516 matches found
SUSE CVE-2025-68811
In the Linux kernel, the following vulnerability has been resolved: svcrdma: use rcpageoff for memcpy byte offset svcrdmacopyinlinerange added rccurpage page index to the page base instead of the byte offset rcpageoff. Use rcpageoff so copies land within the current page. Found by ZeroPath...
gnupg2 security update
2.2.20-4 - Fix CVE-2025-68973 gpg.fail/memcpy...
Oracle Linux 10 : gnupg2 (ELSA-2026-0697)
The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-0697 advisory. - Fix CVE-2025-68973 gpg.fail/memcpy Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus h...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002282)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002282 advisory. Buffer overflow in the completeemulatedmmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the...
CVE-2025-71120 SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauthgss: avoid NULL deref on zero length gsstoken in gssreadproxyverf A zero length gsstoken results in pages == 0 and intoken-pages0 is NULL. The code unconditionally evaluates pageaddressintoken-pages0 for the initia...
Buffer-Overflow-Shellcode-Exploitation
Buffer Overflow & Shellcode Exploitation Overview This pr...
CVE-2025-68811
In the Linux kernel, the following vulnerability has been resolved: svcrdma: use rcpageoff for memcpy byte offset svcrdmacopyinlinerange added rccurpage page index to the page base instead of the byte offset rcpageoff. Use rcpageoff so copies land within the current page. Found by ZeroPath...
CVE-2025-68811
In the Linux kernel, the following vulnerability has been resolved: svcrdma: use rcpageoff for memcpy byte offset svcrdmacopyinlinerange added rccurpage page index to the page base instead of the byte offset rcpageoff. Use rcpageoff so copies land within the current page. Found by ZeroPath...
PT-2026-2543
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s svcrdma functionality related to memory copying. Specifically, the svc rdma copy inline range function incorrectly added the page index rc curpage to...
CVE-2026-21503
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to a null pointer passed to memcpy in CIccTagSparseMatrixArray. This issue has been patched in...
CVE-2026-21503 iccDEV has Undefined Behavior - Null Pointer Passed to memcpy() in CIccTagSparseMatrixArray
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to a null pointer passed to memcpy in CIccTagSparseMatrixArray. This issue has been patched in...
EUVD-2022-55829
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix slab-out-of-bounds in rpage When PAGESIZE is 64K, if readlogpage is called by logreadrst for the first time, the size of buffer would be equal to DefaultLogPageSize4K.But for buffer operations like memcpy, if the...
UBUNTU-CVE-2023-54248
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add check for kmemdup Since the kmemdup may return NULL pointer, it should be better to add check for the return value in order to avoid NULL pointer dereference...
CVE-2023-54286
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace A received TKIP key may be up to 32 bytes because it may contain MIC rx/tx keys too. These are not used by iwl and copying these over overflows the...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992656)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992656 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992498)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992498 advisory. In the Linux kernel, the following vulnerability has been resolved: spmi: trace: fix stack-out-of-bound access in SPMI tracing functions tracespmiwritebegin and...
CVE-2023-54039
In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939tptxdatnew: fix out-of-bounds memory access In the j1939tptxdatnew function, an out-of-bounds memory access could occur during the memcpy operation if the size of skb-cb is larger than the size of struct...
CVE-2025-68352
In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix out-of-bounds memory access in ch341transferone Discovered by Atuin - Automated Vulnerability Discovery Engine. The 'len' variable is calculated as 'min32, trans-len + 1', which includes the 1-byte command header...
CVE-2023-54039 can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access
In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939tptxdatnew: fix out-of-bounds memory access In the j1939tptxdatnew function, an out-of-bounds memory access could occur during the memcpy operation if the size of skb-cb is larger than the size of struct...
PT-2025-53054
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to kheaders. Specifically, the use of a 'char' declaration instead of an array declaration for kernel headers data could trigger a buffer overfl...