kernel: usbip: validate number_of_packets in usbip_pack_ret_submit()

A flaw was found in the Linux kernel's USB/IP subsystem. A malicious USB/IP server could exploit a vulnerability in the usbippackretsubmit function by sending a specially crafted RETSUBMIT response. This response, containing an oversized numberofpackets value, could cause a heap out-of-bounds...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: Do not erase the value of ret in btrfsvalidatesuper. The commit 2a9bb78cfd36 “btrfs: validate the system chunk array in btrfsvalidatesuper” introduces a call to validatesyschunkarray in btrfsvalidatesuper. This call erases...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm: Fix potential null-ptr-deref due to drmmmodeconfiginit drmmmodeconfiginit will call drmmodecreatestandardproperties and won't check the ret value. When drmmodecreatestandardproperties failed due to alloc, property will be a...

CVE-2026-31607

A flaw was found in the Linux kernel's USB/IP subsystem. A malicious USB/IP server could exploit a vulnerability in the usbippackretsubmit function by sending a specially crafted RETSUBMIT response. This response, containing an oversized numberofpackets value, could cause a heap out-of-bounds...

CVE-2026-31607

CVE-2026-31607 (Linux kernel USB/IP) : A RET_SUBMIT response can cause an out-of-bounds write when usbip_pack_ret_submit() overwrites urb->number_of_packets without validation. The loop bound in usbip_recv_iso()/usbip_pad_iso() then writes beyond urb->iso_frame_desc[], triggering a heap OOB...

PT-2026-34959

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A heap out-of-bounds write exists in the USB/IP client. The function usbip pack ret submit unconditionally overwrites the number of packets variable from the network PDU. A malicious...

EUVD-2019-20008

Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler SEH overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH chain with a POP-POP-R...

CVE-2019-25634

Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler SEH overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH chain with a POP-POP-R...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001123)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001123 advisory. The stubsendretsubmit function drivers/usb/usbip/stubtx.c in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial o...

CVE-2025-68359 btrfs: fix double free of qgroup record after failure to add delayed ref head

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free of qgroup record after failure to add delayed ref head In the previous code it was possible to incur into a double kfree scenario when calling adddelayedrefhead. This could happen if the record was reported...

EUVD-2025-136069

Malicious code in itale-dci-ret npm...

Malicious code in min-te-ret (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93e7e9661a20661de366785f53c4e7654d5db68b866f8a28a5060c675b2fdc9c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-140130

Malicious code in min-te-ret npm...

DEBIAN-CVE-2022-50556

In the Linux kernel, the following vulnerability has been resolved: drm: Fix potential null-ptr-deref due to drmmmodeconfiginit drmmmodeconfiginit will call drmmodecreatestandardproperties and won't check the ret value. When drmmodecreatestandardproperties failed due to alloc, property will be a...

FuelVM is vulnerable to heap memory allocation re-use bug

Impact A memory safety vulnerability was present in the Fuel Virtual Machine FuelVM, where memory reads could bypass expected access controls. Specifically, when a smart contract performed a mload or other opcodes which access memory on memory that had been deallocated using ret, it was still abl...

GHSA-2PGJ-5CV2-6XXW FuelVM is vulnerable to heap memory allocation re-use bug

Impact A memory safety vulnerability was present in the Fuel Virtual Machine FuelVM, where memory reads could bypass expected access controls. Specifically, when a smart contract performed a mload or other opcodes which access memory on memory that had been deallocated using ret, it was still abl...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986778)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986778 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: ebtables: fix memory leak when blob is malformed The bug fix was incomplete, it replac...

CVE-2023-53429 btrfs: don't check PageError in __extent_writepage

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't check PageError in extentwritepage extentwritepage currenly sets PageError whenever any error happens, and the also checks for PageError to decide if to call error handling. This leads to very unclear responsibility...

Linux Distros Unpatched Vulnerability : CVE-2025-22242

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Worker process denial of service through file read operation. .A vulnerability exists in the Master's pubret method which is exposed to all minions. The...

SUSE CVE-2025-38522

In the Linux kernel, the following vulnerability has been resolved: sched/ext: Prevent updatelockedrq calls with NULL rq Avoid invoking updatelockedrq when the runqueue rq pointer is NULL in the SCXCALLOP and SCXCALLOPRET macros. Previously, calling updatelockedrqNULL with preemption enabled coul...