CVE-2026-55392

A flaw was found in NILFS utilities. An attacker can exploit this vulnerability by supplying a crafted NILFS2 image. This can lead to undefined behavior, oversized shifts, or out-of-memory conditions, ultimately causing a Denial of Service DoS by crashing tools such as nilfs-tune and dumpseg...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: This issue prevents UBSAN errors occurring in truesectorsperclst. The syzbot reported the following UBSAN error: 76.901829 T6677 ================================================================================ 76.903908...

Astra Linux – Vulnerability in ffmpeg5

It was discovered that FFmpeg version n6.1 contains a heap buffer overflow vulnerability in the drawblockrectangle function of libavfilter/vfcodecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service DoS attack through crafted inputs...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Avoid undefined behavior: applying zero offset to a null pointer ACPICA commit: 770653e3ba67c30a629ca7d12e352d83c2541b1e Before this change, the following UBSAN stack trace was seen in Fuchsia: 0 0x000021e4213b3302 in...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: bcache: Fixed the abuse of variable-length arrays in btreeiter. btreeiter is used in two ways: either allocated on the stack with a fixed size MAXBSETS, or from a mempool with a dynamic size based on the specific cache set...

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick, specifically in the code file coders/bmp.c. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, resulting in values that are outside the range of the type unsigned int. This likely leads to a disruption in the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: stmmac: fixed an issue with left shift overflow in DMA queues When the queue number is greater than 4, left shift overflows due to the 32-bit integer variable used in calculations. The mask calculation for MTLRXQDMAMAP1 i...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: ena: Fixed an out-of-bounds shift in the exponential backoff mechanism. The ENA adapters on our instances occasionally reset. Recently, a UBSAN failure was logged on the console during this process: UBSAN: Out-of-bounds shif...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: blkiocost: fixed issues with out-of-bound shifts. Recently, running UBSAN detected a few out-of-bound shifts in the iocforgivedebts function: UBSAN: Out-of-bound shift in block/blk-iocost.c:2142:38; Shift exponent 80 is too...

CVE-2026-11576

The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo refactors error handling in the HTTP server PUT process to use a shared cleanup label, but this unified cleanup path unconditionally calls fxfileclose even when the file was never successfully opened. Multiple error branches jump to t...

CVE-2026-55392

NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfssbisvalid function fails to validate slogblocksize field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashi...

CVE-2026-55392

CVE-2026-55392 affects NILFS utilities up to version 2.3.0. The root cause is nilfs_sb_is_valid() not validating s_log_block_size in the NILFS2 superblock before bit-shift operations, enabling undefined behavior from oversized shifts and potential out-of-memory conditions that can crash tools lik...

UBUNTU-CVE-2026-46293

In the Linux kernel, the following vulnerability has been resolved: clk: microchip: mpfs-ccc: fix out of bounds access during output registration UBSAN reported an out of bounds access during registration of the last two outputs. This out of bounds access occurs because space is only allocated in...

Amazon Linux 2023 : device-mapper-persistent-data (ALAS2023-2026-1791)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1791 advisory. An unsoundness issue RUSTSEC-2026-0097 was found in the bundled Rust rand crate used by device-mapper- persistent-data. ThreadRng methods use unsafe code that can create aliased mutable references when...

CVE-2026-40279

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decodesigned32 in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes using signed left shifts. When any of the four bytes has bit 7 set value ≥ 0x80, the left-shift...

CVE-2026-0041

In multiple functions of ubsanthrowingruntime.cpp, there is a possible UBSan failure due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-44710

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/device.c passed the return values of udisksdrivegetserial, udisksdrivegetvendor, and udisksdrivegetmodel directly to strcmp without NULL checks. The GIO/UDisks API documentation states these...

php: signed integer overflow in metaphone()

A flaw was found in PHP. The metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. When an input string is longer than 2,147,483,647 bytes, a signed integer overflow can occur, leading to undefined behavior and an...

PT-2026-46058

A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls parseWorkBook and is triggered by uninitialized heap memory originating from the OLE layer ole2 read. The flaw is detectable with MemorySanitizer MSAN and can lead t...

SUSE CVE-2026-46527

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...