1538 matches found
CVE-2026-46169 hfsplus: fix uninit-value by validating catalog record size
In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value by validating catalog record size Syzbot reported a KMSAN uninit-value issue in hfsplusstrcasecmp. The root cause is that hfsbrecread doesn't validate that the on-disk record size matches the expected si...
SUSE CVE-2026-45865
In the Linux kernel, the following vulnerability has been resolved: mctp i2c: initialise event handler read bytes Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return "val" from the i2c bus driver. For i2c-aspeed and i2c-npcm7xx that is a stack uninitialised u8. Teste...
CVE-2026-45930
A flaw was found in the Linux kernel's Multi-Channel Transport Protocol MCTP networking implementation. When processing a RTMGETNEIGH request, the system may return uninitialized data in the ndmsg pad bytes. This can allow a local attacker to obtain sensitive information from kernel memory, leadi...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the null payload in the non-linear buffer tapskb within the vsock/virtio driver. This vulnerability may...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the virtiobt driver. In this driver, the virtbtrxhandle function does not check whether the...
EUVD-2026-32214
In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar @farazsth98 from Zellic, and Pumpkin @u1f383 from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTMGETNEIGH will return...
EUVD-2026-32331
In the Linux kernel, the following vulnerability has been resolved: mctp i2c: initialise event handler read bytes Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return "val" from the i2c bus driver. For i2c-aspeed and i2c-npcm7xx that is a stack uninitialised u8. Teste...
CVE-2026-45930
In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar @farazsth98 from Zellic, and Pumpkin @u1f383 from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTMGETNEIGH will return...
CVE-2026-45862 iommu/vt-d: Flush cache for PASID table before using it
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Flush cache for PASID table before using it When writing the address of a freshly allocated zero-initialized PASID table to a PASID directory entry, do that after the CPU cache flush for this PASID table, not before i...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the uninitialized data in the RTMGETNEIGH response message in the net/mctp module. This could lead to t...
Linux Distros Unpatched Vulnerability : CVE-2026-45930
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar @farazsth98 from Zellic, and Pumpkin @u1f383 from DEVCORE Research Team working with Tren...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: usb: idmouse: Fixed an issue where an uninitialized value was present in idmouseopen. In idmousecreateimage, if any ftipcommand fails, it will proceed to the reset label. However, this results in the data in...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: wifi: mt76: replace skbput with skbputzero Avoid potentially reusing uninitialized data...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free remote desktop protocol library and clients. Clients based on FreeRDP on Unix systems that use the /parallel command-line switch may read uninitialized data and send it to the server to which the client is currently connected. Server implementations based on FreeRDP are not...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Staging: GPIB – Fix for the unset padding field being copied back to userspace. The introduction of a padding field in the gpibboardinfoioctl structure appears as initialized data on the stack frame that is copied back to userspa...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ppp: Fixed the “KMSAN: uninit-value” warning with bpf. Syzbot detected a “KMSAN: uninit-value” warning 1. This issue arises because the ppp driver does not initialize a 2-byte header when using socket filter. The following code c...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free remote desktop protocol library and client. All FreeRDP-based clients that use the /video command-line switch may read uninitialized data, interpret it as audio/video, and display the result. Server implementations based on FreeRDP are not affected by this issue. This issue has...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: - pptp: Ensure a minimal skb length in pptpxmit. - Commit aabc6596ffb3 “net: ppp: Add bound checking for skb data on pppsynctxmung” fixed pppsynctxmunge. We need a similar fix in pptpxmit; otherwise, we might read uninit data ...
Astra Linux – Vulnerability in Samba
A flaw was discovered in Samba. Users of Samba AD can cause the server to access uninitialized data through an LDAP add or modify request, typically resulting in a segmentation fault...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp – Use kzalloc for sev ioctl interfaces to prevent kernel memory leaks. For some sev ioctl interfaces, input data may be less than or equal to SEVFWBLOBMAXSIZE, but larger than the data returned by the PSP firmware. In...