UBUNTU-CVE-2026-46237

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn3: Avoid overflow on msg bound check As pointed out by SDL, the previous condition may be vulnerable to overflow. cherry picked from commit db00257ac9e4a51eb2515aaea161a019f7125e10...

CVE-2026-46006 drm/nouveau: fix u32 overflow in pushbuf reloc bounds check

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix u32 overflow in pushbuf reloc bounds check nouveaugempushbufrelocapply validates each relocation with if r-relocbooffset + 4 nvbo-bo.base.size but relocbooffset is u32 uapi/drm/nouveaudrm.h and the integer litera...

CVE-2026-46006

The CVE-2026-46006 entry concerns the Linux kernel’s drm/nouveau driver. A 32‑bit overflow in nouveau_gem_pushbuf_reloc_apply() could cause incorrect relocation bounds checks: r->reloc_bo_offset + 4 is computed in 32‑bit space, wrapping before comparing to nvbo->bo.base.size. The fix casts ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: anx7625: Fixed an overflow issue when reading EDID. The length of the EDID block can be longer than 256 bytes. Therefore, we should use int instead of u8 for the edidpos variable...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: fixed an issue where the qgroup reserve overflowed the qgroup limit. We use extentchangeset-byteschanged in qgroupreservedata to record how many bytes are set for the EXTENTQGROUPRESERVED state. Currently, byteschanged ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Watchdog: rzg2lwdt – Fixed the 32-bit overflow issue. The value of timercycleus can be 0 due to 32-bit overflow. For example, if we assign the counter value “0xfff” to compute maxval, this patch fixes this issue by appending...

EUVD-2026-30410

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed integer overflow in QueryRGBBufferSizeInternal in DPXColorConverter.cpp leads to a heap-based out-of-bounds write when...

CVE-2026-43330

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix overflow on long hmac keys When a key longer than block size is supplied, it is copied and then hashed into the real key. The memory allocated for the copy needs to be rounded to DMA cache alignment, as otherwi...

UBUNTU-CVE-2026-43330

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix overflow on long hmac keys When a key longer than block size is supplied, it is copied and then hashed into the real key. The memory allocated for the copy needs to be rounded to DMA cache alignment, as otherwi...

CVE-2026-43330

CVE-2026-43330 relates to the Linux kernel crypto/caam path, where an overflow occurs when a long HMAC key (longer than the block size) is copied for hashing. The vulnerability arises because the copy’s allocated memory is aligned for DMA, and the original kmemdup path could read beyond the key b...

PT-2026-38981

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix overflow on long hmac keys When a key longer than block size is supplied, it is copied and then hashed into the real key. The memory allocated for the copy needs to be rounded to DMA cache alignment, as otherwi...

CVE-2026-43078

The CVE-2026-43078 entry affects the Linux kernel crypto/af_alg component. A root-cause was an overflow in page reassignment within af_alg_pull_tsgl where the update to support page reallocation wasn’t fully reflected in the loop, allowing one extra page to be reassigned. The vulnerability is des...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: block: ublk: extending queuesize to fix overflow issues When validating the drafted SPDK ublk target, in cases where a large queue depth was assigned to the multiqueue ublk device, the ublk target would enter an incorrect state...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: firmware: armscpi: Fix string overflow in SCPI genpd driver Without the bound checks for scpipd-name, it could result in the buffer overflow when copying the SCPI device name from the corresponding device tree node as the name...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Fixed a couple of integer overflows on 32-bit systems. On 32-bit systems, the addition of “off + sizeofstruct NTFSDE” can lead to an integer wrapping issue. This issue was fixed by using sizeadd...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: In the net/sched module, there is an issue with taprio: Limiting TCATAPRIOATTRSCHEDCYCLETIME to INTMAX. syzkaller encountered a division error 0 in the divs64rem function, which is called from getcycletimeelapsed. In this functio...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: perf: armspe: Prevent overflow in PERFIDX2OFF By casting nrpages to unsigned long, an overflow can be avoided when handling large AUX buffer sizes = 2 GiB...

php: Fix of 4 CVEs

CVE-2018-14883: fix integer overflow leading to heap buffer overflow in exifthumbnailextract - CVE-2019-19246: fix heap buffer overflow in oniguruma strlowercasematch - CVE-2018-19518: disable imap rsh/ssh by default to prevent argument injection imap.enableinsecurersh INI added - CVE-2018-20783:...

DEBIAN-CVE-2026-31616

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fphonet: fix skb frags overflow in pnrxcomplete A broken/bored/mean USB host can overflow the skbsharedinfo-frags array on a Linux gadget exposing a Phonet function by sending an unbounded sequence of full-page OUT...

EUVD-2026-25509

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fphonet: fix skb frags overflow in pnrxcomplete A broken/bored/mean USB host can overflow the skbsharedinfo-frags array on a Linux gadget exposing a Phonet function by sending an unbounded sequence of full-page OUT...