EUVD-2026-32838

In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: fix error handling in msmioctlgeminfogetmetadata msmioctlgeminfogetmetadata always returns 0 regardless of errors. When copytouser fails or the user buffer is too small, the error code stored in ret is ignored becaus...

CVE-2026-46211

CVE-2026-46211 affects the Linux kernel drm/msm/gem component. The flaw in msm_ioctl_gem_info_get_metadata() can cause a NULL pointer dereference due to unchecked allocation (kmemdup()) and always returning 0 on errors, making userspace believe success. The issue is fixed by adding a NULL check f...

CVE-2024-35221

Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.fromyaml. fromyaml makes use of SafeYAML.load which allows YAML aliases inside the YAML-bas...

RubyGems: Memory leak in gem decode logic can allow attacker to take down Rubygems.org application

A memory leak vulnerability was discovered in the gem decode logic of the Rubygems.org application. The vulnerability allowed an attacker with a valid API key to set arbitrary instance variables during the decoding of gem metadata, which would cause the server to exhaust its memory. The issue was...

PT-2024-5071 · Unknown · Rubygems.Org

Name of the Vulnerable Software and Affected Versions: RubyGems.org affected versions not specified Description: The issue is related to how Ruby reads the Manifest of Gem files when using Gem::Specification.from yaml, which makes use of SafeYAML.load. This allows YAML aliases inside the YAML-bas...