21 matches found
UBUNTU-CVE-2026-53233
In the Linux kernel, the following vulnerability has been resolved: netdev: fix double-free in netdevnlbindrxdoit Sashiko flags that genlmsgreply always consumes the skb. The error path calls nlmsgfreersp so we can't jump directly to it. Let's not unbind, just propagate the error to the user. Thi...
PT-2026-52328
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double-free issue exists in the netdev nl bind rx doit function. This occurs because genlmsg reply always consumes the socket buffer skb, but the error path incorrectly calls nlmsg...
CVE-2026-53041
CVE-2026-53041 concerns OCFS2 in the Linux kernel. When an OCFS2 inode has both inline and block-based xattrs, listxattr() could report a size larger than the caller’s buffer if inline names consumed the buffer exactly, triggering a kernel bug/DoS. The root cause was a refactor that used size == ...
CVE-2026-53041 ocfs2: fix listxattr handling when the buffer is full
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix listxattr handling when the buffer is full BUG If an OCFS2 inode has both inline and block-based xattrs, listxattr can return a size larger than the caller's buffer when the inline names consume that buffer exactly...
CVE-2026-53041 ocfs2: fix listxattr handling when the buffer is full
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix listxattr handling when the buffer is full BUG If an OCFS2 inode has both inline and block-based xattrs, listxattr can return a size larger than the caller's buffer when the inline names consume that buffer exactly...
PT-2026-51935
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the OCFS2 file system where the listxattr function can return a size larger than the caller's buffer. This occurs when an OCFS2 inode contains both inline and...
AWS VDP: Health check errors silently dropped when channel buffer full
Component: pkg/plugin/plugin.go:153-156, pkg/plugin/pluginv2.go:156-158 Affected Version: aws-encryption-provider @ 4341c70 all versions Found by: Source audit TLP: TLP:Amber --- Summary When KMS operations fail, the error is sent to a buffered channel healthCheckErrc, size 100 via a non-blocking...
CVE-2026-31890
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. Prior to 0.50.1, in a situation where the ring-buffer of a gadget is – incidentally or maliciously – already full, the gadget will silently drop events. Th...
Inspektor Gadget 安全漏洞
Inspektor Gadget is a set of tools and frameworks based on eBPF developed by Inspektor Gadget Inc. Versions of Inspektor Gadget prior to 0.50.1 contained security vulnerabilities. These vulnerabilities stemmed from the silent discarding of events when the ring buffer was full, with the discard...
EUVD-2017-15055
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2022-49771
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm ioctl: fix misbehavior if listversions races with module loading listversions will first estimate the required space using the...
UBUNTU-CVE-2024-53236
In the Linux kernel, the following vulnerability has been resolved: xsk: Free skb when TX metadata options are invalid When a new skb is allocated for transmitting an xsk descriptor, i.e., for every non-multibuf descriptor or the first frag of a multibuf descriptor, but the descriptor is later...
Configuration Restore Fails With: "2200N: invalid XML content DETAIL: buffer full"
Challenge When performing a configuration restore or migration, the Restore process fails with the error: 2200N: invalid XML content DETAIL: buffer full Cannot read configuration backup Cause This error is caused by an underlying issue within PostgreSQL 15.1 and 15.2 PostgreSQL 15.1 was included...
SUSE CVE-2017-5986
Race condition in the sctpwaitforsndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service assertion failure and panic via a multithreaded application that peels off an association in a certain buffer-full state...
UBUNTU-CVE-2020-1917
xbufformatconverter, used as part of exifreaddata, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to...
PT-2020-17528 · Rust · Ws
Name of the Vulnerable Software and Affected Versions: ws crate versions prior to 2020-09-25 Description: An issue in the ws crate allows a remote memory-consumption attack due to the outgoing buffer not being properly limited. This enables a remote attacker to take down the process by growing th...
kernel: Reachable BUG_ON from userspace in sctp_wait_for_sndbuf
It was reported that with Linux kernel, earlier than version v4.10-rc8, an application may trigger a BUGON in sctpwaitforsndbuf if the socket tx buffer is full, a thread is waiting on it to queue more data, and meanwhile another thread peels off the association being used by the first thread...
CVE-2017-5986
Race condition in the sctpwaitforsndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service assertion failure and panic via a multithreaded application that peels off an association in a certain buffer-full state...
UBUNTU-CVE-2017-5986
Race condition in the sctpwaitforsndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service assertion failure and panic via a multithreaded application that peels off an association in a certain buffer-full state...
CVE-2017-5986
It was reported that with Linux kernel, earlier than version v4.10-rc8, an application may trigger a BUGON in sctpwaitforsndbuf if the socket tx buffer is full, a thread is waiting on it to queue more data, and meanwhile another thread peels off the association being used by the first thread...