CVE-2026-49416

The CVE-2026-49416 issue affects FreeBSD vt(4) CONS_HISTORY ioctl. The bug occurs when a large history size is requested, causing an integer overflow in the buffer size calculation and resulting in a heap allocation smaller than needed; subsequent initialization writes beyond the allocation, enab...

EUVD-2026-39960

The CONSHISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting in a heap allocation smaller than expected. Subsequent initialization of the buffer wrote beyond the end of the allocation. An...

FreeBSD -- Integer overflow in vt(4) CONS_HISTORY ioctl

Problem Description: The CONSHISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting in a heap allocation smaller than expected. Subsequent initialization of the buffer wrote beyond the end of...

USN-5117-1: Linux kernel (OEM) vulnerabilities

It was discovered that the btrfs file system in the Linux kernel did not properly handle removing a non-existent device id. An attacker with CAPSYSADMIN could use this to cause a denial of service. CVE-2021-3739 It was discovered that the Qualcomm IPC Router protocol implementation in the Linux...