CVE-2026-46114

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Reject non-8-byte ATOMICWRITE payloads atomicwritereply at drivers/infiniband/sw/rxe/rxeresp.c unconditionally dereferences 8 bytes at payloadaddrpkt: value = u64 payloadaddrpkt; checkrkey previously accepted an...

PT-2026-43910

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description An issue exists in the RDMA/rxe component where the rxe rcv function fails to properly validate the incoming packet length before calculating the payload size. The payload size calculation...

CVE-2026-42485

AGL agl-service-can-low-level contains a stack buffer overflow in the uds-c library. The senddiagnosticrequest function in uds.c allocates a 6-byte stack buffer MAXDIAGNOSTICPAYLOADSIZE=6 but copies up to 7 bytes MAXUDSREQUESTPAYLOADLENGTH=7 via memcpy at an offset of 1+pidlength 2-3 bytes,...

CVE-2026-31393

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate L2CAPINFORSP payload length before access l2capinformationrsp checks that cmdlen covers the fixed l2capinforsp header type + result, 4 bytes but then reads rsp-data without verifying that the payload is...

CVE-2026-31393 Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate L2CAPINFORSP payload length before access l2capinformationrsp checks that cmdlen covers the fixed l2capinforsp header type + result, 4 bytes but then reads rsp-data without verifying that the payload is...

CVE-2026-31393

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate L2CAPINFORSP payload length before access l2capinformationrsp checks that cmdlen covers the fixed l2capinforsp header type + result, 4 bytes but then reads rsp-data without verifying that the payload is...

CVE-2026-22790

EV charging stack EVerest is vulnerable before 2026.02.0: HomeplugMessage::setup_payload trusts len after an assert; in release builds the check is removed, enabling oversized SLAC payloads to be memcpy’d into a ~1497-byte stack buffer, corrupting the stack and allowing remote code execution from...

DEBIAN-CVE-2024-35912

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: rfi: fix potential response leaks If the rx payload length check fails, or if kmemdup fails, we still need to free the command response. Fix that...

CVE-2024-35912 wifi: iwlwifi: mvm: rfi: fix potential response leaks

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: rfi: fix potential response leaks If the rx payload length check fails, or if kmemdup fails, we still need to free the command response. Fix that...

UBUNTU-CVE-2015-3815

The detectversion function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not check the length of the payload, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a packet with a crafted payload, as...