CVE-2026-31705

A flaw was found in the ksmbd component of the Linux kernel. This out-of-bounds write vulnerability occurs when processing Server Message Block SMB extended attribute EA information. Specifically, the smb2getea function performs an unconditional memory write for alignment padding without checking...

PT-2026-36169

Name of the Vulnerable Software and Affected Versions Secure Access client versions prior to 14.50 Description A buffer overflow exists in a message parsing function of the client. Attackers controlling a modified server can send a specially crafted packet to overwrite a small portion of memory,...

freerdp: FreeRDP heap-buffer-overflow

A heap based buffer overflow has been discovered in FreeRDP. This heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory...

CVE-2026-33662 OP-TEE: RSASSA EMSA- PKCS1-v1_5 underflow in emsa_pkcs1_v1_5_encode()

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsapkcs1v15encode in core/drivers/crypto/cryptoapi/acipher/rsassa.c, the amount of padding needed, "...

EUVD-2026-25592

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsapkcs1v15encode in core/drivers/crypto/cryptoapi/acipher/rsassa.c, the amount of padding needed, "...

CVE-2026-31616 usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete()

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fphonet: fix skb frags overflow in pnrxcomplete A broken/bored/mean USB host can overflow the skbsharedinfo-frags array on a Linux gadget exposing a Phonet function by sending an unbounded sequence of full-page OUT...

OP-TEE Trusted OS 输入验证错误漏洞

OP-TEE Trusted OS is an implementation of the OP-TEE open-source project, which creates an open-source Trusted Execution Environment TEE that utilizes Arm TrustZone technology. In versions 3.8.0 to 4.10 of OP-TEE Trusted OS, there is a vulnerability related to input validation errors. This...

freerdp: FreeRDP heap-buffer-overflow

A heap based buffer overflow has been discovered in FreeRDP. This heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory...

EUVD-2026-24592

In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shmcreatelargepage3 interface. In particular, it...

CVE-2026-6386

CVE-2026-6386: FreeBSD kernels with amd64 shmlargepage handling miss in pmap_pkru_update_range() fail to account for 1GB largepage mappings. An unprivileged user could cause the kernel to treat userspace memory as a page-table page, enabling overwrite of memory otherwise inaccessible. Impact desc...

CVE-2026-6386 Missing large page handling in pmap_pkru_update_range()

In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shmcreatelargepage3 interface. In particular, it...

CVE-2026-6386 Missing large page handling in pmap_pkru_update_range()

In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shmcreatelargepage3 interface. In particular, it...

CVE-2026-6386

In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shmcreatelargepage3 interface. In particular, it...

PT-2026-34242

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the kernel's handling of protection keys for address ranges. The subroutine responsible for updating page table entries fails to account for 1GB largepage mappings creat...

FreeBSD 安全漏洞

FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. There is a security vulnerability in FreeBSD, which stems from kernel subroutines that fail to consider the 1GB large-page mappings created using the shmcreatelargepage interface when updating page table entries. This...

FreeBSD -- Missing large page handling in pmap_pkru_update_range()

Problem Description: In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shmcreatelargepage3 interface...

freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...

freerdp: FreeRDP heap-buffer-overflow

A heap based buffer overflow has been discovered in FreeRDP. This heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory...

PT-2026-30994

An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware where the memory write command accessible via the physical SPI interface fails to enforce write protection on the program call stack. An attacker with physical access to the SPI...

CVE-2024-14031

Sereal::Encoder versions from 4.000 through 4.009002 for Perl embeds a vulnerable version of the Zstandard library. Sereal::Encoder embeds a version of the Zstandard zstd library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard prio...