1243 matches found
SUSE CVE-2026-43248
In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhostvdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpasim where a valid ASID can be assign...
CVE-2026-43248
A flaw was found in the Linux kernel's vhost subsystem. Specifically, a bug in the vdpasim component allows for an out-of-bounds write when a valid ASID Address Space ID is incorrectly assigned to a vDPA virtio Data Path Acceleration group. This could lead to memory corruption, potentially...
EUVD-2026-27809
In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhostvdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpasim where a valid ASID can be assign...
CVE-2026-43248
In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhostvdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpasim where a valid ASID can be assign...
CVE-2026-43248
In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhostvdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpasim where a valid ASID can be assign...
CVE-2026-43248
In the Linux kernel vhost subsystem, CVE-2026-43248 stems from a vdpa_sim bug that could assign a valid ASID to a group equal to ngroups, causing an out-of-bounds write and memory instability. Multiple reports confirm a patch to move the vdpa group bound check into vhost_vdpa and to fix the out-o...
Linux Distros Unpatched Vulnerability : CVE-2026-43248
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vhost: move vdpa group bound check to vhostvdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. Whi...
PT-2026-37588
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the vhost component where the vdpa group bound check was duplicated, increasing the risk of a parent driver omitting the check. Additionally, a bug in vdpa sim allows ...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libsoup (UTSA-2026-014646)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014646 advisory. A flaw in libsoups HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in the HTTP vhost routing process when routeByHTTPUser is used for access control. An attacker can gain unauthorized access to protected backend services by sending proxy-style requests that use a known or guesse...
CVE-2026-40910
frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser...
CVE-2026-40910 frp: Authentication bypass in frp HTTP vhost routing when routeByHTTPUser is used for access control
frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser...
CVE-2026-40910 frp: Authentication bypass in frp HTTP vhost routing when routeByHTTPUser is used for access control
frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser...
EUVD-2026-24477
frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser...
CVE-2026-40910
frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010751)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010751 advisory. In the Linux kernel, the following vulnerability has been resolved: vhost: fix hung thread due to erroneous iotlb entries In vhostiotlbaddrangectx, range size can...
frp 授权问题漏洞
FRP is an internal penetration reverse proxy tool developed by Fatedier’s developers. Versions of FRP from 0.43.0 to 0.68.0 have vulnerabilities related to authorization. These vulnerabilities arise from using routeByHTTPUser for access control. In this scenario, the HTTP vhost routing path...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006774)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006774 advisory. In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhostworker will call tun call...
ROS-20260407-73-0001
A vulnerability in the vhostscsisetendpoint and vhostscsiclearendpoint functions in the drivers/vhost/scsi.c module of the Linux kernel is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and availability...
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-50453: gpiolib: cdev: fix NULL-pointer dereferences bsc1250887. CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue...