SUSE-SU-2026:21912-1 Security update for qemu

This update for qemu fixes the following issues - CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto bsc1255400. - CVE-2026-0665: out-of-bounds heap access can lead to a denial of service or potential memory corruption bsc1256484. - CVE-2026-2243: incorrect bounds check leads to heap...

Canonical Ubuntu Linux 安全漏洞

Canonical Ubuntu Linux is a Linux operating system developed by the British company Canonical. The Canonical Ubuntu Linux versions 6.8, 6.17, and 7.0 have security vulnerabilities. These vulnerabilities stem from an incorrect calculation of the internal buffer size, which may lead to out-of-bound...

CVE-2026-33642

Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handlecomposecommand function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wrapping, potentially leading to Heap Buffer...

Open vSwitch 安全漏洞

Open vSwitch is a virtual switch developed as part of the Collaborative Project. There is a security vulnerability in Open vSwitch. This vulnerability arises when configuring conntrack streams that use FTP auxiliary programs. A remote attacker can send a specially crafted FTP stream, resulting in...

Astra Linux - уязвимость в blender

A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption, or potentially code execution...

Astra Linux - уязвимость в qemu

A out-of-bounds heap buffer access issue was identified in the ARM Generic Interrupt Controller emulator of QEMU, as of and including qemu 4.2.0 on the aarch64 platform. The issue arises because, when writing an interrupt ID to the controller’s memory area, it is not masked to be 4 bits wide. Thi...

CVE-2026-31570

In the Linux kernel, the following vulnerability has been resolved: can: gw: fix OOB heap access in cgwcsumcrc8rel cgwcsumcrc8rel correctly computes bounds-safe indices via calcidx: int from = calcidxcrc8-fromidx, cf-len; int to = calcidxcrc8-toidx, cf-len; int res = calcidxcrc8-resultidx, cf-len...

CVE-2026-31570 can: gw: fix OOB heap access in cgw_csum_crc8_rel()

In the Linux kernel, the following vulnerability has been resolved: can: gw: fix OOB heap access in cgwcsumcrc8rel cgwcsumcrc8rel correctly computes bounds-safe indices via calcidx: int from = calcidxcrc8-fromidx, cf-len; int to = calcidxcrc8-toidx, cf-len; int res = calcidxcrc8-resultidx, cf-len...

EUVD-2026-25463

In the Linux kernel, the following vulnerability has been resolved: can: gw: fix OOB heap access in cgwcsumcrc8rel cgwcsumcrc8rel correctly computes bounds-safe indices via calcidx: int from = calcidxcrc8-fromidx, cf-len; int to = calcidxcrc8-toidx, cf-len; int res = calcidxcrc8-resultidx, cf-len...

PT-2026-34922

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds heap access exists in the cgw csum crc8 rel function. Although the function calculates bounds-safe indices using calc idx, it incorrectly uses raw signed 8-bit fields fo...

CVE-2026-34971 Wasmtime miscompiled guest heap access enables sandbox escape on aarch64 Cranelift

Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap accesses which means that the wrong address is accessed. When combined with explicit bounds checks a...

Miscompiled guest heap access enables sandbox escape on aarch64 Cranelift

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-jhxm-h53p-jm7w For more information see the GitHub-hosted security advisory...

CVE-2026-33985 FreeRDP: ClearCodec Glyph Cache Count Desync - Heap OOB Read

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2...

CVE-2026-0665

An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption...

UBUNTU-CVE-2026-0665

An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption...

QEMU 安全漏洞

QEMU Quick Emulator is a simulation software for processors developed by Fabrice Bellard from France. This software features high speed and cross-platform capabilities. QEMU has a security vulnerability, which stems from a minor error in the KVM Xen client support. This error may lead to...

OESA-2026-1352 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: An "off by one" bug has been discovered in QEMU's KVM Xen guest support. A malicious client could exploit this vulnerability to trigger an out-of-bounds heap access in the QEMU process vi...

libpng 安全漏洞

libpng is an open-source library developed by The PNG Development Group, which allows for the creation, reading, and other operations on PNG graphic files. Versions of libpng prior to 1.6.55 contained security vulnerabilities; these vulnerabilities stemmed from the pngsetquantize function’s abili...

sumatrapdf numerical error vulnerability

Sumatrapdf is an open-source PDF reader developed by SumatraPDF Reader. SumatraPDF has a digital error vulnerability; this vulnerability stems from handling specially crafted Mobi files, where a single mistake or integer underflow can lead to out-of-bounds heap access and application crashes...

PT-2026-3853

EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwing errors. This results in pointers arithmetic instead of printing the integer value as expected, like most of interpreted languages. This can be...