995954 matches found
CVE-2026-63956
The CVE-2026-63956 entry describes a Linux kernel vulnerability in USB serial for Cypress M8 devices. The issue occurs when the interrupt-out endpoint max packet size is smaller than eight bytes, enabling potential user-controlled slab corruption or NULL-pointer dereference if a malicious device ...
EUVD-2026-45729
In the Linux kernel, the following vulnerability has been resolved: USB: serial: cypressm8: fix memory corruption with small endpoint Make sure that the interrupt-out endpoint max packet size is at least eight bytes to avoid user-controlled slab corruption or NULL-pointer dereference should a...
CVE-2026-63935 iio: adc: nxp-sar-adc: fix division by zero in write_raw
In the Linux kernel, the following vulnerability has been resolved: iio: adc: nxp-sar-adc: fix division by zero in writeraw Add a validation check for the sampling frequency value before using it as a divisor. A user writing zero or a negative value to the samplingfrequency sysfs attribute trigge...
CVE-2026-63935
The CVE-2026-63935 entry concerns the Linux kernel IIO ADC driver for the NXP SAR ADC. A division-by-zero occurs in write_raw when a user writes zero or negative values to the sampling_frequency sysfs attribute; the fix adds a validation check to prevent using such values as a divisor. The patch ...
EUVD-2026-45708
In the Linux kernel, the following vulnerability has been resolved: iio: adc: nxp-sar-adc: fix division by zero in writeraw Add a validation check for the sampling frequency value before using it as a divisor. A user writing zero or a negative value to the samplingfrequency sysfs attribute trigge...
CVE-2026-63933 iio: gyro: adis16260: fix division by zero in write_raw
In the Linux kernel, the following vulnerability has been resolved: iio: gyro: adis16260: fix division by zero in writeraw Add a validation check for the sampling frequency value before using it as a divisor. A user writing zero to the samplingfrequency sysfs attribute triggers a division by zero...
CVE-2026-63933
CVE-2026-63933 affects the Linux kernel IIO gyro driver for the ADIS16260. The root cause is a division-by-zero when writing a zero value to the sampling_frequency sysfs attribute, which occurs during write_raw processing. The vulnerability is resolved by adding a validation check for the samplin...
EUVD-2026-45706
In the Linux kernel, the following vulnerability has been resolved: iio: gyro: adis16260: fix division by zero in writeraw Add a validation check for the sampling frequency value before using it as a divisor. A user writing zero to the samplingfrequency sysfs attribute triggers a division by zero...
CVE-2026-63931 iio: chemical: scd30: fix division by zero in write_raw
In the Linux kernel, the following vulnerability has been resolved: iio: chemical: scd30: fix division by zero in writeraw Add a zero check for val2 before using it as a divisor when setting the sampling frequency. A user writing a zero fractional part to the samplingfrequency sysfs attribute...
CVE-2026-63931
The CVE-2026-63931 vulnerability in the Linux kernel’s iio: chemical (scd30) driver was resolved by adding a zero check for val2 before using it as a divisor when setting the sampling_frequency sysfs attribute. Previously, a user writing a zero fractional part to sampling_frequency could trigger ...
EUVD-2026-45704
In the Linux kernel, the following vulnerability has been resolved: iio: chemical: scd30: fix division by zero in writeraw Add a zero check for val2 before using it as a divisor when setting the sampling frequency. A user writing a zero fractional part to the samplingfrequency sysfs attribute...
CVE-2026-63928
The CVE-2026-63928 entry concerns the Linux kernel USB serial omninet driver. The issue is a memory corruption risk when handling a small endpoint: bulk-out buffers must be at least as large as the hardcoded transfer size to prevent user‑controlled slab corruption if a malicious device reports a ...
CVE-2026-63928 USB: serial: omninet: fix memory corruption with small endpoint
In the Linux kernel, the following vulnerability has been resolved: USB: serial: omninet: fix memory corruption with small endpoint Make sure that the bulk-out buffers are at least as large as the hardcoded transfer size to avoid user-controlled slab corruption should a malicious device report a...
EUVD-2026-45701
In the Linux kernel, the following vulnerability has been resolved: USB: serial: omninet: fix memory corruption with small endpoint Make sure that the bulk-out buffers are at least as large as the hardcoded transfer size to avoid user-controlled slab corruption should a malicious device report a...
CVE-2026-63921 ip6: vti: Use ip6_tnl.net in vti6_siocdevprivate().
In the Linux kernel, the following vulnerability has been resolved: ip6: vti: Use ip6tnl.net in vti6siocdevprivate. After patch 1/2 in this series, vti6update unlinks and relinks the tunnel through t-net. vti6siocdevprivate still uses devnetdev for the collision lookup. For a tunnel moved through...
CVE-2026-63921
CVE-2026-63921 affects Linux kernel IP6 VTI tunnels. After patch 1/2, vti6_update() can mutate t->net by prepending a migrated tunnel in the creation netns, while vti6_siocdevprivate() still uses dev_net(dev) for collision lookups. When a tunnel is migrated via IFLA_NET_NS_FD, lookups occur in...
EUVD-2026-45694
In the Linux kernel, the following vulnerability has been resolved: ip6: vti: Use ip6tnl.net in vti6siocdevprivate. After patch 1/2 in this series, vti6update unlinks and relinks the tunnel through t-net. vti6siocdevprivate still uses devnetdev for the collision lookup. For a tunnel moved through...
CVE-2026-63920 ipv6: validate extension header length before copying to cmsg
In the Linux kernel, the following vulnerability has been resolved: ipv6: validate extension header length before copying to cmsg ip6datagramrecvspecificctl builds IPV6HOPOPTS,DSTOPTS,RTHDR cmsgs and their IPV62292 legacy counterparts by trusting the on-wire hdrlen byte ptr1 when computing the...
CVE-2026-63920
The CVE-2026-63920 issue affects Linux kernel IPv6 message control handling. A vulnerability existed in ip6_datagram_recv_specific_ctl() that would build IPV6_...cmsgs using the on-wire hdrlen (ptr[1]) to compute put_cmsg() length, with validation only at parse time. An unprivileged user in nftab...
EUVD-2026-45693
In the Linux kernel, the following vulnerability has been resolved: ipv6: validate extension header length before copying to cmsg ip6datagramrecvspecificctl builds IPV6HOPOPTS,DSTOPTS,RTHDR cmsgs and their IPV62292 legacy counterparts by trusting the on-wire hdrlen byte ptr1 when computing the...