DEBIAN-CVE-2026-9911

Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

CVE-2026-10018

Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-9996

Out of bounds read in WebRTC in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

CVE-2026-9930

Out of bounds write in Dawn in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2026-9913

Inappropriate implementation in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

CVE-2026-46178

A flaw was found in the Linux kernel. This vulnerability, located in the RDMA/mlx4 component, is due to a resource leak during error handling in the mlx4ibcreatesrq function. An attacker could potentially exploit this flaw to cause a denial of service by exhausting system resources...

CVE-2026-46127

A flaw was found in the Linux kernel, specifically within the RDMA Remote Direct Memory Access ocrdma driver. This vulnerability arises from an uninitialized pointer in the ocrdmacopypduresp function's error handling, which can lead to a NULL dereference. An attacker could exploit this to cause a...

CVE-2026-46176

A flaw was found in the Linux kernel's RDMA/mlx5 component. An error path fall-through in the mlx5ibdevressrqinit function, specifically when ibcreatesrq fails, can lead to the use of freed memory and error pointers. This memory corruption vulnerability could result in system instability, denial ...

CVE-2026-46144

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Fix error unwind in manaibcreateqprss Sashiko points out that manaibcfgvportsteering is leaked, the normal destroy path cleans it up...

CVE-2026-46127

In the Linux kernel, the following vulnerability has been resolved: RDMA/ocrdma: Don't NULL deref uctx on errors in ocrdmacopypduresp Sashiko points out that pd-uctx isn't initialized until late in the function so all these error flow references are NULL and will crash. Use the uctx that isn't NU...

CVE-2026-46181

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4srqevent Sashiko points out the radixtree itself is RCU safe, but nothing ever frees the mlx4srq struct with RCU, and it isn't even accessed within the RCU critical section. It also will crash...

EUVD-2026-32803

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error path fall-through in mlx5ibdevressrqinit mlx5ibdevressrqinit allocates two SRQs, s0 and s1. When ibcreatesrq fails for s1, the error branch destroys s0 but falls through and unconditionally assigns the freed ...

CVE-2026-46176

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error path fall-through in mlx5ibdevressrqinit mlx5ibdevressrqinit allocates two SRQs, s0 and s1. When ibcreatesrq fails for s1, the error branch destroys s0 but falls through and unconditionally assigns the freed ...

CVE-2026-46145 RDMA/mana: Validate rx_hash_key_len

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rxhashkeylen Sashiko points out that rxhashkeylen comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to trash kernel memory. Bounds check it so the memcpy cannot overflow...

EUVD-2026-32772

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rxhashkeylen Sashiko points out that rxhashkeylen comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to trash kernel memory. Bounds check it so the memcpy cannot overflow...

CVE-2026-46144

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Fix error unwind in manaibcreateqprss Sashiko points out that manaibcfgvportsteering is leaked, the normal destroy path cleans it up...

CVE-2026-46133

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Reject unknown opcodes before ICRC processing Even after applying commit 7244491dab34 "RDMA/rxe: Validate pad and ICRC before payloadsize in rxercv", a single unauthenticated UDP packet can still trigger panic. That pat...

CVE-2026-46127

In the Linux kernel, the following vulnerability has been resolved: RDMA/ocrdma: Don't NULL deref uctx on errors in ocrdmacopypduresp Sashiko points out that pd-uctx isn't initialized until late in the function so all these error flow references are NULL and will crash. Use the uctx that isn't NU...

EUVD-2026-32886

In the Linux kernel, the following vulnerability has been resolved: RDMA/ocrdma: Don't NULL deref uctx on errors in ocrdmacopypduresp Sashiko points out that pd-uctx isn't initialized until late in the function so all these error flow references are NULL and will crash. Use the uctx that isn't NU...

CVE-2026-46127

The CVE affects the Linux kernel RDMA/ocrdma path (ocrdma_copy_pd_uresp). The root cause is a potential NULL pointer dereference of uctx in error paths because pd->uctx isn’t initialized early enough; code paths may access a NULL uctx, causing a crash. The fix uses a non-NULL uctx in those err...