7634 matches found
CVE-2026-46218
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Add bounds checking to ibget,setvalue The uvd/vce/vcn code accesses the IB at predefined offsets without checking that the IB is large enough. Check the bounds here. The caller is responsible for making sure it can...
CVE-2026-46218
The vulnerability CVE-2026-46218 affects the Linux kernel DRM AMDGPU driver. The issue is in ib_get_value/ib_set_value where the uvd/vce/vcn code accessed the Instruction Buffer (IB) at predefined offsets without verifying the IB size, enabling out-of-bounds reads/writes. The root cause is missin...
CVE-2026-46145
The CVE-2026-46145 vulnerability affects the Linux kernel, specifically the RDMA/mana component. A user-supplied rx_hash_key_len value supplied via a uAPI structure is blindly passed to memcpy, enabling localized kernel memory corruption if bounds checks are not enforced. Reports from multiple so...
SUSE CVE-2026-45923
In the Linux kernel, the following vulnerability has been resolved: net: usb: catc: enable basic endpoint checking catcprobe fills three URBs with hardcoded endpoint pipes without verifying the endpoint descriptors: - usbsndbulkpipeusbdev, 1 and usbrcvbulkpipeusbdev, 1 for TX/RX -...
SUSE CVE-2026-46070
In the Linux kernel, the following vulnerability has been resolved: md/raid5: validate payload size before accessing journal metadata r5crecoveryanalyzemetablock and r5lrecoveryverifydatachecksumformb iterate over payloads in a journal metadata block using on-disk payload size fields without...
Local Deep Research 代码问题漏洞
Local Deep Research is an AI search assistant developed by LearningCircuit. Versions of Local Deep Research prior to 1.6.10 contained code vulnerabilities. These vulnerabilities stemmed from defects in the URL checking logic, which could be exploited by attackers, leading to SSRF attacks...
PT-2026-44341
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A bounds checking issue exists in the Linux kernel DRM AMD GPU driver. The uvd, vce, and vcn components access the Indirect Buffer IB at predefined offsets without verifying if the IB is...
EUVD-2026-32389
In the Linux kernel, the following vulnerability has been resolved: net: usb: catc: enable basic endpoint checking catcprobe fills three URBs with hardcoded endpoint pipes without verifying the endpoint descriptors: - usbsndbulkpipeusbdev, 1 and usbrcvbulkpipeusbdev, 1 for TX/RX -...
CVE-2026-46070
In the Linux kernel, the following vulnerability has been resolved: md/raid5: validate payload size before accessing journal metadata r5crecoveryanalyzemetablock and r5lrecoveryverifydatachecksumformb iterate over payloads in a journal metadata block using on-disk payload size fields without...
CVE-2026-45923
In the Linux kernel, the following vulnerability has been resolved: net: usb: catc: enable basic endpoint checking catcprobe fills three URBs with hardcoded endpoint pipes without verifying the endpoint descriptors: - usbsndbulkpipeusbdev, 1 and usbrcvbulkpipeusbdev, 1 for TX/RX -...
CVE-2026-46070
In the Linux kernel, the following vulnerability has been resolved: md/raid5: validate payload size before accessing journal metadata r5crecoveryanalyzemetablock and r5lrecoveryverifydatachecksumformb iterate over payloads in a journal metadata block using on-disk payload size fields without...
EUVD-2026-32452
In the Linux kernel, the following vulnerability has been resolved: md/raid5: validate payload size before accessing journal metadata r5crecoveryanalyzemetablock and r5lrecoveryverifydatachecksumformb iterate over payloads in a journal metadata block using on-disk payload size fields without...
CVE-2026-45935
The CVE-2026-45935 issue affects the Linux kernel NTFS3 driver, specifically the DeleteIndexEntryRoot path in do_action. The vulnerability arises from insufficient bounds checking on the entry size (esize) read from the log record, where e2 = Add2Ptr(e1, esize) can exceed the used buffer if esize...
CVE-2026-45923 net: usb: catc: enable basic endpoint checking
In the Linux kernel, the following vulnerability has been resolved: net: usb: catc: enable basic endpoint checking catcprobe fills three URBs with hardcoded endpoint pipes without verifying the endpoint descriptors: - usbsndbulkpipeusbdev, 1 and usbrcvbulkpipeusbdev, 1 for TX/RX -...
CVE-2026-45923
In the Linux kernel, the following vulnerability has been resolved: net: usb: catc: enable basic endpoint checking catcprobe fills three URBs with hardcoded endpoint pipes without verifying the endpoint descriptors: - usbsndbulkpipeusbdev, 1 and usbrcvbulkpipeusbdev, 1 for TX/RX -...
CVE-2026-45923
In CVE-2026-45923, the Linux kernel net/usb/catc driver did not validate endpoint descriptors during probe. catc_probe() initializes three URBs using hardcoded endpoints: usb_sndbulkpipe(usbdev, 1) and usb_rcvbulkpipe(usbdev, 1) for TX/RX, and usb_rcvintpipe(usbdev, 2) for interrupt status, which...
CVE-2026-45878
The CVE-2026-45878 issue affects the Linux kernel’s AMD GPU driver (drm/amdkfd) where debug address watch (watch_id) handling could overflow memory due to mixing unsigned watch_id with signed checks. The root cause is insufficient bounds validation for watch_id, which could be large enough to acc...
CVE-2026-45878
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix watchid bounds checking in debug address watch v2 The address watch clear code receives watchid as an unsigned value u32, but some helper functions were using a signed int and checked bits by shifting with watchid...
CVE-2026-45843
In the Linux kernel, the following vulnerability has been resolved: slip: bound decode reads against the compressed packet length slhcuncompress parses a VJ-compressed TCP header by advancing a pointer through the packet via decode and pull16. Neither helper bounds-checks against isize, and decod...
PT-2026-43745
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/amdkfd component where the address watch clear code receives watch id as an unsigned value, but certain helper functions use a signed integer. When a very larg...