CVE-2026-46186

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe for every event/ACL/SCO/ISO type, without checking that the remaining...

PT-2026-44309

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtio bt: validate rx pkt type header length virtbt rx handle reads the leading pkt type byte from the RX skb and forwards the remainder to hci recv frame for every event/ACL/SCO/ISO type, without checking that the...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002115)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002115 advisory. drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users t...

EUVD-2023-60504

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid referencing uninit memory in ath9kwmictrlrx For the reasons also described in commit b383e8abed41 "wifi: ath9k: avoid uninit memory read in ath9khtcrxmsg", ath9khtcrxmsg should validate pktlen before accessing...

CVE-2023-54300

CVE-2023-54300 affects the Linux kernel wireless driver stack (ath9k). The issue arises from uninitialized memory access in ath9k_wmi_ctrl_rx triggered by missing pkt_len validation in ath9k_htc_rx_msg; the SKB could be malformed such that a WMI header is expected in data but not present. The fix...

CVE-2022-50709 wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid uninit memory read in ath9khtcrxmsg syzbot is reporting uninit value at ath9khtcrxmsg 1, for ioctlUSBRAWIOCTLEPWRITE can call ath9khifusbrxstream with pktlen = 0 but ath9khifusbrxstream uses devallocskbpktlen +...

CVE-2022-50709

CVE-2022-50709 concerns the Linux kernel’s wifi/ath9k path where ath9k_hif_usb_rx_stream() can allocate skb with uninitialized memory because pkt_len is not validated before use in ath9k_htc_rx_msg(). The patch described resolves the issue by validating pkt_len prior to access in ath9k_htc_rx_msg...

ALSA-2025:21398 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: vsock/virtio: Validate length in packet header before skbput CVE-2025-39718 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

EUVD-2021-17228

Malware in sbrugna...

CVE-2025-5449 Libssh: integer overflow in libssh sftp server packet length validation leading to denial of service

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash,...

CVE-2025-5449

CVE-2025-5449 affects libssh’s SFTP server message decoding. The root cause is an integer overflow caused by an incorrect packet length check, enabling overflow when processing large payloads on 32-bit systems. This leads to a failed memory allocation and can crash the server process, causing a d...

PT-2025-25901

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability has been identified in the Linux kernel where the bpf prog test run skb function runs a bpf program that redirects empty skbs, causing the fq codel drop function to attem...

CVE-2021-30297

Possible out of bound read due to improper validation of packet length while handling data transfer in VR service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables...

CVE-2025-22117 ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw()

In the Linux kernel, the following vulnerability has been resolved: ice: fix using untrusted value of pktlen in icevcfdirparseraw Fix using the untrusted value of proto-raw.pktlen in function icevcfdirparseraw by verifying if it does not exceed the VIRTCHNLMAXSIZERAWPACKET value...

UBUNTU-CVE-2023-52655

In the Linux kernel, the following vulnerability has been resolved: usb: aqc111: check packet for fixup for true limit If a device sends a packet that is inbetween 0 and sizeofu64 the value passed to skbtrim as length will wrap around ending up as some very large value. The driver will then proce...

SUSE CVE-2017-17085

In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length...

SUSE CVE-2018-17974

An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlten10mbencode of the file plugins/dlten10mb/en10mb.c, due to inappropriate values in the function memmove. The length pktlen + ctx - l2len can be larger than source value packet +...

FRRouting FRR 缓冲区错误漏洞

FRRouting FRR is a suite of software that implements and manages various IPV4 and IPV6 routing protocols. A security vulnerability exists in FRRouting FRR prior to 8.1.0 that stems from incorrectly checking the input packet length in isisd/isistlvs.c. The vulnerability is caused by the following...

Denial Of Service (DoS)

cryptoauthlib is vulnerable to denial of service DoS.The attack exists due to lack of validation of reported packet length against the packet being processed, leading to an application crash...

CVE-2019-20425

In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustremsgstring, there is no validation of a certain length value derived from lustremsgbuflenv2...