282 matches found
CVE-2026-10652
Zephyr's DNS resolver subsys/net/lib/dns parses resource records from DNS responses in dnsunpackanswer, which validated only the fixed RR header type, class, TTL, rdlength and accepted any attacker-declared rdlength, including one extending past the end of the received datagram. The TXT and SRV...
Linux Distros Unpatched Vulnerability : CVE-2026-53147
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - thunderbolt: Validate XDomain request packet size before type cast tbxdphandlerequest casts the received packet buffer to protocol-specific structs without...
thunderbolt: Validate XDomain request packet size before type cast
...
CVE-2026-53147
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request packet size before type cast tbxdphandlerequest casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for the target type. A peer...
UBUNTU-CVE-2026-53147
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request packet size before type cast tbxdphandlerequest casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for the target type. A peer...
UBUNTU-CVE-2026-53241
In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: dummy: fix UMP event stack overread The dummy sequencer port forwards events by copying an incoming struct sndseqevent into a stack temporary, rewriting source and destination, and dispatching the temporary to...
CVE-2026-53241
CVE-2026-53241 concerns the Linux kernel ALSA: seq (dummy) port handling of UMP events. The issue arises when a UMP event is copied into a stack temporary and then dispatched; the temporary storage is legacy-sized, while the UMP packet is larger, leading to a read past the end of the temporary. T...
CVE-2026-53241
In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: dummy: fix UMP event stack overread The dummy sequencer port forwards events by copying an incoming struct sndseqevent into a stack temporary, rewriting source and destination, and dispatching the temporary to...
EUVD-2026-39192
In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: dummy: fix UMP event stack overread The dummy sequencer port forwards events by copying an incoming struct sndseqevent into a stack temporary, rewriting source and destination, and dispatching the temporary to...
EUVD-2026-39238
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request packet size before type cast tbxdphandlerequest casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for the target type. A peer...
CVE-2026-53147
The CVE-2026-53147 issue affects the Linux kernel Thunderbolt XDomain handling. tb_xdp_handle_request() casts the received packet buffer to protocol-specific structs without confirming that the allocation is large enough for the target type. A peer could send a minimal XDomain packet that passes ...
CVE-2026-53147 thunderbolt: Validate XDomain request packet size before type cast
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request packet size before type cast tbxdphandlerequest casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for the target type. A peer...
CVE-2026-53147
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request packet size before type cast tbxdphandlerequest casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for the target type. A peer...
EUVD-2026-38704
In the Linux kernel, the following vulnerability has been resolved: batman-adv: tvlv: reject oversized TVLV packets batadvtvlvcontainerogmappend builds a TVLV packet section from the tvlv.containerlist. The total size of this section is computed by batadvtvlvcontainerlistsize, which sums the size...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm/sun4i: dsi: Prevent underflow when calculating packet sizes. Currently, the packet overhead is subtracted using unsigned arithmetic. With a short sync pulse, this could lead to an underflow, causing the value to wrap around t...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etf: Fixed a global-out-of-bounds issue in tmcupdateetfbuffer. The commit 6f755e85c332 “coresight: Add helper for inserting synchronization packets” removed the trailing \0 from the barrierpkt array and updated the...
CVE-2026-46702 Russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets
Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer...
PT-2026-43221
Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigg...
libssh2: Fix of 2 CVEs
CVE-2019-3860: bounds-check SFTP packet sizes in sftppacketrequire/v and sftpbin2attr - CVE-2019-3861: bounds-check paddinglength in libssh2transportread...
CVE-2026-43062
CVE-2026-43062 concerns the Linux kernel Bluetooth L2CAP path, where l2cap_ecred_reconf_rsp() incorrectly casts incoming data to struct l2cap_ecred_conn_rsp instead of struct l2cap_ecred_reconf_rsp. This type confusion causes: (1) the length check to require 8 bytes instead of 2, rejecting valid ...