50 matches found
CVE-2026-45684
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using the total ioviter.count as the copy length. When log...
SUSE CVE-2026-45684
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using the total ioviter.count as the copy length. When log...
CVE-2026-45684 OpenTelemetry eBPF Instrumentation: Log enricher writev path can overread and overwrite user buffers
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using the total ioviter.count as the copy length. When log...
CVE-2026-45684 OpenTelemetry eBPF Instrumentation: Log enricher writev path can overread and overwrite user buffers
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using the total ioviter.count as the copy length. When log...
CVE-2026-45684
OpenTelemetry eBPF Instrumentation (OBI) log enricher vulnerability CVE-2026-45684: in versions 0.7.0–0.8.x, the writev path mishandles buffers by reading only the first iovec entry while using the total iov_iter.count for the copy length. When log injection is enabled, a crafted multi-segment wr...
EUVD-2026-33957
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using the total ioviter.count as the copy length. When log...
CVE-2026-45684
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using the total ioviter.count as the copy length. When log...
OpenTelemetry eBPF Instrumentation: Log enricher writev path can overread and overwrite user buffers
Summary OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using the total ioviter.count as the copy length. When log injection is enabled, a crafted multi-segment writev call can make OBI read and overwrite memory beyond the first segment. Details In...
GHSA-VVMG-8MJR-G6Q3 OpenTelemetry eBPF Instrumentation: Log enricher writev path can overread and overwrite user buffers
Summary OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using the total ioviter.count as the copy length. When log injection is enabled, a crafted multi-segment writev call can make OBI read and overwrite memory beyond the first segment. Details In...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000587)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000587 advisory. The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 reassembly, which allows local users to cause a denial of service integer overflow,...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000730)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000730 advisory. The fusefillwritepages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service infinite loop via a writev system ca...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002338)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002338 advisory. The fusefillwritepages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service infinite loop via a writev system ca...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002329)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002329 advisory. The cifsiovecwrite function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requeste...
EUVD-2006-1856
Malware in sbrugna...
EUVD-2008-7267
Malware in sbrugna...
EUVD-2015-8657
Malware in sbrugna...
SUSE CVE-2022-49171
In the Linux kernel, the following vulnerability has been resolved: ext4: don't BUG if someone dirty pages without asking ext4 first unpinuserpagesremote is dirtying pages without properly warning the file system in advance. A related race was noted by Jan Kara in 20181; however, more recently...
UBUNTU-CVE-2022-49171
In the Linux kernel, the following vulnerability has been resolved: ext4: don't BUG if someone dirty pages without asking ext4 first unpinuserpagesremote is dirtying pages without properly warning the file system in advance. A related race was noted by Jan Kara in 20181; however, more recently...
UBUNTU-CVE-2024-42256
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix server re-repick on subrequest retry When a subrequest is marked for needing retry, netfs will call cifspreparewrite which will make cifs repick the server for the op before renegotiating credits; it then calls...
PT-2024-7517 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the smb2 async writev function in the Linux kernel, which is responsible for handling server re-repick on subrequest retry. When a subrequest is marked for...