1288 matches found
CVE-2026-54058
Pillow is a Python imaging library. Prior to 12.3.0, when Pillow loads an uncompressed McIdas AREA image from a filename through the mmap raw codec path, attacker-controlled header words can set a row stride smaller than the natural row width, causing pixel access such as Image.tobytes, getpixel,...
CVE-2026-54058
Pillow (Python imaging library) is affected up to version 12.2.x. In the mmap raw codec path for uncompressed McIdas AREA images, attacker-controlled header words can set a row stride smaller than the natural row width, making reads from Image.tobytes(), getpixel, convert, or save read beyond the...
CVE-2026-54058 Pillow: Out-of-bounds read via attacker-controlled row stride on Pillow's mmap path (McIdas AREA files)
Pillow is a Python imaging library. Prior to 12.3.0, when Pillow loads an uncompressed McIdas AREA image from a filename through the mmap raw codec path, attacker-controlled header words can set a row stride smaller than the natural row width, causing pixel access such as Image.tobytes, getpixel,...
The vulnerability of the `tracing_buffers_mmap_close()` function in the kernel/trace/trace.c module, which supports Linux operating system’s kernel tracing functionality, allows a hacker to cause a service failure.
The vulnerability of the tracingbuffersmmapclose function in the kernel/trace/trace.c module, which supports Linux operating system’s kernel tracing mechanism, involves copying buffers without checking the size of the input data a classic buffer overflow attack. Exploiting this vulnerability can...
Important: kernel6.18
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ipvs: skip ipv6 extension headers for csum checks CVE-2026-45850 In the Linux kernel, the following vulnerability has been resolved: selinux: fix overlayfs mmap and mprotect access checks CVE-2026-46054 In the Lin...
MiracleLinux 8 : kernel-4.18.0-553.137.1.el8_10 (AXSA:2026-1193:46)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-1193:46 advisory. kernel: selinux: fix overlayfs mmap and mprotect access checks CVE-2026-46054 Tenable has extracted the preceding description block directly from the...
kernel: selinux: fix overlayfs mmap() and mprotect() access checks
A flaw was found in the Linux kernel's SELinux security module when handling overlayfs. The existing security model for overlayfs does not properly enforce access controls for mmap and mprotect operations. This oversight could allow a local attacker to bypass intended security policies, potential...
CVE-2026-45258
The CVE-2026-45258 issue affects FreeBSD sound(4) mmap support. dsp_mmap_single() overflows when validating the requested mapping because offset+length can wrap the size check, and the offset is reduced from 64 to 32 bits for the buffer address, allowing a mapping that extends past the audio buff...
CVE-2026-45258 Multiple vulnerabilities in the sound(4) mmap path
dspmmapsingle validated the requested mapping by checking the sum of the user-supplied offset and length against the buffer size. This addition could overflow, so that a large offset and length wrapped around and passed the check. The offset was then narrowed from 64 to 32 bits when converted to ...
CVE-2026-49417
CVE-2026-49417 is part of two memory-safety issues in FreeBSD’s sound(4) mmap path. The advisories describe: (1) dsp_mmap_single() could overflow when validating a requested mapping, allowing a mapping to extend past the audio buffer into kernel memory (CVE-2026-45258), and (2) the audio buffer b...
CVE-2026-49417 Multiple vulnerabilities in the sound(4) mmap path
Second, the audio buffer backing a mapping could be freed when the device was closed even though the mapping remained valid. The freed memory could then be reused elsewhere while still accessible through the stale mapping. The /dev/dsp device nodes are world-accessible by default. On a system wit...
CVE-2026-38641
An issue in the DSO::mmapandcopy function of relibc commit 61f42d allows attackers to cause a Denial of Service DoS via loading a crafted shared library...
CVE-2026-53084
A flaw was found in the Linux kernel's Berkeley Packet Filter BPF subsystem. This vulnerability involves a lock ordering problem that occurs when BPF programs acquire certain locks that depend on the mmaplock. This issue could potentially lead to system instability or unexpected behavior due to...
CVE-2026-38641
An issue in the DSO::mmapandcopy function of relibc commit 61f42d allows attackers to cause a Denial of Service DoS via loading a crafted shared library...
CVE-2026-38641
An issue in the DSO::mmapandcopy function of relibc commit 61f42d allows attackers to cause a Denial of Service DoS via loading a crafted shared library...
RLSA-2026:27812 Important: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: selinux: fix overlayfs mmap and mprotect access checks CVE-2026-46054 For more details about the security issues, including the...
kernel-rt security update
An update is available for kernel-rt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel-rt packages provide the Real Time Linux Kernel, which enables...
RLSA-2026:27811 Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: selinux: fix overlayfs mmap and mprotect access checks CVE-2026-46054 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
kernel security update
An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...
RockyLinux 8 : kernel-rt (RLSA-2026:27812)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:27812 advisory. kernel: selinux: fix overlayfs mmap and mprotect access checks CVE-2026-46054 Tenable has extracted the preceding description block directly from the RockyLinux...