11449 matches found
CVE-2026-52967
In the Linux kernel, the following vulnerability has been resolved: smb/client: fix possible infinite loop and oob read in symlinkdata On 32-bit architectures, the infinite loop is as follows: len = p-ErrorDataLength == 0xfffffff8 u8 next = p-ErrorContextData + len next == p On 32-bit...
EUVD-2026-38915
In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect sizeof in phys array reallocation The krealloc call for capinfo-phys in eficapsulesetupinfo uses sizeofphysaddrt instead of sizeofphysaddrt, which might be causing an undersized allocation. The...
EUVD-2026-38913
In the Linux kernel, the following vulnerability has been resolved: memory: tegra124-emc: Fix dllchange check The code checking whether the specified memory timing enables DLL in the EMRS register was reversed. DLL is enabled if bit A0 is low. Fix the check...
CVE-2026-53015
In the Linux kernel’s EROFS code, the lcn field was typed as unsigned long (or unsigned int), which is 32-bit on 32-bit platforms, causing (lcn <
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clearing the “Present” bit before tearing down the PASID entry The Intel VT-d Scalable Mode PASID table entry consists of 512 bits 64 bytes. When tearing down an entry, the current implementation zeros the entire...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in the guest XSAVE state whenever XFDi=1 When loading the guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, the disabled features in XSTATEBV are cleared to ensure tha...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: iouring/io-wq: The IOWQBITEXIT check is performed within the work run loop. Currently, this check is performed before executing the pending tasks. Normally, this works fine, as the tasks either end up blocking other processes or...
Astra Linux – Vulnerability in libpng1.6
LIBPNG is a reference library used in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.51 to 1.6.53, there was a potential issue of excessive memory access in the libpng simplified API function pngimagefinishread, when processing...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: spi: fsl-cpm: Length parity checks were performed before switching to 16-bit mode. The commit fc96ec826bce “spi: fsl-cpm: Use 16-bit mode for large transfers with even size” failed to ensure that the size of the data transfer was...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton to prevent conversion to 0-bit quantities Testing conducted by the syzbot fuzzer revealed that the HID core encounters a shift-out-of-bounds exception when it attempts to convert a 32-bit quantity to a...
Astra Linux – Vulnerability in imagemagick
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, there was a 32-bit unsigned integer overflow in the XWD X Windows encoder, which could lead to an undersized heap buffer allocation. When writing an extremely...
CVE-2026-52934
In the Linux kernel, the following vulnerability has been resolved: batman-adv: tvlv: reject oversized TVLV packets batadvtvlvcontainerogmappend builds a TVLV packet section from the tvlv.containerlist. The total size of this section is computed by batadvtvlvcontainerlistsize, which sums the size...
CVE-2026-52934
In the Linux kernel, the following vulnerability has been resolved: batman-adv: tvlv: reject oversized TVLV packets batadvtvlvcontainerogmappend builds a TVLV packet section from the tvlv.containerlist. The total size of this section is computed by batadvtvlvcontainerlistsize, which sums the size...
CVE-2026-52934
The CVE-2026-52934 entry involves the Linux kernel’s batman-adv TVLV handling. The root cause is batadv_tvlv_container_list_size() using a 16-bit accumulator, which can wrap when the total size exceeds U16_MAX, causing an undersized allocation in batadv_tvlv_container_ogm_append() and a subsequen...
EUVD-2026-38730
In the Linux kernel, the following vulnerability has been resolved: netfilter: ebtables: fix OOB read in compatmtwfromuser Luxiao Xu says: The function compatmtwfromuser converts ebtables extensions from 32-bit user structures to kernel native structures. However, it lacks proper validation of th...
PT-2026-51861
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the symlink data function within the SMB client. On 32-bit architectures, this can lead to an infinite loop or an out-of-bounds read reading data outside the intended...
PT-2026-51930
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An off-by-one error exists in the arm64 BPF JIT Just-In-Time compiler within the check immbits, imm macro. This macro is used to verify that a branch displacement fits into the signed...
Tenable Identity Exposure < 3.93.5 Multiple Vulnerabilities (TNS-2026-16)
The version of Tenable Identity Exposure running on the remote host is prior to 3.93.5. It is, therefore, affected by multiple vulnerabilities according to advisory TNS-2026-16: - Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/ that expose sensitive...
PT-2026-51941
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An undersized allocation occurs in the efi capsule setup info function due to the use of sizeofphys addr t instead of sizeofphys addr t during a krealloc call for the cap info-phys...
PT-2026-51953
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer overflow exists in the device-mapper log dm log component. The region count local variable in the create log context function is declared as a 32-bit unsigned integer, while t...