280 matches found
CVE-2026-53068 drm/komeda: fix integer overflow in AFBC framebuffer size check
In the Linux kernel, the following vulnerability has been resolved: drm/komeda: fix integer overflow in AFBC framebuffer size check The AFBC framebuffer size validation calculates the minimum required buffer size by adding the AFBC payload size to the framebuffer offset. This addition is performe...
EUVD-2026-38704
In the Linux kernel, the following vulnerability has been resolved: batman-adv: tvlv: reject oversized TVLV packets batadvtvlvcontainerogmappend builds a TVLV packet section from the tvlv.containerlist. The total size of this section is computed by batadvtvlvcontainerlistsize, which sums the size...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/xe: Fixed a potential integer overflow in the page size calculation. Explicitly cast tbo-pagealignment to u64 before shifting bits to prevent overflow when assigning to minpagesize...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: virtio-blk: an implicit overflow issue with virtiomaxdmasize has been fixed. The following code involves an implicit conversion from sizet to u32: u32maxsize = sizetvirtiomaxdmasizevdev; This may lead to an overflow situation; fo...
MGASA-2026-0214 Updated lcms2 packages fix security vulnerability
Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. CVE-2026-41254...
SUSE CVE-2026-53689
libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This occurs in libnfszdrstring in lib/libnfs-zdr.c...
CVE-2026-53689
libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This occurs in libnfszdrstring in lib/libnfs-zdr.c...
Security update for netty, netty-tcnative
This update for netty, netty-tcnative fixes the following issues CVE-2026-41417: missing validations leads to HTTP request smuggling and RTSP request injection via start-line injection in DefaultHttpRequest.setUri bsc1264350. CVE-2026-42578: HTTP Header Injection via HttpProxyHandler Disabled...
SUSE-SU-2026:2308-1 Security update for netty, netty-tcnative
This update for netty, netty-tcnative fixes the following issues - CVE-2026-41417: missing validations leads to HTTP request smuggling and RTSP request injection via start-line injection in DefaultHttpRequest.setUri bsc1264350. - CVE-2026-42578: HTTP Header Injection via HttpProxyHandler Disabled...
PT-2026-45507
FlexRIC v2.0.0 contains a reachable assertion in e2ap recv sctp msg src/lib/ep/e2ap ep.c. The function allocates a fixed 32KB receive buffer and enforces assertrc = 32,768 bytes to crash the near-RT RIC, iApp, E2 Agent, or xApp process via SIGABRT. No valid E2AP PDU is required. All four SCTP...
UBUNTU-CVE-2026-46209
In the Linux kernel, the following vulnerability has been resolved: drm/gem: Fix inconsistent plane dimension calculation in drmgemfbinitwithfuncs drmgemfbinitwithfuncs computes sub-sampled plane dimensions using plain integer division: unsigned int width = modecmd-width / i ? info-hsub : 1;...
CVE-2026-46209
CVE-2026-46209 affects the Linux kernel DRM GEM: a discrepancy between plane dimension calculations in drm_gem_fb_init_with_funcs() (plain integer division) and framebuffer_check() (DIV_ROUND_UP via drm_format_info_plane_width/height) can cause GEM size checks to miscalculate, potentially allowin...
Linux Distros Unpatched Vulnerability : CVE-2026-39834
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop t...
Integer Overflow or Wraparound
Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the payload size calculation within the Write process. An attacker can cause the process to enter an infinite loop and exhaust system resources by...
Astra Linux - уязвимость в u-boot
An integer overflow occurs in the ext4fsreadsymlink function in Das U-Boot before version 2025.01-rc1. This issue arises due to the use of the zalloc function, which adds one to a le32 variable. This occurs through a crafted ext4 file system with an inode size of 0xffffffff. As a result, the mall...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: libbpf: Handling of size overflow for ringbuf mmap The maximum size of a ringbuf on an x86-64 host is 2GB. Therefore, 2 maxentries will cause an overflow of type u32 when mapping producer pages and data pages. Simply casting...
Medium: lcms2
Issue Overview: Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. CVE-2026-41254 Little CMS lcms2 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c. CVE-2026-42798 Affected...
CVE-2026-42580
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final...
DEBIAN-CVE-2026-42580
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final...
CVE-2026-42580
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final...