382184 matches found
UBUNTU-CVE-2026-53194
In the Linux kernel, the following vulnerability has been resolved: USB: serial: kl5kusb105: fix bulk-out buffer overflow klsi105preparewritebuffer is called by the generic write path with the bulk-out buffer and its size bulkoutsize, 64 bytes. It stores a two-byte length header at the start of t...
Security Bulletin: Multiple Vulnerabilities in cryptography bundled with IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage include the cryptography library, which is vulnerable to a critical buffer overflow and an improper certificate validation flaw. A classic buffer overflow vulnerability exists when non-contiguous...
CVE-2026-53267
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: bail out on template ct in get eval I noticed this issue while looking at a historic syzbot report 1. A rule like the one below is enough to trigger the bug: table ip t chain pre type filter hook prerouting...
CVE-2026-53267
The CVE-2026-53267 entry concerns a Linux kernel netfilter nft_ct use-after-free style issue where a per-CPU template conntrack entry can be treated as a real ct, causing a 16-byte memcpy path to overflow the kernel stack when using NFT_REG32_15. The root cause is that a template ct is not reject...
CVE-2026-53209
The CVE-2026-53209 issue affects the Linux kernel Bluetooth subsystem (hci_sync). When hci_adv_bcast_annoucement() tries to prepend the Broadcast Announcement service data to an already-full extended advertising payload, the combined data could exceed the temporary buffer used to rebuild advertis...
CVE-2026-53202 accel/ivpu: Fix signed integer truncation in IPC receive
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix signed integer truncation in IPC receive Fix potential buffer overflow where firmware-supplied datasize is cast to signed int before being used in mint. Large unsigned values = 0x80000000 become negative, causing...
EUVD-2026-39293
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix signed integer truncation in IPC receive Fix potential buffer overflow where firmware-supplied datasize is cast to signed int before being used in mint. Large unsigned values = 0x80000000 become negative, causing...
CVE-2026-53203
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add buffer overflow check in MS getinfoioctl Add validation that the info size returned from the metric stream info query is not exceeded when checked against the allocated buffer size. If the firmware returns a size...
EUVD-2026-39294
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add buffer overflow check in MS getinfoioctl Add validation that the info size returned from the metric stream info query is not exceeded when checked against the allocated buffer size. If the firmware returns a size...
CVE-2026-53203
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add buffer overflow check in MS getinfoioctl Add validation that the info size returned from the metric stream info query is not exceeded when checked against the allocated buffer size. If the firmware returns a size...
CVE-2026-53203 accel/ivpu: Add buffer overflow check in MS get_info_ioctl
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add buffer overflow check in MS getinfoioctl Add validation that the info size returned from the metric stream info query is not exceeded when checked against the allocated buffer size. If the firmware returns a size...
CVE-2026-53203
CVE-2026-53203 affects the Linux kernel’s accel/ivpu component. A buffer overflow can occur when the firmware returns a metric-stream info size larger than the allocated buffer during get_info_ioctl; if this happens, the operation could copy beyond the buffer. Remediation implemented in the publi...
CVE-2026-53202
The CVE-2026-53202 issue affects the Linux kernel component accel/ivpu in IPC receive handling. It describes a signed integer truncation when data_size from firmware is cast to a signed int, leading to a potential unsigned wraparound with large values (≥ 0x80000000). This could enable oversized m...
CVE-2026-53196
In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in getmanufinfo getmanufinfo reads le16tocpuromdesc-Size bytes from the device I2C EEPROM into a buffer allocated with kmallocobj, which is sizeofstruct edgetimanufdescriptor = 10 bytes. The...
EUVD-2026-39287
In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in getmanufinfo getmanufinfo reads le16tocpuromdesc-Size bytes from the device I2C EEPROM into a buffer allocated with kmallocobj, which is sizeofstruct edgetimanufdescriptor = 10 bytes. The...
CVE-2026-53196
In the Linux kernel USB: serial: io_ti driver, CVE-2026-53196 describes a heap overflow in get_manuf_info() caused by reading rom_desc->Size bytes from an I2C EEPROM into a 10-byte buffer (kmalloc_obj()). Size is only checked against TI_MAX_I2C_SIZE (16384), allowing a malicious device to set ...
CVE-2026-53196 USB: serial: io_ti: fix heap overflow in get_manuf_info()
In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in getmanufinfo getmanufinfo reads le16tocpuromdesc-Size bytes from the device I2C EEPROM into a buffer allocated with kmallocobj, which is sizeofstruct edgetimanufdescriptor = 10 bytes. The...
CVE-2026-53194
In the Linux kernel, the following vulnerability has been resolved: USB: serial: kl5kusb105: fix bulk-out buffer overflow klsi105preparewritebuffer is called by the generic write path with the bulk-out buffer and its size bulkoutsize, 64 bytes. It stores a two-byte length header at the start of t...
CVE-2026-53195
In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in buildi2cfwhdr buildi2cfwhdr allocates a fixed-size buffer of 161024 - 512 + sizeofstruct tii2cfirmwarerec bytes, then copies le16tocpuimgheader-Length bytes into it without validating that...
CVE-2026-53194
The CVE-2026-53194 entry covers a defect in the Linux kernel USB serial driver kl5kusb105 (klsi_105_prepare_write_buffer). The bug occurs when the generic write path uses the bulk-out buffer (size 64) and copies the payload from the write_fifo without reserving space for the 2-byte header, result...