Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from sending TCP, IL, RUDP, or GRE packets with a packet size smaller than the header size, potentially...

CVE-2026-43178

In the Linux kernel, the following vulnerability has been resolved: procfs: fix possible double mmput in doprocmapquery When user provides incorrectly sized buffer for build ID for PROCMAPQUERY we return with -ENAMETOOLONG error. After recent changes this condition happens later, after we unlocke...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid infinite loops when trying to resize the local TT. If the MTU of one of the attached interfaces becomes too small to transmit the local translation table, then it must be resized to fit within all fragments when...

CVE-2026-33662

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsapkcs1v15encode in core/drivers/crypto/cryptoapi/acipher/rsassa.c, the amount of padding needed, "...

CVE-2026-23338

The CVE-2026-23338 issue affects the Linux kernel component drm/amdgpu/userq. Userspace can trigger kernel warnings by providing an incorrect or growing number of fences across a userq wait ioctl, causing a backtrace to be emitted. The fix removes WARN_ONs so that, when the kernel detects nothing...

CVE-2025-71098

In the Linux kernel, the following vulnerability has been resolved: ip6gre: make ip6greheader robust Over the years, syzbot found many ways to crash the kernel in ip6greheader 1. This involves team or bonding drivers ability to dynamically change their dev-neededheadroom and/or dev-hardheaderlen ...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-384586)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-384586 advisory. In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid infinite loop trying to resize local TT If the MTU of one of an attached...

BIT-LIBPHP-2023-0568 Array overrun in common path resolve code

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value,...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: Ensure that the ethheaderlen field is set to a valid value. The syzbot triggered an uninitvalue1 error in the bridgedevice’s xmit path by sending a short packet less than ETHHLEN bytes. To fix this issue, check...

DEBIAN-CVE-2024-35982

In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid infinite loop trying to resize local TT If the MTU of one of an attached interface becomes too small to transmit the local translation table then it must be resized to fit inside all fragments when enabled or a...

Mozilla: Symlinks may resolve to smaller than expected buffers

The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink, a race may occur where the buffer passed to readlink may actually be smaller than necessary. This bug only affects Firefox on Unix-based operating systems Android, Linux, MacOS. Windows is unaffected...

Mozilla: Symlinks may resolve to smaller than expected buffers

The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink, a race may occur where the buffer passed to readlink may actually be smaller than necessary. This bug only affects Firefox on Unix-based operating systems Android, Linux, MacOS. Windows is unaffected...

SUSE CVE-2009-2624

The huftbuild function in inflate.c in gzip before 1.3.13 creates a hufts aka huffman table that is too small, which allows remote attackers to cause a denial of service application crash or infinite loop or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a...

UBUNTU-CVE-2020-28010

Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small on some common platforms...

blktrace (aka Block IO Tracing) 1.2.0 as used with the Linux kernel and Android has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small as demonstrated by an invalid free when using the btt program with a crafted file.

...

CVE-2019-9210

In AdvanceCOMP 2.1, pngcompress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. There is also a heap-based buffer over-read...

CVE-2019-9210

In AdvanceCOMP 2.1, pngcompress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. There is also a heap-based buffer over-read...

CVE-2019-9210

In AdvanceCOMP 2.1, pngcompress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. There is also a heap-based buffer over-read...

UBUNTU-CVE-2017-9445

In systemd through 233, certain sizes passed to dnspacketnew in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and...