CVE-2026-52940

CVE-2026-52940 affects the Linux kernel tun module. In tun_put_user(), an on-stack struct virtio_net_hdr_v1_hash_tunnel is declared but not zeroed; for non-tunnel skbs, virtio_net_hdr_tnl_from_skb() initializes only the first 10 bytes of the 24-byte header, leaving bytes 10–23 as stack garbage. I...

EUVD-2026-38710

In the Linux kernel, the following vulnerability has been resolved: tun: zero the whole vnet header in tunputuser tunputuser declares an on-stack struct virtionethdrv1hashtunnel without zeroing it. For a non-tunnel skb, virtionethdrtnlfromskb only initializes the first 10 bytes sizeofstruct...

CVE-2026-52916

The CVE-2026-52916 issue affects the Linux kernel’s BATMAN-adv fragment handling. batadv_frag_skb_buffer() is invoked when a BATADV_UNICAST_FRAG packet is received, and after defragmentation, batadv_batman_skb_recv() processes the payload again. A malicious sender could craft a BATADV_UNICAST_FRA...

📄 OpenBSD mpls_do_error Stack Disclosure

OpenBSD suffers from an mplsdoerror remote kernel stack disclosure vulnerability via an MPLS label stack. ------------------------------------------------------------------------ OpenBSD mplsdoerror: Remote Kernel Stack Disclosure via MPLS Label Stack Over-read...

Astra Linux – Vulnerability in Linux

In the file drivers/pci/hotplug/rpadlpar/sysfs.c within the Linux kernel up to version 5.11.8, the RPA PCI Hotplug driver suffers a user-tolerable buffer overflow when writing a new device name to the driver from user space. This allows user space to write data directly to the kernel stack frame...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: The crash in timerlatdumpstack has been fixed. We have observed kernel panics when using timerlat with stack saving, with the following dmesg output: memcpy: detected buffer overflow: 88 bytes written to a buffer...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: RISCV: Kernel mappings of the EFI page table must be synchronized before switching to the EFI page table. The EFI page table is initially created as a copy of the kernel page table. When VMAPSTACK is enabled, kernel stacks are...

CVE-2026-56099

OpenBSD before commit 6a23123 2026-06-18 contains an out-of-bounds read vulnerability in the mplsdoerror function within sys/netmpls/mplsinput.c that allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack bit set...

PT-2026-50785

Name of the Vulnerable Software and Affected Versions OpenBSD versions prior to commit 6a23123 Description An out-of-bounds read exists in the mpls do error function within sys/netmpls/mpls input.c. Remote attackers can disclose kernel stack memory by sending crafted MPLS frames containing 16...

CVE-2026-45250

The setcred2 system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied list exceeds the capaci...

CVE-2026-45250

The setcred2 system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied list exceeds the capaci...

EUVD-2026-31252

The setcred2 system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied list exceeds the capaci...

CVE-2026-45250 Stack buffer overflow via setcred(2)

The setcred2 system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied list exceeds the capaci...

CVE-2026-45250

CVE-2026-45250 concerns a stack buffer overflow in the FreeBSD kernel arising from setcred(2). The unprivileged user can trigger a copyin into a fixed-size kernel-stack array before validating the number of supplementary groups, causing a stack overflow when the list is large. This allows an unpr...

Astra Linux - уязвимость в linux, linux-5.10

A flaw was discovered in the Linux kernel’s implementation of RDMA over InfiniBand. An attacker with a privileged local account can leak kernel stack information by issuing commands to the /dev/infiniband/rdmacm device node. Although this access is unlikely to reveal sensitive user information, i...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

A flaw was discovered in the exFAT driver of the Linux kernel. The vulnerability resides in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long...

FreeBSD Security Advisory - FreeBSD-SA-26:18.setcred

FreeBSD Security Advisory - The setcred2 system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the...

FreeBSD -- Stack buffer overflow via setcred(2)

Problem Description: The setcred2 system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied li...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: powerpc/tm: Fix more userspace r13 corruption Commit cf13435b730a "powerpc/tm: Fix userspace r13 corruption" fixes a problem in treclaim where a SLB miss can occur on the threadstruct-ckptregs while SCRATCH0 is live with the save...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some parts of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated. However, the size of these operations is determined separately in the...