GHSA-FF9Q-RM55-Q7QR diesel-async may expose uninitialized padding bytes for MySQL temporal columns

Summary diesel-async exposes uninitialized stack padding to safe code on every read of a MySQL DATE, TIME, DATETIME, or TIMESTAMP column. Reading that buffer is undefined behavior, and the leaked bytes can contain stale heap/stack contents, so this is both a soundness bug and a potential...

diesel-async may expose uninitialized padding bytes for MySQL temporal columns

Summary diesel-async exposes uninitialized stack padding to safe code on every read of a MySQL DATE, TIME, DATETIME, or TIMESTAMP column. Reading that buffer is undefined behavior, and the leaked bytes can contain stale heap/stack contents, so this is both a soundness bug and a potential...

Linux Distros Unpatched Vulnerability : CVE-2026-31671

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xfrmuser: fix info leak in buildreport struct xfrmuserreport is a u8 proto field followed by a struct xfrmselector which means there is three empty bytes of...

UBUNTU-CVE-2026-31428

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinklog: fix uninitialized padding leak in NFULAPAYLOAD buildpacketmessage manually constructs the NFULAPAYLOAD netlink attribute using skbput and skbcopybits, bypassing the standard nlareserve/nlaput helpers. Whi...

CVE-2026-31428

CVE-2026-31428 — In the Linux kernel, nfnetlink_log’s __build_packet_message() previously built NFULA_PAYLOAD attributes manually via skb_put()/skb_copy_bits(), bypassing nla_reserve()/nla_put(). This caused trailing padding to remain uninitialized, leaking stale heap data to userspace over NFLOG...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an uninitialized padding leakage in the NFULAPAYLOAD attribute. This vulnerability may lead to th...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001068)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001068 advisory. The makeresponse function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS...

DEBIAN-CVE-2025-40279

In the Linux kernel, the following vulnerability has been resolved: net: sched: actconnmark: initialize struct tcife to fix kernel leak In tcfconnmarkdump, the variable 'opt' was partially initialized using a designatied initializer. While the padding bytes are reamined uninitialized. nlaput copi...

EUVD-2017-2549

Malware in sbrugna...

EUVD-2018-3998

Malware in sbrugna...

CVE-2025-38613

CVE-2025-38613 affects the Linux kernel (staging gpib). The issue is that a padding field in the gpib_board_info_ioctl struct was copied back to userspace uninitialized, risking leakage of stack data. The fix initializes the entire struct to zero before copying back to userspace. Affected compone...

kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()

In the Linux kernel, the following vulnerability has been resolved: misc/vmwvmci: fix an infoleak in vmcihostdoreceivedatagram struct vmcieventqp allocated by qpnotifypeer contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in...

kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()

In the Linux kernel, the following vulnerability has been resolved: misc/vmwvmci: fix an infoleak in vmcihostdoreceivedatagram struct vmcieventqp allocated by qpnotifypeer contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in...

kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()

In the Linux kernel, the following vulnerability has been resolved: misc/vmwvmci: fix an infoleak in vmcihostdoreceivedatagram struct vmcieventqp allocated by qpnotifypeer contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in...

UBUNTU-CVE-2022-49788

In the Linux kernel, the following vulnerability has been resolved: misc/vmwvmci: fix an infoleak in vmcihostdoreceivedatagram struct vmcieventqp allocated by qpnotifypeer contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in...

UBUNTU-CVE-2024-42272

In the Linux kernel, the following vulnerability has been resolved: sched: actct: take care of padding in struct zoneshtkey Blamed commit increased lookup key size from 2 bytes to 16 bytes, because zoneshtkey got a struct net pointer. Make sure rhashtablelookup is not using the padding bytes whic...

SUSE CVE-2017-10911

The makeresponse function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS or other guest OS kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structure...

Code injection

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, Users with no extra privileges can potentially access leaked data due to uninitialized padding present in display function...

CVE-2018-12006

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, Users with no extra privileges can potentially access leaked data due to uninitialized padding present in display function...

CVE-2018-12006

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, Users with no extra privileges can potentially access leaked data due to uninitialized padding present in display function...