EUVD-2026-27758

In the Linux kernel, the following vulnerability has been resolved: netconsole: avoid OOB reads, msg is not nul-terminated msg passed to netconsole from the console subsystem is not guaranteed to be nul-terminated. Before recent commit 7eab73b18630 "netconsole: convert to NBCON console...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: powerpc/paprscm: Fixed the issue where elements of nvdimmeventsmap were leaking during calls to paprscmpmucheckevents, paprscmremove, and paprscmpmuregister. Additionally, the individual statid values were no longer...

CVE-2026-43028

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: ensure names are nul-terminated Reject names that lack a \0 character before feeding them to functions that expect c-strings. Fixes tag is the most recent commit that needs this change...

CVE-2026-35381

A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s only-delimited flag when using the -z null-terminated and -d '' empty delimiter options together. The implementation incorrectly routes this specific combination through a specialized newline-delimiter code...

CVE-2026-35381

CVE-2026-35381 describes a logic error in the cut utility of the uutils coreutils project. When using -z (null-terminated) and -d '' (empty delimiter) together with -s (only-delimited), the code path incorrectly routes the case to a newline-delimiter handler that does not check record suppression...

CVE-2026-35381

A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s only-delimited flag when using the -z null-terminated and -d '' empty delimiter options together. The implementation incorrectly routes this specific combination through a specialized newline-delimiter code...

Linux Distros Unpatched Vulnerability : CVE-2026-35381

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s only-delimited flag when using the -z null-terminated and -d '' empty...

CVE-2023-53582 wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds Fix a stack-out-of-bounds read in brcmfmac that occurs when 'buf' that is not null-terminated is passed as an argument of strreplace in...

CVE-2023-53582

Concrete details found: CVE-2023-53582 affects the Linux kernel’s brcmfmac wifi driver. The issue is a stack-out-of-bounds read that occurs when a CLM version string, filled via memcpy() in brcmf_fil_iovar_data_get(), is passed as an argument to strreplace() in brcmf_c_preinit_dcmds() without bei...

EUVD-2025-27910

Malicious code in bioql PyPI...

netfilter: xt_nfacct: don't assume acct name is null-terminated

...

[ceph] parse_longname(): strrchr() expects NUL-terminated string

...

Linux Distros Unpatched Vulnerability : CVE-2025-38660

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ceph parselongname: strrchr expects NUL-terminated string ... and parselongname is not...

AZL-66617 CVE-2025-38639 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtnfacct: don't assume acct name is null-terminated BUG: KASAN: slab-out-of-bounds in .. lib/vsprintf.c:721 Read of size 1 at addr ffff88801eac95c8 by task syz-executor183/5851 .. string+0x231/0x2b0 lib/vsprintf.c:721...

SUSE CVE-2025-38573

In the Linux kernel, the following vulnerability has been resolved: spi: cs42l43: Property entry should be a null-terminated array The software node does not specify a count of property entries, so the array must be null-terminated. When unterminated, this can lead to a fault in the downstream...

DEBIAN-CVE-2025-38573

In the Linux kernel, the following vulnerability has been resolved: spi: cs42l43: Property entry should be a null-terminated array The software node does not specify a count of property entries, so the array must be null-terminated. When unterminated, this can lead to a fault in the downstream...

CVE-2025-38573 spi: cs42l43: Property entry should be a null-terminated array

In the Linux kernel, the following vulnerability has been resolved: spi: cs42l43: Property entry should be a null-terminated array The software node does not specify a count of property entries, so the array must be null-terminated. When unterminated, this can lead to a fault in the downstream...

kernel: scsi: qedf: Ensure the copied buf is NUL terminated

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure that the string is...

kernel: scsi: qedf: Ensure the copied buf is NUL terminated

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure that the string is...

DEBIAN-CVE-2024-5991

In function MatchDomainName, input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509checkhost takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do...