479 matches found
SUSE CVE-2026-46186
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe for every event/ACL/SCO/ISO type, without checking that the remaining...
CVE-2026-46186
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe for every event/ACL/SCO/ISO type, without checking that the remaining...
slip: bound decode() reads against the compressed packet length
...
PT-2026-44309
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The virtbt rx handle function in the Bluetooth virtio bt driver fails to validate that the remaining payload length is sufficient to cover the fixed HCI header for the selected packet ty...
JLSEC-2026-566 In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success...
In GnuPG before 2.5.17, a long signature packet length causes parsesignature to return success with sig-data set to a NULL value, leading to a denial of service application crash...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from insufficient validation of the data packet length in the rxercv function. This vulnerability may...
CVE-2026-9054
An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic...
EUVD-2026-31403
An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic...
PT-2026-42721
An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: bpf: Do not redirect packets with invalid pktlen Syzbot identified an issue 1: the fqcodel Drop function attempts to drop a flow without any SKBs, that is, when flow-head is null. The root cause, as described in 2, is that the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: In the ice module, the issue of using an untrusted value of pktlen in the icevcfdirparseRaw function has been fixed. This issue was addressed by checking that the value of pktlen does not exceed the VIRTCHNLMAXSIZERAWPACKET value...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: usb: aqc111: Check the packet for fixup for true limits. If a device sends a packet that lies between 0 and sizeofu64, the value passed to skbtrim as the packet length will wrap around, resulting in a very large value. The driver...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9k: Avoid reading uninitialized memory in ath9khtcrxmsg. syzbot reports that the uninitialized value is accessed at ath9khtcrxmsg. For ioctlUSBRAWIOCTLEPWRITE, the function ath9khifusbrxstream may call with pktlen = 0, b...
Astra Linux – Vulnerability in libslirp
In ncsi.c within libslirp up to 4.3.1, there is an issue of buffer over-reading. This occurs because the program attempts to read a certain amount of header data, even when that amount exceeds the total packet length...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021648)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021648 advisory. In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Limit packet length to skb-len Packet length retrieved from descriptor may be...
dnsmasq: Broken ECS source validation bypass
A validation bypass was discovered in dnsmasq's RFC 7871 client subnet ECS handling. When verifying ECS source information in DNS responses, dnsmasq passes the OPT record length instead of the full packet length to the validation function.This causes all internal bounds checks to fail, completely...
SUSE CVE-2026-31779
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwlmvmndmatchinfohandler The memcpy function assumes the dynamic array notif-matches is at least as large as the number of bytes to copy. Otherwise, results-matches may...
PT-2026-36414
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential out-of-bounds read exists in the iwl mvm nd match info handler function. The memcpy function assumes the dynamic array notif-matches is at least as large as the number of byt...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013755)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013755 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid uninit memory read in ath9khtcrxmsg syzbot is reporting uninit value at...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013149)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013149 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid referencing uninit memory in ath9kwmictrlrx For the reasons also described in...