// #memory-corruption
3 articles
Linux Kernel CVE-2026-43503: Networking skbuff Frag-Transfer Bug Causes Memory Corruption — CVSS 8.8
Linux kernel stable branch patches published 23 May address CVE-2026-43503, a CVSS 8.8 memory corruption vulnerability in two networking helper functions that incorrectly handle the SKBFL_SHARED_FRAG flag during fragment transfers. The bug affects the skb_shift and __pskb_copy_fclone functions across multiple kernel versions and can be triggered by crafted network traffic on affected configurations.
Apple Releases Safari and WebKit Security Update Patching Memory Corruption and CSP Bypass Vulnerabilities
Apple released a security update for Safari and WebKit on 13 May addressing more than ten vulnerabilities including memory corruption flaws enabling potential arbitrary code execution and a Content Security Policy bypass allowing cross-origin data access. The update applies to macOS Ventura, Sonoma, Sequoia, iOS, and iPadOS. Users should update immediately given WebKit's role as the rendering engine for all iOS browsers.
Qualcomm Android Flaw CVE-2026-21385 Exploited in Targeted Attacks — Patch in March Android Security Update
A memory corruption vulnerability in Qualcomm mobile chipset firmware has been confirmed as exploited in limited, targeted attacks. The flaw is addressed in the March 2026 Android Security Bulletin, which patches 129 vulnerabilities across the Android ecosystem. CISA added CVE-2026-21385 to the Known Exploited Vulnerabilities catalogue on 3 March with a 24 March federal deadline.