323 matches found
UBUNTU-CVE-2026-53329
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Use kreallocarray in dalvectorreserve Why & How dalvectorreserve computes the allocation size as "capacity vector-structsize" using uint32t arithmetic, which can silently wrap to a small value on overflow. This...
EUVD-2026-40963
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Use kreallocarray in dalvectorreserve Why & How dalvectorreserve computes the allocation size as "capacity vector-structsize" using uint32t arithmetic, which can silently wrap to a small value on overflow. This...
CVE-2026-53329
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Use kreallocarray in dalvectorreserve Why & How dalvectorreserve computes the allocation size as "capacity vector-structsize" using uint32t arithmetic, which can silently wrap to a small value on overflow. This...
TencentOS Server 3: kernel (TSSA-2026:0544)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0544 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
SUSE CVE-2026-53203
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add buffer overflow check in MS getinfoioctl Add validation that the info size returned from the metric stream info query is not exceeded when checked against the allocated buffer size. If the firmware returns a size...
UBUNTU-CVE-2026-53203
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add buffer overflow check in MS getinfoioctl Add validation that the info size returned from the metric stream info query is not exceeded when checked against the allocated buffer size. If the firmware returns a size...
EUVD-2026-39294
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add buffer overflow check in MS getinfoioctl Add validation that the info size returned from the metric stream info query is not exceeded when checked against the allocated buffer size. If the firmware returns a size...
EUVD-2026-38889
In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix integer overflow in UNMAP bounds check sbcexecuteunmap checks LBA + range does not exceed the device capacity, but does not guard against LBA + range wrapping around on 64-bit overflow. Add an overflow che...
CVE-2026-53021
In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix integer overflow in UNMAP bounds check sbcexecuteunmap checks LBA + range does not exceed the device capacity, but does not guard against LBA + range wrapping around on 64-bit overflow. Add an overflow che...
CVE-2026-53068 drm/komeda: fix integer overflow in AFBC framebuffer size check
In the Linux kernel, the following vulnerability has been resolved: drm/komeda: fix integer overflow in AFBC framebuffer size check The AFBC framebuffer size validation calculates the minimum required buffer size by adding the AFBC payload size to the framebuffer offset. This addition is performe...
EUVD-2026-38936
In the Linux kernel, the following vulnerability has been resolved: drm/komeda: fix integer overflow in AFBC framebuffer size check The AFBC framebuffer size validation calculates the minimum required buffer size by adding the AFBC payload size to the framebuffer offset. This addition is performe...
EUVD-2026-38927
In the Linux kernel, the following vulnerability has been resolved: dm log: fix out-of-bounds write due to regioncount overflow The local variable regioncount in createlogcontext is declared as unsigned int 32-bit, but dmsectordivup returns sectort 64-bit. When a device-mapper target has a...
CVE-2026-53059 dm log: fix out-of-bounds write due to region_count overflow
In the Linux kernel, the following vulnerability has been resolved: dm log: fix out-of-bounds write due to regioncount overflow The local variable regioncount in createlogcontext is declared as unsigned int 32-bit, but dmsectordivup returns sectort 64-bit. When a device-mapper target has a...
CVE-2026-53059
CVE-2026-53059 affects the Linux kernel device-mapper log (dm_log) component. The root cause is an integer overflow: region_count is 32-bit, while dm_sector_div_up() returns 64-bit, so a large ti->len with a small region_size can overflow UINT_MAX. This truncation leads to undersized bitsets a...
CVE-2026-53021 scsi: target: core: Fix integer overflow in UNMAP bounds check
In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix integer overflow in UNMAP bounds check sbcexecuteunmap checks LBA + range does not exceed the device capacity, but does not guard against LBA + range wrapping around on 64-bit overflow. Add an overflow che...
CVE-2026-53021
The CVE-2026-53021 entry concerns the Linux kernel SCSI subsystem, specifically the target: core code. The vulnerability arises in sbc_execute_unmap() where LBA + range is not guarded against 64-bit overflow, allowing an overflow in the bounds check beyond device capacity. The fix adds an overflo...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: A overflow issue was identified in IOMMUTESTOPADDRESERVED. syzkaller discovered that this could lead to an overflow in the test infrastructure and cause a WARN message by corrupting the reserved interval tree...
CVE-2026-52914 batman-adv: fix fragment reassembly length accounting
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix fragment reassembly length accounting batman-adv keeps a running payload length for queued fragments and uses it to validate a fragment chain before reassembly. That accounting currently allows the accumulated...
PT-2026-51953
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer overflow exists in the device-mapper log dm log component. The region count local variable in the create log context function is declared as a 32-bit unsigned integer, while t...
PT-2026-51915
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer overflow exists in the SCSI target core component. The sbc execute unmap function verifies that the Logical Block Address LBA plus the range does not exceed the device capacit...