PT-2026-43873

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix u32 overflow in pushbuf reloc bounds check nouveau gem pushbuf reloc apply validates each relocation with if r-reloc bo offset + 4 nvbo-bo.base.size but reloc bo offset is u32 uapi/drm/nouveau drm.h and the integ...

CVE-2026-40385

A flaw was found in libexif. A local attacker on a 32-bit system could exploit an unsigned 32-bit integer overflow vulnerability in the Nikon MakerNote handling. This could lead to application crashes or the disclosure of sensitive information. Mitigation On 32-bit systems, avoid processing...

CVE-2026-34549

iccDEV contains an Undefined Behavior in IccUtil.cpp caused by invalid left shift on icUInt32Number when processing a crafted ICC profile. Affects versions prior to 2.3.1.6; the issue is fixed in 2.3.1.6. Public references indicate the UB is reported under UndefinedBehaviorSanitizer. There is no ...

PT-2025-15297 · Unknown · Apollo Router Core

Name of the Vulnerable Software and Affected Versions: Apollo Router Core versions prior to 1.61.2 Apollo Router Core versions prior to 2.1.1 Description: The issue arises from the operation limits plugin using unsigned 32-bit integers to track limit counters, such as a query's height. If a count...

SUSE CVE-2021-47580

In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Fix type in mint to avoid stack OOB Change mint to use type "u32" instead of type "int" to avoid stack out of bounds. With mint type "int" the values get sign extended and the larger value gets used causing stack...

kernel: local escalation of privileges in handling of eBPF programs

An out-of-bounds access flaw was found in the Linux kernel’s implementation of the eBPF code verifier, where an incorrect register bounds calculation while checking unsigned 32-bit instructions in an eBPF program occurs.. By default accessing the eBPF verifier is only accessible to privileged use...