CVE-2026-43859

Mutt vulnerability CVE-2026-43859 affects mutt before 2.3.2, where IMAP auth_cram MD5 digest computation may use strfcpy instead of memcpy. Root cause is choosing the wrong string copy function in the digest pathway. Impact (per CVSS 3.1) is Confidentiality: None, Integrity: Low, Availability: No...

mutt 安全漏洞

Mutt is an open-source command-line email client for sending emails from the terminal. Versions of Mutt prior to 2.3.2 had security vulnerabilities, which stemmed from sometimes using strfcpy instead of memcpy for the IMAP authcram MD5 digest...

CVE-2026-37535

openxc/isotp-c thru commit 5a5d19245f65189202719321facd49ce6f5d46ac 2021-08-09 contains an out-of-bounds read in the ISO-TP Single Frame receive handler, where the 4-bit payload length nibble is used directly as the memcpy size without validating it against the actual CAN data length. A malicious...

CVE-2026-31779

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwlmvmndmatchinfohandler The memcpy function assumes the dynamic array notif-matches is at least as large as the number of bytes to copy. Otherwise, results-matches may...

CVE-2026-31743

In the Linux kernel, the following vulnerability has been resolved: nvmem: zynqmpnvmem: Fix buffer size in DMA and memcpy Buffer size used in dma allocation and memcpy is wrong. It can lead to undersized DMA buffer access and possible memory corruption. use correct buffer size in dmaalloccoherent...

CVE-2026-43044

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix DMA corruption on long hmac keys When a key longer than block size is supplied, it is copied and then hashed into the real key. The memory allocated for the copy needs to be rounded to DMA cache alignment, as...

EUVD-2026-26643

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix DMA corruption on long hmac keys When a key longer than block size is supplied, it is copied and then hashed into the real key. The memory allocated for the copy needs to be rounded to DMA cache alignment, as...

EUVD-2026-26556

In the Linux kernel, the following vulnerability has been resolved: nvmem: zynqmpnvmem: Fix buffer size in DMA and memcpy Buffer size used in dma allocation and memcpy is wrong. It can lead to undersized DMA buffer access and possible memory corruption. use correct buffer size in dmaalloccoherent...

CLSA-2026-1777641037 kernel-uek: Fix of CVE-2026-31431

crypto: algifaead - Fix minimum RX size check for decryption CVE-2026-31431 - crypto: afalg - Fix page reassignment overflow in afalgpulltsgl CVE-2026-31431 - crypto: authencesn - reject too-short AAD assoclen8 to match ESP/ESN spec CVE-2026-31431 - crypto: authencesn - Fix src offset when...

CVE-2026-37535

openxc/isotp-c thru commit 5a5d19245f65189202719321facd49ce6f5d46ac 2021-08-09 contains an out-of-bounds read in the ISO-TP Single Frame receive handler, where the 4-bit payload length nibble is used directly as the memcpy size without validating it against the actual CAN data length. A malicious...

CVE-2026-37532

AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotpcontinuereceive receive.c:87-89, the payloadlength for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding values 0-15. However, a standard CAN frame is only 8...

PT-2026-36378

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the zynqmp nvmem component of the nvmem subsystem where an incorrect buffer size is used during DMA allocation and memory copying. This can result in undersized DMA...

CVE-2026-37532

CVE-2026-37532 affects AGL agl-service-can-low-level up to version 17.1.12, with a heap buffer over-read in the isotp-c library. In isotp_continue_receive, payload_length for a Single Frame is read from a 4-bit nibble, yielding 0–15, but a standard CAN frame has only 8 bytes and payload starts at...

Unbreakable Enterprise kernel security update: Copy Fail

5.15.0-319.201.4.4 - crypto: algifaead - Fix minimum RX size check for decryption Herbert Xu Orabug: 39291961 - crypto: afalg - Fix page reassignment overflow in afalgpulltsgl Herbert Xu Orabug: 39291961 - crypto: authencesn - Fix src offset when decrypting in-place Herbert Xu Orabug: 39291961 -...

PT-2026-36461

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix DMA corruption on long hmac keys When a key longer than block size is supplied, it is copied and then hashed into the real key. The memory allocated for the copy needs to be rounded to DMA cache alignment, as...

CVE-2026-37535

OpenXC isotp-c (up to commit 5a5d19245f65189202719321facd49ce6f5d46ac, 2021-08-09) contains an out-of-bounds read in the ISO-TP Single Frame receive handler. The 4‑bit payload length nibble is used directly as the memcpy size without validating it against the actual CAN data length. A malicious C...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A buffer overflow vulnerability exists in the Linux kernel. The vulnerability stems from the fuseadddirenttocache function not checking if the dirent size exceeds PAGESIZE, whi...

CVE-2026-31786

In the Linux kernel, the following vulnerability has been resolved: Buffer overflow in drivers/xen/sys-hypervisor.c The build id returned by HYPERVISORxenversionXENVERbuildid is neither NUL terminated nor a string. The first causes a buffer overflow as sprintf in buildidshow will read and copy ti...

EUVD-2026-26364

In the Linux kernel, the following vulnerability has been resolved: Buffer overflow in drivers/xen/sys-hypervisor.c The build id returned by HYPERVISORxenversionXENVERbuildid is neither NUL terminated nor a string. The first causes a buffer overflow as sprintf in buildidshow will read and copy ti...

CVE-2026-31786

In the Linux kernel, the following vulnerability has been resolved: Buffer overflow in drivers/xen/sys-hypervisor.c The build id returned by HYPERVISORxenversionXENVERbuildid is neither NUL terminated nor a string. The first causes a buffer overflow as sprintf in buildidshow will read and copy ti...