CVE-2026-11450

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument devname results in command injection. It is possible to initiate the attack...

GL.iNet GL-MT3000 命令注入漏洞

GL.iNet GL-MT3000 is a portable travel router from the company GL.iNet, which supports Wi-Fi 6 and VPN functions. Version 4.4.5 of GL.iNet GL-MT3000 has a command injection vulnerability. This vulnerability stems from an incorrect operation of the parameter devname in the function dlopen within t...

CVE-2026-32705

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized devnamelen, causing a stack overflow in the driver and crashing the task or...

CVE-2026-32705

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized devnamelen, causing a stack overflow in the driver and crashing the task or...

CVE-2026-2886 Tenda A21 SetOnlineDevName set_device_name stack-based overflow

A weakness has been identified in Tenda A21 1.0.0.0. This affects the function setdevicename of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to t...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001649)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001649 advisory. In the tun subsystem in the Linux kernel before 4.13.14, devgetvalidname is not called before registernetdevice. This allows local users to cause a denial of service...

EUVD-2022-55789

In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix memory leak in nsimbusdevnew If deviceregister failed in nsimbusdevnew, the value of reference in nsimbusdev-dev is 1. obj-name in nsimbusdev-dev will not be released. unreferenced object 0xffff88810352c480 size 16...

EUVD-2018-18933

Malware in sbrugna...

CVE-2023-53454 HID: multitouch: Correct devm device reference for hidinput input_dev name

In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Correct devm device reference for hidinput inputdev name Reference the HID device rather than the input device for the devm allocation of the inputdev name. Referencing the inputdev would lead to a use-after-free...

AZL-70474 CVE-2022-50233 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: eir: Fix using strlen with hdev-devname,shortname Both devname and shortname are not guaranteed to be NULL terminated so this instead use strnlen and then attempt to determine if the resulting string needs to be...

CVE-2022-50233

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: eir: Fix using strlen with hdev-devname,shortname Both devname and shortname are not guaranteed to be NULL terminated so this instead use strnlen and then attempt to determine if the resulting string needs to be...

CVE-2022-50233 Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name}

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: eir: Fix using strlen with hdev-devname,shortname Both devname and shortname are not guaranteed to be NULL terminated so this instead use strnlen and then attempt to determine if the resulting string needs to be...

CVE-2025-3259

A vulnerability, which was classified as critical, has been found in Tenda RX3 16.03.13.11. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely...

SUSE CVE-2022-49046

In the Linux kernel, the following vulnerability has been resolved: i2c: dev: check return value when calling devsetname If devsetname fails, the devname is null, check the return value of devsetname to avoid the null-ptr-deref...

SUSE CVE-2022-49424

In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Fix NULL pointer dereference when printing devname When larbdev is NULL in the case I hit, the node is incorrectly set iommus = , it will cause devicelinkadd fail and kernel crashes when we try to print...

UBUNTU-CVE-2022-49424

In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Fix NULL pointer dereference when printing devname When larbdev is NULL in the case I hit, the node is incorrectly set iommus = , it will cause devicelinkadd fail and kernel crashes when we try to print...

CVE-2022-49060 net/smc: Fix NULL pointer dereference in smc_pnet_find_ib()

In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix NULL pointer dereference in smcpnetfindib devname was called with dev.parent as argument but without to NULL-check it before. Solve this by checking the pointer before the call to devname...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a null pointer dereference when printing devname in the mediatek iommu module...

PT-2024-8701 · Tenda · Tenda Ac6

Name of the Vulnerable Software and Affected Versions: Tenda AC6 version 15.03.05.19 Description: A critical issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName, where the manipulation of the argument devName leads to a stack-based buffer overflow. This can be...

PT-2024-37598 · Tenda · Tenda A301

Name of the Vulnerable Software and Affected Versions: Tenda A301 version 15.13.08.12 Description: A critical issue was found in the function fromSetWirelessRepeat of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to a stack-based buffer overflow. This issue can...