201 matches found
CVE-2026-41207
The CVE concerns the netty-incubator-codec-ohttp project. Before version 0.0.21.Final, HKDF_expand could return a non-NULL failure result and fill the output byte[] with zeros, making HKDF key material indistinguishable from a legitimate output. This zeroed material feeds directly into OHttpCrypt...
Linux Distros Unpatched Vulnerability : CVE-2026-46182
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pseries/papr-hvpipe: Prevent kernel stack memory leak to userspace The hdr variable is allocated on the stack and only hdr.version and hdr.flags are initialized...
EUVD-2026-32809
In the Linux kernel, the following vulnerability has been resolved: pseries/papr-hvpipe: Prevent kernel stack memory leak to userspace The hdr variable is allocated on the stack and only hdr.version and hdr.flags are initialized explicitly. Because the struct paprhvpipehdr contains reserved paddi...
PT-2026-43441
Name of the Vulnerable Software and Affected Versions netty incubator codec.bhttp versions prior to 0.0.21.Final Description The HKDF expand function returns a non-NULL byte array filled with zeros upon failure, making it impossible to distinguish between a successful operation and a failure. Thi...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: mm: fixed an unexpected zeroed page mapping with zram swap In cases where two processes are cloning under CLONEVM, a user process may be corrupted when zeroed pages are unexpectedly displayed. CPU A CPU B doswappage doswappage...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux
In the Linux kernel, the following vulnerability has been resolved: ACPICA: Check for a null return value from ACPIALLOCATEZEROED in acpidbconverttopackage. ACPICA commit number: 4d4547cf13cca820ff7e0f859ba83e1a610b9fd0 The ACPIALLOCATEZEROED function may fail; the elements involved may be NULL,...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Added a check for the return value of getzeroedpage. Also, added a check for the return value of getzeroedpage in sclpconsoleinit to prevent null pointer dereferencing. Additionally, to address the memory leak caused b...
Astra Linux - уязвимость в linux-5.10, linux
Linux block and network PV device frontends do not zero memory regions before sharing them with the backend CVE-2022-26365, CVE-2022-33740. Additionally, the granularity of the grant table does not allow sharing smaller than a 4K page, resulting in unrelated data residing in the same 4K page as...
CVE-2026-43492
CVE-2026-43492 affects the Linux kernel crypto stack: mpi_read_raw_from_sgl() can underflow when subtracting lzeros from nbytes if an all-zero scatterlist is used, leading to a DoS with soft lockups. The vulnerability is triggered via KEYCTL_PKEY_ENCRYPT paths that create an all-zero scatterlist ...
GHSA-FF9Q-RM55-Q7QR diesel-async may expose uninitialized padding bytes for MySQL temporal columns
Summary diesel-async exposes uninitialized stack padding to safe code on every read of a MySQL DATE, TIME, DATETIME, or TIMESTAMP column. Reading that buffer is undefined behavior, and the leaked bytes can contain stale heap/stack contents, so this is both a soundness bug and a potential...
CVE-2026-43088
In the Linux kernel, the following vulnerability has been resolved: net: afkey: zero aligned sockaddr tail in PFKEY exports PFKEY export paths use pfkeysockaddrsize when reserving sockaddr payload space, so IPv6 addresses occupy 32 bytes on the wire. However, pfkeysockaddrfill initializes only th...
Astra Linux - уязвимость в linux, linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ACPICA: Check that the null return value of ACPIALLOCATEZEROED in acpidbdisplayobjects is valid. The issue was reported by ACPICA commit 0d5f467d6a0ba852ea3aad68663cbcbd43300fd4. The ACPIALLOCATEZEROED function may fail, and...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecchardev: fixed the kernel data leak caused by ioctl. It is possible to view the data of kernel pages by providing a larger value for insize in struct croseccommand1 when invoking EC host commands. This issu...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: iio: accel: sca3300: fixed uninitialized iio scan data. Also, a potential leak of uninitialized stack data into the user space was addressed by ensuring that the channels array is cleared before use...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ntfs3: Fix uninit buffer allocated by getname Fix uninit errors caused after buffer allocation given to 'de'; by initializing the buffer with zeroes. The fix was found by using KMSAN...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: fix memory leak in mwifiexhistogramread Always free the zeroed page on return from 'mwifiexhistogramread'...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Drivers: Virt: Acrn: Hsm: Use kzalloc to avoid information leakage in pmcmdioctl. In the “pmcmdioctl” function, three memory objects allocated by kmalloc are initialized using “hcallgetcpustate”. These objects are then copied to...
CVE-2026-31671
In the Linux kernel, the following vulnerability has been resolved: xfrmuser: fix info leak in buildreport struct xfrmuserreport is a u8 proto field followed by a struct xfrmselector which means there is three "empty" bytes of padding, but the padding is never zeroed before copying to userspace...
CVE-2026-31671
In the Linux kernel, the following vulnerability has been resolved: xfrmuser: fix info leak in buildreport struct xfrmuserreport is a u8 proto field followed by a struct xfrmselector which means there is three "empty" bytes of padding, but the padding is never zeroed before copying to userspace...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013227)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013227 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPICA: ACPICA: check null return of ACPIALLOCATEZEROED in acpidbdisplayobjects ACPICA commit...