41 matches found
SUSE CVE-2026-46140
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: validate WMT event SKB length before struct access btmtkusbhciwmtsync casts the WMT event response SKB data to struct btmtkhciwmtevt 7 bytes and struct btmtkhciwmtevtfuncc 9 bytes without first checking that the...
CVE-2026-46140
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: validate WMT event SKB length before struct access btmtkusbhciwmtsync casts the WMT event response SKB data to struct btmtkhciwmtevt 7 bytes and struct btmtkhciwmtevtfuncc 9 bytes without first checking that the...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: bnxten: The backing store type is set based on the query type. The bnxthwrmfuncbackingstoreqcapsv2 function stores resp-type from the firmware response in ctxm-type, and then uses that value to index fixed backing-store metadata...
SUSE CVE-2026-43034
In the Linux kernel, the following vulnerability has been resolved: bnxten: set backing store type from query type bnxthwrmfuncbackingstoreqcapsv2 stores resp-type from the firmware response in ctxm-type and later uses that value to index fixed backing-store metadata arrays such as ctxarr and...
Linux Distros Unpatched Vulnerability : CVE-2026-43034
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bnxten: set backing store type from query type bnxthwrmfuncbackingstoreqcapsv2 stores resp-type from the firmware response in ctxm-type and later uses that valu...
CVE-2026-43034
A flaw was found in the bnxten driver within the Linux kernel. This vulnerability arises from the bnxthwrmfuncbackingstoreqcapsv2 function using an incorrect type value from the firmware response to index internal data arrays. This improper indexing could lead to memory corruption, potentially...
CVE-2026-43034
In the Linux kernel, the following vulnerability has been resolved: bnxten: set backing store type from query type bnxthwrmfuncbackingstoreqcapsv2 stores resp-type from the firmware response in ctxm-type and later uses that value to index fixed backing-store metadata arrays such as ctxarr and...
CVE-2026-43034
In the Linux kernel, the following vulnerability has been resolved: bnxten: set backing store type from query type bnxthwrmfuncbackingstoreqcapsv2 stores resp-type from the firmware response in ctxm-type and later uses that value to index fixed backing-store metadata arrays such as ctxarr and...
CVE-2026-43034 bnxt_en: set backing store type from query type
In the Linux kernel, the following vulnerability has been resolved: bnxten: set backing store type from query type bnxthwrmfuncbackingstoreqcapsv2 stores resp-type from the firmware response in ctxm-type and later uses that value to index fixed backing-store metadata arrays such as ctxarr and...
CVE-2026-43034
Root cause CVE-2026-43034: in the bnxt_en driver of the Linux kernel, ctxm->type is populated from the firmware response (resp->type) and later used to index fixed backing-store metadata arrays, risking memory corruption. The fix changes ctxm->type to come from the current loop variable ...
EUVD-2026-26633
In the Linux kernel, the following vulnerability has been resolved: bnxten: set backing store type from query type bnxthwrmfuncbackingstoreqcapsv2 stores resp-type from the firmware response in ctxm-type and later uses that value to index fixed backing-store metadata arrays such as ctxarr and...
PT-2026-36451
In the Linux kernel, the following vulnerability has been resolved: bnxt en: set backing store type from query type bnxt hwrm func backing store qcaps v2 stores resp-type from the firmware response in ctxm-type and later uses that value to index fixed backing-store metadata arrays such as ctx arr...
EUVD-2019-2341
Malware in sbrugna...
UBUNTU-CVE-2023-53589
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't trust firmware nchannels If the firmware sends us a corrupted MCC response with nchannels much larger than the command response can be, we might copy far too much uninitialized memory and even crash if t...
CVE-2023-53589 wifi: iwlwifi: mvm: don't trust firmware n_channels
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't trust firmware nchannels If the firmware sends us a corrupted MCC response with nchannels much larger than the command response can be, we might copy far too much uninitialized memory and even crash if t...
PT-2025-40648
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer overflow issue exists in the wilc1000 driver related to WID string configuration. The problem occurs during the parsing of response frames, specifically when copying data into t...
EUVD-2025-13517
Malicious code in bioql PyPI...
EUVD-2025-13522
Malicious code in bioql PyPI...
CVE-2019-10538
Lack of check of address range received from firmware response allows modem to respond arbitrary pages into its address range which can compromise HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdrag...
CVE-2025-21467
Memory corruption while reading the FW response from the shared queue...