Skip to main content
CVE-2026-31778 HIGH PATCH This Week

Stack buffer out-of-bounds read in Linux kernel ALSA snd_usb_caiaq driver allows local authenticated users to disclose kernel stack memory and potentially trigger denial of service. The vulnerability affects systems with USB audio devices using the caiaq driver when product names contain many non-ASCII characters. Present since kernel v2.6.31-rc1 (June 2009), this 16-year-old off-by-one error lacks null terminator validation during whitespace stripping. EPSS score of 0.02% (7th percentile) indicates low observed exploitation probability. Vendor patches available across multiple stable kernel branches (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0).

Red Hat Suse Information Disclosure Buffer Overflow Linux
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-31707 HIGH PATCH This Week

Integer overflow in Linux kernel's ksmbd (SMB server) allows local authenticated attackers to bypass size validation and trigger memory corruption via crafted daemon responses. The vulnerability affects three IPC message handlers that fail to detect arithmetic overflow when computing expected message sizes from attacker-controlled fields (payload_sz, ngroups), enabling out-of-bounds memcpy operations. Vendor patches available for affected 5.15+ kernels. EPSS score 0.02% (5th percentile) indicates low observed exploitation probability. No CISA KEV listing or public exploit identified at time of analysis.

Red Hat Suse Memory Corruption Buffer Overflow Linux
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-31699 HIGH PATCH This Week

Buffer overflow in Linux kernel's AMD CCP (Cryptographic Coprocessor) driver leaks kernel memory to userspace when retrieving PEK CSR (Platform Endorsement Key Certificate Signing Request). Affecting Linux kernel 4.16+ through 7.0.x, the vulnerability allows local authenticated users to read arbitrary kernel memory due to improper error handling when firmware returns invalid buffer length requirements. Patches available across stable branches (6.6.136, 6.12.84, 6.18.25, 7.0.2, 7.1-rc1). EPSS score of 0.02% indicates minimal observed exploitation probability, though the CVSS 7.1 reflects significant confidentiality impact. No CISA KEV listing or public exploit identified at time of analysis.

Memory Corruption Buffer Overflow Google Linux
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-31698 HIGH PATCH This Week

Information disclosure in Linux kernel's AMD Cryptographic Coprocessor (CCP) driver allows local authenticated attackers to leak kernel memory to userspace via out-of-bounds read. When retrieving PDH certificates through SEV ioctl, the driver incorrectly copies data to userspace even after firmware command failures, potentially reading 2084+ bytes beyond allocated buffer boundaries. EPSS score of 0.02% (5th percentile) indicates minimal observed exploitation probability. Vendor patches available across multiple stable kernel branches (6.6.136, 6.12.84, 6.18.25, 7.0.2, 7.1-rc1) per upstream commits.

Memory Corruption Buffer Overflow Google Linux
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-31697 HIGH PATCH This Week

Buffer overflow in Linux kernel CCP SEV driver allows local authenticated users to leak kernel memory to userspace. When the PSP firmware command to retrieve SEV CPU ID fails due to insufficient buffer size, the driver attempts to copy data beyond the allocated kernel buffer boundary, exposing up to 64 bytes of kernel memory. Exploitation requires local access with low privileges (CVSS PR:L) to invoke the SEV ioctl interface. EPSS score is very low (0.02%, 5th percentile) indicating minimal real-world exploitation observed. No public exploit identified at time of analysis, though the KASAN stack trace in the CVE description provides a clear exploitation path. Patches available across multiple stable kernel branches (6.6.136, 6.12.84, 6.18.25, 7.0.2, 7.1-rc1).

Memory Corruption Buffer Overflow Google Linux
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-43052 HIGH PATCH This Week

Logic error in Linux kernel mac80211 TDLS handling allows local authenticated users to modify wireless channel context and HT protection settings by invoking NL80211_TDLS_ENABLE_LINK on non-TDLS stations. Missing validation causes the kernel to apply TDLS-specific operations to regular Wi-Fi stations, potentially disrupting wireless connectivity and creating integrity/availability impacts. Vendor patches available for kernel 6.12.81, 6.18.22, 6.19.12, and 7.0. EPSS score of 0.02% (5th percentile) indicates very low probability of exploitation despite CVSS 7.1 rating. No evidence of active exploitation or public POC identified at time of analysis.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-43042 HIGH PATCH This Week

Race condition in Linux kernel MPLS subsystem allows local authenticated users to trigger out-of-bounds memory access via concurrent label table resizing. The vulnerability affects RCU-protected codepaths (mpls_forward, mpls_dump_routes) that can obtain inconsistent snapshots of platform_labels array metadata during resize operations, potentially leading to information disclosure or denial of service. Vendor patch available addressing the issue through seqcount-based synchronization. EPSS score of 0.02% (5th percentile) indicates very low observed exploitation probability, and no active exploitation or public POC identified.

Information Disclosure Linux Buffer Overflow Red Hat Suse
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-31774 HIGH PATCH This Week

Integer overflow in Linux kernel io_uring subsystem allows local authenticated users to trigger slab-out-of-bounds memory reads and denial of service. The vulnerability stems from improper type casting of user-supplied length values in network bundled receive/send operations, where values exceeding INT_MAX cause negative overflow leading to infinite loops and out-of-bounds array access. EPSS score of 0.02% (5th percentile) indicates low probability of widespread exploitation. Vendor patches available for affected stable kernel branches (6.12.81, 6.18.22, 6.19.12, 7.0), making this a straightforward patching priority for systems running vulnerable versions with io_uring enabled.

