CVE-2026-5164

A flaw was found in virtio-win. The RhelDoUnMap function does not properly validate the number of descriptors provided by a user during an unmap request. A local user could exploit this input validation vulnerability by supplying an excessive number of descriptors, leading to a buffer overrun. Th...

CVE-2026-5164 Virtio-win: virtio-win: denial of service via unvalidated descriptor count in unmap request

A flaw was found in virtio-win. The RhelDoUnMap function does not properly validate the number of descriptors provided by a user during an unmap request. A local user could exploit this input validation vulnerability by supplying an excessive number of descriptors, leading to a buffer overrun. Th...

CVE-2026-5164 Virtio-win: virtio-win: denial of service via unvalidated descriptor count in unmap request

A flaw was found in virtio-win. The RhelDoUnMap function does not properly validate the number of descriptors provided by a user during an unmap request. A local user could exploit this input validation vulnerability by supplying an excessive number of descriptors, leading to a buffer overrun. Th...

CVE-2026-5164

The CVE-2026-5164 entry describes a vulnerability in virtio-win where the RhelDoUnMap() function fails to properly validate the number of descriptors in an unmap request. This input validation flaw can be exploited by a local user who supplies an excessive number of descriptors, potentially causi...

CVE-2026-5164

A flaw was found in virtio-win. The RhelDoUnMap function does not properly validate the number of descriptors provided by a user during an unmap request. A local user could exploit this input validation vulnerability by supplying an excessive number of descriptors, leading to a buffer overrun. Th...

virtio-win 安全漏洞

virtio-win is an open-source virtual machine simulation software developed by virtio-win. virtio-win has a security vulnerability; this vulnerability stems from the RhelDoUnMap function not properly verifying the number of descriptors provided by the user, which may lead to buffer overflows and...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect adjustment of desc-count in the iozcrxrecvskb function, which could cause received data to exce...

EUVD-2016-9735

Malware in sbrugna...

bnxt_en: Mask the bd_cnt field in the TX BD properly

...

Linux Distros Unpatched Vulnerability : CVE-2025-22108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bnxten: Mask the bdcnt field in the TX BD properly The bdcnt field in the TX BD specifies the total number of BDs for the TX packet. The bdcnt field has 5 bits...

UBUNTU-CVE-2025-22108

In the Linux kernel, the following vulnerability has been resolved: bnxten: Mask the bdcnt field in the TX BD properly The bdcnt field in the TX BD specifies the total number of BDs for the TX packet. The bdcnt field has 5 bits and the maximum number supported is 32 with the value 0...

UBUNTU-CVE-2024-41046

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiqetop: fix double free in detach The number of the currently released descriptor is never incremented which results in the same skb being released multiple times...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that the number of currently freed descriptors never increases, causing the same skb to be freed...

SUSE CVE-2022-21504

The code in UEK6 U3 was missing an appropiate file descriptor count to be missing. This resulted in a use count error that allowed a file descriptor to a socket to be closed and freed while it was still in use by another portion of the kernel. An attack with local access can operate on the socket...

dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK...

dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK...

CVE-2022-21504

The code in UEK6 U3 was missing an appropiate file descriptor count to be missing. This resulted in a use count error that allowed a file descriptor to a socket to be closed and freed while it was still in use by another portion of the kernel. An attack with local access can operate on the socket...

CVE-2016-8910

The rtl8139cplustransmit function in hw/net/rtl8139.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and CPU consumption by leveraging failure to limit the ring descriptor count...

Security update for xen (important)

xen was updated to version 4.7.1 to fix 17 security issues. These security issues were fixed: - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host bsc1011652. - CVE-2016-9386: x86 null segments were not always treated as...

CVE-2016-8910

The rtl8139cplustransmit function in hw/net/rtl8139.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and CPU consumption by leveraging failure to limit the ring descriptor count...