30 matches found
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: tpm2-sessions: Fixed an out-of-range indexing issue in namesize. namesize does not have any range checks; it simply indexes using TPMALGID, which could lead to memory corruption in extreme cases. The issue is addressed by only...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: f2fs: avoided format-overflow warnings With GCC and the W=1 option, there is a warning like this: fs/f2fs/compress.c: In the function ‘f2fsinitpagearraycache’: fs/f2fs/compress.c:1984:47: Error: The ‘%u’ directive is writing 1 to...
CVE-2026-54412
LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underflow in the mqttunpackpublishresponse function in src/mqtt.c that allows a remote unauthenticated attacker controlling an MQTT broker - or able to inject MQTT traffic into an unencrypted session - to...
CVE-2026-47329
Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user and could result in handling of crafted responses...
Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name
...
CVE-2026-47329
Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user and could result in handling of crafted responses...
SUSE CVE-2025-68792
In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix out of range indexing in namesize 'namesize' does not have any range checks, and it just directly indexes with TPMALGID, which could lead into memory corruption at worst. Address the issue by only processing...
CVE-2025-68792
An out-of-bounds array indexing flaw was found in the Linux kernel's TPM2 session handling code. The namesize lookup function uses TPMALGID values directly as array indices without bounds checking. An unrecognized algorithm ID could cause out-of-bounds memory access, potentially leading to memory...
CVE-2025-68792
In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix out of range indexing in namesize 'namesize' does not have any range checks, and it just directly indexes with TPMALGID, which could lead into memory corruption at worst. Address the issue by only processing...
CVE-2025-68792
In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix out of range indexing in namesize 'namesize' does not have any range checks, and it just directly indexes with TPMALGID, which could lead into memory corruption at worst. Address the issue by only processing...
UBUNTU-CVE-2025-68792
In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix out of range indexing in namesize 'namesize' does not have any range checks, and it just directly indexes with TPMALGID, which could lead into memory corruption at worst. Address the issue by only processing...
CVE-2025-68792 tpm2-sessions: Fix out of range indexing in name_size
In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix out of range indexing in namesize 'namesize' does not have any range checks, and it just directly indexes with TPMALGID, which could lead into memory corruption at worst. Address the issue by only processing...
CVE-2025-68792
In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix out of range indexing in namesize 'namesize' does not have any range checks, and it just directly indexes with TPMALGID, which could lead into memory corruption at worst. Address the issue by only processing...
CVE-2025-68792
The CVE-2025-68792 issue is in the Linux kernel’s TPM 2.0 sessions code. It fixes an out-of-range indexing in name_size (no range checks on name_size leading to potential memory corruption) by validating known TPM_ALG_ID values and returning -EINVAL for unrecognized inputs. Additional fixes make ...
CVE-2025-68792
In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix out of range indexing in namesize 'namesize' does not have any range checks, and it just directly indexes with TPMALGID, which could lead into memory corruption at worst. Address the issue by only processing...
CVE-2025-68792 tpm2-sessions: Fix out of range indexing in name_size
In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix out of range indexing in namesize 'namesize' does not have any range checks, and it just directly indexes with TPMALGID, which could lead into memory corruption at worst. Address the issue by only processing...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a lack of range checking in namesize in tpm2-sessions, which could lead to out-of-bounds indexing...
PT-2026-2524
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the tpm2-sessions component where the name size variable lacks range checks. This could allow for out-of-range indexing, potentially leading to memory...
CVE-2025-10094 Improper Validation of Specified Quantity in Input in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to disrupt access to token listings and related administrative operations by creating tokens with excessively large...
Security update for net-tools
This update for net-tools fixes the following issues: Provide more readable error for interface name size checking bsc1243581 Perform bound checks when parsing interface labels in /proc/net/dev bsc1243581, bsc1246608. CVE-2025-46836 Patch Instructions: To install this SUSE update use the SUSE...