160 matches found
ALSA-2026:34911 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: fs/smb/client: fix out-of-bounds read in cifssanitizeprepath CVE-2026-43112 kernel: rxrpc: Fix potential UAF after skbunshare failure CVE-2026-45998 kernel: drm/gem: Fix inconsistent plan...
EUVD-2026-36601
Nezha Monitoring: Unbounded WebSocket Streams — Resource Exhaustion DoS...
CVE-2026-53230
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix slab-out-of-bounds in mlx5querynicvportmaclist mlx5querynicvportmaclist sizes its firmware command buffer using the PF's logmaxcurrentuc/mclist capabilities. When querying a VF vport with a larger configured max via...
UBUNTU-CVE-2026-53230
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix slab-out-of-bounds in mlx5querynicvportmaclist mlx5querynicvportmaclist sizes its firmware command buffer using the PF's logmaxcurrentuc/mclist capabilities. When querying a VF vport with a larger configured max via...
CVE-2026-53230
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix slab-out-of-bounds in mlx5querynicvportmaclist mlx5querynicvportmaclist sizes its firmware command buffer using the PF's logmaxcurrentuc/mclist capabilities. When querying a VF vport with a larger configured max via...
CVE-2026-53230
CVE-2026-53230 describes a slab-out-of-bounds vulnerability in the Linux kernel mlx5 driver: mlx5_query_nic_vport_mac_list sizes its firmware command buffer using the PF’s log_max_current_uc/mc_list, risking an overflow when querying a VF vport with a larger max. The resulting memory access is a ...
CVE-2026-53230 net/mlx5: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix slab-out-of-bounds in mlx5querynicvportmaclist mlx5querynicvportmaclist sizes its firmware command buffer using the PF's logmaxcurrentuc/mclist capabilities. When querying a VF vport with a larger configured max via...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: - In the net subsystem, use dstdevrcu in sksetupcaps. - Use RCU to protect accesses to dst-dev from sksetupcaps and skdstgsomaxsize. - Also use dstdevrcu in ip6dstmtumaybeforward and ipdstmtumaybeforward. - ip4dsthoplimit can...
kernel: net: use dst_dev_rcu() in sk_setup_caps()
In the Linux kernel, the following vulnerability has been resolved: net: use dstdevrcu in sksetupcaps Use RCU to protect accesses to dst-dev from sksetupcaps and skdstgsomaxsize. Also use dstdevrcu in ip6dstmtumaybeforward, and ipdstmtumaybeforward. ip4dsthoplimit can use dstdevnetrcu...
kernel: net: use dst_dev_rcu() in sk_setup_caps()
In the Linux kernel, the following vulnerability has been resolved: net: use dstdevrcu in sksetupcaps Use RCU to protect accesses to dst-dev from sksetupcaps and skdstgsomaxsize. Also use dstdevrcu in ip6dstmtumaybeforward, and ipdstmtumaybeforward. ip4dsthoplimit can use dstdevnetrcu...
kernel: net: use dst_dev_rcu() in sk_setup_caps()
In the Linux kernel, the following vulnerability has been resolved: net: use dstdevrcu in sksetupcaps Use RCU to protect accesses to dst-dev from sksetupcaps and skdstgsomaxsize. Also use dstdevrcu in ip6dstmtumaybeforward, and ipdstmtumaybeforward. ip4dsthoplimit can use dstdevnetrcu...
CVE-2026-44420 FreeRDP cliprdr server heap-buffer-overflow via undersized capabilitySetLength in CB_CLIP_CAPS
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard cliprdr channel by sending a CBCLIPCAPS PDU with a too-small capabilitySetLength. This can crash the server process...
CVE-2026-44420 FreeRDP cliprdr server heap-buffer-overflow via undersized capabilitySetLength in CB_CLIP_CAPS
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard cliprdr channel by sending a CBCLIPCAPS PDU with a too-small capabilitySetLength. This can crash the server process...
FreeRDP 安全漏洞
FreeRDP is an open-source RDP protocol implementation developed by the FreeRDP team. Versions of FreeRDP prior to 3.26.0 contained security vulnerabilities. These vulnerabilities stemmed from malicious RDP clients being able to trigger a heap buffer overflow write in the server-side clipboard...
SUSE-SU-2026:21737-1 Security update for iproute2
This update for iproute2 fixes the following issue - CVE-2024-58251: denial of service via terminal escape sequences bsc1254324. Changes for iproute2: - support display of bound but unconnected sockets bsc1204562. - avoid spurious cgroup warning bsc1234383. - add post-6.4 follow-up fixes...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath12k – Fixed a memory leak in ath12kservicereadyextevent. Currently, in ath12kservicereadyextevent, svcrdyext.macPhyCaps is not freed in the failed case, resulting in a memory leak. The following trace is observed in...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: binfmtflat: Fixed an integer overflow bug on 32-bit systems. Most of these sizes and counts are capped at 256MB, so the calculations do not result in integer overflows. The “relocs” count also needs to be checked. Otherwise, o...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check whether extcaps is valid in BL setup. LVDS connectors do not have extended backlight caps; therefore, check whether the pointer is valid before accessing it. Selected from commit...
Astra Linux – Vulnerability in xrdp
xrdp is an open-source project that provides a graphical login to remote machines using the Microsoft Remote Desktop Protocol RDP. xrdp v0.9.21 contains an out-of-bound read vulnerability in the xrdpcapsprocessconfirm-active function. There are no known workarounds for this issue. Users are advis...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fixed a use-after-free case in tcpmregistersourcecaps. There might be a potential use-after-free case in tcpmregistersourcecaps. This could occur when: - New say, invalid source caps are advertised. - Existing...