475 matches found
CVE-2026-45873
CVE-2026-45873 concerns Linux kernel netfilter nft_set_rbtree. The issue arises from partial overlap detection for anonymous sets where adjacent intervals omit end elements, allowing overlaps such as A-B and A-C with C
PT-2026-43740
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter component within the nft set rbtree function. The partial overlap detection logic for anonymous sets incorrectly skips checks on start elements due to an...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the local overlap detection logic in netfilter’s nftsetrbtree. This logic skips the initial eleme...
CVE-2026-45999
erofs: fix unsigned underflow in zerofslz4handleoverlap...
PT-2026-43866
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description An unsigned underflow exists in the z erofs lz4 handle overlap function within the erofs component. Specifically, crafted images containing illegal extents where !partial decoding is true a...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an unsigned overflow in the zerofslz4handleoverlap function within erofs. This vulnerability may...
Linux Distros Unpatched Vulnerability : CVE-2026-45873
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nftsetrbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the e...
Linux Distros Unpatched Vulnerability : CVE-2026-46051
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - md/raid5: fix soft lockup in retryalignedread When retryalignedread encounters an overlapped stripe, it releases the stripe via raid5releasestripe which puts it...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mshv: Fixed the check for overlap in memory regions. The current check was incorrect; it only checks whether the beginning or end of a region is within an existing region. This does not take into account cases where the user spac...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: vt: Fixed memory overlap issues when deleting characters from the buffer. A memory overlap copy occurs when deleting a long line. This memory overlap can lead to data corruption when scrmemcpyw is optimized to memcpy, because...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: virtionet: Fixed a misalignment bug in the struct virtnetinfo structure. Use the new TRAILINGOVERLAP helper to fix the misalignment bug, along with the following warning: drivers/net/virtionet.c:429:46: warning: Structure...
Astra Linux – Vulnerability in Qemu
A reentrancy issue related to DMA was discovered in the USB EHCI controller emulation of QEMU. EHCI does not verify whether the Buffer Pointer overlaps with its MMIO region when transferring USB packets. Crafted content may be written to the controller’s registers, potentially triggering...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftsetrbtree: Fixed an issue with overlapping expiration walks. The lazy garbage collection during insertion, which should remove entries when the timeout occurs, fails to properly release the remaining part of the...
Astra Linux – Vulnerability in Firefox and Thunderbird
If a website sets a large custom cursor, portions of the cursor may overlap with the permission dialog, potentially causing confusion for users and leading to unexpected granting of permissions. This vulnerability affects Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8...
CVE-2026-45028
Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypte...
Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.3.3
Red Hat OpenShift Service Mesh 3.3.3 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.3....
golang: cmd/compile: no-op interface conversion bypasses overlap checking
A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data...
golang: cmd/compile: no-op interface conversion bypasses overlap checking
A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data...
Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017692)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017692 advisory. An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5Olinkdecode in H5Olink.c. Tenable has extracted the...
CVE-2026-43289
In the Linux kernel, the following vulnerability has been resolved: kexec: derive purgatory entry from symbol kexecloadpurgatory derives image-start by locating eentry inside an SHFEXECINSTR section. If the purgatory object contains multiple executable sections with overlapping shaddr, the...