21 matches found
UBUNTU-CVE-2026-46053
In the Linux kernel, the following vulnerability has been resolved: net: rds: fix MR cleanup on copy error rdsrdmamap hands sg/pages ownership to the transport after getmr succeeds. If copying the generated cookie back to user space fails after that point, the error path must not free those...
CVE-2026-46053 net: rds: fix MR cleanup on copy error
In the Linux kernel, the following vulnerability has been resolved: net: rds: fix MR cleanup on copy error rdsrdmamap hands sg/pages ownership to the transport after getmr succeeds. If copying the generated cookie back to user space fails after that point, the error path must not free those...
CVE-2026-46053
CVE-2026-46053 affects the Linux kernel RDS memory-registration cleanup. In net/rds, __rds_rdma_map() transfers ownership of sg/pages after get_mr(); if copying the cookie back to user space fails, resources could be freed more than once. The fix removes a duplicate unpin/free in the put_user() f...
GHSA-59FH-9F3P-7M39 Flowise: Mass Assignment in PUT /api/v1/user Allows Authenticated Users to Override Password Hash and Bypass Password Change Verification
Summary A Mass Assignment vulnerability in the PUT /api/v1/user endpoint allows authenticated users to directly modify restricted user fields, including the credential password hash, bypassing the intended password change workflow. Because the endpoint forwards the entire request body to the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu – added a bounds check in the putuser loop for DSP events. In the DSP event handling code, the putuser loop copies event data. When the user buffer size is not aligned to 4 bytes, it may overwrite data beyond...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the PUT /user route. An attacker can gain full administrative privileges by using a read-only access token to change the administrator's password, then logging in to obtain an unrestricted session token that...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002149)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002149 advisory. The 1 getuser and 2 putuser API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers ...
ALSA: firewire-motu: add bounds check in put_user loop for DSP events
...
SUSE CVE-2025-68753
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: add bounds check in putuser loop for DSP events In the DSP event handling code, a putuser loop copies event data. When the user buffer size is not aligned to 4 bytes, it could overwrite beyond the buffer...
CVE-2025-68753
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: add bounds check in putuser loop for DSP events In the DSP event handling code, a putuser loop copies event data. When the user buffer size is not aligned to 4 bytes, it could overwrite beyond the buffer...
CVE-2025-68753 ALSA: firewire-motu: add bounds check in put_user loop for DSP events
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: add bounds check in putuser loop for DSP events In the DSP event handling code, a putuser loop copies event data. When the user buffer size is not aligned to 4 bytes, it could overwrite beyond the buffer...
CVE-2025-68753
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: add bounds check in putuser loop for DSP events In the DSP event handling code, a putuser loop copies event data. When the user buffer size is not aligned to 4 bytes, it could overwrite beyond the buffer...
CVE-2025-68753
The CVE CVE-2025-68753 relates to the Linux kernel ALSA: firewire-motu DSP event handling. The issue stems from a missing bounds check in a put_user() loop that copies DSP event data; if the user buffer size is not aligned to 4 bytes, data could be written beyond the intended boundary, potentiall...
PT-2026-1241
Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A flaw exists in the handling of DSP events within the ALSA firewire-motu module. A missing bounds check in a put user loop could allow overwriting beyond the user buffer boundary when t...
DEBIAN-CVE-2025-38261
In the Linux kernel, the following vulnerability has been resolved: riscv: save the SRSUM status over switches When threads/tasks are switched we need to ensure the old execution's SRSUM state is saved and the new thread has the old SRSUM state restored. The issue was seen under heavy load...
kernel: x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups
In the Linux kernel, the following vulnerability has been resolved: x86/lib: Revert to ASMEXTABLEUA for get,putuser fixups During memory error injection test on kernels = v6.4, the kernel panics like below. However, this issue couldn't be reproduced on kernels getusernocheck4+0x6/0x20 mce: Hardwa...
SUSE CVE-2024-26674
In the Linux kernel, the following vulnerability has been resolved: x86/lib: Revert to ASMEXTABLEUA for get,putuser fixups During memory error injection test on kernels = v6.4, the kernel panics like below. However, this issue couldn't be reproduced on kernels getusernocheck4+0x6/0x20 mce: Hardwa...
DEBIAN-CVE-2024-26674
In the Linux kernel, the following vulnerability has been resolved: x86/lib: Revert to ASMEXTABLEUA for get,putuser fixups During memory error injection test on kernels = v6.4, the kernel panics like below. However, this issue couldn't be reproduced on kernels getusernocheck4+0x6/0x20 mce: Hardwa...
UBUNTU-CVE-2024-26674
In the Linux kernel, the following vulnerability has been resolved: x86/lib: Revert to ASMEXTABLEUA for get,putuser fixups During memory error injection test on kernels = v6.4, the kernel panics like below. However, this issue couldn't be reproduced on kernels getusernocheck4+0x6/0x20 mce: Hardwa...
VulnCheck KEV: CVE-2013-6282
The getuser and putuser API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This allows an application to read and write kernel memory which could lead to privilege escalation...