9 matches found
CVE-2026-55958
Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In tsipStoreMessage the capacity check guarding the fixed message bag MSGBAGSIZE sets an error code but fails to return, so execution falls through to an XMEMCPY that writes past the end of the buffer once the accumulated TLS 1.3...
EUVD-2026-39546
Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In tsipStoreMessage the capacity check guarding the fixed message bag MSGBAGSIZE sets an error code but fails to return, so execution falls through to an XMEMCPY that writes past the end of the buffer once the accumulated TLS 1.3...
CVE-2026-55958
The CVE-2026-55958 issue is a buffer overrun in Renesas TSIP TLS 1.3 transcript handling. In tsip_StoreMessage(), a capacity check for the fixed MSGBAG_SIZE (8 KB) sets an error but does not return, allowing an XMEMCPY to overwrite past the end once the TLS handshake transcript exceeds MSGBAGE_SI...
CVE-2026-23122
In the Linux kernel, the following vulnerability has been resolved: igc: Reduce TSN TX packet buffer from 7KB to 5KB per queue The previous 7 KB per queue caused TX unit hangs under heavy timestamping load. Reducing to 5 KB avoids these hangs and matches the TSN recommendation in I225/I226 SW Use...
CVE-2025-40295 fscrypt: fix left shift underflow when inode->i_blkbits > PAGE_SHIFT
In the Linux kernel, the following vulnerability has been resolved: fscrypt: fix left shift underflow when inode-iblkbits PAGESHIFT When simulating an nvme device on qemu with both logicalblocksize and physicalblocksize set to 8 KiB, an error trace appears during partition table reading at boot...
CVE-2025-40265 vfat: fix missing sb_min_blocksize() return value checks
In the Linux kernel, the following vulnerability has been resolved: vfat: fix missing sbminblocksize return value checks When emulating an nvme device on qemu with both logicalblocksize and physicalblocksize set to 8 KiB, but without format, a kernel panic was triggered during the early boot stag...
kernel: wifi: ath11k: decrease MHI channel buffer length to 8KB
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: decrease MHI channel buffer length to 8KB The Linux kernel CVE team has assigned CVE-2024-35938 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051918-CVE-2024-35938-0100@gregkh/T...
kernel: wifi: ath11k: decrease MHI channel buffer length to 8KB
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: decrease MHI channel buffer length to 8KB The Linux kernel CVE team has assigned CVE-2024-35938 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051918-CVE-2024-35938-0100@gregkh/T...
UBUNTU-CVE-2024-35938
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: decrease MHI channel buffer length to 8KB Currently buflen field of ath11kmhiconfigqca6390 is assigned with 0, making MHI use a default size, 64KB, to allocate channel buffers. This is likely to fail in some scenari...