2084 matches found
CVE-2026-48165
Disclaimer: This data contains information about vulnerable...
CVE-2026-46139 smb: client: use kzalloc to zero-initialize security descriptor buffer
In the Linux kernel, the following vulnerability has been resolved: smb: client: use kzalloc to zero-initialize security descriptor buffer Commit 62e7dd0a39c2d "smb: common: change the data type of numaces to le16" split struct smbacl's le32 numaces field into le16 numaces and le16 reserved. The...
EUVD-2026-32766
In the Linux kernel, the following vulnerability has been resolved: smb: client: use kzalloc to zero-initialize security descriptor buffer Commit 62e7dd0a39c2d "smb: common: change the data type of numaces to le16" split struct smbacl's le32 numaces field into le16 numaces and le16 reserved. The...
PT-2026-44262
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the SMB client, the build sec desc function uses a buffer allocated with kmalloc, which does not zero-initialize the memory. Due to a change in the struct smb acl where the num aces...
CVE-2022-41656
CVE-2022-41656 describes a Missing Authorization vulnerability in the WordPress plugin Account Manager for WooCommerce . Affected versions are up to 2.1.2 (per CVE notices) with a broken access control that allows exploiting incorrectly configured access levels. The core issue is missing authoriz...
CVE-2025-71311 fs/ntfs3: Initialize new folios before use
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Initialize new folios before use KMSAN reports an uninitialized value in longestmatchstd, invoked from ntfscompresswrite. When new folios are allocated without being marked uptodate and nireadframe is skipped because th...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: nilfs2: Fixing inode number range checks The patch series “nilfs2: Fixing potential issues related to reserved inodes” addresses these issues. This series fixes a use-after-free issue reported by syzbot, which was caused by th...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: EFI: In runtime mode, a potential overflow of the size of the soft-reserved region has been fixed. If there are pages worth ≥ 4GB in a soft-reserved region, the value of mdsize will be reduced...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Only use reserved BCS instances for the usmmigrateexecqueue. The GuC context scheduling queue contains 2 entries. Therefore, it is possible for a migration job to get stuck behind a fault if the migrateexecqueue shares...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: vmxnet3: Fixed the missing reserved tailroom. Use rbi-len instead of rcd-len for non-data-carrying packets. Issues found: XDPWARN: xdpupdateframefrombuffline:278: Driver BUG: missing reserved tailroom WARNING: CPU: 0 PID: 0 at...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fixed the kernel stack leak in irdmacreateuserah. struct irdmacreateahresp // 8 bytes, no padding u32 ahid; // Offset 0 – SET uresp.ahid = ah-scah.ahinfo.ahidx u8 rsvd4; // Offset 4 – NEVER SET - LEAK ; The rsvd4 fiel...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Change AMDGPUVARESERVEDTRAPSIZE to 64KB Currently, AMDGPUVARESERVEDTRAPSIZE is hardcoded to 8KB, while KFDCWSRTBATMASIZE is defined as 2 PAGESIZE. On systems with 4K pages, both values match 8KB, so allocation and...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9k – Do not allow overwriting of ENDPOINT0 attributes A malicious USB device can construct a service connection response message with the target endpoint being ENDPOINT0, which is reserved for HTCCTRLRSVDSVC and should n...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: mm,hugetlb: Take the hugetlblock before decrementing h-resvhugepages. The h-hugepages counters are protected by the hugetlblock, but allochugepage has a corner-case scenario where it can decrement the counter outside of the lock...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: net: nexthop: All fields in the dumped nexthops structures need to be initialized. The struct nexthopgrp structure contains two reserved fields that are not initialized by nlaputnhgroup. These fields contain garbage values. This...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: HID: core: Ensure that the allocated report buffer can contain the reserved report ID. When the report ID is not used, the low-level transport drivers expect the first byte to be 0. However, currently, the allocated buffer does n...
Astra Linux – Vulnerability in Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Since commit a4d5613c4dc6 “arm: extend pfnvalid to take into account freed memory map alignment” changes the semantics of pfnvalid to check the presence ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: NVMe: Fixed the failure to reconnect due to reserved tag allocation. We identified an issue in a production environment while using NVMe over RDMA. The reconnection of adminq failed indefinitely, even when the remote target and...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: sdm845-db845c: Marking the splash memory region as reserved. A reserved memory region was added for the framebuffer memory the splash memory region set up by the bootloader. This fix resolves a kernel panic...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: LoongArch: All reserved memblocks on Node0 are set at initialization. After the commit 61167ad5fecdea "mm: pass nid to reservebootmemregion", a panic occurs if DEFERREDSTRUCTPAGEINIT is enabled: 0.000000 CPU 0 Unable to handle...