CVE-2026-46161

A flaw was found in the Linux kernel's md/raid10 module. This vulnerability allows a local user to trigger a divide-by-zero error within the setupgeo function by supplying a malformed layout parameter where the farcopies value is set to zero. Successful exploitation of this flaw can lead to a...

CVE-2026-46161

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix divide-by-zero in setupgeo with zero farcopies setupgeo extracts nearcopies nc and farcopies fc from the user-provided layout parameter without checking for zero. When fc=0 with the "improved" far set layout...

CVE-2026-46161 md/raid10: fix divide-by-zero in setup_geo() with zero far_copies

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix divide-by-zero in setupgeo with zero farcopies setupgeo extracts nearcopies nc and farcopies fc from the user-provided layout parameter without checking for zero. When fc=0 with the "improved" far set layout...

EUVD-2026-32788

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix divide-by-zero in setupgeo with zero farcopies setupgeo extracts nearcopies nc and farcopies fc from the user-provided layout parameter without checking for zero. When fc=0 with the "improved" far set layout...

CVE-2026-46161

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix divide-by-zero in setupgeo with zero farcopies setupgeo extracts nearcopies nc and farcopies fc from the user-provided layout parameter without checking for zero. When fc=0 with the "improved" far set layout...

CVE-2026-46161

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix divide-by-zero in setupgeo with zero farcopies setupgeo extracts nearcopies nc and farcopies fc from the user-provided layout parameter without checking for zero. When fc=0 with the "improved" far set layout...

CVE-2026-46161

The CVE concerns the Linux kernel’s md/raid10 code where setup_geo() extracts near_copies (nc) and far_copies (fc) from the user layout without validating zero values. If fc equals 0 under the “improved” far set layout, geo->far_set_size = disks / fc can trigger a divide-by-zero. The fix valid...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the setupgeo function in md raid10 not verifying that farcopies is zero, potentially leading to a zero...

PT-2026-44284

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A divide-by-zero error exists in the setup geo function within the md/raid10 module. The issue occurs when the setup geo function extracts near copies nc and far copies fc from the...

CVE-2026-43232 net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets

In the Linux kernel, the following vulnerability has been resolved: net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets When the FarSync T-series card is being detached, the fstcardinfo is deallocated in fstremoveone. However, the fsttxtask or fstinttask may still be running ...

PT-2026-37572

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the FarSync T-series card driver. When the card is detached, the fst card info structure is deallocated in the fst remove one function. However, if fst t...

CVE-2026-32742 Parse Server session creation endpoint allows overwriting server-generated session fields

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.17 and 8.6.42, an authenticated user can overwrite server-generated session fields sessionToken, expiresAt, createdWith when creating a session object via POST...

Kraken: Higher-Order EM Side-Channel Attacks on DNNs in near and Far Field

The multi-million dollar investment required for modern machine learning ML has made large ML models a prime target for theft. In response, the field of model stealing has emerged. Attacks based on physical side-channel information have shown that DNN model extraction is feasible, even on CUDA...

CVE-2025-14954

A vulnerability has been found in Open5GS up to 2.7.6. Affected is the function ogspfcppdrfindoradd/ogspfcpfarfindoradd/ogspfcpurrfindoradd/ogspfcpqerfindoradd in the library lib/pfcp/context.c of the component QER/FAR/URR/PDR. The manipulation leads to reachable assertion. It is possible to...

CVE-2025-14953 Open5GS FAR-ID handler.c ogs_pfcp_handle_create_pdr null pointer dereference

A flaw has been found in Open5GS up to 2.7.5. This impacts the function ogspfcphandlecreatepdr in the library lib/pfcp/handler.c of the component FAR-ID Handler. Executing a manipulation can lead to null pointer dereference. The attack may be performed from remote. The attack requires a high leve...

CVE-2025-14953

Open5GS up to 2.7.5 contains a null pointer dereference in the FAR-ID Handler, specifically in ogs_pfcp_handle_create_pdr (lib/pfcp/handler.c). The vulnerability can be exploited remotely and is described as high complexity to exploit, with exploitation already published. A patch identified as 93...

EUVD-2025-204566

A flaw has been found in Open5GS up to 2.7.5. This impacts the function ogspfcphandlecreatepdr in the library lib/pfcp/handler.c of the component FAR-ID Handler. Executing manipulation can lead to null pointer dereference. The attack may be performed from remote. The attack requires a high level ...

PT-2025-52483

Name of the Vulnerable Software and Affected Versions Open5GS versions up to 2.7.5 Description A flaw exists in Open5GS impacting the ogs pfcp handle create pdr function within the lib/pfcp/handler.c library of the FAR-ID Handler component. This can lead to a null pointer dereference, potentially...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the parseFAR function when processing a PFCP Session Establishment Request containing a CreateFAR with an empty or truncated IPv4 address field. An attacker can cause the service to crash and disrupt user-plane...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the parseFAR function when processing a PFCP Session Establishment Request containing a CreateFAR with an empty or truncated IPv4 address field. An attacker can cause the service to crash and disrupt user-plane...