CVE-2026-9992

The CVE-2026-9992 entry concerns a use-after-free in the Network component of Google Chrome, exploited remotely via a crafted HTML page to achieve arbitrary code execution inside the sandbox. Affected software is Chrome prior to version 148.0.7778.216. The underlying cause is a use-after-free in ...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: hns3: Do not allow calling hns3nicnetopen repeatedly. The function hns3nicnetopen should not be called repeatedly, but there is no checking for this. When performing device reset and setting up traffic channels...

Linux Distros Unpatched Vulnerability : CVE-2026-43283

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: ethernet: ecbhf: Fix dmafreecoherent dma handle dmafreecoherent in error path takes priv-rxbuf.alloclen as the dma handle. This would lead to improper...

kernel: smc: Fix use-after-free in __pnet_find_base_ndev()

In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in pnetfindbasendev. syzbot reported use-after-free of netdevice in pnetfindbasendev, which was called during connect. 0 smcpnetfindismresource fetches skdstgetsk-dev and passes down to pnetfindbasendev,...

ALSA-2026:2378 Moderate: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: vsock/vmci: Clear the vmci transport packet properly when initializing it CVE-2025-38403 kernel: net: use dstdevrcu in sksetupcaps...

CVE-2025-40239

In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: always set shared-phydev for LAN8814 Currently, during the LAN8814 PTP probe shared-phydev is only set if PTP clock gets actually set, otherwise the function will return before setting it. This is an issue as...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-49980: USB: gadget: fix use-after-free read in usbudcuevent bsc1245110. CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev-devname,shortname...

CLSA-2025-1753298962 kernel: Fix of 13 CVEs

udf: Fix a slab-out-of-bounds write bug in udffindentry CVE-2022-49846 - net: atm: fix use after free in lecsend CVE-2025-22004 - ovl: fix UAF in ovldentryupdatereval by moving dput in ovllinkup CVE-2025-21887 - rcutorture: Fix ksoftirqd boosting timing and iteration CVE-2022-50177 - tty: ngsm:...

PT-2025-38564

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.17.0-rc2+ and earlier Description A NULL pointer dereference issue was identified in the smc ib is sg need sync function within the smc module of the Linux kernel. This occurs when the software RoCE device is used,...

PT-2025-16741

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A bug in the Linux kernel's network library has been resolved. The issue occurred because the hardware only supports L4 checksum offload for TCP/UDP/SCTP protocols, but the software...

CVE-2024-56639 net: hsr: must allocate more bytes for RedBox support

In the Linux kernel, the following vulnerability has been resolved: net: hsr: must allocate more bytes for RedBox support Blamed commit forgot to change hsrinitskb to allocate larger skb for RedBox case. Indeed, sendhsrsupervisionframe will add two additional components struct hsrsuptlv and struc...

Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005552 fixes several issues. The following security issues were fixed: CVE-2024-35905: Fixed int overflow for stack access size bsc1226327. CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2024-35863: Fixed potential UAF i...

CLSA-2024-1713790844 Fix of 12 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-23307 - md/raid5: fix atomicity violation in raid5cachecount CVE-url: https://ubuntu.com/security/CVE-2021-46932 - Input: appletouch - initialize work before device registration CVE-url: https://ubuntu.com/security/CVE-2021-46936 - net: fix...

SUSE CVE-2017-7401

Incorrect interaction of the parsepacket and parsepartsignsha256 functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service infinite loop of a collectd instance configured with "SecurityLevel None" and with empty "AuthFile" options via a crafted UDP...

OpenZeppelin 安全漏洞

OpenZeppelin is a software application. A standard for secure blockchain applications. A security vulnerability exists in OpenZeppelin Contracts for Cairo v0.2.0 that stems from a bug in OpenZeppelin Contracts for Cairo v0.2.0 that causes account contracts to be unavailable on the live network...

AZL-9292 CVE-2022-28356 affecting package kernel for versions less than 5.15.37.1-2

In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/afllc.c...

kernel: net: insufficient data_len validation in sock_alloc_send_pskb()

The sockallocsendpskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service heap-based buffer overflow and system crash or possibly gain privileges by leveraging access to a TUN/TAP...