CVE-2026-31590

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Drop WARN on large size for KVMMEMORYENCRYPTREGREGION Drop the WARN in sevpinmemory on npages overflowing an int, as the WARN is comically trivially to trigger from userspace, e.g. by doing: struct kvmencregion range =...

SUSE CVE-2026-3945

An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service DoS. The issue occurs because chunk size values are parsed using strtol without properly validating...

CVE-2026-3945

Tinyproxy (up to 1.11.3) contains an integer overflow in the HTTP chunked transfer encoding parser. Chunk sizes are parsed with strtol() without proper overflow validation, allowing a crafted size (e.g., LONG_MAX) to bypass checks and overflow arithmetic (chunklen + 2). This can cause the proxy t...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-412111)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-412111 advisory. In the Linux kernel, the following vulnerability has been resolved: um: Fix potential integer overflow during physmem setup This issue happens when the real map size...

SUSE CVE-2025-39723

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix unbuffered write error handling If all the subrequests in an unbuffered write stream fail, the subrequest collector doesn't update the stream-transferred value and it retains its initial LONGMAX value. Unfortunately, i...

DEBIAN-CVE-2022-48862

In the Linux kernel, the following vulnerability has been resolved: vhost: fix hung thread due to erroneous iotlb entries In vhostiotlbaddrangectx, range size can overflow to 0 when start is 0 and last is ULONGMAX. One instance where it can happen is when userspace sends an IOTLB message with...

SUSE CVE-2005-2873

The iptrecent kernel module iptrecent.c in Linux kernel 2.6.12 and earlier does not properly perform certain time tests when the jiffies value is greater than LONGMAX, which can cause iptrecent netfilter rules to block too early, a different vulnerability than CVE-2005-2872...

Caching best practices & max-age gotchas

Getting caching right yields huge performance benefits, saves bandwidth, and reduces server costs, but many sites half-arse their caching, creating race conditions resulting in interdependent resources getting out of sync. The vast majority of best-practice caching falls into one of two patterns:...

security flaw

The iptrecent kernel module iptrecent.c in Linux kernel 2.6.12 and earlier does not properly perform certain time tests when the jiffies value is greater than LONGMAX, which can cause iptrecent netfilter rules to block too early, a different vulnerability than CVE-2005-2872...