187 matches found
CVE-2026-53176 IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN
In the Linux kernel, the following vulnerability has been resolved: IB/isert: Reject login PDUs shorter than ISERHEADERSLEN In drivers/infiniband/ulp/isert/ibisert.c, isertloginrecvdone computes the login request payload length as wc-bytelen minus ISERHEADERSLEN with no lower bound, and loginreql...
PT-2026-52272
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the iSER iSCSI Extensions for RDMA driver where the isert login recv done function in drivers/infiniband/ulp/isert/ib isert.c fails to validate the lower bound of the...
CVE-2026-52989
CVE-2026-52989 affects the Linux kernel nvmet-tcp component. The root cause is that nvmet_tcp_build_pdu_iovec() detects out-of-bounds PDU length/offset but does not propagate the error to callers; it returns void and triggers nvmet_tcp_fatal_error(cmd->queue) without alerting the caller, leavi...
PT-2026-51883
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the nvmet-tcp component occurs because the nvmet tcp build pdu iovec function does not propagate errors to its callers when detecting out-of-bounds PDU Protocol Data Unit lengt...
CVE-2026-7183
A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rlspdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught exception. The attack may be...
SUSE CVE-2026-44421
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdiCacheToSurface: it validates a destination rectangle that is clamped to UINT16MA...
EUVD-2026-33696
FlexRIC v2.0.0 uses hardcoded assertions to validate Information Element IE counts in decoded E2AP messages. A remote unauthenticated attacker can send a valid E2AP PDU containing an unexpected number of IEs e.g., an E2setupRequest with extra optional fields to crash the near-RT RIC port 36421 or...
PT-2026-45452
FlexRIC v2.0.0 uses hardcoded assertions to validate Information Element IE counts in decoded E2AP messages. A remote unauthenticated attacker can send a valid E2AP PDU containing an unexpected number of IEs e.g., an E2setupRequest with extra optional fields to crash the near-RT RIC port 36421 or...
PT-2026-45456
FlexRIC v2.0.0 contains reachable assert0 calls in stub message handlers for whitelisted but unimplemented E2AP message types in the near-RT RIC. A remote unauthenticated attacker can send a decodable E2AP PDU of such a type e.g., E2nodeConfigurationUpdate to crash the near-RT RIC process port...
Astra Linux – Vulnerability in ofono
oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...
PT-2026-39565
A vulnerability was detected in Open5GS up to 2.7.7. This affects the function gsm build pdu session establishment accept of the file /src/smf/gsm-build.c of the component SMF. The manipulation results in denial of service. The attack can be launched remotely. The exploit is now public and may be...
CVE-2026-37534
Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe 2025-11-30 in SAEJ1939ReadTransportProtocolDataTransfer,allows attackers to write to arbitrary memory via crafted sequence number from the CAN frame...
CVE-2025-46115
An issue in open5gs v.2.7.3 allows a remote attacker to cause a denial of service via a crafted PDU Session Modification Request...
Open5GS 输入验证错误漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Version 2.7.3 of Open5GS contains a vulnerability related to input validation errors. This vulnerability stems from specially crafted PDU session modification requests,...
CVE-2025-46115
An issue in open5gs v.2.7.3 allows a remote attacker to cause a denial of service via a crafted PDU Session Modification Request...
CVE-2026-7183
A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rlspdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught exception. The attack may be...
Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop
...
CVE-2026-31498
A flaw was found in the Linux kernel's Bluetooth L2CAP Logical Link Control and Adaptation Protocol implementation. A remote attacker could exploit this by sending a malformed configuration request with a zero-valued maximum PDU Protocol Data Unit size. This could lead to an infinite loop,...
CVE-2026-31512 Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2capecreddatarcv l2capecreddatarcv reads the SDU length field from skb-data using getunalignedle16 without first verifying that skb contains at least...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from l2capecreddatarcv not verifying the PDU length before reading the SDU length, potentially leading...