GHSA-3V94-MW7P-V465 hickory-proto: NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses

The NSEC3 closest-encloser proof validation in hickory-proto's 0.25.0-alpha.3 ... 0.25.2 and hickory-net's 0.26.0-alpha.1 .. 0.26.0 DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of th...

SUSE CVE-2026-43191

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adjust PHY FSM transition to TXEN-to-PLLON for TMDS on DCN35 Why A backport of the change made for DCN401 that addresses an issue where we turn off the PHY PLL when disabling TMDS output, which causes the OTG to...

CLSA-2026-1778112033 avahi: Fix of CVE-2026-24401

CVE-2026-24401: fix avahi-daemon crash on receipt of unsolicited mDNS responses containing self-referencing CNAME records by detecting CNAME loops in lookuphandlecname to prevent uncontrolled recursion and stack exhaustion; also includes two related DoS fixes in the same lookup path from upstream...

PT-2026-38464

Loop with unreachable exit condition 'infinite loop' in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network...

PT-2026-38561

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Processing of HTTP/2 SETTINGS frames can lead to an infinite loop of writing CONTINUATION frames when a SETTINGS MAX FRAME SIZE with a value of 0 is received,...

PT-2026-38466

Loop with unreachable exit condition 'infinite loop' in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network...

Linux Distros Unpatched Vulnerability : CVE-2026-43096

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mshv: Fix infinite fault loop on permission-denied GPA intercepts Prevent infinite fault loo...

ROS-20260507-73-0014

Vulnerability in libarchive related to execution of a loop with an unreachable exit condition. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

GHSA-PGGP-6C3X-2XMX Snappier has an infinite loop during SnappyStream decompression with malformed framed input

Summary Snappier.SnappyStream enters an uncatchable infinite loop when decompressing a malformed framed-format Snappy stream as small as 15 bytes. Details The hang manifests as a userspace busy loop with SnappyStreamDecompressor.Decompress repeatedly calling Crc32CAlgorithm.Append. The exact...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the SnappyStreamDecompressor class, when decompressing malformed framed-format input. An attacker can cause the application to exhaust system resources by providing malicious stream data as small as 15 bytes PoC using...

Snappier has an infinite loop during SnappyStream decompression with malformed framed input

Summary Snappier.SnappyStream enters an uncatchable infinite loop when decompressing a malformed framed-format Snappy stream as small as 15 bytes. Details The hang manifests as a userspace busy loop with SnappyStreamDecompressor.Decompress repeatedly calling Crc32CAlgorithm.Append. The exact...

CVE-2026-40197 Incus nil-pointer dereference in custom volume import allows denial of service

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The custom volume backup import subsystem...

CVE-2026-40197

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The custom volume backup import subsystem...

CVE-2026-3298

The method "sockrecvfrominto" of "asyncio.ProacterEventLoop" Windows only was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected...

CVE-2026-43075

A flaw was found in the Linux kernel's ocfs2 filesystem component. This vulnerability allows a local attacker, by mounting a specially crafted and corrupted ocfs2 filesystem on a loop device, to trigger an out-of-bounds write. This occurs because the system incorrectly trusts the idcount field fr...

EUVD-2026-27753

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adjust PHY FSM transition to TXEN-to-PLLON for TMDS on DCN35 Why A backport of the change made for DCN401 that addresses an issue where we turn off the PHY PLL when disabling TMDS output, which causes the OTG to...

EUVD-2026-27602

In the Linux kernel, the following vulnerability has been resolved: mshv: Fix infinite fault loop on permission-denied GPA intercepts Prevent infinite fault loops when guests access memory regions without proper permissions. Currently, mshvhandlegpaintercept attempts to remap pages for all faults...

CVE-2026-43191

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adjust PHY FSM transition to TXEN-to-PLLON for TMDS on DCN35 Why A backport of the change made for DCN401 that addresses an issue where we turn off the PHY PLL when disabling TMDS output, which causes the OTG to...

CVE-2025-71290

CVE-2025-71290 concerns a memory leak in the Linux kernel’s misc: ti_fpc202 probe function. The root cause is not releasing a device node reference during iteration, leading to a leak. The remedy implemented is a code change that uses for_each_child_of_node_scoped() to ensure the node reference i...

CVE-2025-71290

In the Linux kernel, the following vulnerability has been resolved: misc: tifpc202: fix a potential memory leak in probe function Use foreachchildofnodescoped to simplify the code and ensure the device node reference is automatically released when the loop scope ends...