen in udfcurrentaext, in order to mitigate potential issues with uninit-value usage in udfgetfileshortad. This is...