Moderate: Red Hat Security Advisory: systemd security update

An update for systemd is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump

A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the origina...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fixed an out-of-bound memcpy call during ethtool -w When retrieving the FW core dump using ethtool, memory corruption can sometimes occur. BUG: KFENCE: Memory corruption in bnxtgetcoredump+0x3ef/0x670 bnxten Corrupted...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: Fix memory leak This checks if CONFIGDEVCOREDUMP is enabled before attempting to clone the skb and also make sure btmtkprocesscoredump frees the skb passed following the same logic...

Astra Linux - уязвимость в linux-5.10, linux-5.15

A use-after-free flaw was discovered in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 “coredump: Use the vma snapshot in fillfilesnote” is not applied yet, then the kernel may be affected...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel BUG in netfslimititer for ITERKVEC iterators When a process crashes and the kernel writes a core dump to a 9P filesystem, kernelwrite creates an ITERKVEC iterator. This iterator reaches netfslimititer via...

SUSE CVE-2026-31438

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel BUG in netfslimititer for ITERKVEC iterators When a process crashes and the kernel writes a core dump to a 9P filesystem, kernelwrite creates an ITERKVEC iterator. This iterator reaches netfslimititer via...

CVE-2026-31438

A flaw was found in the Linux kernel's netfs component. When a process crashes and the kernel attempts to write a core dump to a 9P filesystem, the netfslimititer function does not properly handle ITERKVEC iterators. This oversight can lead to a kernel BUG, resulting in a system crash and a Denia...

EUVD-2026-24764

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel BUG in netfslimititer for ITERKVEC iterators When a process crashes and the kernel writes a core dump to a 9P filesystem, kernelwrite creates an ITERKVEC iterator. This iterator reaches netfslimititer via...

CVE-2026-31438

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel BUG in netfslimititer for ITERKVEC iterators When a process crashes and the kernel writes a core dump to a 9P filesystem, kernelwrite creates an ITERKVEC iterator. This iterator reaches netfslimititer via...

CVE-2026-31438

CVE-2026-31438 affects the Linux kernel netfs code. A BUG occurs in netfs_limit_iter() when processing ITER_KVEC iterators (e.g., during core-dump to 9P), because ITER_KVEC is not dispatched like other supported types. The fix adds netfs_limit_kvec() (paralleling netfs_limit_bvec()) and dispatche...

PT-2026-34343

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel BUG in netfs limit iter for ITER KVEC iterators When a process crashes and the kernel writes a core dump to a 9P filesystem, kernel write creates an ITER KVEC iterator. This iterator reaches netfs limit iter via...

EulerOS Virtualization 2.12.1 : systemd (EulerOS-SA-2026-1466)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a...

DEBIAN-CVE-2020-37127

Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcprelease utility that allows attackers to cause a denial of service by supplying excessive input. Attackers can trigger a core dump and terminate the dhcprelease process by sending a crafted input string longer than 16...

CVE-2020-37127

Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcprelease utility that allows attackers to cause a denial of service by supplying excessive input. Attackers can trigger a core dump and terminate the dhcprelease process by sending a crafted input string longer than 16...

UBUNTU-CVE-2020-37127

Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcprelease utility that allows attackers to cause a denial of service by supplying excessive input. Attackers can trigger a core dump and terminate the dhcprelease process by sending a crafted input string longer than 16...

EUVD-2020-31023

Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcprelease utility that allows attackers to cause a denial of service by supplying excessive input. Attackers can trigger a core dump and terminate the dhcprelease process by sending a crafted input string longer than 16...

EulerOS Virtualization 2.10.1 : systemd (EulerOS-SA-2026-1148)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a...

SUSE SLES15 / openSUSE 15 Security Update : busybox (SUSE-SU-2026:0236-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0236-1 advisory. This update for busybox fixes the following issues: Security issues: - CVE-2025-46394: Fixed tar hidden files via...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the dumps function in formatter.rs. An attacker can cause a core dump by supplying a deeply nested JSON document. PoC python import orjson import sys import platform printf'OS: platform.platform' printf'Python...