CVE-2026-43113 wifi: wl1251: validate packet IDs before indexing tx_frames

In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: validate packet IDs before indexing txframes wl1251txpacketcb uses the firmware completion ID directly to index the fixed 16-entry wl-txframes array. The ID is a raw u8 from the completion block, and the callback do...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the wl1251txpacketcb function not verifying the firmware completion ID range, potentially leading to...

The vulnerability of the rtw_wait_firmware_completion() function in the drivers/net/wireless/realtek/rtw88/main.c file of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the rtwwaitfirmwarecompletion function in the drivers/net/wireless/realtek/rtw88/main.c file of the Linux kernel is related to the repeated use of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5: Discarded command completions in internal errors. Fixed the use of “free” commands when FW completions occur while the device is in an internal error state. Avoid calling the completion handler in this case, as the...

kernel: net/mlx5: Add a timeout to acquire the command queue semaphore

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Add a timeout to acquire the command queue semaphore Prevent forced completion handling on an entry that has not yet been assigned an index, causing an out of bounds access on idx = -22. Instead of waiting indefinitely...

UBUNTU-CVE-2024-46842

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Handle mailbox timeouts in lpfcgetsfpinfo The MBXTIMEOUT return code is not handled in lpfcgetsfpinfo and the routine unconditionally frees submitted mailbox commands regardless of return status. The issue is that for...

SUSE CVE-2024-38556

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Add a timeout to acquire the command queue semaphore Prevent forced completion handling on an entry that has not yet been assigned an index, causing an out of bounds access on idx = -22. Instead of waiting indefinitely...