4597 matches found
CVE-2026-31713
A flaw was found in the Linux kernel's Filesystem in Userspace FUSE component. When using synchronous initialization sync init, if the FUSE server exits unexpectedly while processing the FUSEINIT request, the filesystem creation process can hang. This issue occurs because the mounting thread keep...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the unserialize function in the sync-invoke client when processing data received from a server response. An attacker can execute arbitrary code by sending crafted serialized data from a malicious...
CVE-2026-43019
A flaw was found in the Linux kernel's Bluetooth component. Improper synchronization in the setcigparamssync function can lead to a use-after-free UAF vulnerability. This issue arises when hciconn objects are accessed without proper locking, allowing them to be freed concurrently. An attacker cou...
CVE-2026-43021
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix leaks when hcicmdsyncqueueonce fails When hcicmdsyncqueueonce returns with error, the destroy callback will not be called. Fix leaking references / memory on these failures...
CVE-2026-31772
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix stack buffer overflow in hcilebigcreatesync hcilebigcreatesync uses DEFINEFLEX to allocate a struct hcicplebigcreatesync on the stack with room for 0x11 17 BIS entries. However, conn-numbis can hold up to...
CVE-2026-31713
In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason error, crash while processing FUSEINIT, the filesystem creation will hang. The reason is that while all other threads will...
CVE-2026-43022
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: hcicmdsyncqueueonce return -EEXIST if exists hcicmdsyncqueueonce needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid leaking resources. Change the...
CVE-2026-43022
The CVE-2026-43022 issue affects the Linux kernel Bluetooth HCI synchronization path: hci_cmd_sync_queue_once() did not indicate when a queue item already existed, risking resource leaks. The fix changes hci_cmd_sync_queue_once() to return -EEXIST when a queue item already exists and requires upd...
CVE-2026-43021
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix leaks when hcicmdsyncqueueonce fails When hcicmdsyncqueueonce returns with error, the destroy callback will not be called. Fix leaking references / memory on these failures...
CVE-2026-43021
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix leaks when hcicmdsyncqueueonce fails When hcicmdsyncqueueonce returns with error, the destroy callback will not be called. Fix leaking references / memory on these failures...
EUVD-2026-26620
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix leaks when hcicmdsyncqueueonce fails When hcicmdsyncqueueonce returns with error, the destroy callback will not be called. Fix leaking references / memory on these failures...
CVE-2026-31772
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix stack buffer overflow in hcilebigcreatesync hcilebigcreatesync uses DEFINEFLEX to allocate a struct hcicplebigcreatesync on the stack with room for 0x11 17 BIS entries. However, conn-numbis can hold up to...
EUVD-2026-26585
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix stack buffer overflow in hcilebigcreatesync hcilebigcreatesync uses DEFINEFLEX to allocate a struct hcicplebigcreatesync on the stack with room for 0x11 17 BIS entries. However, conn-numbis can hold up to...
CVE-2026-31772
The CVE-2026-31772 issue affects the Linux kernel Bluetooth HCI path. The root cause is a stack buffer overflow in hci_le_big_create_sync where DEFINE_FLEX allocates a stack struct for BIS entries with room for 17, but conn->num_bis can be up to 31, leading to a memcpy that can write beyond th...
EUVD-2026-26522
In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason error, crash while processing FUSEINIT, the filesystem creation will hang. The reason is that while all other threads will...
CVE-2026-31713 fuse: abort on fatal signal during sync init
In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason error, crash while processing FUSEINIT, the filesystem creation will hang. The reason is that while all other threads will...
CVE-2026-31713
In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason error, crash while processing FUSEINIT, the filesystem creation will hang. The reason is that while all other threads will...
CVE-2026-31713
In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason error, crash while processing FUSEINIT, the filesystem creation will hang. The reason is that while all other threads will...
CVE-2026-31713
The CVE concerns the Linux kernel FUSE handling during sync init. When a FUSE server exits unexpectedly while processing FUSE_INIT, the mounting thread keeps the device fd open, preventing an abort and causing filesystem creation to hang. This is a regression relative to the async mount path, whe...
PT-2026-36407
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci sync: fix stack buffer overflow in hci le big create sync hci le big create sync uses DEFINE FLEX to allocate a struct hci cp le big create sync on the stack with room for 0x11 17 BIS entries. However, conn-num bis...