CVE-2026-42217

A flaw was found in OpenEXR. A remote attacker could exploit this vulnerability by providing a specially crafted EXR image file. The readVariableLengthInteger function, responsible for decoding variable-length integers, does not properly bound the shift count. This can lead to undefined behavior,...

CLSA-2025-1759866837 kernel: Fix of 44 CVEs

mm: zswap: fix missing folio cleanup in writeback race path CVE-2024-26832 - mm: fix zswap writeback race condition CVE-2023-53178 - dm array: fix releasing a faulty array block twice in dmarraycursorend CVE-2024-57929 - drm/dpmst: Fix MST sideband message body length check CVE-2024-56616 - gpio:...

CVE-2025-38529

In the Linux kernel, the following vulnerability has been resolved: comedi: aioiiro16: Fix bit shift out of bounds When checking for a supported IRQ number, the following test is used: if 1 options1 & 0xdcfc However, it-optionsi is an unchecked int value from userspace, so the shift amount could ...

CVE-2025-38529

CVE-2025-38529 relates to the Linux kernel Comedi driver (aio_iiro_16) where an unchecked userspace-derived value in it->options[1] could cause a shift out of bounds or negative shift; the fix adds a bounds check on it->options[1] before evaluating the (1 <options[1]) & 0xdcfc test. Affe...