11 matches found
SUSE CVE-2026-46123
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: clamp rx length before skbput virtbtrxwork calls skbputskb, len where len comes directly from virtqueuegetbuf with no validation against the buffer we posted to the device. The RX skb is allocated in...
CVE-2026-23178
In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: fix potential buffer overflow in i2chidgetreport i2chidxfer is used to read recvlen + sizeofle16 bytes of data into ihid-rawbuf. The former can come from the userspace in the hidraw driver and is only bounded by...
CVE-2025-71093
In the Linux kernel, the following vulnerability has been resolved: e1000: fix OOB in e1000tbishouldaccept In e1000tbishouldaccept we read the last byte of the frame via 'datalength - 1' to evaluate the TBI workaround. If the descriptor- reported length is zero or larger than the actual RX buffer...
CVE-2025-68342
In the Linux kernel gs_usb driver, a vulnerability in gs_usb_receive_bulk_callback() could access data before ensuring the actual_length was sufficient. The patch introduces a minimum length check (gs_usb_get_minimum_length(), later renamed to gs_usb_get_minimum_rx_length()) and validates that th...
CVE-2025-68342 can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data
In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: check actuallength before accessing data The URB received in gsusbreceivebulkcallback contains a struct gshostframe. The length of the data after the header depends on the gshostframe hf::fla...
PT-2025-52758
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s CAN subsystem, specifically within the gs usb receive bulk callback function. This issue relates to insufficient validation of the length of data...
SUSE CVE-2023-53824
In the Linux kernel, the following vulnerability has been resolved: netlink: annotate lockless accesses to nlk-maxrecvmsglen syzbot reported a data-race in data-race in netlinkrecvmsg 1 Indeed, netlinkrecvmsg can be run concurrently, and netlinkdump also needs protection. 1 BUG: KCSAN: data-race ...
CVE-2023-53824
In the Linux kernel, the following vulnerability has been resolved: netlink: annotate lockless accesses to nlk-maxrecvmsglen syzbot reported a data-race in data-race in netlinkrecvmsg 1 Indeed, netlinkrecvmsg can be run concurrently, and netlinkdump also needs protection. 1 BUG: KCSAN: data-race ...
UBUNTU-CVE-2025-40292
In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix received length check in big packets Since commit 4959aebba8c0 "virtio-net: use mtu size as buffer length for big packets", when guest gso is off, the allocated size for big packets is not MAXSKBFRAGS PAGESIZE...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper receive length checking, which could lead to a null page pointer dereference...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to check if the receive length exceeds the allocated size potentially resulting in an out-of-bound...