vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion

Summary Sandboxed code can call Buffer.alloc with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust host memory and crash the process with a FATAL ERROR:...

GHSA-6785-PVV7-MVG7 vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion

Summary Sandboxed code can call Buffer.alloc with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust host memory and crash the process with a FATAL ERROR:...

NPM: vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion

NPM: vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.5...

SUSE CVE-2026-43098

In the Linux kernel, the following vulnerability has been resolved: nfc: s3fwrn5: allocate rx skb before consuming bytes s3fwrn82uartread reports the number of accepted bytes to the serdev core. The current code consumes bytes into recvskb and may already deliver a complete frame before allocatin...

CVE-2026-43235

A flaw was found in the iris media driver within the Linux kernel. Missing platform data entries for the SM8750 component prevent the driver from allocating necessary internal buffers. This can lead to failures in basic video decoding and encoding operations, effectively causing a Denial of Servi...

CVE-2026-43098

A flaw was found in the Linux kernel's Near Field Communication NFC subsystem, specifically within the s3fwrn5 driver. This vulnerability occurs when the driver attempts to consume bytes into a receive buffer recvskb without ensuring a new buffer is allocated if the previous one was delivered. If...

EUVD-2026-27708

In the Linux kernel, the following vulnerability has been resolved: media: iris: Add buffer to list only after successful allocation Move listaddtail to after dmaallocattrs succeeds when creating internal buffers. Previously, the buffer was enqueued in buffers-list before the DMA allocation. If t...

EUVD-2026-27607

In the Linux kernel, the following vulnerability has been resolved: nfc: s3fwrn5: allocate rx skb before consuming bytes s3fwrn82uartread reports the number of accepted bytes to the serdev core. The current code consumes bytes into recvskb and may already deliver a complete frame before allocatin...

CVE-2026-43235

In the Linux kernel, the following vulnerability has been resolved: media: iris: Add missing platform data entries for SM8750 Two platform-data fields for SM8750 were missed: - getvpubuffersize = irisvpu33bufsize Without this, the driver fails to allocate the required internal buffers, leading to...

CVE-2026-43222 media: verisilicon: AV1: Fix tile info buffer size

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: AV1: Fix tile info buffer size Each tile info is composed of: rowsb, colsb, startpos and endpos 4 bytes each. So the total required memory is AV1MAXTILES 16 bytes. Use the correct define to allocate the buffer...

CVE-2026-43222

In the Linux kernel, the media: verisilicon: AV1 driver patch fixes a buffer-size miscalculation for tile information. The tile info structure (row_sb, col_sb, start_pos, end_pos) requires AV1_MAX_TILES × 16 bytes; using the incorrect define caused writes to non-allocated memory, risking memory c...

CVE-2026-43146 media: iris: Add buffer to list only after successful allocation

In the Linux kernel, the following vulnerability has been resolved: media: iris: Add buffer to list only after successful allocation Move listaddtail to after dmaallocattrs succeeds when creating internal buffers. Previously, the buffer was enqueued in buffers-list before the DMA allocation. If t...

CVE-2026-43146

In the Linux kernel, the following vulnerability has been resolved: media: iris: Add buffer to list only after successful allocation Move listaddtail to after dmaallocattrs succeeds when creating internal buffers. Previously, the buffer was enqueued in buffers-list before the DMA allocation. If t...

SUSE CVE-2026-43044

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix DMA corruption on long hmac keys When a key longer than block size is supplied, it is copied and then hashed into the real key. The memory allocated for the copy needs to be rounded to DMA cache alignment, as...

PT-2026-37486

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the iris media component where internal buffers were added to the buffers-list using the list add tail function before the dma alloc attrs allocation process was...

CVE-2025-47404

Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: efi: stmm: Fix incorrect buffer allocation method The communication buffer allocated by setupmmhdr is later on passed to teeshmregisterkernelbuf. The latter expects those buffers to be contiguous pages, but setupmmhdr just uses...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: cx23885: Fix a null-ptr-deref bug in bufferprepare and bufferfinish When the driver calls cx23885riscbuffer to prepare the buffer, the function call dmaalloccoherent may fail, resulting in a empty buffer risc-cpu. Later wh...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: A NULL cpubuffer was checked in ringbufferwakewaiters. On some machines, the number of listed CPUs may be larger than the actual CPUs that exist. The tracing subsystem allocates a per-CPU directory with access to the...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Input: pegasus-notetaker - fix potential out-of-bounds access In the pegasusnotetaker driver, the pegasusprobe function allocates the URB transfer buffer using the wMaxPacketSize value from the endpoint descriptor. An attacker ca...