95 matches found
EUVD-2026-39301
In the Linux kernel, the following vulnerability has been resolved: tee: shm: fix shm leak in registershmhelper registershmhelper allocates shm before calling ioviternpages. If ioviternpages returns 0, the function jumps to errctxput and leaks shm. This can be triggered by TEEIOCSHMREGISTER with...
CVE-2026-53210
In the Linux kernel, the following vulnerability has been resolved: tee: shm: fix shm leak in registershmhelper registershmhelper allocates shm before calling ioviternpages. If ioviternpages returns 0, the function jumps to errctxput and leaks shm. This can be triggered by TEEIOCSHMREGISTER with...
PT-2026-52305
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the register shm helper function. The function allocates shared memory shm before calling iov iter npages. If iov iter npages returns 0, the function incorrectly...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop in icns.js. An ICNS file with an icon entry whose declared length is zero can hang the parser indefinitely. Remediation There is no fixed version for org.webjars.npm:image-size. References - GitHub PR - Vulnerability Repor...
CVE-2025-71330 image-size 2.0.2 Denial of Service via Malformed ICNS Image Parsing
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the function sndctllem elememinit Enumnames does not perform a boundary check when...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: az6027: fixed a nullptrderef in az6027i2cxfer Wei Chen reported a kernel bug as follows: General protection fault, likely for non-canonical addresses KASAN: nullptrderef within the range...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: erofs/zmap.c: Corrected incorrect offset calculation The effective offset to be added to the length was incorrectly calculated, resulting in iomap-length being set to 0, which triggered a WARNON in iomapiterdone. This issue was...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: hibmcge – fixed the issue of division by zero. When the network port is down, the queue is released, and ring-len becomes 0. In debugfs, the hbggetqueueusednum function will be called, which may lead to a division by zero...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: In the BPF code, ensure that skb-len != 0 when redirecting a packet to a tunneling device. The syzkaller function managed to trigger another case where skb-len == 0 when entering devqueuexmit. WARNING: CPU: 0, PID: 2470; Location...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: i2c: rtl9300 – ensure that the data length is within the supported range. A explicit check for the transfer length should be added to ‘rtl9300i2cconfigxfer’ to ensure that the data length is not within the supported range. In...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15, and Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iio: imu: stlsm6dsx: fixed a possible lock-up in stlsm6dsxreadtaggedfifo This issue was addressed by preventing stlsm6dsxreadtaggedfifo from falling into an infinite loop when case patternlen is equal to zero and the device’s FIF...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013759)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013759 advisory. In the Linux kernel, the following vulnerability has been resolved: comedi: fix divide-by-zero in comedibufmunge The comedibufmunge function performs a modulo...
GHSA-R3FR-7M74-Q7G2 CocoaMQTT: Denial of Service via Reachable Assertion in `PUBLISH` Packet Parsing
A vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker or a compromised/malicious MQTT broker to remotely crash the host iOS/macOS/tvOS application. The vulnerability is located in Source/FramePublish.swift during the extraction of the Topic string from the incomi...
CVE-2026-23298
In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set to 0, then the driver will loop for forever in ucanreadbulkcallback, hanging the system. If the lengt...
CVE-2026-23298
In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set to 0, then the driver will loop for forever in ucanreadbulkcallback, hanging the system. If the lengt...
CVE-2026-23194
CVE-2026-23194 relates to the Linux kernel rust_binder handling of FDA objects of length zero. The issue was a out-of-bounds write when an empty fd-array (FDA) with 0 fds was processed, caused by treating skip == 0 as a special “pointer fixup.” The fix replaces this zero-special-case pattern (ori...
Azure Linux 3.0 Security Update: kernel (CVE-2025-37969)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37969 advisory. - In the Linux kernel, the following vulnerability has been resolved: iio: imu: stlsm6dsx: fix possible lockup...
SUSE CVE-2025-71093
In the Linux kernel, the following vulnerability has been resolved: e1000: fix OOB in e1000tbishouldaccept In e1000tbishouldaccept we read the last byte of the frame via 'datalength - 1' to evaluate the TBI workaround. If the descriptor- reported length is zero or larger than the actual RX buffer...
CVE-2026-21899
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping...