CVE-2026-44004 vm2: Host Process OOM DoS via Buffer.alloc (Timeout Bypass)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust ho...

CVE-2026-44004

CVE-2026-44004 affects vm2, an open‑source VM/sandbox for Node.js. Before version 3.11.0, sandboxed code can call Buffer.alloc() with any size, allocating host-heap memory directly via a synchronous C++ call; vm2’s timeout cannot interrupt such calls. A single request can exhaust memory and crash...

CVE-2026-44004 vm2: Host Process OOM DoS via Buffer.alloc (Timeout Bypass)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust ho...

Allocation of Resources Without Limits or Throttling

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the Buffer.alloc family in lib/setup-sandbox.js. An attacker can crash the host process ...

vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion

Summary Sandboxed code can call Buffer.alloc with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust host memory and crash the process with a FATAL ERROR:...

GHSA-6785-PVV7-MVG7 vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion

Summary Sandboxed code can call Buffer.alloc with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust host memory and crash the process with a FATAL ERROR:...

NPM: vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion

NPM: vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.5...

SUSE CVE-2026-43098

In the Linux kernel, the following vulnerability has been resolved: nfc: s3fwrn5: allocate rx skb before consuming bytes s3fwrn82uartread reports the number of accepted bytes to the serdev core. The current code consumes bytes into recvskb and may already deliver a complete frame before allocatin...

CVE-2026-43235

A flaw was found in the iris media driver within the Linux kernel. Missing platform data entries for the SM8750 component prevent the driver from allocating necessary internal buffers. This can lead to failures in basic video decoding and encoding operations, effectively causing a Denial of Servi...

CVE-2026-43098

A flaw was found in the Linux kernel's Near Field Communication NFC subsystem, specifically within the s3fwrn5 driver. This vulnerability occurs when the driver attempts to consume bytes into a receive buffer recvskb without ensuring a new buffer is allocated if the previous one was delivered. If...

EUVD-2026-27708

In the Linux kernel, the following vulnerability has been resolved: media: iris: Add buffer to list only after successful allocation Move listaddtail to after dmaallocattrs succeeds when creating internal buffers. Previously, the buffer was enqueued in buffers-list before the DMA allocation. If t...

EUVD-2026-27607

In the Linux kernel, the following vulnerability has been resolved: nfc: s3fwrn5: allocate rx skb before consuming bytes s3fwrn82uartread reports the number of accepted bytes to the serdev core. The current code consumes bytes into recvskb and may already deliver a complete frame before allocatin...

CVE-2026-43235

In the Linux kernel, the following vulnerability has been resolved: media: iris: Add missing platform data entries for SM8750 Two platform-data fields for SM8750 were missed: - getvpubuffersize = irisvpu33bufsize Without this, the driver fails to allocate the required internal buffers, leading to...

CVE-2026-43222 media: verisilicon: AV1: Fix tile info buffer size

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: AV1: Fix tile info buffer size Each tile info is composed of: rowsb, colsb, startpos and endpos 4 bytes each. So the total required memory is AV1MAXTILES 16 bytes. Use the correct define to allocate the buffer...

CVE-2026-43222

In the Linux kernel, the media: verisilicon: AV1 driver patch fixes a buffer-size miscalculation for tile information. The tile info structure (row_sb, col_sb, start_pos, end_pos) requires AV1_MAX_TILES × 16 bytes; using the incorrect define caused writes to non-allocated memory, risking memory c...

CVE-2026-43146 media: iris: Add buffer to list only after successful allocation

In the Linux kernel, the following vulnerability has been resolved: media: iris: Add buffer to list only after successful allocation Move listaddtail to after dmaallocattrs succeeds when creating internal buffers. Previously, the buffer was enqueued in buffers-list before the DMA allocation. If t...

CVE-2026-43146

In the Linux kernel, the following vulnerability has been resolved: media: iris: Add buffer to list only after successful allocation Move listaddtail to after dmaallocattrs succeeds when creating internal buffers. Previously, the buffer was enqueued in buffers-list before the DMA allocation. If t...

SUSE CVE-2026-43044

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix DMA corruption on long hmac keys When a key longer than block size is supplied, it is copied and then hashed into the real key. The memory allocated for the copy needs to be rounded to DMA cache alignment, as...

PT-2026-37486

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the iris media component where internal buffers were added to the buffers-list using the list add tail function before the dma alloc attrs allocation process was...

CVE-2025-47404

Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified...