memory safety

Chromium’s newly disclosed CVE-2026-5886 is a reminder that even a browser component as familiar as WebAudio can become a memory-safety risk with real-world impact. According to the record you provided, the flaw is an out-of-bounds read in Google Chrome on Mac prior to 147.0.7727.55, and a...

Linux administrators have a fresh reason to inspect their kernel patching cadence: CVE-2026-31407 highlights a pair of netfilter conntrack validation gaps that can lead to out-of-bounds memory access in SCTP and ctnetlink handling. The vulnerability was published to the CVE List on April 6...

Chromium’s latest March security wave has exposed another memory-safety flaw in one of the browser’s most performance-sensitive subsystems. CVE-2026-5292 is an out-of-bounds read in WebCodecs affecting Google Chrome prior to 146.0.7680.178, and Google says a remote attacker could trigger the bug...

CVE-2026-23327 is one of those kernel security bugs that looks small at first glance and then turns out to be a revealing case study in how modern driver code fails. The issue sits in the Linux CXL mailbox path, where the cxl_payload_from_user_allowed() helper can reach into message contents...

A newly assigned Linux kernel CVE, CVE-2026-23315, highlights a familiar but still important class of Wi-Fi driver bugs: a bounds-check failure in the mt76 subsystem that could lead to out-of-bounds access in mt76_connac2_mac_write_txwi_80211(). The issue was disclosed through the kernel.org...

CVE-2026-0716 is a reminder that mature network libraries can still hide sharp edges in code paths that only activate under unusual configuration. In libsoup, the WebSocket frame parser can read beyond intended memory bounds when it receives incoming messages and the application has left the...

A newly disclosed Chromium security flaw, tracked as CVE-2026-4441, puts Google Chrome users on notice again, this time for a use-after-free in Base that can lead to heap corruption through a crafted HTML page. The vulnerability affects Chrome versions prior to 146.0.7680.153, and Google rates...

The curl project has published an advisory for CVE-2026-3805, a use-after-free bug in SMB connection reuse that affects libcurl and the curl command-line tool in releases 8.13.0 through 8.18.0 and was fixed in curl/libcurl 8.19.0; the flaw occurs when a second SMB request reuses a pooled...

The Linux kernel entry for CVE-2026-23236 closes a small but important memory‑handling bug in the legacy fbdev driver for the SMSC UFX USB framebuffer (smscufx): the UFX_IOCTL_REPORT_DAMAGE ioctl did not copy user-provided data into kernel memory safely and instead directly referenced user...

A subtle integer overflow in a core bytes buffer implementation has quietly rippled through Rust’s async ecosystem: the Bytes crate’s BytesMut::reserve path can corrupt its internal capacity (cap) when an unchecked addition wraps, allowing subsequent operations to create out‑of‑bounds slices and...

A subtle parsing bug in Vim’s Emacs-style tags handling has been assigned CVE-2026-28419: a heap-based buffer underflow that occurs when a malformed tags file places a delimiter at the very start of a line. The flaw is a one-byte, heap-based underflow in the emacs_tags_parse_line() logic in...

A newly assigned vulnerability, tracked as CVE-2026-28421, discloses a pair of memory-safety issues in the ubiquitous Vim editor: a heap-buffer-overflow and a segmentation fault (SEGV) in Vim’s swap-file recovery logic. The upstream Vim project issued a fix in patch 9.2.0077 (released 27...

The Linux kernel received a small but important fix for a scatterlist allocation error in the OMAP crypto driver that was tracked as CVE-2026-23222; the bug caused kmalloc_array() to allocate an array of pointers rather than an array of scatterlist objects, producing an allocation that was four...

A subtle memory-management mistake in the Linux kernel’s Quick Fair Queueing (QFQ) packet scheduler has been cataloged as CVE-2026-22999 and fixed upstream: an error path in qfq_change_class() can free the existing class and its qdisc when it should not, producing a use‑after‑free (UAF) that...

A recently recorded Linux-kernel security entry, CVE-2026-22991, fixes a subtle but practical memory-safety bug in the kernel’s Ceph client library (libceph) by hardening the cleanup routine free_choose_arg_map() so it no longer dereferences NULL when its caller fails after a partial allocation...

A recently disclosed flaw in the libpng library — tracked as CVE-2026-22801 — creates an integer truncation in libpng's simplified write APIs that can lead to a heap buffer over‑read and consequent denial‑of‑service or information disclosure when applications call png_write_image_16bit() or...

An overlooked parsing bug in Das U-Boot’s NFS reply handling — tracked as CVE-2019-14195 — allows an attacker who can control the NFS responses seen by a device to trigger an unbounded memcpy and corrupt U-Boot’s stack or heap, creating a realistic pathway to code execution during early boot...

Das U‑Boot contained a network‑exposed memory‑safety flaw — CVE‑2019‑14197 — that allowed an attacker controlling or impersonating an NFS server to trigger an out‑of‑bounds read inside the NFS reply parser (nfs_read_reply), with real potential to leak sensitive memory and, in certain...

A stack‑overflow bug in the widely used asynchronous DNS library c‑ares — tracked as CVE‑2022‑4904 — allows unbounded input to overflow a local stack buffer during sortlist parsing, creating a denial‑of‑service condition and a limited confidentiality/integrity exposure; the defect was fixed...

The Linux kernel received a targeted, upstream fix in July 2024 for a memory-safety bug in the BPF arena subsystem — tracked as CVE-2024-42075 — that could produce a use-after-free when memory regions backed by the BPF arena are remapped. The patch adds a reference counter to account for...