71 matches found
CVE-2026-10660 Shared reassembly buffer in Bluetooth BAP Broadcast Assistant enables cross-connection memory corruption
The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bapbroadcastassistant.c reassembled remote Broadcast Receive State data into a single file-static netbufsimple attbuf, BTATTMAXATTRIBUTELEN = 512 bytes shared by all connection instances, while the BUSY flag, long-read...
CVE-2026-10660 Shared reassembly buffer in Bluetooth BAP Broadcast Assistant enables cross-connection memory corruption
The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bapbroadcastassistant.c reassembled remote Broadcast Receive State data into a single file-static netbufsimple attbuf, BTATTMAXATTRIBUTELEN = 512 bytes shared by all connection instances, while the BUSY flag, long-read...
CVE-2025-58151
varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The...
EUVD-2025-210447
varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The...
PT-2026-55986
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption occurs when processing multiple IOCTL Input/Output Control calls that use the same buffer file descriptor input. This issue is caused by a...
CVE-2026-53360
The CVE affects the Linux kernel KVM-SEV/SNP path: when GHCB v2+ is in use, an OOB/heap-privacy flaw arises because end_entry is validated only against VMGEXIT_PSC_MAX_COUNT (253) instead of the actual buffer size, allowing a guest to read/write adjacent kmalloc-cg-32 objects via VMGEXITs. This c...
CVE-2026-45929
A flaw was found in the Linux kernel's ovpn module. A use-after-free vulnerability exists in the ovpnnetxmit function where a freed skb socket buffer pointer can be used for subsequent operations. This can occur when skbsharecheck frees the original skb if it is shared, leading to a stale pointer...
CVE-2026-46000
CVE-2026-46000 in the Linux kernel: rxrpc vulnerability where security checks decrypt bits of a packet in place while the skb may be shared with a packet sniffer, potentially exposing a decrypted (apparently corrupted) packet. The fix: when a packet was cloned, the kernel now hands a copy of the ...
SUSE-SU-2026:1877-1 Security update for the Linux Kernel (Live Patch 35 for SUSE Linux Enterprise 15 SP5)
This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.136 fixes one security issue The following security issue was fixed: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags bsc1264459...
Unbreakable Enterprise kernel security update: Dirty Frag
5.4.17-2136.354.4.3 - xfrm: esp: avoid in-place decrypt on shared skb frags Kuan-Ting Chen Orabug: 39342682 CVE-2026-43284...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: add seqadj extension for natted connections CVE-2025-68206 In the Linux kernel, the following vulnerability has been resolved: netfilter: xtIDLETIMER: reject rev0 reuse of ALARM timer labels...
CVE-2025-47386
Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs...
CVE-2025-47379
Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources...
CVE-2025-47376
Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls...
CVE-2025-47381
Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs...
CVE-2025-47386
Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs...
CVE-2025-47381
Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs...
CVE-2025-47379
Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources...
CVE-2025-47376
Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls...
CVE-2025-47386
CVE-2025-47386 affects automotive audio (per CVE listing) with memory corruption arising during IOCTL handling under concurrent access to a shared buffer. The connected CVE record notes a Use After Free root cause. Exploitation details are not provided in the available documents. No explicit reme...