231 matches found
CVE-2026-10665
CVE-2026-10665 concerns Zephyr’s WireGuard implementation (subsys/net/lib/wireguard). The flaw: wg_process_data_message() linearizes an inbound payload into a fixed pool buffer, passing the attacker-controlled data_len as both the destination capacity and copy length to net_buf_linearize, ignorin...
CVE-2026-45257
CVE-2026-45257 : FreeBSD KTLS receive path decrypts in place, enabling an unprivileged local user to overwrite a file’s page cache via sendfile(2) data over a loopback connection when KTLS receive is enabled. This can corrupt the backing file and allow privilege escalation by overwriting setuid/t...
CVE-2026-53235
In the Linux kernel, the following vulnerability has been resolved: net: add pskbmaypull to skbgroreceivelist skbgroreceivelist calls skbpullskb, skbgrooffsetskb without first ensuring the data is in the linear area via pskbmaypull. When the skb arrives via napigrofrags, skbheadlen can be 0 all...
UBUNTU-CVE-2026-53184
In the Linux kernel, the following vulnerability has been resolved: udp: clear skb-dev before running a sockmap verdict On the UDP receive path skb-dev is repurposed as devscratch the truesize/state cache set by udpsetdevscratch, through the union struct netdevice dev; unsigned long devscratch; i...
CVE-2026-53235 net: add pskb_may_pull() to skb_gro_receive_list()
In the Linux kernel, the following vulnerability has been resolved: net: add pskbmaypull to skbgroreceivelist skbgroreceivelist calls skbpullskb, skbgrooffsetskb without first ensuring the data is in the linear area via pskbmaypull. When the skb arrives via napigrofrags, skbheadlen can be 0 all...
Linux Distros Unpatched Vulnerability : CVE-2026-53006
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipv6: fix possible UAF in icmpv6rcv Caching saddr and daddr before pskbpull is problematic since skb-head can change. Remove these temporary variables: - We onl...
EUVD-2026-38941
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcildisc: Clear HCIUARTPROTOINIT on error When hciregisterdev fails in hciuartregisterdev HCIUARTPROTOINIT is not cleared before calling hu-proto-closehu and setting hu-hdev to NULL. This means incoming UART data will...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: e1000: fixed an out-of-bounds error in e1000tbishouldaccept In e1000tbishouldaccept, we read the last byte of the frame via “datalength - 1” to evaluate the TBI workaround. If the descriptor’s reported length is zero or greater...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: fix potential skb-frags overflow in the RX path When receiving data in the DPMAIF RX path, the t7xxdpmaifsetfragtoskb function adds page fragments to an skb without checking whether the number of fragments has...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: sctp: Linearize cloned GSO packets in sctprcv. The cloned headskb still shares these frag SKBs in the fraglist with the original headskb. Accessing these frag SKBs is not safe. syzbot reported two bugs caused by the use of...
PT-2026-51967
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth component where HCI UART PROTO INIT is not cleared when hci register dev fails within the hci uart register dev function. This failure allows incoming UA...
CVE-2026-10658
A missing length validation in the Zephyr Bluetooth Host ISO receive path can be triggered by malformed HCI ISO data. In btisorecv subsys/bluetooth/host/iso.c, when processing PB=START/SINGLE fragments, the code pulls a TS SDU header 8 bytes, ts=1 or a non-TS SDU header 4 bytes, ts=0 without firs...
Astra Linux – Vulnerability in Linux 5.15
A null pointer dereference issue was detected in the can protocol in the net/can/afcan.c file in Linux before Linux. The mlpriv variable may not be initialized in the receive path of CAN frames. A local user could exploit this flaw to crash the system or potentially cause a denial of service...
K000161576: Linux kernel vulnerabilities CVE-2025-39841 and CVE-2025-39727
Security Advisory Description CVE-2025-39841 In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the ...
wifi: b43legacy: enforce bounds check on firmware key index in RX path
...
Linux Distros Unpatched Vulnerability : CVE-2026-46110
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: stmmac: Prevent NULL deref when RX memory exhausted The CPU receives frames from the MAC through conventional DMA: the CPU allocates buffers for the MAC,...
CVE-2026-46188
In the Linux kernel, the following vulnerability has been resolved: octeonepvf: add NULL check for napibuildskb napibuildskb can return NULL on allocation failure. In octepvfoqprocessrx, the result is used directly without a NULL check in both the single-buffer and multi-fragment paths, leading t...
UBUNTU-CVE-2026-46188
In the Linux kernel, the following vulnerability has been resolved: octeonepvf: add NULL check for napibuildskb napibuildskb can return NULL on allocation failure. In octepvfoqprocessrx, the result is used directly without a NULL check in both the single-buffer and multi-fragment paths, leading t...
CVE-2026-46163
In the Linux kernel, the following vulnerability has been resolved: wifi: b43legacy: enforce bounds check on firmware key index in RX path Same fix as b43: the firmware-controlled key index in b43legacyrx can exceed dev-maxnrkeys. The existing B43legacyWARNON is non-enforcing in production builds...
EUVD-2026-32790
In the Linux kernel, the following vulnerability has been resolved: wifi: b43legacy: enforce bounds check on firmware key index in RX path Same fix as b43: the firmware-controlled key index in b43legacyrx can exceed dev-maxnrkeys. The existing B43legacyWARNON is non-enforcing in production builds...