GO-2026-5066 Panic decoding image with out-of-bounds strip offset in x/image/tiff in golang.org/x/image

The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset...

CVE-2026-53302

The CVE concerns the Linux kernel’s crypto/eip93 path. Specifically, eip93_hmac_setkey() creates a temporary ahash transform using a driver name (e.g., sha256-eip93) but passes CRYPTO_ALG_ASYNC as the mask, which excludes async algorithms. Since EIP93 hash algorithms are inherently async, the loo...

EUVD-2026-39837

In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93hmacsetkey allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cradrivername e.g. "sha256-eip93" but passes...

EUVD-2026-39902

In the Linux kernel, the following vulnerability has been resolved: net: mana: Guard manaremove against double invocation If PM resume fails e.g., manaattach returns an error, manaprobe calls manaremove, which tears down the device and sets gd-gdmacontext = NULL and gd-driverdata = NULL. However,...

CVE-2026-53297

The CVE-2026-53297 issue in the Linux kernel relates to the mana driver path (net: mana) where mana_remove() could be invoked twice: first during mana_probe() teardown and a second time if a resumed PM callback subsequently fails, leading to a NULL dereference when gc == NULL and a kernel panic. ...

CVE-2026-53024

A flaw was found in the Linux kernel's Greybus raw subsystem. A local user could trigger a use-after-free vulnerability by attempting to write to a character device chardev after it has been disconnected. This can lead to a kernel panic, resulting in a Denial of Service DoS for the system...

CVE-2026-53025

A flaw was found in the Linux kernel's Greybus raw subsystem. A local user application could trigger a use-after-free vulnerability by disconnecting a Greybus raw bundle while its associated character device was still open. When the application subsequently attempts to release the character devic...

CVE-2026-53242

A flaw was found in the Advanced Linux Sound Architecture ALSA Pulse-Code Modulation PCM component of the Linux kernel. This vulnerability involves a corruption of wait queue lists within the sndpcmdrain function when processing linked streams. An attacker could exploit this issue to trigger a...

GHSA-78MQ-XCR3-XM33 golang.org/x/crypto/ssh is vulnerable to invoking server panic during CheckHostKey/Authenticate flow

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

GHSA-Q4H4-GMJ2-QVW2 golang.org/x/crypto/ssh: Invoking byte arithmetic causes underflow and panic

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

EUVD-2026-31402

golang.org/x/crypto/ssh/agent: Invoking pathological inputs can lead to client panic...

GHSA-9M57-25V3-79X9 golang.org/x/crypto/ssh/agent: Invoking pathological inputs can lead to client panic

For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...

CVE-2026-46601

The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size...

EUVD-2026-39550

The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size...

CVE-2026-53039

A flaw was found in the OCFS2 Oracle Cluster File System 2 component of the Linux kernel. A local user could exploit an input validation vulnerability in the OCFS2IOCGROUPADD ioctl. This flaw allows an attacker to trigger a kernel panic, resulting in a denial of service DoS for the affected syste...

CVE-2026-53105

A flaw was found in the Linux kernel's Wi-Fi subsystem, specifically within the mt76: mt7925 driver. This vulnerability occurs due to a missing check for a NULL 'vif' Virtual Interface before it is accessed. An attacker could potentially trigger a kernel panic by exploiting scenarios where the...

EUVD-2026-39193

In the Linux kernel, the following vulnerability has been resolved: ALSA: PCM: Fix wait queue list corruption in sndpcmdrain on linked streams sndpcmdrain uses initwaitqueueentry which does not clear entry.prev/next, and addwaitqueue with a conditional removewaitqueue that is skipped when tocheck...

EUVD-2026-39235

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix NULL dereference in getqueueids When usrqueueidarray is NULL and numqueues is non-zero, getqueueids returns NULL. The callers check only ISERR on the return value; since ISERRNULL == false the check passes, and...

CVE-2026-53144

The CVE-2026-53144 issue affects the Linux kernel drm/amdkfd path. If usr_queue_id_array is NULL and num_queues is non-zero, get_queue_ids() can return NULL, and callers that only check IS_ERR() miss this, allowing suspend_queues() to call q_array_invalidate() and dereference NULL during iteratio...

CVE-2026-52796

Gogs is an open source self-hosted Git service. Prior to 0.14.3, specially crafted issue index pattern can cause a panic when rendering, resulting in denial of service. In internal/markup/markup.go, RenderIssueIndexPattern renders the issue index pattern to a link using com.Expand, which is not...