302535 matches found
CVE-2026-46072
In the Linux kernel, the following vulnerability has been resolved: ntfs3: add buffer boundary checks to rununpack rununpack checks runbuf runlast at the top of the while loop but then reads sizesize and offsetsize bytes via rununpacks64 without verifying they fit within the remaining buffer. A...
EUVD-2026-32450
In the Linux kernel, the following vulnerability has been resolved: crypto: nx - fix bounce buffer leaks in nx842cryptoalloc,freectx The bounce buffers are allocated with getfreepages using BOUNCEBUFFERORDER order 2 = 4 pages, but both the allocation error path and nx842cryptofreectx release the...
CVE-2026-46068
The CVE-2026-46068 entry documents a Linux kernel crypto issue in the nx subsystem (nx842_crypto_alloc_ctx/nx842_crypto_free_ctx). Root cause: bounce buffers allocated with __get_free_pages() using BOUNCE_BUFFER_ORDER (order 2, 4 pages) were freed with free_page() instead of matching free_pages()...
CVE-2026-46068 crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx
In the Linux kernel, the following vulnerability has been resolved: crypto: nx - fix bounce buffer leaks in nx842cryptoalloc,freectx The bounce buffers are allocated with getfreepages using BOUNCEBUFFERORDER order 2 = 4 pages, but both the allocation error path and nx842cryptofreectx release the...
CVE-2026-46068
In the Linux kernel, the following vulnerability has been resolved: crypto: nx - fix bounce buffer leaks in nx842cryptoalloc,freectx The bounce buffers are allocated with getfreepages using BOUNCEBUFFERORDER order 2 = 4 pages, but both the allocation error path and nx842cryptofreectx release the...
CVE-2026-46066
In the Linux kernel, the following vulnerability has been resolved: ceph: fix numops off-by-one when crypto allocation fails movedirtyfolioinpagearray may fail if the file is encrypted, the dirty folio is not the first in the batch, and it fails to allocate a bounce buffer to hold the ciphertext...
EUVD-2026-32448
In the Linux kernel, the following vulnerability has been resolved: ceph: fix numops off-by-one when crypto allocation fails movedirtyfolioinpagearray may fail if the file is encrypted, the dirty folio is not the first in the batch, and it fails to allocate a bounce buffer to hold the ciphertext...
SUSE CVE-2026-45840
In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with nlmsgnewNLMSGDEFAULTSIZE, ... but serialize the full upcall PID array via ovsvportgetupcallportids...
EUVD-2026-32443
In the Linux kernel, the following vulnerability has been resolved: jbd2: fix deadlock in jbd2journalcancelrevoke Commit f76d4c28a46a "fs/jbd2: use sleeping version of findgetblock" changed jbd2journalcancelrevoke to use findgetblocknonatomic which holds the folio lock instead of iprivatelock. Th...
CVE-2026-46061 jbd2: fix deadlock in jbd2_journal_cancel_revoke()
In the Linux kernel, the following vulnerability has been resolved: jbd2: fix deadlock in jbd2journalcancelrevoke Commit f76d4c28a46a "fs/jbd2: use sleeping version of findgetblock" changed jbd2journalcancelrevoke to use findgetblocknonatomic which holds the folio lock instead of iprivatelock. Th...
CVE-2026-46061
The CVE-2026-46061 entry is about the Linux kernel jbd2 deadlock in jbd2_journal_cancel_revoke. The root cause is a change to use __find_get_block_nonatomic() which holds the folio lock instead of i_private_lock, breaking lock ordering (folio -> buffer) and enabling ABBA deadlocks when filesys...
SUSE CVE-2026-49014
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...
CVE-2026-46041
CVE-2026-46041 concerns the Linux kernel patch for greybus gb-beagleplay where sleeping in atomic context was fixed. The vulnerability arose because hdlc_append() invoked usleep_range() while holding tx_producer_lock in hdlc_tx_frames(), violating the rule against sleeping under a spinlock and ri...
EUVD-2026-32422
In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: fix sleep in atomic context in hdlctxframes hdlcappend calls usleeprange to wait for circular buffer space, but it is called with txproducerlock a spinlock held via hdlctxframes -...
EUVD-2026-32400
In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-aes - Fix 3-page memory leak in atmelaesbuffcleanup atmelaesbuffinit allocates 4 pages using getfreepages with ATMELAESBUFFERORDER, but atmelaesbuffcleanup frees only the first page using freepage, leaking the...
CVE-2026-46019
In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-aes - Fix 3-page memory leak in atmelaesbuffcleanup atmelaesbuffinit allocates 4 pages using getfreepages with ATMELAESBUFFERORDER, but atmelaesbuffcleanup frees only the first page using freepage, leaking the...
CVE-2026-46019
CVE-2026-46019 affects the Linux kernel crypto driver for atmel-aes. The issue is a memory‑leak in atmel_aes_buff_cleanup: atmel_aes_buff_init() allocates 4 pages via __get_free_pages() with ATMEL_AES_BUFFER_ORDER, but atmel_aes_buff_cleanup() frees only the first page with free_page(), leaking t...
CVE-2026-46019 crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup
In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-aes - Fix 3-page memory leak in atmelaesbuffcleanup atmelaesbuffinit allocates 4 pages using getfreepages with ATMELAESBUFFERORDER, but atmelaesbuffcleanup frees only the first page using freepage, leaking the...
CVE-2026-46016
In the Linux kernel, the following vulnerability has been resolved: remoteproc: xlnx: Only access buffer information if IPI is buffered In the receive callback check if message is NULL to prevent possibility of crash by NULL pointer dereferencing...
EUVD-2026-32397
In the Linux kernel, the following vulnerability has been resolved: remoteproc: xlnx: Only access buffer information if IPI is buffered In the receive callback check if message is NULL to prevent possibility of crash by NULL pointer dereferencing...