Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iouring: Ensure that ctx-rings is stable when manipulating task work flags. If DEFERTASKRUN | SETUPTASKRUN is used, and task work is added while the ring is being resized, there is a possibility that the OR operation of...

Unchecked `CryptoVec` allocation and growth handling

CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation and locking paths. In affected russh releases, attacker-controlled input could reach these code paths through buffer resizing operations. Two affected reachability paths were identified: Current russh...

CVE-2026-41142

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, there is an integer overflow in ImageChannel::resize that leads...

CVE-2025-47404

Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified...

EUVD-2025-209629

Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified...

CVE-2025-47404

Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified...

PT-2026-36840

Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. There is a security vulnerability in Qualcomm Chipsets, which stems from dynamically changing the size of previously allocated buffers, causing the contents of those buffers to be modified, potentially leading to memor...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: rcv: move memblockallowresize after linear mapping is ready The initial memblock metadata is accessed from the kernel image mapping. The regions arrays need to be “reallocated” from memblock and accessed through linear mapping to...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: watchqueue: fix pipe accounting mismatch Currently, watchqueuesetsize modifies the pipe buffers charged to user-pipebufs without updating the pipe-nraccounted on the pipe itself, due to the if !pipehaswatchqueue test in...

CVE-2026-31742

A flaw was found in the Linux kernel. When a console is resized while in an alternate screen mode, the system may fail to properly update its internal buffer for unicode characters. This can lead to an out-of-bounds memory access when the alternate screen mode is exited, potentially causing a...

FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution via crafted pixel data

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a heap buffer overflow vulnerability in the resizevbarentry function. This occurs when an error in buffer resizing leads to attacker-controlled pixel data being written into an...

FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution via crafted pixel data

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a heap buffer overflow vulnerability in the resizevbarentry function. This occurs when an error in buffer resizing leads to attacker-controlled pixel data being written into an...

CVE-2026-42512

As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when requesting memory, resulting in a heap buffer overrun. A specially crafted packet can cause dhclient to...

FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution via crafted pixel data

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a heap buffer overflow vulnerability in the resizevbarentry function. This occurs when an error in buffer resizing leads to attacker-controlled pixel data being written into an...

FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution via crafted pixel data

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a heap buffer overflow vulnerability in the resizevbarentry function. This occurs when an error in buffer resizing leads to attacker-controlled pixel data being written into an...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007450)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007450 advisory. In the Linux kernel, the following vulnerability has been resolved: ubi: Fix use-after-free when volume resizing failed There is an use-after-free problem reported b...

Vikunja Affected by DoS via Image Preview Generation

Summary - Vulnerability: Unbounded image decoding and resizing during preview generation lets an attacker exhaust CPU and memory with highly compressed but extremely large-dimension images. - Affected code: - Decoding without bounds: taskattachment.go:GetPreview - Resizing path: resizeImage -...

CVE-2026-23275

A flaw was found in the Linux kernel's iouring subsystem. This vulnerability occurs during the resizing of an iouring ring when task work is added with specific flags DEFERTASKRUN or SETUPTASKRUN. A race condition allows the IORINGSQTASKRUN flag to be set in an unstable memory region, which can...

CVE-2026-23275 io_uring: ensure ctx->rings is stable for task work flags manipulation

In the Linux kernel, the following vulnerability has been resolved: iouring: ensure ctx-rings is stable for task work flags manipulation If DEFERTASKRUN | SETUPTASKRUN is used and task work is added while the ring is being resized, it's possible for the OR'ing of IORINGSQTASKRUN to happen in the...