CVE-2026-42485

AGL agl-service-can-low-level contains a stack buffer overflow in the uds-c library. The senddiagnosticrequest function in uds.c allocates a 6-byte stack buffer MAXDIAGNOSTICPAYLOADSIZE=6 but copies up to 7 bytes MAXUDSREQUESTPAYLOADLENGTH=7 via memcpy at an offset of 1+pidlength 2-3 bytes,...

CVE-2026-37530

AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library. The senddiagnosticrequest function in uds.c allocates a 6-byte stack buffer MAXDIAGNOSTICPAYLOADSIZE=6 but copies up to 7 bytes MAXUDSREQUESTPAYLOADLENGTH=7 via memcpy at an offset of 1+pidlength 2-3...

Linux Distros Unpatched Vulnerability : CVE-2026-46257

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/timer-sp804: Fix an Oops when readcurrenttimer is called on ARM32...

CVE-2026-46257 clocksource/drivers/timer-sp804: Fix an Oops when read_current_timer is called on ARM32 platforms where the SP804 is not registered as the sched_clock.

In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/timer-sp804: Fix an Oops when readcurrenttimer is called on ARM32 platforms where the SP804 is not registered as the schedclock. On SP804, the delay timer shares the same clkevt instance with schedclock. On so...

PT-2026-46020

In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/timer-sp804: Fix an Oops when read current timer is called on ARM32 platforms where the SP804 is not registered as the sched clock. On SP804, the delay timer shares the same clkevt instance with sched clock. O...

CVE-2026-37530

AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library. The senddiagnosticrequest function in uds.c allocates a 6-byte stack buffer MAXDIAGNOSTICPAYLOADSIZE=6 but copies up to 7 bytes MAXUDSREQUESTPAYLOADLENGTH=7 via memcpy at an offset of 1+pidlength 2-3...

CVE-2026-37530

CVE-2026-37530 affects AGL’s agl-service-can-low-level up to version 17.1.12. The uds-c library contains a stack buffer overflow in the send_diagnostic_request function: it allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) but copies up to 7 bytes (MAX_UDS_REQUEST_PAYLOAD_LENGTH=7) ...

OESA-2026-1470 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A memory address truncation vulnerability exists in the irqchip/gic-v3-its driver of the Linux kernel. On 32-bit ARM machines with CONFIGARMLPAE enabled, when using larger VMSPLIT configurations, lowmem allocations may be backed ...

USN-7909-5 linux-raspi vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S39...

USN-7909-4 linux-gcp, linux-gke, linux-gkeop vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S39...

USN-7909-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S39...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: fix kmaplocal LIFO ordering for CONFIGHIGHPTE With CONFIGHIGHPTE on 32-bit ARM, movepagespte maps PTE pages using kmaplocalpage, which requires unmapping in Last-In-First-Out order. The current code maps dstpte...

EUVD-2025-31852

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation when deleting profile pictures in all versions up to, and including, 1.4.89. This makes it possible for authenticated attackers, with...

UBUNTU-CVE-2025-39899

In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: fix kmaplocal LIFO ordering for CONFIGHIGHPTE With CONFIGHIGHPTE on 32-bit ARM, movepagespte maps PTE pages using kmaplocalpage, which requires unmapping in Last-In-First-Out order. The current code maps dstpte...

CVE-2025-39899 mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE

In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: fix kmaplocal LIFO ordering for CONFIGHIGHPTE With CONFIGHIGHPTE on 32-bit ARM, movepagespte maps PTE pages using kmaplocalpage, which requires unmapping in Last-In-First-Out order. The current code maps dstpte...

CVE-2025-39899

CVE-2025-39899 concerns the Linux kernel mm/userfaultfd path where, on 32-bit ARM with CONFIG_HIGHPTE, move_pages_pte() maps PTE pages using kmap_local_page() and must unmap them in LIFO order. The current code unmapped dst_pte then src_pte in the same sequence, violating LIFO and triggering a ku...

CVE-2025-39899 mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE

In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: fix kmaplocal LIFO ordering for CONFIGHIGHPTE With CONFIGHIGHPTE on 32-bit ARM, movepagespte maps PTE pages using kmaplocalpage, which requires unmapping in Last-In-First-Out order. The current code maps dstpte...

Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

...

Linux Distros Unpatched Vulnerability : CVE-2019-19581

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service out-of-bounds access because certain bit iteration...

PT-2025-40073

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the mm/userfaultfd subsystem related to the ordering of kmap local operations when CONFIG HIGHPTE is enabled on 32-bit ARM architectures...