1436 matches found
EUVD-2026-39241
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Reject zero-length property entries in validator tbpropertyentryvalid accepts entries with length == 0 for DIRECTORY, DATA, and TEXT types. A zero-length TEXT entry passes validation but causes an underflow in the...
EUVD-2026-39255
In the Linux kernel, the following vulnerability has been resolved: iommu/dma: Do not try to iommumap a 0 length region in swiotlb iommudmaiovalinkswiotlb processes a mapping that is unaligned in three parts, the head, middle and trailer. If the middle is empty because there are no aligned pages ...
CVE-2026-53210
In the Linux kernel, CVE-2026-53210 fixes a shm leak in register_shm_helper() within the TEE SHM path. The function allocates shm before calling iov_iter_npages(); if iov_iter_npages() returns 0, it jumps to err_ctx_put and leaks the allocated shm. The issue could be triggered by TEE_IOC_SHM_REGI...
CVE-2026-53164
The CVE-2026-53164 issue in the Linux kernel affects the iommu/dma path, specifically swiotlb handling of mappings in iommu_dma_iova_link_swiotlb(). When a mapping is unaligned, the middle segment may be empty and a 0-size call to iommu_map() occurs, which the iommupt implementation treats as ill...
CVE-2026-53150
CVE-2026-53150 affects the Linux kernel's thunderbolt validation path. The issue lies in tb_property_entry_valid() accepting zero-length entries for DIRECTORY, DATA, and TEXT types, allowing a zero-length TEXT entry to pass validation but trigger an underflow in the null-termination logic: proper...
CVE-2026-53132
CVE-2026-53132 concerns the Linux kernel via vsock/virtio, addressing an unbounded skb queue in the virtio transport path. The root cause is that virtio_transport_inc_rx_pkt() and virtio_transport_recv_enqueue() can allow a growing queue when fed with packets of length 0 ending with VIRTIO_VSOCK_...
EUVD-2026-38897
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: prevent uninitialized lcn caused by zero len syzbot reported a uninit-value in ntfsiomapbegin 1. Since runs was not touched yet, runlookupentry immediately fails and returns false, which makes the value of "len" 0...
EUVD-2026-38832
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading...
CURL-CVE-2026-11352 QUIC zero-length UDP datagrams busy-loop
An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can...
kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()
A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackh323 module. This vulnerability occurs in the DecodeQ931 function when processing a zero-length value from a packet. An integer underflow during a length calculation results in a large, incorrect value...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Misc: pciendpointtest: Fixed the panic that occurs when calling pciendpointtestcopy,write,read The dmamapsingle function does not allow zero-length mappings. This causes a panic. A panic was reported on the arm64 architecture:...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: tls: fixed handling of zero-length records in the rxlist Each recvmsg call must process either: - only contiguous DATA records any number of them - one non-DATA record If the next record has a different type than those that ha...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: bpf, sockmap: Fixed an infinite loop issue when len is 0 in the tcpbpfrecvmsg parser. When the buffer length of the recvmsg system call is 0, a soft lockup problem occurred. watchdog: BUG: Soft lockup – CPU3 stuck for 27...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: net: USB: Fixed an error in the warning message for incorrect direction handling in plusb.c. The syzbot fuzzer detected a bug in the plusb network driver: A zero-length control-OUT transfer was incorrectly processed as a read...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: crypto: marvell/cesa – Handles zero-length skcipher requests. Do not access random memory for zero-length skcipher requests. Simply return 0...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl – Prevent potential NULL dereferencing. The btrtlinitialize function checks whether rtlloadfile either had an error or loaded a zero-length file. However, if it loads a zero-length file, the error code is not set...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: hugetlbfs: fixed the null-ptr-deref issue in hugetlbfsParseParam Syzkaller reported a null-ptr-deref bug as follows: ====================================================== KASAN: null-ptr-deref in range...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: Fixed an issue with partial SETREGSET for the NTARMTAGGEDADDRCTRL register. Currently, the taggedaddrctrlset function does not initialize the temporary “ctrl” variable. A SETREGSET call with a length of zero will...
EUVD-2026-37521
sppppapinput in sys/net/ifspppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths...
CVE-2026-55706
sppppapinput in sys/net/ifspppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths...