44 matches found
SUSE CVE-2026-46064
In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix heap over-read in ibmasmsendi2omessage The ibmasmsendi2omessage function uses getdotcommandsize to compute the byte count for memcpytoio, but this value is derived from user-controlled fields in the dotcommandheader...
CVE-2026-46064
In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix heap over-read in ibmasmsendi2omessage The ibmasmsendi2omessage function uses getdotcommandsize to compute the byte count for memcpytoio, but this value is derived from user-controlled fields in the dotcommandheader...
UBUNTU-CVE-2026-46064
In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix heap over-read in ibmasmsendi2omessage The ibmasmsendi2omessage function uses getdotcommandsize to compute the byte count for memcpytoio, but this value is derived from user-controlled fields in the dotcommandheader...
CVE-2026-46064
CVE-2026-46064 affects the Linux kernel’s ibmasm_send_i2o_message, where the copy size is derived from user-controlled dot_command_header fields and not validated against allocation size. This can let an attacker perform a heap over-read by memcpy_toio(), reaching up to ~65 KB beyond the allocate...
CVE-2026-46064 ibmasm: fix heap over-read in ibmasm_send_i2o_message()
In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix heap over-read in ibmasmsendi2omessage The ibmasmsendi2omessage function uses getdotcommandsize to compute the byte count for memcpytoio, but this value is derived from user-controlled fields in the dotcommandheader...
CVE-2026-46064
In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix heap over-read in ibmasmsendi2omessage The ibmasmsendi2omessage function uses getdotcommandsize to compute the byte count for memcpytoio, but this value is derived from user-controlled fields in the dotcommandheader...
EUVD-2026-32446
In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix heap over-read in ibmasmsendi2omessage The ibmasmsendi2omessage function uses getdotcommandsize to compute the byte count for memcpytoio, but this value is derived from user-controlled fields in the dotcommandheader...
PT-2026-43931
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A heap over-read exists in the ibmasm send i2o message function. The function utilizes get dot command size to determine the byte count for memcpy toio, but this value is based on...
PT-2026-43861
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description An issue exists in the command file write handler where it allocates a kernel buffer based on a user-provided count but fails to validate this buffer against the dot command protocol before...
CVE-2026-43017
CVE-2026-43017 concerns the Linux kernel Bluetooth MGMT mesh path. It fixes missing validation of adv_data_len in mesh_send, which could allow out-of-bounds access in queued commands. The description and connected advisories indicate: affected software is the Linux kernel; root cause is failure t...
SUSE CVE-2026-31412
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fmassstorage: Fix potential integer overflow in checkcommandsizeinblocks The checkcommandsizeinblocks function calculates the data size in bytes by left shifting common-datasizefromcmnd by the block size...
EUVD-2026-21361
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fmassstorage: Fix potential integer overflow in checkcommandsizeinblocks The checkcommandsizeinblocks function calculates the data size in bytes by left shifting common-datasizefromcmnd by the block size...
CVE-2026-31412
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fmassstorage: Fix potential integer overflow in checkcommandsizeinblocks The checkcommandsizeinblocks function calculates the data size in bytes by left shifting common-datasizefromcmnd by the block size...
CVE-2026-31412
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fmassstorage: Fix potential integer overflow in checkcommandsizeinblocks The checkcommandsizeinblocks function calculates the data size in bytes by left shifting common-datasizefromcmnd by the block size...
PT-2026-31909
Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description The Linux kernel contains a flaw in the f mass storage gadget driver. The check command size in blocks function does not validate for integer overflows when calculating data size in byte...
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2026-50134)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50134 advisory. - xfrm: delete x-tunnel as we delete x Sabrina Dubroca Orabug: 39016501 CVE-2025-40215 - crypto: afalg - Fix incorrect boolean values in afalgctx...
Important: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Important: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syst...
RHEL 8 : kernel (RHSA-2026:1442)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1442 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: mac80211: fix potential double...
ALSA-2026:1148 Important: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Bluetooth: hcievent: call disconnect callback before deleting conn CVE-2023-53673 kernel: ASoC: Intel: bytcrrt5640: Fix invalid...