PassMark多款产品 输入验证错误漏洞

PassMark Burnintest and others are products of PassMark Australia.PassMark Burnintest is a software that can be used to test the reliability and load testing of computers.PassMark OSForensics is a digital forensics analysis tool.PassMark PerformanceTest is a computer performance testing tool. An...

PT-2026-36338

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the smb2 ioctl query info function within the QUERY INFO path. The function clamps qi.input buffer length to the server-reported OutputBufferLength and...

EUVD-2025-209609

An issue in the component DirectIo64.sys of PassMark BurnInTest v11.0 Build 1011, OSForensics v11.1 Build 1007, and PerformanceTest v11.1 Build 1004 allows attackers to access kernel memory and escalate privileges via a crafted IOCTL 0x8011E044 call...

CVE-2025-52347

An issue in the component DirectIo64.sys of PassMark BurnInTest v11.0 Build 1011, OSForensics v11.1 Build 1007, and PerformanceTest v11.1 Build 1004 allows attackers to access kernel memory and escalate privileges via a crafted IOCTL 0x8011E044 call...

CVE-2025-52347

The CVE-2025-52347 entry concerns DirectIo64.sys in PassMark BurnInTest v11.0 Build 1011, OSForensics v11.1 Build 1007, and PerformanceTest v11.1 Build 1004. The underlying issue is a vulnerability in the DirectIo64.sys component that allows attackers to access kernel memory and escalate privileg...

Linux kernel double free in Xen privcmd driver

ISSUE DESCRIPTION The Linux kernel's privcmd driver can be abused to circumvent kernel lockdown secure boot by causing a double free of kernel memory. Note that this operation can be performed by root only, so any further impact on the system like denial of service is not security relevant. IMPAC...

mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()

...

CVE-2026-31664

A flaw was found in the Linux kernel's xfrm subsystem. This vulnerability arises because the buildpolexpire function does not clear trailing padding bytes within the xfrmuserpolexpire structure. Consequently, these uninitialized padding bytes, which contain kernel heap memory contents, are sent t...

CVE-2026-31617

A flaw was found in the Linux kernel's USB Network Control Model NCM gadget driver. A malicious USB host could exploit an integer underflow vulnerability when processing Network Transfer Block NTB headers. This allows the host to manipulate internal data pointers, causing adjacent kernel memory t...

DEBIAN-CVE-2026-31592

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Protect all of sevmemencregisterregion with kvm-lock Take and hold kvm-lock for before checking sevguest in sevmemencregisterregion, as sevguest isn't stable unless kvm-lock is held or KVM can guarantee KVMSEVINIT2 has...

CVE-2026-31664

In the Linux kernel, the following vulnerability has been resolved: xfrm: clear trailing padding in buildpolexpire buildexpire clears the trailing padding bytes of struct xfrmuserexpire after setting the hard field via memsetafter, but the analogous function buildpolexpire does not do this for...

CVE-2026-31654 mm/vma: fix memory leak in __mmap_region()

In the Linux kernel, the following vulnerability has been resolved: mm/vma: fix memory leak in mmapregion commit 605f6586ecf7 "mm/vma: do not leak memory when .mmapprepare swaps the file" handled the success path by skipping getfile via filedoesntneedget, but missed the error path. When /dev/zero...

EUVD-2026-25546

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: dealloc repeatcallcontrol if damoncall fails damoncall for repeatcallcontrol of DAMONSYSFS could fail if somehow the kdamond is stopped before the damoncall. It could happen, for example, when te damon context was...

CVE-2026-31610

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc The kernel ASN.1 BER decoder calls action callbacks incrementally as it walks the input. When ksmbddecodenegTokenInit reaches the mechToken 2 OCTET STRING...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an integer underflow under the stmmac chained mode. This vulnerability could lead to arbitrary...

CVE-2026-31464

A flaw was found in the Linux kernel's scsi: ibmvfc driver. A malicious or compromised Virtual I/O VIO server can exploit this by sending a crafted response during target discovery. This response can cause an out-of-bounds memory access, leading to the disclosure of sensitive kernel memory...

EUVD-2026-24897

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2capecredconnreq Syzbot reported a KASAN stack-out-of-bounds read in l2capbuildcmd that is triggered by a malformed Enhanced Credit Based Connection Request. The vulnerability...

EUVD-2026-24807

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Fix OOB access in ibmvfcdiscovertargetsdone A malicious or compromised VIO server can return a numwritten value in the discover targets MAD response that exceeds maxtargets. This value is stored directly in...

EUVD-2026-24757

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix leak of kobject name for sub-group spaceinfo When createspaceinfosubgroup allocates elements of spaceinfo-subgroup, kobjectinitandadd is called for each element via btrfssysfsaddspaceinfotype. However, when...

CVE-2026-6386 Missing large page handling in pmap_pkru_update_range()

In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shmcreatelargepage3 interface. In particular, it...