4616 matches found
CVE-2026-31772
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix stack buffer overflow in hcilebigcreatesync hcilebigcreatesync uses DEFINEFLEX to allocate a struct hcicplebigcreatesync on the stack with room for 0x11 17 BIS entries. However, conn-numbis can hold up to...
CVE-2026-31713
In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason error, crash while processing FUSEINIT, the filesystem creation will hang. The reason is that while all other threads will...
CVE-2026-43022
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: hcicmdsyncqueueonce return -EEXIST if exists hcicmdsyncqueueonce needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid leaking resources. Change the...
CVE-2026-43022
The CVE-2026-43022 issue affects the Linux kernel Bluetooth HCI synchronization path: hci_cmd_sync_queue_once() did not indicate when a queue item already existed, risking resource leaks. The fix changes hci_cmd_sync_queue_once() to return -EEXIST when a queue item already exists and requires upd...
EUVD-2026-26620
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix leaks when hcicmdsyncqueueonce fails When hcicmdsyncqueueonce returns with error, the destroy callback will not be called. Fix leaking references / memory on these failures...
CVE-2026-43021
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix leaks when hcicmdsyncqueueonce fails When hcicmdsyncqueueonce returns with error, the destroy callback will not be called. Fix leaking references / memory on these failures...
CVE-2026-43021
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix leaks when hcicmdsyncqueueonce fails When hcicmdsyncqueueonce returns with error, the destroy callback will not be called. Fix leaking references / memory on these failures...
CVE-2026-31772
The CVE-2026-31772 issue affects the Linux kernel Bluetooth HCI path. The root cause is a stack buffer overflow in hci_le_big_create_sync where DEFINE_FLEX allocates a stack struct for BIS entries with room for 17, but conn->num_bis can be up to 31, leading to a memcpy that can write beyond th...
EUVD-2026-26585
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix stack buffer overflow in hcilebigcreatesync hcilebigcreatesync uses DEFINEFLEX to allocate a struct hcicplebigcreatesync on the stack with room for 0x11 17 BIS entries. However, conn-numbis can hold up to...
CVE-2026-31772
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix stack buffer overflow in hcilebigcreatesync hcilebigcreatesync uses DEFINEFLEX to allocate a struct hcicplebigcreatesync on the stack with room for 0x11 17 BIS entries. However, conn-numbis can hold up to...
CVE-2026-31713
The CVE concerns the Linux kernel FUSE handling during sync init. When a FUSE server exits unexpectedly while processing FUSE_INIT, the mounting thread keeps the device fd open, preventing an abort and causing filesystem creation to hang. This is a regression relative to the async mount path, whe...
CVE-2026-31713 fuse: abort on fatal signal during sync init
In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason error, crash while processing FUSEINIT, the filesystem creation will hang. The reason is that while all other threads will...
CVE-2026-31713
In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason error, crash while processing FUSEINIT, the filesystem creation will hang. The reason is that while all other threads will...
EUVD-2026-26522
In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason error, crash while processing FUSEINIT, the filesystem creation will hang. The reason is that while all other threads will...
CVE-2026-31713
In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason error, crash while processing FUSEINIT, the filesystem creation will hang. The reason is that while all other threads will...
PT-2026-36407
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci sync: fix stack buffer overflow in hci le big create sync hci le big create sync uses DEFINE FLEX to allocate a struct hci cp le big create sync on the stack with room for 0x11 17 BIS entries. However, conn-num bis...
PT-2026-36343
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the FUSE Filesystem in Userspace component where the filesystem creation process can hang if the server exits due to an error or crash while processing FUSE INIT during...
n8n-mcp's IPv4-mapped IPv6 addresses bypass SSRF protection in validateUrlSync(), enabling full SSRF for SDK embedders
Impact In the SDK embedder path N8NDocumentationMCPServer constructor, getN8nApiClient, and validateInstanceContext, the synchronous URL validator in SSRFProtection.validateUrlSync had no IPv6 checks. IPv4-mapped IPv6 addresses such as http://::ffff:169.254.169.254 bypassed the cloud-metadata,...
CVE-2026-41397 OpenClaw < 2026.3.31 - Sandbox Escape via Unrestricted File Sync and Symlink Traversal
OpenClaw before 2026.3.31 contains a sandbox escape vulnerability allowing attackers to traverse directory boundaries through symlink exploitation during file synchronization operations. Remote attackers can bypass sandbox restrictions by crafting malicious symlinks in mirror sync operations to...
xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially...