CVE-2026-46128

In the Linux kernel, the following vulnerability has been resolved: ipmi: Check event message buffer response for bad data The event message buffer response data size got checked later when processing, but check it right after the response comes back. It appears some BMCs may return an empty...

CVE-2026-43304 libceph: define and enforce CEPH_MAX_KEY_LEN

In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPHMAXKEYLEN When decoding the key, verify that the key material would fit into a fixed-size buffer in processauthdone and generally has a sane length. The new CEPHMAXKEYLEN check replaces the existin...

BIT-JRE-2024-47777 GHSL-2024-259: GStreamer has an OOB-read in gst_wavparse_smpl_chunk

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gstwavparsesmplchunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is...

CVE-2026-43206

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix out-of-bounds write in kfdeventpageset The kfdeventpageset function writes KFDSIGNALEVENTLIMIT 8 bytes via memset without checking the buffer size parameter. This allows unprivileged userspace to trigger an out-of...

PT-2026-38026

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst wavparse smpl chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwis...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate request buffer size in smb2allocaterspbuf The response buffer should be allocated in smb2allocaterspbuf before validating request. But the fields in payload as well as smb2 header is used in smb2allocaterspbuf. Th...

EUVD-2026-26647

In the Linux kernel, the following vulnerability has been resolved: HID: core: Mitigate potential OOB by removing bogus memset The memset in hidreportrawevent has the good intention of clearing out bogus data by zeroing the area from the end of the incoming data string to the assumed end of the...

CVE-2026-43048 HID: core: Mitigate potential OOB by removing bogus memset()

In the Linux kernel, the following vulnerability has been resolved: HID: core: Mitigate potential OOB by removing bogus memset The memset in hidreportrawevent has the good intention of clearing out bogus data by zeroing the area from the end of the incoming data string to the assumed end of the...

PT-2026-36465

In the Linux kernel, the following vulnerability has been resolved: HID: core: Mitigate potential OOB by removing bogus memset The memset in hid report raw event has the good intention of clearing out bogus data by zeroing the area from the end of the incoming data string to the assumed end of th...

SUSE CVE-2026-31631

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix buffer overread in rxgkdoverifyauthenticator Fix rxgkdoverifyauthenticator to check the buffer size before checking the nonce...

DEBIAN-CVE-2026-31631

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix buffer overread in rxgkdoverifyauthenticator Fix rxgkdoverifyauthenticator to check the buffer size before checking the nonce...

CVE-2026-31612

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate EaNameLength in smb2getea smb2getea reads eareq-EaNameLength from the client request and passes it directly to strncmp as the comparison length without verifying that the length of the name really is the size of t...

EUVD-2026-25524

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix buffer overread in rxgkdoverifyauthenticator Fix rxgkdoverifyauthenticator to check the buffer size before checking the nonce...

PT-2026-34964

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the ksmbd module, the smb2 get ea function reads the EaNameLength variable from a client request and passes it to strncmp as the comparison length without verifying if the name length...

SUSE CVE-2026-31432

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix OOB write in QUERYINFO for compound requests When a compound request such as READ + QUERYINFOSecurity is received, and the first command READ consumes most of the response buffer, ksmbd could write beyond the allocated...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporated in the United States. There are security vulnerabilities in Qualcomm Chipsets, which stem from the lack of size verification when accessing the output buffer during IOCTL processing, potentially leading to memory...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporated in the United States. There is a security vulnerability in Qualcomm Chipsets, which stems from the lack of size verification when accessing the output buffer during the IOCTL processing of the camera sensor driver. This...

SUSE-SU-2026:20642-1 Security update for expat

This update for expat fixes the following issues: - CVE-2026-24515: failure to copy the encoding handler data passed to XMLSetUnknownEncodingHandler may cause a NULL dereference bsc1257144. - CVE-2026-25210: lack of buffer size check can lead to an integer overflow bsc1257496...

SUSE-SU-2026:20481-1 Security update for expat

This update for expat fixes the following issues: - CVE-2026-24515: failure to copy the encoding handler data passed to XMLSetUnknownEncodingHandler may cause a NULL dereference bsc1257144. - CVE-2026-25210: lack of buffer size check can lead to an integer overflow bsc1257496...