CVE-2026-48959 IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward

IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19 against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration...

CVE-2026-48959

IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19 against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration...

CVE-2026-48959

CVE-2026-48959 affects IO::Uncompress::Unzip for Perl prior to 2.220. The issue is a per-byte read loop in fastForward that mis-compares the offset length to the chunk size, causing CPU exhaustion as it iterates from 16 KiB down to 1–19 bytes per step. Reading a named entry from an attacker-suppl...

Linux Distros Unpatched Vulnerability : CVE-2026-48959

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit...

PT-2026-43486

Name of the Vulnerable Software and Affected Versions IO::Uncompress::Unzip versions prior to 2.220 Description An issue in the fastForward function allows CPU exhaustion. The function compares the length of the $offset variable the digit count of the offset, ranging from 1 to 19 against the chun...

PT-2026-43751

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the AppArmor module where the aa get buffer function unconditionally decrements the cache-hold variable when pulling from the per-cpu list. If hold reaches 0 while cou...

PT-2026-43767

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the dpaa2 caam probe function within the crypto CAAM module. The issue arises because cleanup logic was missing in the dpaa2 dpseci free function for error paths...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the percpuref in the md/md-llbitmap driver. This vulnerability causes permanent damage if the pau...

PT-2026-43786

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Real-Time RT load balancing mechanism where a CPU can enter an infinite self-Inter-Processor Interrupt IPI loop, leading to a CPU hardlockup. This occurs when a CP...

CVE-2026-45919

sched/rt: Skip currently executing CPU in rtonextcpu...

PT-2026-43747

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the PCI/P2PDMA component where the p2pmem alloc mmap function fails to invoke percpu ref put to release the per-CPU reference of pgmap acquired after gen pool alloc...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the rtonextcpu function in the RT scheduler not skipping the currently executing CPU. This allows...

Linux Distros Unpatched Vulnerability : CVE-2026-45919

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sched/rt: Skip currently executing CPU in rtonextcpu CPU0 becomes overloaded when hosting a CPU-bound RT task, a non-CPU-bound RT task, and a CFS task stuck in...

Amazon Linux 2023 : docker (ALAS2023-2026-1736)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1736 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

Amazon Linux 2023 : cni-plugins (ALAS2023-2026-1723)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1723 advisory. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBU...

Amazon Linux 2023 : nerdctl (ALAS2023-2026-1735)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1735 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

Amazon Linux 2 : containerd, --advisory ALAS2ECS-2026-116 (ALASECS-2026-116)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-116 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory an...

Amazon Linux 2 : containerd, --advisory ALAS2NITRO-ENCLAVES-2026-105 (ALASNITRO-ENCLAVES-2026-105)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-105 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of ...

Amazon Linux 2023 : runc (ALAS2023-2026-1715)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1715 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2DOCKER-2026-121 (ALASDOCKER-2026-121)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.12.0-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-121 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a...