9542 matches found
EUVD-2025-206594
In the Linux kernel, the following vulnerability has been resolved: rustbinder: remove spinlock in rustshrinkfreepage When forward-porting Rust Binder to 6.18, I neglected to take commit fb56fdf8b9a2 "mm/listlru: split the lock to per-cgroup scope" into account, and apparently I did not end up...
CVE-2025-71181 rust_binder: remove spin_lock() in rust_shrink_free_page()
In the Linux kernel, the following vulnerability has been resolved: rustbinder: remove spinlock in rustshrinkfreepage When forward-porting Rust Binder to 6.18, I neglected to take commit fb56fdf8b9a2 "mm/listlru: split the lock to per-cgroup scope" into account, and apparently I did not end up...
PT-2026-5507
In the Linux kernel, the following vulnerability has been resolved: rust binder: remove spin lock in rust shrink free page When forward-porting Rust Binder to 6.18, I neglected to take commit fb56fdf8b9a2 "mm/list lru: split the lock to per-cgroup scope" into account, and apparently I did not end...
Linux Kernel Security Vulnerabilities
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of removal of the spinlock in the rustshrinkfreepage function. This issue may lead to...
Linux Distros Unpatched Vulnerability : CVE-2025-71181
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: rustbinder: remove spinlock in rustshrinkfreepage When forward-porting Rust Binder to 6.18,...
Rust and Go Directed Fuzzing with LibAFL-DiFuzz
In modern SSDLC, program analysis and automated testing are essential for minimizing vulnerabilities before software release, with fuzzing being a fast and widely used dynamic testing method. However, traditional coverage-guided fuzzing may be less effective in specific tasks like verifying stati...
CVE-2026-24850
The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard ML-DSA. Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated duplicat...
ROS-20260129-73-0017
Vulnerability in rust related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...
ML-DSA Signature Verification Accepts Signatures with Repeated Hint Indices
Affected Crate: ml-dsa Affected Versions: v0.1.0-rc.2 and commits since b01c3b7 Severity: Medium Reporter: Oren Yomtov Fireblocks Summary The ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated duplicate hint indices. According ...
aperture-shared (=0.1.0), assemblylift-awslambda-host (>=0.2.0 <=0.3.0) +98 more potentially affected by unknown CVE via capnp (>=0.0.1 <=0.23.2)
capnp CARGO version =0.0.1, =0.2.0, =0.3.0, =0.2.0, =0.2.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.10.0, =0.0.1, =0.1.0, =0.0.1, =0.4.0, =0.5.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-5W5R-MF82-595P...
WhatsApp rolls out new protections against advanced exploits and spyware
WhatsApp is quietly rolling out a new safety layer for photos, videos, and documents, and it lives entirely under the hood. It won't change how you chat, but it will change what happens to the files that move through your chats—especially the kind that can hide malware. The new feature, called...
CVE-2026-24850
The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard ML-DSA. Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated duplicat...
CVE-2026-24850
The CVE-2026-24850 issue affects the RustCrypto ml-dsa crate. A regression in the signature verification path allowed repeated hint indices by using a non-strict monotonic check (<=) instead of a strict
CVE-2026-24850 ML-DSA Signature Verification Accepts Signatures with Repeated Hint Indices
The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard ML-DSA. Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated duplicat...
WhatsApp Rolls Out Lockdown-Style Security Mode to Protect Targeted Users From Spyware
Meta on Tuesday announced it's adding Strict Account Settings on WhatsApp to secure certain users against advanced cyber attacks because of who they are and what they do. The feature, similar to Lockdown Mode in Apple iOS and Advanced Protection in Android, aims to protect individuals, such as...
PT-2026-5038
Clatter is a no std compatible, pure Rust implementation of the Noise protocol framework with post-quantum support. Versiosn prior to2.2.0 have a protocol compliance vulnerability. The library allowed post-quantum handshake patterns that violated the PSK validity rule Noise Protocol Framework...
CVE-2026-0810
A flaw was found in gix-date. The gixdate::parse::TimeBuf::asstr function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the TimeBuf component, leading to undefined behavior when these malformed strings are subsequently processed...
SUSE: Security Advisory (SUSE-SU-2026:20099-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GitOxide security vulnerabilities
GitOxide is a Git implementation written in Rust by Sebastian Thiel as a personal project. There is a security vulnerability in gix-date; this vulnerability stems from the asstr function potentially generating invalid non-UTF-8 strings, which may lead to unstable applications...
SUSE SLES16 Security Update : rust1.91, rust1.92 (SUSE-SU-2026:20099-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:20099-1 advisory. Rust is shipped in 1.91.0 version. Please see https://github.com/rust-lang/rust/releases/tag/1.91.0 for changes. Rust is shipped in 1.92.0...