279 matches found
EUVD-2026-26625
In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: zero expect NAT fields when CTAEXPECTNAT absent ctnetlinkallocexpect allocates expectations from a non-zeroing slab cache via nfctexpectalloc. When CTAEXPECTNAT is not present in the netlink message, savedad...
CVE-2026-43026 netfilter: ctnetlink: zero expect NAT fields when CTA_EXPECT_NAT absent
In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: zero expect NAT fields when CTAEXPECTNAT absent ctnetlinkallocexpect allocates expectations from a non-zeroing slab cache via nfctexpectalloc. When CTAEXPECTNAT is not present in the netlink message, savedad...
SUSE CVE-2026-31671
In the Linux kernel, the following vulnerability has been resolved: xfrmuser: fix info leak in buildreport struct xfrmuserreport is a u8 proto field followed by a struct xfrmselector which means there is three "empty" bytes of padding, but the padding is never zeroed before copying to userspace...
CVE-2026-31671
In the Linux kernel, the following vulnerability has been resolved: xfrmuser: fix info leak in buildreport struct xfrmuserreport is a u8 proto field followed by a struct xfrmselector which means there is three "empty" bytes of padding, but the padding is never zeroed before copying to userspace...
CVE-2026-31671 xfrm_user: fix info leak in build_report()
In the Linux kernel, the following vulnerability has been resolved: xfrmuser: fix info leak in buildreport struct xfrmuserreport is a u8 proto field followed by a struct xfrmselector which means there is three "empty" bytes of padding, but the padding is never zeroed before copying to userspace...
EUVD-2026-25564
In the Linux kernel, the following vulnerability has been resolved: xfrmuser: fix info leak in buildreport struct xfrmuserreport is a u8 proto field followed by a struct xfrmselector which means there is three "empty" bytes of padding, but the padding is never zeroed before copying to userspace...
CVE-2026-31671
The CVE-2026-31671 issue is in the Linux kernel xfrm_user component. A struct xfrm_user_report includes a __u8 proto field followed by a struct xfrm_selector, creating three padding bytes that were never zeroed before copying to userspace. The vulnerability is a information leak caused by these u...
PT-2026-35023
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An information leak exists in the build report function within xfrm user. The struct xfrm user report contains a u8 proto field followed by a struct xfrm selector, resulting in three byt...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013718)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013718 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix information leak in f2fsmoveinlinedirents When converting an inline directory to a...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013171)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013171 advisory. In the Linux kernel, the following vulnerability has been resolved: hwrng: virtio - Fix race on dataavail and actual data The virtio rng device kicks off a new entro...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011259)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011259 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix leaking uninitialized memory in fast-commit journal When space at the end of fast-commi...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011268)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011268 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: storage: Fix memory leak in USB bulk transport A kernel memory leak was identified by the...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013157)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013157 advisory. In the Linux kernel, the following vulnerability has been resolved: dm flakey: don't corrupt the zero page When we need to zero some range on a block device, the...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011109)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011109 advisory. In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecchardev: fix kernel data leak from ioctl It is possible to peep kernel...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010873)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010873 advisory. In the Linux kernel, the following vulnerability has been resolved: dm flakey: don't corrupt the zero page When we need to zero some range on a block device, the...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013025)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013025 advisory. In the Linux kernel, the following vulnerability has been resolved: net: sched: actife: initialize struct tcife to fix KMSAN kernel-infoleak Fix a KMSAN...
PT-2026-31828
Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description A heap use-after-free issue exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. Specifically, within the TLSX KeyShare ProcessPqcHybridClient function in...
PT-2026-36457
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An information leak exists when processing Router Advertisements with user options. The kernel constructs an 'RTM NEWNDUSEROPT' netlink message using the nduseroptmsg struct, which...
CLSA-2026-1773413074 Fix CVE(s): CVE-2026-24481
SECURITY UPDATE: heap information disclosure in PSD channel decoder - debian/patches/CVE-2026-24481.patch: initialize pixel buffer with zeros in ReadPSDChannelZip to prevent heap memory disclosure - CVE-2026-24481...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: iio: light: as73211: Ensure buffer holes are zeroed Given that the buffer is copied to a kfifo that can ultimately be read by user space, it is necessary to ensure that the buffer is zeroed...