279 matches found
thunderbolt: Validate XDomain request packet size before type cast
...
CVE-2026-53147
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request packet size before type cast tbxdphandlerequest casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for the target type. A peer...
UBUNTU-CVE-2026-53241
In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: dummy: fix UMP event stack overread The dummy sequencer port forwards events by copying an incoming struct sndseqevent into a stack temporary, rewriting source and destination, and dispatching the temporary to...
UBUNTU-CVE-2026-53147
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request packet size before type cast tbxdphandlerequest casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for the target type. A peer...
EUVD-2026-39192
In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: dummy: fix UMP event stack overread The dummy sequencer port forwards events by copying an incoming struct sndseqevent into a stack temporary, rewriting source and destination, and dispatching the temporary to...
CVE-2026-53241
CVE-2026-53241 concerns the Linux kernel ALSA: seq (dummy) port handling of UMP events. The issue arises when a UMP event is copied into a stack temporary and then dispatched; the temporary storage is legacy-sized, while the UMP packet is larger, leading to a read past the end of the temporary. T...
EUVD-2026-39238
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request packet size before type cast tbxdphandlerequest casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for the target type. A peer...
CVE-2026-53147
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request packet size before type cast tbxdphandlerequest casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for the target type. A peer...
CVE-2026-53147 thunderbolt: Validate XDomain request packet size before type cast
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request packet size before type cast tbxdphandlerequest casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for the target type. A peer...
CVE-2026-53147
The CVE-2026-53147 issue affects the Linux kernel Thunderbolt XDomain handling. tb_xdp_handle_request() casts the received packet buffer to protocol-specific structs without confirming that the allocation is large enough for the target type. A peer could send a minimal XDomain packet that passes ...
EUVD-2026-38704
In the Linux kernel, the following vulnerability has been resolved: batman-adv: tvlv: reject oversized TVLV packets batadvtvlvcontainerogmappend builds a TVLV packet section from the tvlv.containerlist. The total size of this section is computed by batadvtvlvcontainerlistsize, which sums the size...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etf: Fixed a global-out-of-bounds issue in tmcupdateetfbuffer. The commit 6f755e85c332 “coresight: Add helper for inserting synchronization packets” removed the trailing \0 from the barrierpkt array and updated the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: sched: schcake: bounds checks were added to the host bulk flow fairness counts. Although we fixed a logic error in the commit cited below, the syzbot still managed to cause an underflow in the per-host bulk flow counters, resulti...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm/sun4i: dsi: Prevent underflow when calculating packet sizes. Currently, the packet overhead is subtracted using unsigned arithmetic. With a short sync pulse, this could lead to an underflow, causing the value to wrap around t...
Astra Linux – Vulnerability in Erlang
Erlang is a programming language and runtime system designed for building massively scalable, soft-real-time systems with high availability requirements. OTP is a set of Erlang libraries, which includes the Erlang runtime system and several ready-to-use components written in Erlang. The packet si...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: media: venus: Added a check for the packet size after reading from shared memory. A check was added to ensure that the packet size does not exceed the number of available words after reading the packet header from shared memory...
CVE-2026-46702 Russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets
Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer...
PT-2026-43221
Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigg...
libssh2: Fix of 2 CVEs
CVE-2019-3860: bounds-check SFTP packet sizes in sftppacketrequire/v and sftpbin2attr - CVE-2019-3861: bounds-check paddinglength in libssh2transportread...
CVE-2026-43062
CVE-2026-43062 concerns the Linux kernel Bluetooth L2CAP path, where l2cap_ecred_reconf_rsp() incorrectly casts incoming data to struct l2cap_ecred_conn_rsp instead of struct l2cap_ecred_reconf_rsp. This type confusion causes: (1) the length check to require 8 bytes instead of 2, rejecting valid ...