1549 matches found
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: block: Fixed an incorrect offset in biotruncate The biotruncate function clears the buffer outside of the last block of bdev. However, the current implementation of biotruncate uses the wrong offset for the page. As a result, it...
Astra Linux – Vulnerability in Samba
A flaw was discovered in Samba. Users of Samba AD can cause the server to access uninitialized data through an LDAP add or modify request, typically resulting in a segmentation fault...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: ip6tunnel: Ensure that the inner header is pulled in ip6tnlrcv. syzbot found that ip6tnlrcv could access unitized data 1. Call pskbinetmaypull to fix this, and initialize the ipv6h variable after this call, as it can change...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: iio: dummy: iiosimplydummybuffer: fixed the information leak in the triggered buffer. The data array is allocated using kmalloc, and it is used to push data to user space from the triggered buffer. However, it does not set values...
PT-2026-42006
Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.22.0 Description When decoding a HEIF grid image with strict decoding set to false the default, a corrupted tile may fail to decode silently. The library returns heif error Ok without indicating failure, resulting i...
SUSE CVE-2026-43349
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid uninit-value access in f2fssanitychecknodefooter syzbot reported a f2fs bug as below: BUG: KMSAN: uninit-value in f2fssanitychecknodefooter+0x374/0xa20 fs/f2fs/node.c:1520 f2fssanitychecknodefooter+0x374/0xa20...
Unity Linux 20.1060e / 20.1070e Security Update: curl (UTSA-2026-017661)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017661 advisory. curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send...
Unity Linux 20.1060e / 20.1070e Security Update: curl (UTSA-2026-017588)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017588 advisory. curl supports the -t command line option, known as CURLOPTTELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Du...
CVE-2026-43351
A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM for arm64 architectures. When a virtual Generic Interrupt Controller GIC is created, a failure in the vgicallocateprivateirqslocked function can leave internal data structures uninitialized. This can lead to a system crash wh...
CVE-2026-43349
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid uninit-value access in f2fssanitychecknodefooter syzbot reported a f2fs bug as below: BUG: KMSAN: uninit-value in f2fssanitychecknodefooter+0x374/0xa20 fs/f2fs/node.c:1520 f2fssanitychecknodefooter+0x374/0xa20...
UBUNTU-CVE-2026-43291
In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter validation for packet data Since commit 9c328f54741b "net: nfc: nci: Add parameter validation for packet data" communication with nci nfc chips is not working any more. The mentioned commit tries to f...
CVE-2026-43349 f2fs: fix to avoid uninit-value access in f2fs_sanity_check_node_footer
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid uninit-value access in f2fssanitychecknodefooter syzbot reported a f2fs bug as below: BUG: KMSAN: uninit-value in f2fssanitychecknodefooter+0x374/0xa20 fs/f2fs/node.c:1520 f2fssanitychecknodefooter+0x374/0xa20...
CVE-2026-43291
CVE-2026-43291 affects the Linux kernel NFC NCI subsystem. A parameter validation flaw for variable-length data packets can trigger a DoS by breaking NFC communication with NCI chips. Root cause: code compared variable-length packet data against a maximum length derived from sizeof(struct), ignor...
CVE-2026-43291 net: nfc: nci: Fix parameter validation for packet data
In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter validation for packet data Since commit 9c328f54741b "net: nfc: nci: Add parameter validation for packet data" communication with nci nfc chips is not working any more. The mentioned commit tries to f...
CVE-2026-43291 net: nfc: nci: Fix parameter validation for packet data
In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter validation for packet data Since commit 9c328f54741b "net: nfc: nci: Add parameter validation for packet data" communication with nci nfc chips is not working any more. The mentioned commit tries to f...
Linux Distros Unpatched Vulnerability : CVE-2026-43408
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ceph: add a bunch of missing cephpathinfo initializers cephmdscbuildpath must be called with a zero-initialized cephpathinfo parameter, or else the following...
PT-2026-39000
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the f2fs file system where the f2fs finish read bio function may access uninitialized data in a folio if the system fails to read data from the device into that folio...
CVE-2026-31749
A flaw was found in the niatmio16d driver within the Comedi Comedi is a collection of drivers for data acquisition equipment subsystem of the Linux kernel. This vulnerability occurs when an error during the driver's attach process causes the cleanup function atmio16ddetach to be called with...
SUSE CVE-2026-31626
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: initialize letmp64 in rtwBIPverify Initialize letmp64 to zero in rtwBIPverify to prevent using uninitialized data. Smatch warns that only 6 bytes are copied to this 8-byte u64 variable, leaving the last two...
DEBIAN-CVE-2026-31626
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: initialize letmp64 in rtwBIPverify Initialize letmp64 to zero in rtwBIPverify to prevent using uninitialized data. Smatch warns that only 6 bytes are copied to this 8-byte u64 variable, leaving the last two...