ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc

...

SUSE CVE-2026-31610

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc The kernel ASN.1 BER decoder calls action callbacks incrementally as it walks the input. When ksmbddecodenegTokenInit reaches the mechToken 2 OCTET STRING...

Linux Distros Unpatched Vulnerability : CVE-2026-31610

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc The kernel ASN.1 BER decoder calls action callbacks incrementally as it walks the input...

CVE-2026-31610

CVE-2026-31610 affects ksmbd in the Linux kernel. The issue is a memory-leak in the SPNEGO decode path: during ksmbd_decode_negTokenInit, the code allocates conn->mechToken and may fail parsing later elements, leaving the previously allocated token. If the continuation path marks use_spnego fa...

CVE-2026-31610 ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc The kernel ASN.1 BER decoder calls action callbacks incrementally as it walks the input. When ksmbddecodenegTokenInit reaches the mechToken 2 OCTET STRING...

Rug Vector draining DOLA token

Lines of code Vulnerability details Impact Market.sol contract contains a rug vector in plain sight, the recall function. If Market.sol contract's DOLA token is being drained by lender, then any of borrow or replenish function will reverted because no DOLA token exist. Even though this is not...

Overflow in _baseVestedAmount() prevents claims to be retrieved

Lines of code Vulnerability details Impact Rewards of high value will be unable to be withdrawn since claimableAmount will revert. Proof of Concept In line 176, if we assume there's a claim of a token with 18 decimals and a vesting of 1 year, which is a realistic vesting period that can be observ...

Malicious code in token-allocation-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e70d4e91a48867bcbc30b11c2c29639e0305bff138d5414dcac1754ffbdaf6f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6599 Malicious code in token-allocation-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e70d4e91a48867bcbc30b11c2c29639e0305bff138d5414dcac1754ffbdaf6f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Wrong token allocation computation for token decimals != 18 if floor price not reached

Handle cmichel Vulnerability details In LaunchEvent.createPair, when the floor price is not reached floorPrice wavaxReserve 1e18 / tokenAllocated, the tokens to be sent to the pool are lowered to match the raised WAVAX at the floor price. Note that the floorPrice is supposed to have a precision o...

Missing Validation Of createPromotion Parameters

Handle leastwood Vulnerability details Impact The createPromotion function is called by a creator account denoted as msg.sender to fund a promotion with tokens allocated on a per epoch basis across a set epochs. However, the function does not perform the necessary checks on function inputs to...