186 matches found
GHSA-63WG-WJJJ-7CP8 Zebra Address Book Aborted by IPv4-Mapped Mempool Misbehavior Update
Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your node listens on the default :: address on a Linux host the standard deployment configuration — net.ipv6.bindv6only=0 is the default on all common Linux distributions. 3. Your node is synced near the chain tip...
GHSA-65JJ-FMW8-468Q zebrad has unbounded memory leak in mempool download pipeline via timeout path cancel_handles retention
Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your node accepts inbound P2P connections network.listenaddr is set, which is the default. 3. Your node's mempool is active node is synced near the chain tip. All default configurations are affected. Summary The...
GHSA-4FC2-H7JH-287C zebrad has mempool transaction admission denial via single-peer inbound queue saturation
Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your node accepts inbound P2P connections network.listenaddr is set, which is the default. 3. Your node's mempool is active node is synced near the chain tip. All default configurations are affected. Summary A...
The vulnerability of the mm/mempool module in Linux operating systems allows a hacker to cause a service failure or memory corruption.
The vulnerability of the mm/mempool module in Linux operating systems is related to access to a buffer with an incorrect length value. Exploiting this vulnerability can allow an attacker to cause service failures or memory corruption...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: Fix for a random warning message when loading drivers Warning log: 4.141392 Unexpected gfp: 0x4 GFPDMA32. Fixing it up to gfp: 0xa20 GFPATOMIC. Fix your code! 4.150340 CPU: 1 PID: 175 Comm: 1-0050 Not tainted...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: cifs: fixed a small mempool leak in SMB2negotiate. In some cases of failures dialect mismatches in SMB2negotiate, after the request is sent, the checks would return -EIO. Instead, it should return rc = -EIO and then jump to negex...
CVE-2026-34064
nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to version 1.3.0, VestingContract::canchangebalance returns AccountError::InsufficientFunds when newbalance balance, the node crashes while trying to return an error. The mincap balance precondition is...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: nvme-pci: fixed the mempool allocation size. The maximum size was converted to bytes to match the units of the divisor that calculates the worst-case number of PRP entries. This result is used to determine how many PRP Lists a...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: NFS: Avoid writeback threads getting stuck in mempoolalloc In situations with low memory availability, allow the NFS writeback code to fail without getting stuck in infinite loops in mempoolalloc...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: dm: fixed a NULL pointer race issue when completing IO operations. The dmiodecpending function calls endioacct first, and then decreases the number of pending DMA operations. However, if a task swaps the DM table at the same...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mm/mempool: Fixed the issue where poisoning operations affected pages with an order greater than 0 using HIGHMEM. The kernel test reported the following issues: - BUG: Unable to handle page faults for address: fffba000. - PF:...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: md: fixed a crash in mempoolfree There is a crash in mempoolfree when running the lvm test using shell/lvchange-rebuild-raid.sh. The reason for the crash is as follows: - superwritten calls atomicdecandtest&mddev-pendingwrites an...
CVE-2026-34064 nimiq-account: Vesting insufficient funds error can panic
nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to version 1.3.0, VestingContract::canchangebalance returns AccountError::InsufficientFunds when newbalance balance, the node crashes while trying to return an error. The mincap balance precondition is...
CVE-2026-34064 nimiq-account: Vesting insufficient funds error can panic
nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to version 1.3.0, VestingContract::canchangebalance returns AccountError::InsufficientFunds when newbalance balance, the node crashes while trying to return an error. The mincap balance precondition is...
nimiq-block-production (>=0.1.0 <=0.2.0), nimiq-client (>=0.1.0 <=0.2.0) +6 more potentially affected by CVE-2026-34066 via nimiq-blockchain (>=0.1.0 <=0.2.0)
nimiq-blockchain CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2026-34066 Source advisory: OSV:GHSA-J99G-7RQW-Q9JG...
nimiq-accounts (>=0.1.0 <=0.2.0), nimiq-block-production (>=0.1.0 <=0.2.0) +11 more potentially affected by CVE-2026-33471 via nimiq-block (>=0.1.0 <=0.2.0)
nimiq-block CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2026-33471 Source advisory: OSV:GHSA-6973-8887-87FF...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013704)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013704 advisory. In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix mempool alloc size Convert the max size to bytes to match the units of the divisor...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013683)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013683 advisory. In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null-ptr-deref in raid10syncrequest initresync inits mempool and sets...
CVE-2026-40880 Zebra: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus version 5.0.2, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefully submitting a transaction that is valid for height H+1 bu...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011263)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011263 advisory. In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix mempool alloc size Convert the max size to bytes to match the units of the divisor...