327 matches found
JLSEC-2026-380
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation...
CVE-2026-31707 ksmbd: validate response sizes in ipc_validate_msg()
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate response sizes in ipcvalidatemsg ipcvalidatemsg computes the expected message size for each response type by adding or multiplying attacker-controlled fields from the daemon response to a fixed struct size in...
EUVD-2026-26513
In the Linux kernel, the following vulnerability has been resolved: ksmbd: use checkaddoverflow to prevent u16 DACL size overflow setposixaclentriesdacl and setntacldacl accumulate ACE sizes in u16 variables. When a file has many POSIX ACL entries, the accumulated size can wrap past 65535, causin...
PT-2026-36337
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer overflow exists in the ipc validate msg function within the ksmbd module. The function calculates the expected message size for response types by performing unsigned integer...
PT-2026-36334
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the ksmbd module, the functions set posix acl entries dacl and set ntacl dacl accumulate Access Control Entry ACE sizes using u16 variables. When a file contains numerous POSIX ACL...
CVE-2026-3886
virtio-gpu: fix overflow check when allocating 2d image...
CVE-2026-41254
Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication...
CVE-2026-31417
In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix overflow when accumulating packets Add a check to ensure that x25sock.fraglen does not overflow. The fraglen also needs to be resetted when purging fragmentqueue in x25clearqueues...
SUSE CVE-2026-31412
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fmassstorage: Fix potential integer overflow in checkcommandsizeinblocks The checkcommandsizeinblocks function calculates the data size in bytes by left shifting common-datasizefromcmnd by the block size...
DEBIAN-CVE-2026-31412
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fmassstorage: Fix potential integer overflow in checkcommandsizeinblocks The checkcommandsizeinblocks function calculates the data size in bytes by left shifting common-datasizefromcmnd by the block size...
UBUNTU-CVE-2026-31412
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fmassstorage: Fix potential integer overflow in checkcommandsizeinblocks The checkcommandsizeinblocks function calculates the data size in bytes by left shifting common-datasizefromcmnd by the block size...
CVE-2026-31412
The CVE-2026-31412 vulnerability exists in the Linux kernel USB gadget f_mass_storage implementation, where an unchecked left shift of data_size_from_cmnd by blkbits could overflow, truncating data size and enabling memory corruption or out-of-bounds access. The root cause is lack of overflow val...
CVE-2026-31412
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fmassstorage: Fix potential integer overflow in checkcommandsizeinblocks The checkcommandsizeinblocks function calculates the data size in bytes by left shifting common-datasizefromcmnd by the block size...
PT-2026-34987
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory corruption issue exists in the RxRPC subsystem of the Linux kernel, specifically within the rxgk verify response function. The function incorrectly validates the auth len...
EUVD-2026-15200
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Prevent ubuf size overflow The ubuf size calculation may overflow, resulting in an undersized allocation and possible memory corruption. Use checkaddoverflow helpers to validate the size calculation before allocati...
CLSA-2026-1774437406 Fix CVE(s): CVE-2026-30883
SECURITY UPDATE: heap over-write in PNG raw profile writer - debian/patches/CVE-2026-30883.patch: add overflow check for allocatedlength in Magickpngwriterawprofile to prevent integer overflow leading to heap over-write - CVE-2026-30883...
CLSA-2026-1774009875 Fix CVE(s): CVE-2026-25210
SECURITY UPDATE: integer overflow in doContent tag buffer reallocation. - debian/patches/CVE-2026-25210.patch: add overflow check for tag buffer reallocation - CVE-2026-25210...
CLSA-2026-1773930717 Fix CVE(s): CVE-2026-25210
SECURITY UPDATE: integer overflow in doContent tag buffer reallocation. - debian/patches/CVE-2026-25210.patch: add overflow check for tag buffer reallocation - CVE-2026-25210...
EulerOS Virtualization 2.13.1 : kernel (EulerOS-SA-2026-1637)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : scsi: target: Fix WRITESAME No Data Buffer crashCVE-2022-21546 iommu/arm-smmu-v3-sva: Fix mm use-after-freeCVE-2022-49426 module: f...
CLSA-2026-1772451135 Fix CVE(s): CVE-2026-25897, CVE-2026-26284
SECURITY UPDATE: out-of-bounds read vulnerability - debian/patches/CVE-2026-26284.patch: Fix incorrect loop initialization in delta decoding; prevent out-of-bounds read caused by starting table scan at invalid index. - CVE-2026-26284 SECURITY UPDATE: out-of-bounds heap write on 32-bit systems -...