764 matches found
CVE-2026-45250
The setcred2 system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied list exceeds the capaci...
CVE-2026-45250
CVE-2026-45250 concerns a stack buffer overflow in the FreeBSD kernel arising from setcred(2). The unprivileged user can trigger a copyin into a fixed-size kernel-stack array before validating the number of supplementary groups, causing a stack overflow when the list is large. This allows an unpr...
CVE-2026-45250 Stack buffer overflow via setcred(2)
The setcred2 system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied list exceeds the capaci...
EUVD-2026-31252
The setcred2 system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied list exceeds the capaci...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fixed a possible incorrect match in nfosffind. nfosffind incorrectly returns true in case of a mismatch, which leads to copying uninitialized memory areas in nftosf. This can result in leaking stale kerne...
Astra Linux - уязвимость в linux
In the file drivers/pci/hotplug/rpadlpar/sysfs.c within the Linux kernel up to version 5.11.8, the RPA PCI Hotplug driver suffers a user-tolerable buffer overflow when writing a new device name to the driver from user space. This allows user space to write data directly to the kernel stack frame...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: The crash in timerlatdumpstack has been fixed. We have observed kernel panics when using timerlat with stack saving, with the following dmesg output: memcpy: detected buffer overflow: 88 bytes written to a buffer...
FreeBSD -- Stack buffer overflow via setcred(2)
Problem Description: The setcred2 system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied li...
FreeBSD Security Advisory - FreeBSD-SA-26:18.setcred
FreeBSD Security Advisory - The setcred2 system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the...
Astra Linux - уязвимость в linux, linux-5.10
A flaw was discovered in the Linux kernel’s implementation of RDMA over InfiniBand. An attacker with a privileged local account can leak kernel stack information by issuing commands to the /dev/infiniband/rdmacm device node. Although this access is unlikely to reveal sensitive user information, i...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: riscv: prevent ptregs corruption for secondary idle threads Top of the kernel thread stack should be reserved for ptregs. However this is not the case for the idle threads of the secondary boot harts. Their stacks overlap with...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated. The size of those operations however is determined separately in analyseinstr...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerability has been resolved: riscv: Sync efi page table's kernel mappings before switching The EFI page table is initially created as a copy of the kernel page table. With VMAPSTACK enabled, kernel stacks are allocated in the vmalloc area: if the stack is...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerability has been resolved: powerpc/tm: Fix more userspace r13 corruption Commit cf13435b730a "powerpc/tm: Fix userspace r13 corruption" fixes a problem in treclaim where a SLB miss can occur on the threadstruct-ckptregs while SCRATCH0 is live with the save...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15
A flaw was discovered in the exFAT driver of the Linux kernel. The vulnerability resides in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long...
Linux Distros Unpatched Vulnerability : CVE-2026-23404
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - apparmor: replace recursive profile removal with iterative approach The profile removal code uses recursion when removing nested profiles, which can lead to...
SUSE CVE-2026-23404
In the Linux kernel, the following vulnerability has been resolved: apparmor: replace recursive profile removal with iterative approach The profile removal code uses recursion when removing nested profiles, which can lead to kernel stack exhaustion and system crashes. Reproducer: $ pf='a'; for i=...
CVE-2026-23404
A flaw was found in the Linux kernel's AppArmor security module. A local user could trigger a denial of service by initiating a recursive profile removal operation with deeply nested profiles. This recursive process can lead to kernel stack exhaustion, causing the system to crash...
CVE-2026-23404 apparmor: replace recursive profile removal with iterative approach
In the Linux kernel, the following vulnerability has been resolved: apparmor: replace recursive profile removal with iterative approach The profile removal code uses recursion when removing nested profiles, which can lead to kernel stack exhaustion and system crashes. Reproducer: $ pf='a'; for i=...
SUSE CVE-2026-23335
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix kernel stack leak in irdmacreateuserah struct irdmacreateahresp // 8 bytes, no padding u32 ahid; // offset 0 - SET uresp.ahid = ah-scah.ahinfo.ahidx u8 rsvd4; // offset 4 - NEVER SET - LEAK ; rsvd4: 4 bytes of sta...