82 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-53263
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 6lowpan: fix off-by-one in multicast context address compression The second memcpy in lowpaniphcmcastctxaddrcompress uses &data1 as destination and...
SUSE CVE-2026-53263
In the Linux kernel, the following vulnerability has been resolved: 6lowpan: fix off-by-one in multicast context address compression The second memcpy in lowpaniphcmcastctxaddrcompress uses &data1 as destination and &ipaddr-s6addr11 as source, but both should be offset by one: &data2 and...
CVE-2026-53263
A flaw was found in the Linux kernel's 6lowpan component. An off-by-one error during multicast context address compression can lead to the transmission of uninitialized kernel stack memory over the network. This vulnerability results in information disclosure, potentially allowing an attacker to...
UBUNTU-CVE-2026-53263
In the Linux kernel, the following vulnerability has been resolved: 6lowpan: fix off-by-one in multicast context address compression The second memcpy in lowpaniphcmcastctxaddrcompress uses &data1 as destination and &ipaddr-s6addr11 as source, but both should be offset by one: &data2 and...
CVE-2026-53263
In the Linux kernel, the following vulnerability has been resolved: 6lowpan: fix off-by-one in multicast context address compression The second memcpy in lowpaniphcmcastctxaddrcompress uses 1 as destination and &ipaddr-;s6addr11 as source, but both should be offset by one: 2 and &ipaddr-;s6addr12...
EUVD-2026-39214
In the Linux kernel, the following vulnerability has been resolved: 6lowpan: fix off-by-one in multicast context address compression The second memcpy in lowpaniphcmcastctxaddrcompress uses &data1 as destination and &ipaddr-s6addr11 as source, but both should be offset by one: &data2 and...
CVE-2026-53263
CVE-2026-53263 is reported in OSV entries as affecting the rootio-linux package in Ubuntu/Debian environments, with patches available in multiple fixed versions (e.g., Root:Ubuntu:22.04 and Root:Ubuntu:24.04; Debian 11/12 tracks). The Debian/Ubuntu Nessus OSV entries note patches for these distri...
CVE-2026-53263 6lowpan: fix off-by-one in multicast context address compression
In the Linux kernel, the following vulnerability has been resolved: 6lowpan: fix off-by-one in multicast context address compression The second memcpy in lowpaniphcmcastctxaddrcompress uses &data1 as destination and &ipaddr-s6addr11 as source, but both should be offset by one: &data2 and...
PT-2026-52358
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An off-by-one error exists in the lowpan iphc mcast ctx addr compress function. The second memcpy operation incorrectly uses &data1 as the destination and &ipaddr-s6 addr11 as the source...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: 6lowpan: resetting the link-local header in the IPv6 receive path The Bluetooth 6lowpan.c netdev module has the headerops function; therefore, it must set the link-local header for the RX skb packet. Otherwise, thin...
USN-8423-1: lwIP vulnerabilities
It was discovered that lwIP contained a buffer overflow in the EAP authentication handling code. An attacker could possibly use this issue to trigger a buffer overflow, resulting in arbitrary code execution or a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2020-8597 It was...
USN-8423-1 lwip vulnerabilities
It was discovered that lwIP contained a buffer overflow in the EAP authentication handling code. An attacker could possibly use this issue to trigger a buffer overflow, resulting in arbitrary code execution or a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2020-8597 It was...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013047)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013047 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Bluetooth 6lowpan.c netdev has...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011135)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011135 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Bluetooth 6lowpan.c netdev has...
CVE-2026-25139
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated user, with ability to send or manipulate input packets, to...
CVE-2026-25139
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated user, with ability to send or manipulate input packets, to...
EUVD-2026-5374
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated user, with ability to send or manipulate input packets, to...
CVE-2026-25139 RIOT Vulnerable to Multiple Out-of-Bounds Read When Processing Received 6LoWPAN SFR Fragments
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated user, with ability to send or manipulate input packets, to...
CVE-2026-25139
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated user, with ability to send or manipulate input packets, to...
CVE-2026-25139 RIOT Vulnerable to Multiple Out-of-Bounds Read When Processing Received 6LoWPAN SFR Fragments
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated user, with ability to send or manipulate input packets, to...