6081 matches found
EUVD-2026-25539
In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix pagepool error handling in lan966xfdmarxallocpagepool pagepoolcreate can return an ERRPTR on failure. The return value is used unconditionally in the loop that follows, passing the error pointer through...
CVE-2026-31645
In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix page pool leak in error paths lan966xfdmarxalloc creates a page pool but does not destroy it if the subsequent fdmaalloccoherent call fails, leaking the pool. Similarly, lan966xfdmainit frees the coherent DMA...
CVE-2026-31644
In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix use-after-free and leak in lan966xfdmareload When lan966xfdmareload fails to allocate new RX buffers, the restore path restarts DMA using old descriptors whose pages were already freed via lan966xfdmarxfreepages...
EUVD-2026-25538
In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix page pool leak in error paths lan966xfdmarxalloc creates a page pool but does not destroy it if the subsequent fdmaalloccoherent call fails, leaking the pool. Similarly, lan966xfdmainit frees the coherent DMA...
CVE-2026-31644
CVE-2026-31644 affects the Linux kernel LAN966X network driver. The issue arises in lan966x_fdma_reload() when allocation of new RX buffers fails, causing the restore path to restart DMA with old descriptors whose pages were already freed, and because page_pool_put_full_page() can release pages b...
CVE-2026-31645
In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix page pool leak in error paths lan966xfdmarxalloc creates a page pool but does not destroy it if the subsequent fdmaalloccoherent call fails, leaking the pool. Similarly, lan966xfdmainit frees the coherent DMA...
CVE-2026-31645
CVE-2026-31645 pertains to the Linux kernel lan966x network driver. The issue is a memory/resource leak: in error paths of lan966x_fdma_rx_alloc() a created page pool is not destroyed if a subsequent fdma_alloc_coherent() fails, and in lan966x_fdma_init() the page pool created by lan966x_fdma_rx_...
EUVD-2026-25537
In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix use-after-free and leak in lan966xfdmareload When lan966xfdmareload fails to allocate new RX buffers, the restore path restarts DMA using old descriptors whose pages were already freed via lan966xfdmarxfreepages...
CVE-2026-31644
In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix use-after-free and leak in lan966xfdmareload When lan966xfdmareload fails to allocate new RX buffers, the restore path restarts DMA using old descriptors whose pages were already freed via lan966xfdmarxfreepages...
CVE-2026-31644 net: lan966x: fix use-after-free and leak in lan966x_fdma_reload()
In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix use-after-free and leak in lan966xfdmareload When lan966xfdmareload fails to allocate new RX buffers, the restore path restarts DMA using old descriptors whose pages were already freed via lan966xfdmarxfreepages...
CVE-2026-31645 net: lan966x: fix page pool leak in error paths
In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix page pool leak in error paths lan966xfdmarxalloc creates a page pool but does not destroy it if the subsequent fdmaalloccoherent call fails, leaking the pool. Similarly, lan966xfdmainit frees the coherent DMA...
PT-2026-34997
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A page pool leak occurs in the net: lan966x component during error paths. Specifically, the function lan966x fdma rx alloc creates a page pool but fails to destroy it if the subsequent...
PT-2026-34998
In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix page pool error handling in lan966x fdma rx alloc page pool page pool create can return an ERR PTR on failure. The return value is used unconditionally in the loop that follows, passing the error pointer through...
PT-2026-34996
In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix use-after-free and leak in lan966x fdma reload When lan966x fdma reload fails to allocate new RX buffers, the restore path restarts DMA using old descriptors whose pages were already freed via lan966x fdma rx fr...
PT-2026-35028
Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR 165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API...
AWS Ops Wheel 安全漏洞
AWS Ops Wheel is an open-source tool provided by Amazon Web Services that supports multi-tenant functionality. There is a security vulnerability in AWS Ops Wheel, which stems from improper control over the modification of object properties dynamically determined during the Cognito user pool...
Apktool: Path Traversal to Arbitrary File Write
A path traversal vulnerability in brut/androlib/res/decoder/ResFileDecoder.java allows a maliciously crafted APK to write arbitrary files to the filesystem during standard decoding apktool d. This is a security regression introduced in commit e10a045 PR 4041, December 12, 2025, which removed the...
GHSA-M8MH-X359-VM8M Apktool: Path Traversal to Arbitrary File Write
A path traversal vulnerability in brut/androlib/res/decoder/ResFileDecoder.java allows a maliciously crafted APK to write arbitrary files to the filesystem during standard decoding apktool d. This is a security regression introduced in commit e10a045 PR 4041, December 12, 2025, which removed the...
SUSE CVE-2026-35554
A race condition in the Apache Kafka Java producer client's buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeout.ms while a network request containing that batch is still in flight, the batch's ByteBuffer is...
Record cache accepts AUTHORITY section NS from sibling zone via parent-pool zone-context elevation
The Hickory DNS project's experimental hickory-recursor crate's record cache DnsLru stores records from DNS responses keyed by each record's own name, type, not by the query that triggered the response. cacheresponse in crates/recursor/src/lib.rs chains ANSWER, AUTHORITY, and ADDITIONAL sections...