CVE-2026-46254

A flaw was found in the Linux kernel's AppArmor security module. This vulnerability arises when AppArmor processes unaligned Deterministic Finite Automaton DFA tables, which can originate from either kernel or userspace. The unaligned memory access triggered by these tables can lead to system...

apparmor: fix missing bounds check on DEFAULT table in verify_dfa()

...

CVE-2026-23407

A flaw was found in AppArmor, a security module within the Linux kernel. A local user could exploit this vulnerability by providing a specially crafted Deterministic Finite Automaton DFA, a set of rules for pattern matching, to the verifydfa function. This malformed input causes the system to...

EUVD-2026-17834

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix side-effect bug in matchchar macro usage The matchchar macro evaluates its character parameter multiple times when traversing differential encoding chains. When invoked with str++, the string pointer advances on eac...

CVE-2026-23406

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix side-effect bug in matchchar macro usage The matchchar macro evaluates its character parameter multiple times when traversing differential encoding chains. When invoked with str++, the string pointer advances on eac...

CVE-2026-23406

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix side-effect bug in matchchar macro usage The matchchar macro evaluates its character parameter multiple times when traversing differential encoding chains. When invoked with str++, the string pointer advances on eac...

CVE-2026-23407

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix missing bounds check on DEFAULT table in verifydfa The verifydfa function only checks DEFAULTTABLE bounds when the state is not differentially encoded. When the verification loop traverses the differential encoding...

apparmor: validate DFA start states are in bounds in unpack_pdb

...

EUVD-2026-12912

In the Linux kernel, the following vulnerability has been resolved: apparmor: validate DFA start states are in bounds in unpackpdb Start states are read from untrusted data and used as indexes into the DFA state tables. The aadfanext function call in unpackpdb will access dfa-tablesYYTDIDBASEstar...

CVE-2026-23269

CVE-2026-23269 is an AppArmor/Linux kernel vulnerability where untrusted data is used as DFA start-state indices during unpack_pdb, enabling an out-of-bounds read in aa_dfa_next (via dfa->tables[YYTD_ID_BASE][start]). The issue is tied to the AppArmor LSM component and the root cause is readin...

CVE-2026-23269 apparmor: validate DFA start states are in bounds in unpack_pdb

In the Linux kernel, the following vulnerability has been resolved: apparmor: validate DFA start states are in bounds in unpackpdb Start states are read from untrusted data and used as indexes into the DFA state tables. The aadfanext function call in unpackpdb will access dfa-tablesYYTDIDBASEstar...

CVE-2026-23269

In the Linux kernel, the following vulnerability has been resolved: apparmor: validate DFA start states are in bounds in unpackpdb Start states are read from untrusted data and used as indexes into the DFA state tables. The aadfanext function call in unpackpdb will access dfa-tablesYYTDIDBASEstar...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an unvalidated DFA Determinative Finite Automaton that handles the initial state boundaries. This...

Updated vim packages fix security vulnerability

NFA regex engine NULL pointer dereference affects Vim 9.2.0137. CVE-2026-32249...

CVE-2026-32249 NFA regex engine NULL pointer dereference affects Vim < 9.2.0137

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range e.g. 0-0\u05bb, incorrectly emits the composing bytes of that character as separate NFA...

Regular Expression Denial of Service Induced by Backreferences

This paper presents the first systematic study of denial-of-service vulnerabilities in Regular Expressions with Backreferences REwB. We introduce the Two-Phase Memory Automaton 2PMFA, an automaton model that precisely captures REwB semantics. Using this model, we derive necessary conditions under...

PT-2026-26129

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the AppArmor subsystem related to the handling of Deterministic Finite Automata DFA start states during policy unpacking. Specifically, the unpack...

Adversarially Robust and Interpretable Magecart Malware Detection

Magecart skimming attacks have emerged as a significant threat to client-side security and user trust in online payment systems. This paper addresses the challenge of achieving robust and explainable detection of Magecart attacks through a comparative study of various Machine Learning ML models...

Linux Distros Unpatched Vulnerability : CVE-2025-38636

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rv: Use strings in da monitors tracepoints Using DA monitors tracepoints with KASAN enabled triggers the following warning: BUG: KASAN: global-out-of-bounds in...

DEBIAN-CVE-2025-38636

In the Linux kernel, the following vulnerability has been resolved: rv: Use strings in da monitors tracepoints Using DA monitors tracepoints with KASAN enabled triggers the following warning: BUG: KASAN: global-out-of-bounds in dotraceeventraweventeventdamonitor+0xd6/0x1a0 Read of size 32 at addr...