UBUNTU-CVE-2026-45994

In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix OOB reads in commandfilewrite due to missing size checks The commandfilewrite handler allocates a kernel buffer of exactly count bytes and copies user data into it, but does not validate the buffer against the dot...

CVE-2026-31617

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: validate minimum blocklen in ncmunwrapntb The blocklen read from the host-supplied NTB header is checked against ntbmax but has no lower bound. When blocklen is smaller than opts-ndpsize, the bounds check of:...

CVE-2025-39787

CVE-2025-39787 (Linux kernel) affects the soc: qcom: mdt_loader in remoteproc usage. The root cause is reading beyond the ELF header during traversal; the fix validates the firmware buffer size and also validates e_phentsize and e_shentsize to ensure correct header traversal. Impact described as ...

CVE-2023-35849

VirtualSquare picoTCP aka PicoTCP-NG through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet...

CVE-2023-35849

VirtualSquare picoTCP aka PicoTCP-NG through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet...

CVE-2022-23096

An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read...