CVE-2026-43281

A flaw was found in the Linux kernel. Specifically, within the mailbox subsystem, an out-of-bounds access vulnerability exists in the fwmboxindexxlate function. This issue arises when the device tree is configured with mbox-cells = and the associated mailbox controller does not provide fwxlate an...

BIT-JAVA-MIN-2025-10911 Libxslt: use-after-free with key data stored cross-rvt

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...

EUVD-2026-27774

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Add SRCU protection for reading PDPTRs in getsregs2 Add SRCU read-side protection when reading PDPTR registers in getsregs2. Reading PDPTRs may trigger access to guest memory: kvmpdptrread - svmcachereg - loadpdptrs -...

CVE-2026-43281

In the Linux kernel, the following vulnerability has been resolved: mailbox: Prevent out-of-bounds access in fwmboxindexxlate Although it is guided that mbox-cells must be at least 1, there are many instances of mbox-cells = ; in the device tree. If that is the case and the corresponding mailbox...

CVE-2026-43214

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Add SRCU protection for reading PDPTRs in getsregs2 Add SRCU read-side protection when reading PDPTR registers in getsregs2. Reading PDPTRs may trigger access to guest memory: kvmpdptrread - svmcachereg - loadpdptrs -...

SUSE CVE-2026-43030

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix regsafe for pointers to packet In case rold-reg-range == BEYONDPKTEND && rcur-reg-range == N regsafe may return true which may lead to current state with valid packet range not being explored. Fix the bug...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the hid-pl driver’s failure to handle initialization errors, potentially leading to null pointer...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the iris driver’s failure to check for null pointers when session termination occurs, potentially...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the amdgpu graphics driver’s failure to initialize bufferfuncs when SDMA is not enabled,...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the brcmfmac driver. When the detection fails, sdiodev-bus is set to an incorrect value instead o...

Twisted has a Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains

Details The twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasses previo...

GHSA-GRGV-6HW6-V9G4 Twisted has a Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains

Details The twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasses previo...

PT-2026-37262

Name of the Vulnerable Software and Affected Versions Twisted versions prior to 26.4.0 Description The twisted.names module is susceptible to a Denial of Service DoS attack caused by resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can send a specially crafted...

PT-2026-37076

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A misleadingly named function copy user nocache was identified as a specialty memory copy routine that uses non-temporal stores for the destination and provides exception handling for bo...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the xfsattrirecoverwork function’s failure in iget, leading it to perform irele operations on...

Pillow has a PDF Parsing Trailer Infinite Loop (DoS)

Impact An attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. Patches Patched version: 12.2.0. PdfParser introduced in Pillow 4.2.0 follows Prev pointers in PDF trailers to read cross-reference sections. If ...

PT-2026-36945

Name of the Vulnerable Software and Affected Versions Incus affected versions not specified Description A nil-pointer dereference exists in the custom volume backup import subsystem. An authenticated user with access to the storage volume feature can cause the Incus daemon to crash by importing a...

PT-2026-37199

Name of the Vulnerable Software and Affected Versions Pillow versions 4.2.0 through 12.1.x Description A flaw in the PdfParser allows an attacker to supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This occurs because...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosectypec: zero out stale pointers crostypecgetswitchhandles allocates four pointers when obtaining type-c switch handles. These pointers are all freed if failing to obtain any of them; therefore, pointers in...

CVE-2026-43058

The CVE covers a Linux kernel issue in media: vidtv where vidtv_ts_null_write_into() and vidtv_ts_pcr_write_into() take their argument structs by value, triggering MSAN warnings for uninitialized data. The root cause is stack-copy of the structs; the patch changes the functions to accept them by ...