14 matches found
EUVD-2026-35434
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two minregionsz on damonstart Commit d8f867fa0825 "mm/damon: add damonctx-minszregion" introduced a bug that allows unaligned DAMON region address ranges. Commit c80f46ac228b "mm/damon/core:...
SUSE CVE-2026-31686
In the Linux kernel, the following vulnerability has been resolved: mm/kasan: fix double free for kasan pXds kasanfreepxd assumes the page table is always struct page aligned. But that's not always the case for all architectures. E.g. In case of powerpc with 64K pagesize, PUD table of size 4096...
K000160557: OpenSSL vulnerability CVE-2025-69418
Security Advisory Description Issue summary: When using the low-level OCB API directly with AES-NI or other hardware-accelerated code paths, inputs whose length is not a multiple of 16 bytes can leave the final partial block unencrypted and unauthenticated. Impact summary: The trailing 1-15 bytes...
openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls
A flaw was found in OpenSSL. When applications directly call the low-level CRYPTOocb128encrypt or CRYPTOocb128decrypt functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are...
AZL-75899 CVE-2025-69418 affecting package edk2 for versions less than 20240524git3e722403cd16-14
Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...
CVE-2025-69418
Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...
Azure Linux 3.0 Security Update: kernel (CVE-2024-46853)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46853 advisory. - In the Linux kernel, the following vulnerability has been resolved: spi: nxp-fspi: fix the KASAN report...
SUSE CVE-2025-68794
In the Linux kernel, the following vulnerability has been resolved: iomap: adjust read range correctly for non-block-aligned positions iomapadjustreadrange assumes that the position and length passed in are block-aligned. This is not always the case however, as shown in the syzbot generated case...
SUSE CVE-2025-37866
In the Linux kernel, the following vulnerability has been resolved: mlxbf-bootctl: use sysfsemitat in securebootfusestateshow A warning is seen when running the latest kernel on a BlueField SOC: 251.512704 ------------ cut here ------------ 251.512711 invalid sysfsemit: buf:0000000003aa32ae...
CVE-2025-37866 mlxbf-bootctl: use sysfs_emit_at() in secure_boot_fuse_state_show()
In the Linux kernel, the following vulnerability has been resolved: mlxbf-bootctl: use sysfsemitat in securebootfusestateshow A warning is seen when running the latest kernel on a BlueField SOC: 251.512704 ------------ cut here ------------ 251.512711 invalid sysfsemit: buf:0000000003aa32ae...
DEBIAN-CVE-2023-52619
In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Fix crash when setting number of cpus to an odd number When the number of cpu cores is adjusted to 7 or other odd numbers, the zone size will become an odd number. The address of the zone will become: addr of zone0 =...
UBUNTU-CVE-2023-52619
In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Fix crash when setting number of cpus to an odd number When the number of cpu cores is adjusted to 7 or other odd numbers, the zone size will become an odd number. The address of the zone will become: addr of zone0 =...
SUSE CVE-2024-26616
In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned BUG There is a bug report that, on a ext4-converted btrfs, scrub leads to various problems, including: - "unable to find chunk map" errors BTRFS info device...
GHSA-PMCV-MGCF-RVXG Non-aligned u32 read in Chacha20 encryption and decryption
The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to std::slice::fromrawpartsmut, which breaks the contract and introduces undefined behavior. This affects Chacha20 encryption and decryption in crypto2...