Lucene search
K

1077 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-6.1, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: corrected incorrect allocation size gcc-14 notes that the allocation using sizeofvoid on 32-bit architectures is insufficient for a 64-bit physaddrt: drivers/firmware/efi/capsule-loader.c: In the function...

5.5CVSS5.6AI score0.00244EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: monaco: Reserve a full Gunyah metadata region. We have observed spurious “Synchronous External Abort” exceptions ESR=0x96000010 and kernel crashes on Monaco-based platforms. These faults are caused by the kernel...

7.5CVSS5.7AI score0.00335EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in edk2

The BootPerformanceTable pointer is retrieved from an NVRAM variable within PEI. It is recommended that the PcdFirmwarePerformanceDataTableS3Support be set to FALSE...

7.8CVSS6.4AI score0.00423EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerabilities have been resolved: tpm: efi: Use a local variable to calculate the final log size When tpmreadlogefi is called multiple times, which occurs when one loads and unloads a TPM2 driver multiple times, the global variable efitpmfinallogsize will...

5.5CVSS6.4AI score0.00235EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.10 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021588)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021588 advisory. In the Linux kernel, the following vulnerability has been resolved: fbdev: efifb: Register sysfs groups through driver core The driver core can register and cleanup...

5.5CVSS5.8AI score0.00263EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/19 10:11 a.m.20 views

edk2: EDK2: Improper Input Validation allows arbitrary command execution

A flaw was found in EDK2 EFI Development Kit 2. This vulnerability allows an attacker to cause arbitrary command execution and impact Confidentiality, Integrity, and Availability via improper input validation by local access...

8.4CVSS6AI score0.00669EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/14 8:21 a.m.12 views

CVE-2026-34963

barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section...

8.6CVSS6.3AI score0.00157EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 12:31 a.m.10 views

EUVD-2026-29347

barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section...

8.6CVSS6.3AI score0.00157EPSS
Exploits0References4
NVD
NVD
added 2026/05/11 11:19 p.m.14 views

CVE-2026-34963

barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section...

8.6CVSS0.00157EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/11 10:17 p.m.40 views

CVE-2026-34963 barebox EFI PE Loader Memory Safety Vulnerabilities

barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section...

8.6CVSS0.00157EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/11 10:17 p.m.9 views

CVE-2026-34963 barebox EFI PE Loader Memory Safety Vulnerabilities

barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section...

8.6CVSS6.3AI score0.00157EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/11 10:17 p.m.7 views

CVE-2026-34963

barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section...

8.6CVSS6.3AI score0.00157EPSS
Exploits0References4
CVE
CVE
added 2026/05/11 10:17 p.m.34 views

CVE-2026-34963

Barebox EFI PE loader (efi/loader/pe.c) contains multiple memory-safety vulnerabilities in versions prior to 2026.04.0: (1) 32-bit arithmetic overflow in virtual image size calculation on section VirtualAddress/size can cause undersized heap allocations, and (2) PE section loading does not valida...

8.6CVSS6.3AI score0.00157EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

Barebox 输入验证错误漏洞

Barebox is a versatile and flexible bootloader developed by Barebox Open Source. Versions of barebox prior to 2026.04.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from integer overflows and unvalidated boundaries within the EFI PE loader, which could...

8.6CVSS6.1AI score0.00157EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 3:31 p.m.11 views

EUVD-2026-28631

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: monaco: Reserve full Gunyah metadata region We observe spurious "Synchronous External Abort" exceptions ESR=0x96000010 and kernel crashes on Monaco-based platforms. These faults are caused by the kernel...

5.8AI score0.00335EPSS
Exploits0References4
NVD
NVD
added 2026/05/06 12:16 p.m.10 views

CVE-2026-43171

In the Linux kernel, the following vulnerability has been resolved: EFI/CPER: don't dump the entire memory region The current logic at cperprintfwerr doesn't check if the error record length is big enough to handle offset. On a bad firmware, if the ofset is above the actual record, length -= offs...

5.5CVSS0.00123EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/06 11:27 a.m.6 views

CVE-2026-43171

In the Linux kernel, the following vulnerability has been resolved: EFI/CPER: don't dump the entire memory region The current logic at cperprintfwerr doesn't check if the error record length is big enough to handle offset. On a bad firmware, if the ofset is above the actual record, length -= offs...

5.8AI score0.00123EPSS
Exploits0References9Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-37606

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the GHES/CPER logic of the Linux kernel regarding the handling of ARM processor CPER records. The system fails to detect when the section length is excessively large. ...

5.5CVSS5.9AI score0.00119EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-43266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - EFI/CPER: don't go past the ARM processor CPER record buffer There's a logic inside GHES/CPER to detect if the sectionlength is too small, but it doesn't detect...

5.5CVSS6.3AI score0.00119EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-43171

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - EFI/CPER: don't dump the entire memory region The current logic at cperprintfwerr doesn't check if the error record length is big enough to handle offset. On a...

5.5CVSS6.2AI score0.00123EPSS
Exploits0References3
Rows per page
Query Builder