294 matches found
CVE-2026-49496
Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vector. Attackers can trigger memory corruption by decompiling malicious binaries through the public...
CVE-2026-49496 Ghidra < 12.1 - Heap-Use-After-Free in SleighBuilder::generatePointerAdd via Vector Reallocation
Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vector. Attackers can trigger memory corruption by decompiling malicious binaries through the public...
CVE-2026-49496
Ghidra
CVE-2026-49496 Ghidra < 12.1 - Heap-Use-After-Free in SleighBuilder::generatePointerAdd via Vector Reallocation
Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vector. Attackers can trigger memory corruption by decompiling malicious binaries through the public...
CVE-2026-46317
The CVE pertains to the Linux kernel KVM on arm64. kvm->arch.nested_mmus[] could be walked under mmu_lock, while kvm_vcpu_init_nested() reallocates and frees the old buffer, risking dereferencing a freed array via the MMU notifier path. The fix moves allocation of the new array outside the loc...
CVE-2026-46277 mm/zone_device: do not touch device folio after calling ->folio_free()
In the Linux kernel, the following vulnerability has been resolved: mm/zonedevice: do not touch device folio after calling -foliofree The contents of a device folio can immediately change after calling -foliofree, as the folio may be reallocated by a driver with a different order. Instead of...
SUSE CVE-2026-46191
In the Linux kernel, the following vulnerability has been resolved: fbcon: Avoid OOB font access if console rotation fails Clear the font buffer if the reallocation during console rotation fails in fbconrotatefont. The putcs implementations for the rotated buffer will return early in this case. S...
CVE-2026-46191
In the Linux kernel, the following vulnerability has been resolved: fbcon: Avoid OOB font access if console rotation fails Clear the font buffer if the reallocation during console rotation fails in fbconrotatefont. The putcs implementations for the rotated buffer will return early in this case. S...
UBUNTU-CVE-2026-46191
In the Linux kernel, the following vulnerability has been resolved: fbcon: Avoid OOB font access if console rotation fails Clear the font buffer if the reallocation during console rotation fails in fbconrotatefont. The putcs implementations for the rotated buffer will return early in this case. S...
CVE-2026-46191
CVE-2026-46191 concerns the Linux kernel fbcon component: when console rotation fails during fbcon_rotate_font(), the font buffer may overflow due to an OOB access. The fix clears the font buffer if the reallocation during console rotation fails and ensures the rotated buffer does not overflow. D...
CVE-2026-46191
In the Linux kernel, the following vulnerability has been resolved: fbcon: Avoid OOB font access if console rotation fails Clear the font buffer if the reallocation during console rotation fails in fbconrotatefont. The putcs implementations for the rotated buffer will return early in this case. S...
CVE-2026-46191 fbcon: Avoid OOB font access if console rotation fails
In the Linux kernel, the following vulnerability has been resolved: fbcon: Avoid OOB font access if console rotation fails Clear the font buffer if the reallocation during console rotation fails in fbconrotatefont. The putcs implementations for the rotated buffer will return early in this case. S...
EUVD-2026-32818
In the Linux kernel, the following vulnerability has been resolved: fbcon: Avoid OOB font access if console rotation fails Clear the font buffer if the reallocation during console rotation fails in fbconrotatefont. The putcs implementations for the rotated buffer will return early in this case. S...
PT-2026-44314
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An out-of-bounds font access occurs in the fbcon rotate font function when console rotation fails. The system retains the ol...
FreeRDP: FreeRDP: Memory corruption vulnerability allows denial of service or arbitrary code execution
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A memory corruption vulnerability exists in the persistent cache handling. If a memory reallocation fails, an internal size variable is incorrectly updated, while the data pointer still refers to the original,...
SUSE CVE-2026-44070
An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests...
CVE-2026-43497
A flaw was found in the Linux kernel's udlfb driver. This use-after-free vulnerability occurs because the dlfbopsmmap function does not properly track active memory mappings. When the framebuffer is reallocated, existing memory page table entries PTEs are not invalidated. This allows a local...
CVE-2026-44070
An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests...
CVE-2026-44070
An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests...
PT-2026-42426
Name of the Vulnerable Software and Affected Versions Netatalk versions 2.0.0 through 4.4.2 Description An unbounded memory reallocation in the charset conversion code allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests...