Lucene search
+L

730 matches found

bdu_fstec
bdu_fstec
added 2026/07/08 12:0 a.m.3 views

The vulnerability of the drivers/gpu/drm/panthor components of the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the drivers/gpu/drm/ptorh components of the Linux operating system is related to pointer arithmetic errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6AI score0.00172EPSS
Exploits0References11Affected Software5
mscve
mscve
added 2026/06/27 8:11 a.m.3 views

KVM: s390: pci: fix GAIT table indexing due to double-scaling pointer arithmetic

...

7.1CVSS6.1AI score0.00131EPSS
Exploits0
bdu_fstec
bdu_fstec
added 2026/06/25 12:0 a.m.4 views

The vulnerability of the `snd_usb_create_streams()` function in Linux operating system USB audio drivers allows a hacker to cause a service failure.

The vulnerability of the sndusbcreatestreams function in the Linux operating system’s USB audio driver is related to pointer arithmetic errors. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS5.8AI score0.00171EPSS
Exploits0References15Affected Software4
nvd
nvd
added 2026/06/24 5:17 p.m.8 views

CVE-2026-52968

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: pci: fix GAIT table indexing due to double-scaling pointer arithmetic kvms390pciaifenable, kvms390pciaifdisable, and aenhostforward index the GAIT by manually multiplying the index with sizeofstruct zpcigaite. Since...

7.1CVSS0.00131EPSS
Exploits0References6
osv
osv
added 2026/06/24 4:28 p.m.3 views

CVE-2026-52968 KVM: s390: pci: fix GAIT table indexing due to double-scaling pointer arithmetic

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: pci: fix GAIT table indexing due to double-scaling pointer arithmetic kvms390pciaifenable, kvms390pciaifdisable, and aenhostforward index the GAIT by manually multiplying the index with sizeofstruct zpcigaite. Since...

7.1CVSS5.8AI score0.00131EPSS
Exploits0References9
attackerkb
attackerkb
added 2026/06/24 4:28 p.m.6 views

CVE-2026-52968

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: pci: fix GAIT table indexing due to double-scaling pointer arithmetic kvms390pciaifenable, kvms390pciaifdisable, and aenhostforward index the GAIT by manually multiplying the index with sizeofstruct zpcigaite. Since...

5.7AI score0.00131EPSS
Exploits0References7Affected Software1
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.6 views

PT-2026-51862

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM s390 PCI implementation where the GAIT table is indexed using double-scaling pointer arithmetic. The functions kvm s390 pci aif enable, kvm s390 pci aif disabl...

6AI score0.00131EPSS
Exploits0References15
astralinux
astralinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1, Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: iwlwifi: mvm – Fixed a memory corruption issue A few lines above, space is allocated using kzalloc for: sizeofstruct iwlnvmdata + sizeofstruct ieee80211channel + sizeofstruct ieee80211rate mvm-nvmdata is a struct iwlnvmdata...

7.8CVSS6.3AI score0.00237EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: s390/bpf: Fixed pointer arithmetic in bpfplt. Kui-Feng Lee reported a crash on the s390x architecture, triggered by the dummystops/dummyinitptrarg test 1: 0x2 bpfstructopstestrun+0x156/0x250 sysbpf+0xa1a/0xd00...

5.5CVSS5.7AI score0.0021EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed the masking negation logic when dealing with a negative dst register. The negation logic for the case where the offreg is stored in the dst register is incorrect; therefore, we cannot simply invert the addition operati...

5.5CVSS6.1AI score0.00238EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux

A issue was discovered in the Linux kernel through version 5.11.x. The kernel/bpf/verifier.c file contains unwanted out-of-bounds speculation during pointer arithmetic operations, which allows for side-channel attacks that circumvent Spectre mitigations and extract sensitive information from kern...

5.5CVSS6.4AI score0.01071EPSS
Exploits0References2
suse
suse
added 2026/05/06 12:6 p.m.7 views

Security update for openexr

This update for openexr fixes the following issues: CVE-2026-40244: Integer overflow in DWA setupChannelData planarUncRle pointer arithmetic bsc1262426. CVE-2026-40250: Integer overflow in DWA decoder outBufferEnd pointer arithmetic bsc1262425. Patch Instructions: To install this SUSE update use...

8.4CVSS5.8AI score0.0045EPSS
Exploits0References8
osv
osv
added 2026/05/02 12:0 p.m.6 views

RUSTSEC-2026-0130 Out-of-bounds read/write in `Index` and `IndexMut` implementations

The Index and IndexMut implementations for Caja use unchecked pointer arithmetic without bounds validation. Creating a Caja with a small key and then accessing an out-of-range index causes out-of-bounds reads or writes beyond the allocated memory. This can be triggered through safe public APIs —...

5.8AI score
Exploits0References3
osv
osv
added 2026/05/02 12:0 p.m.8 views

RUSTSEC-2026-0133 Invalid pointer arithmetic in `iter()` and `iter_mut()`

The iter and itermut APIs compute current = &children0 as const const RawAutoChild.sub1, which performs pointer subtraction going before the start of the allocation. This is undefined behavior per Rust's pointer arithmetic rules. This can be triggered through safe public APIs — iter and itermut —...

5.8AI score
Exploits0References3
rustsec
rustsec
added 2026/05/02 12:0 p.m.12 views

Invalid pointer arithmetic in `iter()` and `iter_mut()`

The iter and itermut APIs compute current = &children0 as const const RawAutoChild.sub1, which performs pointer subtraction going before the start of the allocation. This is undefined behavior per Rust's pointer arithmetic rules. This can be triggered through safe public APIs — iter and itermut —...

5.8AI score
Exploits0
rustsec
rustsec
added 2026/05/02 12:0 p.m.13 views

Out-of-bounds read/write in `Index` and `IndexMut` implementations

The Index and IndexMut implementations for Caja use unchecked pointer arithmetic without bounds validation. Creating a Caja with a small key and then accessing an out-of-range index causes out-of-bounds reads or writes beyond the allocated memory. This can be triggered through safe public APIs —...

5.8AI score
Exploits0Affected Software1
cnnvd
cnnvd
added 2026/05/01 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the possibility of overflowing the u16 DACL size when performing operations on setposixaclentriesdacl a...

5.5CVSS5.8AI score0.00117EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/04/24 2:44 p.m.5 views

CVE-2026-31636

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix RESPONSE authenticator parser OOB read rxgkverifyauthenticator copies authlen bytes into a temporary buffer and then passes p + authlen as the parser limit to rxgkdoverifyauthenticator. Since p is a be32 , that inflate...

5.5AI score0.00442EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/04/08 3:9 p.m.1 views

GHSA-P8XC-W3Q4-H64X OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write

Summary The DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. For a large enough width, the calculation overflows and later decoder stores operate on a wrapped pointer outside the allocated rowBlock backing store. This bug is reachable from the...

8.4CVSS5.9AI score0.00419EPSS
Exploits1References6
github
github
added 2026/04/08 3:9 p.m.11 views

OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write

Summary The DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. For a large enough width, the calculation overflows and later decoder stores operate on a wrapped pointer outside the allocated rowBlock backing store. This bug is reachable from the...

8.8CVSS6AI score0.00419EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder