CVE-2026-43405

CVE-2026-43405 affects the Linux kernel libceph component, specifically ceph_monmap_decode(). The root cause is signedness mishandling: blob_len and num_mon are int, used to hold non-negative values that should be unsigned, leading to potential large allocations when an incoming num_mon is very l...

CVE-2026-43405

In the Linux kernel, the following vulnerability has been resolved: libceph: Use u32 for non-negative values in cephmonmapdecode This patch fixes unnecessary implicit conversions that change signedness of bloblen and nummon in cephmonmapdecode. Currently bloblen and nummon are signed int variable...

CVE-2026-43341

In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: prevent schema length wraparound in trace fill ioam6filltracedata stores the schema contribution to the trace length in a u8. With bit 22 enabled and the largest schema payload, sclen becomes 1 + 1020 / 4, wraps...

CVE-2026-43316

In the Linux kernel, the following vulnerability has been resolved: media: solo6x10: Check for out of bounds chipid Clang with CONFIGUBSANSHIFT=y noticed a condition where a signed type literal "1" is an "int" could end up being shifted beyond 32 bits, so instrumentation was added and due to the...

CVE-2026-43316

In the Linux kernel, the following vulnerability has been resolved: media: solo6x10: Check for out of bounds chipid Clang with CONFIGUBSANSHIFT=y noticed a condition where a signed type literal "1" is an "int" could end up being shifted beyond 32 bits, so instrumentation was added and due to the...

UBUNTU-CVE-2026-43341

In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: prevent schema length wraparound in trace fill ioam6filltracedata stores the schema contribution to the trace length in a u8. With bit 22 enabled and the largest schema payload, sclen becomes 1 + 1020 / 4, wraps...

UBUNTU-CVE-2026-43316

In the Linux kernel, the following vulnerability has been resolved: media: solo6x10: Check for out of bounds chipid Clang with CONFIGUBSANSHIFT=y noticed a condition where a signed type literal "1" is an "int" could end up being shifted beyond 32 bits, so instrumentation was added and due to the...

CVE-2026-43341

In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: prevent schema length wraparound in trace fill ioam6filltracedata stores the schema contribution to the trace length in a u8. With bit 22 enabled and the largest schema payload, sclen becomes 1 + 1020 / 4, wraps...

CVE-2026-43341 net/ipv6: ioam6: prevent schema length wraparound in trace fill

In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: prevent schema length wraparound in trace fill ioam6filltracedata stores the schema contribution to the trace length in a u8. With bit 22 enabled and the largest schema payload, sclen becomes 1 + 1020 / 4, wraps...

CVE-2026-43341

The CVE-2026-43341 details Linux kernel IOAM6 trace filling vulnerability. In ioam6_fill_trace_data(), the schema length is accumulated in an 8-bit unsigned variable (sclen). With the largest schema payload and bit 22 set, sclen wraps from 256 to 0 (1 + 1020/4), bypassing the remaining-space chec...

CVE-2026-43341

In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: prevent schema length wraparound in trace fill ioam6filltracedata stores the schema contribution to the trace length in a u8. With bit 22 enabled and the largest schema payload, sclen becomes 1 + 1020 / 4, wraps...

CVE-2026-43316

CVE-2026-43316 affects the Linux kernel, specifically the media/solo6x10 component. A signed shift could exceed 32 bits when compiled with UBSAN_SHIFT enabled, triggering undefined behavior; remediation added by checking the existing max chip_id and using an unsigned shift. This removes runtime i...

CVE-2026-43316

In the Linux kernel, the following vulnerability has been resolved: media: solo6x10: Check for out of bounds chipid Clang with CONFIGUBSANSHIFT=y noticed a condition where a signed type literal "1" is an "int" could end up being shifted beyond 32 bits, so instrumentation was added and due to the...

CVE-2026-43316 media: solo6x10: Check for out of bounds chip_id

In the Linux kernel, the following vulnerability has been resolved: media: solo6x10: Check for out of bounds chipid Clang with CONFIGUBSANSHIFT=y noticed a condition where a signed type literal "1" is an "int" could end up being shifted beyond 32 bits, so instrumentation was added and due to the...

[slackware-security] php

New php packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/php82/php82-8.2.31-i586-1slack15.0.txz: Upgraded. This update fixes security issues: FPM: Fixed XSS within status endpoint. MBString: Fixed Null...

PT-2026-38967

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the solo6x10 media component where a signed type could be shifted beyond 32 bits. When compiled with Clang and CONFIG UBSAN SHIFT=y, this condition may be interpreted ...

PT-2026-39066

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the libceph component where the ceph monmap decode function uses signed int variables for blob len and num mon. Because these variables are intended to hold non-negati...

PT-2026-38992

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the ioam6 fill trace data function where the schema contribution to the trace length is stored in a u8 an 8-bit unsigned integer. When bit 22 is enabled and the largest...

Linux Distros Unpatched Vulnerability : CVE-2026-43407

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libceph: Fix potential out-of-bounds access in cephhandleauthreply This patch fixes an out-of-bounds access in cephhandleauthreply that can be triggered by a...

MGASA-2026-0112 Updated libexif packages fix security vulnerabilities

CVE-2026-32775: libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exifmnotedatagetvalue function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow. CVE-2026-40385: In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon...