Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of checking for the return value of in6devget in the ioam6fillTraceData function. This...

PT-2026-37410

In the Linux kernel, the following vulnerability has been resolved: bridge: guard local VLAN-0 FDB helpers against NULL vlan group When CONFIG BRIDGE VLAN FILTERING is not set, br vlan group and nbp vlan group return NULL br private.h stub definitions. The BR BOOLOPT FDB LOCAL VLAN 0 toggle code ...

PT-2026-37464

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the pstore ram core component where the persistent ram vmap function may return a non-NULL pointer even when vmap fails, provided the offset is non-zero. This occurs...

PT-2026-38032

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...

SUSE-SU-2026:1694-1 Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.22 fixes various security issues The following security issues were fixed: - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI bsc1252048. - CVE-2025-71066: net/sched: ets: Always remove class from active list before...

CLSA-2026-1778020314 openssl: Fix of CVE-2026-28388

CVE-2026-28388: fix NULL pointer dereference in checkdeltabase when delta CRL lacks CRL Number extension...

SUSE-SU-2026:21529-1 Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.5.1 fixes various security issues The following security issues were fixed: - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI bsc1252048. - CVE-2025-71066: net/sched: ets: Always remove class from active list before...

CLSA-2026-1778020035 openssl: Fix of CVE-2026-28388

CVE-2026-28388: fix NULL pointer dereference in checkdeltabase when delta CRL lacks CRL Number extension...

tar: Fix of CVE-2019-9923

CVE-2019-9923: fix NULL pointer dereference in paxdecodeheader on malformed PAX extended headers...

CLSA-2026-1777564129 tar: Fix of CVE-2019-9923

CVE-2019-9923: fix NULL pointer dereference in paxdecodeheader on malformed PAX extended headers...

GHSA-GRGV-6HW6-V9G4 Twisted has a Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains

Details The twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasses previo...

Twisted has a Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains

Details The twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasses previo...

CLSA-2026-1777566580 openssl: Fix of CVE-2026-28390

CVE-2026-28390: fix NULL pointer dereference in rsacmsdecrypt when CMS RSA-OAEP pSourceFunc is missing its parameter...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the Update function. An attacker can cause the process to crash and disrupt service availability by sending a specially crafted BGP UPDATE message with inconsistent attribute lengths that leads to improper...

GHSA-P3W2-64XM-833J GoBGP has a panic in AdjRib.Update via malformed BGP Update message (Nil Pointer Dereference)

Summary Remote Denial of Service DoS via Nil Pointer Dereference in BGP Update Processing An unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent attribute lengths, it improperly...

GoBGP has a panic in AdjRib.Update via malformed BGP Update message (Nil Pointer Dereference)

Summary Remote Denial of Service DoS via Nil Pointer Dereference in BGP Update Processing An unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent attribute lengths, it improperly...

CVE-2026-7701

A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/urlauthbox.cpp of the component Bot API. The manipulation of the argument loginurl leads to null pointer dereference. It is...

EUVD-2026-27359

In the Linux kernel, the following vulnerability has been resolved: xfs: don't irele after failing to iget in xfsattrirecoverwork xlogrecoveryiget never set @ip to a valid pointer if they return an error, so this irele will walk off a dangling pointer. Fix that...

CVE-2026-43073

In the Linux kernel, the following vulnerability has been resolved: x86-64: rename misleadingly named 'copyusernocache' function This function was a masterclass in bad naming, for various historical reasons. It claimed to be a non-cached user copy. It is literally neither of those things. It's a...

CVE-2026-43063

In the Linux kernel, the following vulnerability has been resolved: xfs: don't irele after failing to iget in xfsattrirecoverwork xlogrecoveryiget never set @ip to a valid pointer if they return an error, so this irele will walk off a dangling pointer. Fix that...