353 matches found
CVE-2026-53164
A flaw was found in the Linux kernel's input/output memory management unit IOMMU Direct Memory Access DMA subsystem, specifically within the software IOMMU bounce buffer SWIOTLB mechanism. This vulnerability occurs when the system attempts to map a zero-length memory region, which can be triggere...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/xe/migrate: prevents infinite recursion. If the buf + offset is not aligned to XECAHELINEBYTES, we fall back to using a bounce buffer. However, the bounce buffer is allocated on the stack, and the only alignment requirement...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: media: go7007: fix a memleak in go7007loadencoder In go7007loadencoder, the variable bounce i.e., go-bootfw is allocated without subsequent deallocation. After the following call chain: saa7134go7007init | | - go7007bootencoder |...
FreeBSD : Erlang/OTP -- FTP passive-mode client does not validate server response IP (d87e0681-64d4-11f1-ab11-4c526214c986)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d87e0681-64d4-11f1-ab11-4c526214c986 advisory. https://github.com/erlang/otp/security/advisories/GHSA-24cv-hwgr-37fq reports: The FTP client in passiv...
CVE-2026-48858
Server-Side Request Forgery SSRF vulnerability in Erlang/OTP ftp ftpinternal module allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftpinternal:handlectrlresult/2 PASV handler mode=passive, ipfamily=inet, ftpextension=false extracts the IP address from the...
CVE-2026-48858
The CVE-2026-48858 entry describes a Server-Side Request Forgery (SSRF) flaw in Erlang/OTP ftp’s PASV path: the ftp_internal PASV handler accepts the server’s 227 response IP and passes it to gen_tcp:connect without validating it against the control connection peer, unlike EPSV handlers. This ena...
CVE-2026-48858 ftp client PASV response IP not validated against control peer, enabling SSRF and FTP bounce attacks
Server-Side Request Forgery SSRF vulnerability in Erlang/OTP ftp ftpinternal module allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftpinternal:handlectrlresult/2 PASV handler mode=passive, ipfamily=inet, ftpextension=false extracts the IP address from the...
EUVD-2026-36055
Server-Side Request Forgery SSRF vulnerability in Erlang/OTP ftp ftpinternal module allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftpinternal:handlectrlresult/2 PASV handler mode=passive, ipfamily=inet, ftpextension=false extracts the IP address from the...
Erlang/OTP -- FTP passive-mode client does not validate server response IP
https://github.com/erlang/otp/security/advisories/GHSA-24cv-hwgr-37fq reports: The FTP client in passive mode did not validate the IP address returned in the server's response, allowing a compromised or malicious server to redirect the data connection to an arbitrary host. This enables server-sid...
CVE-2026-7798
The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.9.87 via the 'SubscribeURL' parameter. This makes it possible for...
crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx
...
SUSE CVE-2026-46066
In the Linux kernel, the following vulnerability has been resolved: ceph: fix numops off-by-one when crypto allocation fails movedirtyfolioinpagearray may fail if the file is encrypted, the dirty folio is not the first in the batch, and it fails to allocate a bounce buffer to hold the ciphertext...
SUSE CVE-2026-46068
In the Linux kernel, the following vulnerability has been resolved: crypto: nx - fix bounce buffer leaks in nx842cryptoalloc,freectx The bounce buffers are allocated with getfreepages using BOUNCEBUFFERORDER order 2 = 4 pages, but both the allocation error path and nx842cryptofreectx release the...
CVE-2026-46068
A flaw was found in the Linux kernel's crypto:nx component. This vulnerability involves incorrect memory management during the deallocation of bounce buffers, where an improper function is used. This can lead to memory leaks, which may result in system instability or a Denial of Service DoS...
CVE-2026-46066
A flaw was found in the Linux kernel's Ceph filesystem. When writing to encrypted CephFS files, a failure to allocate a bounce buffer for a dirty folio can lead to an off-by-one error in the numops counter. This inconsistency can cause a kernel panic, resulting in a Denial of Service DoS for the...
CVE-2026-46068
In the Linux kernel, the following vulnerability has been resolved: crypto: nx - fix bounce buffer leaks in nx842cryptoalloc,freectx The bounce buffers are allocated with getfreepages using BOUNCEBUFFERORDER order 2 = 4 pages, but both the allocation error path and nx842cryptofreectx release the...
UBUNTU-CVE-2026-46066
In the Linux kernel, the following vulnerability has been resolved: ceph: fix numops off-by-one when crypto allocation fails movedirtyfolioinpagearray may fail if the file is encrypted, the dirty folio is not the first in the batch, and it fails to allocate a bounce buffer to hold the ciphertext...
UBUNTU-CVE-2026-46068
In the Linux kernel, the following vulnerability has been resolved: crypto: nx - fix bounce buffer leaks in nx842cryptoalloc,freectx The bounce buffers are allocated with getfreepages using BOUNCEBUFFERORDER order 2 = 4 pages, but both the allocation error path and nx842cryptofreectx release the...
CVE-2026-46068 crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx
In the Linux kernel, the following vulnerability has been resolved: crypto: nx - fix bounce buffer leaks in nx842cryptoalloc,freectx The bounce buffers are allocated with getfreepages using BOUNCEBUFFERORDER order 2 = 4 pages, but both the allocation error path and nx842cryptofreectx release the...
CVE-2026-46068
CVE-2026-46068 affects the Linux kernel's crypto nx path: bounce buffers allocated with _get_free_pages() (BOUNCE_BUFFER_ORDER) are freed with free_page() instead of free_pages(), causing memory leaks. The fix uses free_pages() with the matching order in nx842_crypto {alloc,free}_ctx. Affected: L...