Red Hat Suse Denial Of Service Buffer Overflow Linux +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-43006 HIGH PATCH This Week

Out-of-bounds memory read in Linux kernel io_uring subsystem allows local authenticated users to leak kernel memory or trigger denial of service. The vulnerability exists in io_uring's fixed buffer import logic when registering zero-length buffer regions, causing the bvec skip logic to read beyond allocated slab memory. Patches available across stable kernel branches (6.18.22, 6.19.12, 7.0). EPSS score of 0.02% (4th percentile) indicates low likelihood of widespread exploitation. No active exploitation confirmed (not in CISA KEV), no public POC identified at time of analysis.

Buffer Overflow Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-43005 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: hwmon: (tps53679) Fix array access with zero-length block read i2c_smbus_read_block_data() can return 0, indicating a zero-length read. When this happens, tps53679_identify_chip() accesses buf[ret - 1] which is buf[-1], reading one byte before the buffer on the stack. Fix by changing the check from "ret < 0" to "ret <= 0", treating a zero-length read as an error (-EIO), which prevents the out-of-bounds array access. Also fix a typo in the adjacent comment: "if present" instead of duplicate "if".

Information Disclosure Buffer Overflow Linux Red Hat Suse
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-31766 HIGH PATCH This Week

Integer overflow in AMD GPU driver's user queue doorbell handling allows local authenticated users to corrupt kernel memory and potentially escalate privileges. The amdgpu driver fails to validate user-supplied doorbell_offset values before calculating buffer offsets, enabling out-of-bounds writes to kernel doorbell space. Patches available in Linux 6.18.22, 6.19.12, and 7.0. EPSS score of 0.02% (4th percentile) indicates low probability of mass exploitation, though CVSS 7.1 reflects serious local privilege escalation potential. No active exploitation confirmed; attack requires local authenticated access to systems with AMD GPU hardware.

Red Hat Suse Buffer Overflow Linux
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-37535 HIGH This Week

Out-of-bounds memory read in openxc/isotp-c ISO-TP Single Frame handler allows adjacent network attackers to trigger denial of service or extract sensitive information via malicious CAN frames. The vulnerability exists in all versions through commit 5a5d19245f65 (August 2021) and stems from unchecked use of a 4-bit payload length field directly as memcpy buffer size. EPSS data unavailable; no CISA KEV listing indicates no confirmed widespread exploitation, though publicly available technical analysis exists (GitHub Gist reference).

Denial Of Service Buffer Overflow Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-42477 HIGH This Week

Heap-based out-of-bounds read in Open CASCADE Technology V8_0_0_rc5 OBJ file parser allows local attackers to cause denial of service or leak sensitive memory contents when victims open malicious OBJ files. The vulnerability stems from missing buffer length validation in RWObj_Reader::read() after Standard_ReadLineBuffer::ReadLine() returns minimal 1-byte buffers, leading to unsafe memory access at aLine + 2. EPSS data not available; no confirmed active exploitation or public proof-of-concept identified at time of analysis. Requires user interaction, limiting automated exploitation potential.

Denial Of Service Information Disclosure Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-37532 HIGH This Week

Heap buffer over-read in AGL agl-service-can-low-level through version 17.1.12 allows adjacent network attackers to disclose memory contents and cause denial of service without authentication. The vulnerability stems from improper bounds checking in the isotp-c library's Single Frame handling, where a 4-bit payload length field (0-15) is trusted without validating against the 7-byte CAN frame payload capacity, enabling reads up to 8 bytes beyond the buffer. CVSS 7.1 (High) reflects adjacent network attack vector with low confidentiality and high availability impact. No public exploit code or active exploitation confirmed at time of analysis, though the specific line numbers and technical details in the description lower exploitation barriers.

Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-42476 HIGH This Week

Heap-based out-of-bounds reads in Open CASCADE Technology (OCCT) V8_0_0_rc5 STL ASCII parser allow local attackers to trigger denial of service or disclose process memory by convincing users to open maliciously crafted STL files with extremely short lines. The vulnerability stems from improper length validation of buffers returned by Standard_ReadLineBuffer::ReadLine() before strncasecmp operations or direct byte access in RWStl_Reader::ReadAscii. CVSS score of 7.1 reflects high confidentiality and availability impact requiring user interaction. No public exploit code, active exploitation (CISA KEV), or vendor patch information identified at time of analysis, though technical details are publicly available via GitHub Gist.

Denial Of Service Information Disclosure Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-43050 HIGH PATCH This Week

Race condition in Linux kernel ATM LEC driver allows local attackers with low privileges to trigger use-after-free memory corruption in sock_def_readable(), potentially achieving arbitrary code execution, privilege escalation, or denial of service. The flaw affects systems using ATM (Asynchronous Transfer Mode) LAN Emulation Client functionality, present since Linux kernel version 2.4 (commit 1da177e4c3f4). EPSS score of 0.02% (7th percentile) suggests low probability of mass exploitation. Vendor patches available across all maintained stable branches (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). Not listed in CISA KEV; no public exploit code identified at time of analysis.

Authentication Bypass Use After Free Memory Corruption Linux Red Hat +1
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy