10862 matches found
CVE-2026-58050
libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation numattrs sizeoflibssh2publickeyattribute without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious S...
CVE-2026-58050
CVE-2026-58050 affects libssh2 up to 1.11.1. The publickey subsystem reads an attacker-controlled 32-bit attribute count and uses it in the allocation num_attrs * sizeof(libssh2_publickey_attribute) without bounds checking. On 32-bit platforms, this multiplication can overflow, producing an under...
EUVD-2026-39970
libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation numattrs sizeoflibssh2publickeyattribute without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious S...
Linux Distros Unpatched Vulnerability : CVE-2026-58050
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation numattrs...
PT-2026-53083
Name of the Vulnerable Software and Affected Versions libssh2 versions prior to 1.11.2 Description An issue exists in the public key parsing process where the software expands its public key list using SSH2 REALLOC but fails to zero-initialize new entries before they are populated. If a parse...
net: skbuff: fix missing zerocopy reference in pskb_carve helpers
...
ALSA: PCM: Fix wait queue list corruption in snd_pcm_drain() on linked streams
...
CVE-2026-53292
In the Linux kernel, the following vulnerability has been resolved: net: phonet: do not BUGON in pnsocketautobind on failed bind syzbot reported a kernel BUG triggered from pnsocketsendmsg via pnsocketautobind: kernel BUG at net/phonet/socket.c:213! RIP: 0010:pnsocketautobind...
DEBIAN-CVE-2026-53290
In the Linux kernel, the following vulnerability has been resolved: drm/xe/eustall: Fix drmdevput called before stream disable in close In xeeustallstreamclose, drmdevput is called before the stream is disabled and its resources are freed. If this drops the last reference, the device structures...
CVE-2026-52949
A flaw was found in the Linux kernel's Direct Rendering Manager DRM subsystem. Specifically, within the ttmboshrink function, a backup failure could lead to an infinite Least Recently Used LRU walk. This issue may allow a local attacker to trigger a Denial of Service DoS, making the system...
CVE-2026-53103
A flaw was found in the Linux kernel's Wi-Fi subsystem, specifically within the mt7925rocabortsync function. This vulnerability can lead to a deadlock condition when rocabortsync attempts to cancel a work item rocwork while rocwork is already holding a mutex. This situation can occur during Wi-Fi...
CVE-2026-52951
A flaw was found in the Linux kernel's drm/xe/dma-buf subsystem. This vulnerability involves race conditions when handling the invalidatemappings hook, particularly during buffer object initialization and attachment. An attacker, by triggering specific sequences of operations, could exploit these...
CVE-2026-53037
A flaw was found in the Linux kernel's USB Human Interface Device HID subsystem. This vulnerability occurs when a USB device, containing both HID and storage or Universal Attached SCSI UAS components, is reset. During the reset process, memory allocation operations within the hidpostreset functio...
CVE-2026-53084
A flaw was found in the Linux kernel's Berkeley Packet Filter BPF subsystem. This vulnerability involves a lock ordering problem that occurs when BPF programs acquire certain locks that depend on the mmaplock. This issue could potentially lead to system instability or unexpected behavior due to...
CVE-2026-53209
A flaw was found in the Bluetooth subsystem of the Linux kernel, specifically within the hcisync component. This vulnerability occurs when the hciadvbcastannoucement function attempts to prepend Broadcast Announcement service data to an existing advertising payload that is already at its maximum...
CVE-2026-53182
A flaw was found in the Linux kernel's nl80211 Wi-Fi subsystem. The nl80211parsernrelems function, responsible for parsing EMA RNR Enhanced Multiple Access Reduced Neighbor Report lists, does not properly handle an excessive number of nested NL80211ATTREMARNRELEMS inputs. This improper input...
CVE-2026-53165
A flaw was found in the Linux kernel's iomap subsystem. A race condition can occur during buffered read error reporting, specifically in the iomapfinishfolioread function. This allows a separate process to clear a folio's mapping while an error is being reported, leading to a null pointer...
CVE-2026-53251
A flaw was found in the Linux kernel's Bluetooth subsystem. The hcigetroute function, used in the ISO Isochronous Stream connection handling, fails to release a reference-counted hcidev pointer. This resource leak could lead to a Denial of Service DoS condition...
CVE-2026-53157
A flaw was found in the Linux kernel's phonet networking subsystem. This vulnerability occurs because a phonet device is freed immediately after being removed from a list, while other parts of the kernel RCU readers may still hold a pointer to the freed memory. This can lead to a use-after-free...
CVE-2026-53252
A flaw was found in the Linux kernel's Bluetooth subsystem. Specifically, an issue in the error handling path of the hciallocdev function within the Bluetooth Host Controller Interface HCI Universal Asynchronous Receiver/Transmitter UART configuration can lead to a memory leak. This occurs when...