ROS-20260515-73-0043

A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information using a specially crafted HTML page...

Intel Data Center Graphics Driver 缓冲区错误漏洞

The Intel Data Center Graphics Driver is a set of graphics drivers developed by Intel Corporation for data center GPUs and graphics acceleration devices. Versions of the Intel Data Center Graphics Driver prior to 2.0.2 contained a buffer error vulnerability. This vulnerability stemmed from...

CVE-2026-43341

In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: prevent schema length wraparound in trace fill ioam6filltracedata stores the schema contribution to the trace length in a u8. With bit 22 enabled and the largest schema payload, sclen becomes 1 + 1020 / 4, wraps...

CVE-2026-43341 net/ipv6: ioam6: prevent schema length wraparound in trace fill

In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: prevent schema length wraparound in trace fill ioam6filltracedata stores the schema contribution to the trace length in a u8. With bit 22 enabled and the largest schema payload, sclen becomes 1 + 1020 / 4, wraps...

CVE-2026-43341

In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: prevent schema length wraparound in trace fill ioam6filltracedata stores the schema contribution to the trace length in a u8. With bit 22 enabled and the largest schema payload, sclen becomes 1 + 1020 / 4, wraps...

CVE-2026-43222

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: AV1: Fix tile info buffer size Each tile info is composed of: rowsb, colsb, startpos and endpos 4 bytes each. So the total required memory is AV1MAXTILES 16 bytes. Use the correct define to allocate the buffer...

xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...

CVE-2026-31748

A flaw was found in the Linux kernel's comedi: medaq module. The me2600xilinxdownload function, responsible for loading firmware, does not adequately validate the length of the provided firmware data stream. This vulnerability allows for a buffer overrun, which can lead to memory corruption withi...

CVE-2026-31747

A flaw was found in the Linux kernel's comedi: me4000 driver. The me4000xilinxdownload function fails to validate the length of the firmware data stream, trusting the value provided in the firmware header. A local attacker could exploit this by providing a specially crafted firmware image, leadin...

CVE-2026-31748

CVE-2026-31748 (Linux kernel, comedi me_daq) : A firmware-overrun was fixed in the me2600_xilinx_download() path used by request_firmware(). The code trusts the firmware header and reads file_length from the first 4 bytes, then copies file_length bytes from offset 16 without verifying the data st...

CVE-2026-31747 comedi: me4000: Fix potential overrun of firmware buffer

In the Linux kernel, the following vulnerability has been resolved: comedi: me4000: Fix potential overrun of firmware buffer me4000xilinxdownload loads the firmware that was requested by requestfirmware. It is possible for it to overrun the source buffer because it blindly trusts the file format...

PT-2026-36434

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth MGMT component where the mesh send function fails to verify that the bytes provided for the flexible adv data array match the embedded adv data len field...

PT-2026-36383

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer overrun can occur in the me2600 xilinx download function when loading firmware requested by request firmware. The function reads a data stream length into the file length variab...

openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing

A flaw was found in OpenEXR, an image storage format library for the motion picture industry. An attacker can craft a malicious EXR file that, when processed, causes an integer overflow in the CompositeDeepScanLine::readPixels function. This overflow leads to an undersized buffer allocation, whic...

openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing

A flaw was found in OpenEXR, an image storage format library for the motion picture industry. An attacker can craft a malicious EXR file that, when processed, causes an integer overflow in the CompositeDeepScanLine::readPixels function. This overflow leads to an undersized buffer allocation, whic...

CVE-2026-42512 Remotely triggerable out-of-bounds heap write in dhclient

As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when requesting memory, resulting in a heap buffer overrun. A specially crafted packet can cause dhclient to...

EUVD-2026-26357

As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when requesting memory, resulting in a heap buffer overrun. A specially crafted packet can cause dhclient to...

CVE-2026-42512

As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when requesting memory, resulting in a heap buffer overrun. A specially crafted packet can cause dhclient to...

xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...

xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...