80 matches found
CVE-2026-52972
A flaw was found in the Linux kernel's afalg cryptography module. This vulnerability involves an arithmetic overflow when processing associated data lengths during the transmit buffer size check. A remote attacker could exploit this flaw by providing a specially crafted associated data length,...
EUVD-2026-38840
In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Cap AEAD AD length to 0x80000000 In order to prevent arithmetic overflows when checking the TX buffer size, cap the associated data length to 0x80000000...
CVE-2026-53009
In the Linux kernel, the following vulnerability has been resolved: ice: fix double-free of txbuf skb If icetso or icetxcsum fail, the error path in icexmitframering frees the skb, but the 'first' txbuf still points to it and is marked as valid ICETXBUFSKB. 'nexttouse' remains unchanged, so the...
PT-2026-51903
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the ice network driver occurs during network packet transmission. When the ice tso or ice tx csum functions fail, the error path in ice xmit frame ring frees the network buffer...
PT-2026-51866
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the af alg cryptography module of the Linux kernel. An arithmetic overflow occurs when processing associated data lengths during the transmit buffer size check. A remote...
CVE-2026-45891
CVE-2026-45891: Linux kernel hns3 driver double-free vulnerability. Root cause: in hns3_set_ringparam(), a temporary copy (tmp_rings) is used for rollback, but the tx_spare pointer in the original ring isn’t cleared after backup, leading to a stale non-NULL tx_spare. If allocation fails during hn...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: serial: core: Fixed the issue where the transmit-buffer was not freed after closing the serial port. The commit 761ed4a94582 “tty: serialcore: changed uartclose to use ttyportclose” converted the serial core to use ttyportclos...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: igc: The TX packet buffer size per queue has been reduced from 7KB to 5KB. The previous setting of 7KB per queue caused issues with the TX unit during heavy timestamping operations. Reducing the buffer size to 5KB avoids such...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: spi: spi-mt65xx: Fixed NULL pointer access in the interrupt handler. The TX buffer in spitransfer can be a NULL pointer. As a result, the interrupt handler may write to invalid memory, causing crashes. Add a check for trans-txbuf...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: In isotpsendmsg, cmpxchg is used to serialize access to so-tx.buf. isotprelease waits for ISOTPIDLE via waiteventinterruptible and then calls kfreeso-tx.buf. If a signal interrupts waiteventinterruptible inside close when tx.stat...
CVE-2026-43462
CVE-2026-43462 affects the Linux kernel spacemit network driver. An error in the function emac_tx_mem_map() could leak DMA mappings on a mapping failure. This resource mismanagement may lead to a denial of service, impacting system availability. The published fix frees the leaked DMA mappings usi...
PT-2026-39123
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the emac tx mem map function where DMA Direct Memory Access mappings—a method allowing hardware to access system memory independently of the CPU—were leaked when a...
CVE-2026-43149
The CVE-2026-43149 issue affects the Linux kernel: the net: wan/fsl_ucc_hdlc driver allocated priv->rx_buffer and priv->tx_buffer as a single contiguous block in uhdlc_init(), but incorrectly freed them as two buffers in uhdlc_memclean() by calling dma_free_coherent() twice. The fix changes...
CVE-2026-31563
In the Linux kernel, the following vulnerability has been resolved: net: macb: Use devconsumeskbany to free TX SKBs The napiconsumeskb function is not intended to be called in an IRQ disabled context. However, after commit 6bc8a5098bf4 "net: macb: Fix txptrlock locking", the freeing of TX SKBs is...
EUVD-2026-24827
In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix tx.buf use-after-free in isotpsendmsg isotpsendmsg uses only cmpxchg on so-tx.state to serialize access to so-tx.buf. isotprelease waits for ISOTPIDLE via waiteventinterruptible and then calls kfreeso-tx.buf. If a...
CVE-2026-31474
In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix tx.buf use-after-free in isotpsendmsg isotpsendmsg uses only cmpxchg on so-tx.state to serialize access to so-tx.buf. isotprelease waits for ISOTPIDLE via waiteventinterruptible and then calls kfreeso-tx.buf. If a...
PT-2026-34379
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the isotp sendmsg function. The function uses cmpxchg on so-tx.state to serialize access to so-tx.buf. When isotp release waits for ISOTP IDLE via wait...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of the cmpxchg serialization to access so-tx.buf. This vulnerability may lead to the...
CVE-2026-23472
In the Linux kernel, the following vulnerability has been resolved: serial: core: fix infinite loop in handletx for PORTUNKNOWN uartwriteroom and uartwrite behave inconsistently when xmitbuf is NULL which happens for PORTUNKNOWN ports that were never properly initialized: - uartwriteroom returns...
CVE-2026-23472 serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN
In the Linux kernel, the following vulnerability has been resolved: serial: core: fix infinite loop in handletx for PORTUNKNOWN uartwriteroom and uartwrite behave inconsistently when xmitbuf is NULL which happens for PORTUNKNOWN ports that were never properly initialized: - uartwriteroom returns...