475 matches found
Astra Linux - ŃŃŠ·Š²ŠøŠ¼Š¾ŃŃŃ Š² linux
A issue was discovered in the Linux kernel through version 5.11.x. The kernel/bpf/verifier.c file contains unwanted out-of-bounds speculation during pointer arithmetic operations, which allows for side-channel attacks that circumvent Spectre mitigations and extract sensitive information from kern...
Astra Linux - ŃŃŠ·Š²ŠøŠ¼Š¾ŃŃŃ Š² linux
In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed the masking negation logic when dealing with a negative dst register. The negation logic for the case where the offreg is stored in the dst register is incorrect; therefore, we cannot simply invert the addition operati...
Security update for openexr
This update for openexr fixes the following issues: CVE-2026-40244: Integer overflow in DWA setupChannelData planarUncRle pointer arithmetic bsc1262426. CVE-2026-40250: Integer overflow in DWA decoder outBufferEnd pointer arithmetic bsc1262425. Patch Instructions: To install this SUSE update use...
Astra Linux - ŃŃŠ·Š²ŠøŠ¼Š¾ŃŃŃ Š² linux-5.15, linux-6.1, linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: iwlwifi: mvm ā Fixed a memory corruption issue A few lines above, space is allocated using kzalloc for: sizeofstruct iwlnvmdata + sizeofstruct ieee80211channel + sizeofstruct ieee80211rate mvm-nvmdata is a struct iwlnvmdata...
Astra Linux - ŃŃŠ·Š²ŠøŠ¼Š¾ŃŃŃ Š² linux-5.10
In the Linux kernel, the following vulnerability has been resolved: s390/bpf: Fix bpfplt pointer arithmetic Kui-Feng Lee reported a crash on s390x triggered by the dummystops/dummyinitptrarg test 1: 0x2 bpfstructopstestrun+0x156/0x250 sysbpf+0xa1a/0xd00 s390xsysbpf+0x44/0x50 dosyscall+0x244/0x300...
RUSTSEC-2026-0133 Invalid pointer arithmetic in `iter()` and `iter_mut()`
The iter and itermut APIs compute current = &children0 as const const RawAutoChild.sub1, which performs pointer subtraction going before the start of the allocation. This is undefined behavior per Rust's pointer arithmetic rules. This can be triggered through safe public APIs ā iter and itermut ā...
Out-of-bounds read/write in `Index` and `IndexMut` implementations
The Index and IndexMut implementations for Caja use unchecked pointer arithmetic without bounds validation. Creating a Caja with a small key and then accessing an out-of-range index causes out-of-bounds reads or writes beyond the allocated memory. This can be triggered through safe public APIs ā...
Invalid pointer arithmetic in `iter()` and `iter_mut()`
The iter and itermut APIs compute current = &children0 as const const RawAutoChild.sub1, which performs pointer subtraction going before the start of the allocation. This is undefined behavior per Rust's pointer arithmetic rules. This can be triggered through safe public APIs ā iter and itermut ā...
RUSTSEC-2026-0130 Out-of-bounds read/write in `Index` and `IndexMut` implementations
The Index and IndexMut implementations for Caja use unchecked pointer arithmetic without bounds validation. Creating a Caja with a small key and then accessing an out-of-range index causes out-of-bounds reads or writes beyond the allocated memory. This can be triggered through safe public APIs ā...
Linux kernel å®å Øę¼ę“
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the possibility of overflowing the u16 DACL size when performing operations on setposixaclentriesdacl a...
CVE-2026-31636
In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix RESPONSE authenticator parser OOB read rxgkverifyauthenticator copies authlen bytes into a temporary buffer and then passes p + authlen as the parser limit to rxgkdoverifyauthenticator. Since p is a be32 , that inflate...
OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write
Summary The DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. For a large enough width, the calculation overflows and later decoder stores operate on a wrapped pointer outside the allocated rowBlock backing store. This bug is reachable from the...
GHSA-P8XC-W3Q4-H64X OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write
Summary The DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. For a large enough width, the calculation overflows and later decoder stores operate on a wrapped pointer outside the allocated rowBlock backing store. This bug is reachable from the...
kernel: HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save
In the Linux kernel, the following vulnerability has been resolved: HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save Improper use of secondary pointer &dev-i2csubipregs caused kernel crash and out-of-bounds error: BUG: KASAN: slab-out-of-bounds in...
Moderate: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
š PJSIP PJMEDIA H.264 Denial of Service
A logic validation flaw was identified in the H.264 packetization routine within the PJMEDIA component of PJSIP. Specifically, insufficient validation of FU-A Fragmentation Unit ā Type A state handling in pjmediah264packetize may allow malformed RTP payloads to trigger unsafe pointer arithmetic...
CVE-2026-24872
improper pointer arithmetic vulnerability in ProjectSkyfire SkyFire548.This issue affects SkyFire548: before 5.4.8-stable5...
CVE-2026-24872
improper pointer arithmetic vulnerability in ProjectSkyfire SkyFire548.This issue affects SkyFire548: before 5.4.8-stable5...
CVE-2026-24872
improper pointer arithmetic vulnerability in ProjectSkyfire SkyFire548.This issue affects SkyFire548: before 5.4.8-stable5...
CVE-2026-24872 Pointer arithmetic error in SkyFire_548
improper pointer arithmetic vulnerability in ProjectSkyfire SkyFire548.This issue affects SkyFire548: before 5.4.8-stable5...