Skip to content

TheWindowsUpdate.com

Opinions, tips, and news orbiting Microsoft

Search for:

Primary menu

Home
About TheWindowsUpdate.com

Month: April 2026

CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED

Posted on April 26, 2026 by Syndicated News — No Comments ↓

Information published. Continue reading CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED→

Posted in Republished Content | Leave a reply

CVE-2026-31618 fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO

Posted on April 26, 2026 by Syndicated News — No Comments ↓

Information published. Continue reading CVE-2026-31618 fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO→

Posted in Republished Content | Leave a reply

CVE-2026-31590 KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION

Posted on April 26, 2026 by Syndicated News — No Comments ↓

Information published. Continue reading CVE-2026-31590 KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION→

Posted in Republished Content | Leave a reply

CVE-2026-31667 Input: uinput – fix circular locking dependency with ff-core

Posted on April 26, 2026 by Syndicated News — No Comments ↓

Information published. Continue reading CVE-2026-31667 Input: uinput – fix circular locking dependency with ff-core→

Posted in Republished Content | Leave a reply

CVE-2026-31593 KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU

Posted on April 26, 2026 by Syndicated News — No Comments ↓

Information published. Continue reading CVE-2026-31593 KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU→

Posted in Republished Content | Leave a reply

CVE-2026-31620 ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0

Posted on April 26, 2026 by Syndicated News — No Comments ↓

Information published. Continue reading CVE-2026-31620 ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0→

Posted in Republished Content | Leave a reply

CVE-2026-31607 usbip: validate number_of_packets in usbip_pack_ret_submit()

Posted on April 26, 2026 by Syndicated News — No Comments ↓

Information published. Continue reading CVE-2026-31607 usbip: validate number_of_packets in usbip_pack_ret_submit()→

Posted in Republished Content | Leave a reply

CVE-2026-31607 usbip: validate number_of_packets in usbip_pack_ret_submit()

Posted on April 26, 2026 by Syndicated News — No Comments ↓

Information published. Continue reading CVE-2026-31607 usbip: validate number_of_packets in usbip_pack_ret_submit()→

Posted in Republished Content | Leave a reply

Post navigation

← Older posts

Newer posts →

Primary Sidebar Widget Area

Search for:

Recent Posts

Achieving success with AI
CVE-2026-50656 Microsoft Defender Elevation of Privilege Vulnerability
Introducing the next Surface Pro and Surface Laptop, built for performance and flexibility
Introducing the next Surface Pro and Surface Laptop, built for performance and flexibility
CVE-2026-54411 Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module’s plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the plaintext password of a target account by measuring response-timing differences. The comparison uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate’s length matches the stored password, leaking the password length and individual prefix bytes. The vulnerable path is reached when the administrator configures pam_userdb with crypt=none, with an unrecognized crypt method, or without a crypt= argument, causing the module to store and compare credentials in plaintext.

Archives

Copyright © 2026 TheWindowsUpdate.com. All Rights Reserved.

Theme: Catch Box by Catch Themes

Scroll Up