311334 matches found
CVE-2026-52982
A flaw was found in the Linux kernel's USB network driver for Realtek RTL8150 devices. A race condition exists in the rtl8150startxmit function, where a network packet's data buffer can be released prematurely. This can lead to a 'use-after-free' vulnerability, allowing the system to attempt to...
kernel: rxrpc: fix RESPONSE authenticator parser OOB read
A flaw was found in the Linux kernel's rxrpc subsystem. A remote attacker could send a specially crafted rxrpc RESPONSE authenticator that, due to an incorrect parser limit calculation in the rxgkverifyauthenticator function, leads to a slab-out-of-bounds read. This memory corruption vulnerabilit...
kernel: RDMA/mana: Validate rx_hash_key_len
A flaw was found in the Linux kernel's RDMA/mana component. A local user could exploit this vulnerability by providing an invalid rxhashkeylen value through a user-space API uAPI structure. This invalid value is then used in a memcpy operation without proper bounds checking, allowing the user to...
kernel: RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss()
A flaw was found in the Linux kernel's RDMA/mana component. A local user could trigger a kernel corruption by providing specific configurations through the user Application Programming Interface uAPI that cause an internal error. This issue arises when Work Queues WQs are specified to share the...
kernel: RDMA/iwcm: Fix workqueue list corruption by removing work_list
A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA Internet Wide Area RDMA Protocol iWARP subsystem. Incorrect work submission logic in the iwcm component can lead to multiple queueing of work items. This allows a work item to be processed and freed while still present in the...
kernel: scsi: qla2xxx: Completely fix fcport double free
A flaw was found in the Linux kernel's qla2xxx SCSI driver. An issue exists where a Fibre Channel port fcport object can be freed twice due to an error in the qla2x00elsdcmdspfree function. This double free vulnerability can lead to memory corruption, potentially causing system instability or a...
CVE-2026-52956
A flaw was found in the Linux kernel's libceph module. A remote attacker could trigger an out-of-bounds memory access in the cephxdecrypt function by sending a specially crafted message frame of type FRAMETAGAUTHREPLYMORE with a small ciphertext length. This vulnerability arises because the...
CVE-2026-53006
A flaw was found in the Linux kernel's IPv6 Internet Protocol version 6 implementation. This vulnerability, a Use-After-Free UAF error, occurs due to incorrect caching of network packet addresses before a memory operation. An attacker could potentially exploit this flaw to cause memory corruption...
CVE-2026-53196
A flaw was found in the Linux kernel's ioti USB serial driver. A malicious USB device, when plugged into a host running this driver, can exploit a heap overflow vulnerability in the getmanufinfo function. This occurs because the driver does not properly validate the size of data read from the...
CVE-2026-53267
A flaw was found in the Linux kernel's netfilter subsystem. A local attacker can exploit this vulnerability by creating specially crafted netfilter rules. This can lead to a memory corruption issue, where data on the kernel's memory stack is overwritten. Successful exploitation could result in...
CVE-2026-47729
A flaw was found in Squid. Due to improper input validation, an out-of-bounds read can occur in the FTP gateway. This issue allows an authenticated and trusted client to read memory from random transactions when accessing a misbehaving FTP server using the Squid gateway feature. Mitigation When F...
CVE-2026-53143
A flaw was found in the Linux kernel's AMD KFD Kernel Fusion Driver component. This buffer overflow vulnerability occurs due to incorrect memory buffer handling during CRIU Checkpoint/Restore in User-space operations on SDMA System Direct Memory Access queues. A local attacker can exploit this fl...
GO-2026-5462 Argo Vulnerable to Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor in github.com/argoproj/argo-workflows
Argo Vulnerable to Unauthenticated Memory Exhaustion DoS in Webhook Interceptor in github.com/argoproj/argo-workflows...
GHSA-QPW4-5X99-6VJP golang.org/x/crypto/ssh: Invoking memory leak when rejecting channels can lead to DoS
An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for...
EUVD-2026-31392
golang.org/x/crypto/ssh: Invoking memory leak when rejecting channels can lead to DoS...
CVE-2026-52993
A flaw was found in the Linux kernel's Transparent Inter-Process Communication TIPC module. This vulnerability, a double-free, occurs when the tipcbufappend function incorrectly handles memory after a socket buffer skb reallocation. An attacker could potentially exploit this to cause system...
ImageMagick: Policy Bypass can Trigger an Out-of-Memory condition
A missing check for maximum memory request in AcquireAlignedMemory could trigger an out-of-Memory condition. Credit Aisle Research Ze Sheng, Dmitrijs Trizna, Luigino Camastra, Guido Vranken...
EUVD-2026-36187
ImageMagick: Policy Bypass can Trigger an Out-of-Memory condition...
GHSA-47Q9-M4WW-924M Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic
Description The Package.Unmarshal function in pkg/types/alpine/apk.go decompresses the signature and control gzip members of an APK file into in-memory buffers without bounding the total decompressed size. The existing maxapkmetadatasize check default 1MB is only applied to individual tar entry...
CVE-2026-52973
A flaw was found in the Linux kernel's futex subsystem. The needfutexhashallocatedefault function incorrectly relies on CLONETHREAD semantics, which can lead to non-concurrency issues when memory allocations mm-futexref pcpu allocations are shared across CLONEVM clones, excluding vfork. This can...