Netty epoll transport denial of service via RST on half-closed TCP connection

Summary Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some code paths, a 100% CPU busy-loop in the event loop thread. Affected versions All versions of 4.2.x...

netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood

A flaw was found in Netty. A remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on these frames, coupled with a bypass of size-based mitigations using zero-byte frames, allows an attacker to consume...

EUVD-2026-27669

In the Linux kernel, the following vulnerability has been resolved: mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchpipcgetclusteraggrirq The clustercfg array is dynamically allocated to hold per-CPU configuration structures, with its size based on the number of online CPUs. Previously, thi...

EUVD-2026-27771

In the Linux kernel, the following vulnerability has been resolved: net: do not pass flowid to setrpscpu Blamed commit made the assumption that the RPS table for each receive queue would have the same size, and that it would not change. Compute flowid in setrpscpu, do not assume we can use the...

CVE-2026-43258

In the Linux kernel, the following vulnerability has been resolved: alpha: fix user-space corruption during memory compaction Alpha systems can suffer sporadic user-space crashes and heap corruption when memory compaction is enabled. Symptoms include SIGSEGV, glibc allocator failures e.g...

CVE-2026-43208

In the Linux kernel, the following vulnerability has been resolved: net: do not pass flowid to setrpscpu Blamed commit made the assumption that the RPS table for each receive queue would have the same size, and that it would not change. Compute flowid in setrpscpu, do not assume we can use the...

CVE-2026-43122

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2026-43274

Summary (validated by connected docs): In the Linux kernel, the mailbox subsystem (mchp-ipc-sbi) had an out-of-bounds access in mchp_ipc_get_cluster_aggr_irq() caused by indexing the dynamically allocated cluster_cfg array with hartid (potentially non-contiguous/ out of range). The fix switches t...

CVE-2026-43274

In the Linux kernel, the following vulnerability has been resolved: mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchpipcgetclusteraggrirq The clustercfg array is dynamically allocated to hold per-CPU configuration structures, with its size based on the number of online CPUs. Previously, thi...

CVE-2026-43274 mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()

In the Linux kernel, the following vulnerability has been resolved: mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchpipcgetclusteraggrirq The clustercfg array is dynamically allocated to hold per-CPU configuration structures, with its size based on the number of online CPUs. Previously, thi...

CVE-2026-43258

In the Linux kernel, the following vulnerability has been resolved: alpha: fix user-space corruption during memory compaction Alpha systems can suffer sporadic user-space crashes and heap corruption when memory compaction is enabled. Symptoms include SIGSEGV, glibc allocator failures e.g...

CVE-2026-43208

The CVE-2026-43208 entry describes a Linux kernel networking vulnerability where an incorrect assumption about the Receive Packet Steering (RPS) table size/immutability leads to out-of-bounds access when computing the flow_id in set_rps_cpu(). The fix requires computing flow_id within set_rps_cpu...

CVE-2026-43208 net: do not pass flow_id to set_rps_cpu()

In the Linux kernel, the following vulnerability has been resolved: net: do not pass flowid to setrpscpu Blamed commit made the assumption that the RPS table for each receive queue would have the same size, and that it would not change. Compute flowid in setrpscpu, do not assume we can use the...

CVE-2026-43208

In the Linux kernel, the following vulnerability has been resolved: net: do not pass flowid to setrpscpu Blamed commit made the assumption that the RPS table for each receive queue would have the same size, and that it would not change. Compute flowid in setrpscpu, do not assume we can use the...

CVE-2026-43079

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Skip discovery table for offline dies This warning can be triggered if NUMA is disabled and the system boots with fewer CPUs than the number of CPUs in die 0. WARNING: CPU: 9 PID: 7257 at uncore.c:1157...

PT-2026-38280

Name of the Vulnerable Software and Affected Versions Netty versions 4.2.0.Final through 4.2.12.Final Description Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed. This occurs when a connection has ALLOW HALF CLOSURE enabled or is in a...

PT-2026-37605

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM x86 component where the system fails to ignore -EBUSY when checking nested events from the vcpu block function after exiting a blocking state while L2 is activ...

PT-2026-37548

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists where the set rps cpu function incorrectly assumes that the Receive Packet Steering RPS table for each receive queue is of a constant size and does not change. By passing...

PT-2026-37598

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Alpha systems may experience sporadic user-space crashes and heap corruption when memory compaction is enabled. This issue is caused by insufficient TLB Translation Lookaside Buffer...

PT-2026-37614

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds access issue exists in the mchp ipc get cluster aggr irq function. The cluster cfg array, which is dynamically allocated for per-CPU configuration structures based on th...