Lucene search
+L

228881 matches found

bdu_fstec
bdu_fstec
added yesterday18 views

The vulnerabilities in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel allow a hacker to cause a service failure.

The vulnerability in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel systems relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure...

7CVSS6.1AI score0.0013EPSS
Exploits0References5Affected Software2
redhat
redhat
added yesterday5 views

kernel: rtmutex: Use waiter::task instead of current in remove_waiter()

A flaw was found in the Linux kernel. When the kernel's real-time mutex rtmutex component performs a specific operation called 'proxy-lock rollback' during futex requeue, it incorrectly handles task pointers. This can lead to a 'Use-After-Free' UAF vulnerability, where the system attempts to use...

7.8CVSS6.8AI score0.00125EPSS
Exploits22References6
redhat
redhat
added yesterday6 views

kernel: rtmutex: Use waiter::task instead of current in remove_waiter()

A flaw was found in the Linux kernel. When the kernel's real-time mutex rtmutex component performs a specific operation called 'proxy-lock rollback' during futex requeue, it incorrectly handles task pointers. This can lead to a 'Use-After-Free' UAF vulnerability, where the system attempts to use...

7.8CVSS6.8AI score0.00125EPSS
Exploits22References6
redhat
redhat
added yesterday8 views

kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup

A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackhelper. When a connection tracking helper is unregistered, its associated expectations are not properly cleaned up. This oversight can lead to a use-after-free vulnerability, where the system attempts t...

7.8CVSS6.2AI score0.00131EPSS
Exploits0References5
redhat
redhat
added yesterday5 views

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

8.8CVSS6.3AI score0.003EPSS
Exploits0References5
redhat
redhat
added yesterday4 views

kernel: smb: client: fix OOB reads parsing symlink error response

A flaw was found in the Linux kernel's Server Message Block SMB client. A remote, untrusted server could send a specially crafted symlink error response, leading to an out-of-bounds read vulnerability. This could result in the disclosure of sensitive information from the kernel's memory to a loca...

8.1CVSS6.7AI score0.00378EPSS
Exploits0References5
nvd
nvd
added yesterday5 views

CVE-2026-53366

In the Linux kernel, the following vulnerability has been resolved: ipv4: account for fraggap on the paged allocation path In ipappenddata, when the paged-allocation branch is taken, alloclen and pagedlen are computed as alloclen = fragheaderlen + transhdrlen; pagedlen = datalen - transhdrlen;...

0.00191EPSS
Exploits0References5
euvd
euvd
added yesterday5 views

EUVD-2026-44868

In the Linux kernel, the following vulnerability has been resolved: ipv4: account for fraggap on the paged allocation path In ipappenddata, when the paged-allocation branch is taken, alloclen and pagedlen are computed as alloclen = fragheaderlen + transhdrlen; pagedlen = datalen - transhdrlen;...

6AI score0.00191EPSS
Exploits0References5
cve
cve
added yesterday11 views

CVE-2026-53366

The CVE-2026-53366 fix applies to the Linux kernel IPv4 stack, specifically the paged-allocation path in __ip_append_data(). The issue arises when fraggap from the previous skb is copied into the new skb’s linear area; alloclen and pagedlen were computed as alloclen = fragheaderlen + transhdrlen ...

6AI score0.00191EPSS
Exploits0References5
redhat
redhat
added yesterday7 views

kernel: rtmutex: Use waiter::task instead of current in remove_waiter()

A flaw was found in the Linux kernel. When the kernel's real-time mutex rtmutex component performs a specific operation called 'proxy-lock rollback' during futex requeue, it incorrectly handles task pointers. This can lead to a 'Use-After-Free' UAF vulnerability, where the system attempts to use...

7.8CVSS6.8AI score0.00125EPSS
Exploits22References6
osv
osv
added yesterday4 views

UBUNTU-CVE-2026-53366

In the Linux kernel, the following vulnerability has been resolved: i...

6AI score0.00191EPSS
Exploits0References3
redhat
redhat
added 2 days ago6 views

kernel: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock

A flaw was found in the Linux kernel's futex Fast Userspace Mutex requeue mechanism. When a non-top waiter attempts to requeue a Priority Inheritance PI futex it already owns, a NULL pointer dereference can occur. This issue, specifically within the removewaiter function during a self-deadlock...

6AI score0.00126EPSS
Exploits0References6
redhat
redhat
added 2 days ago6 views

kernel: rtmutex: Use waiter::task instead of current in remove_waiter()

A flaw was found in the Linux kernel. When the kernel's real-time mutex rtmutex component performs a specific operation called 'proxy-lock rollback' during futex requeue, it incorrectly handles task pointers. This can lead to a 'Use-After-Free' UAF vulnerability, where the system attempts to use...

7.8CVSS6.7AI score0.00125EPSS
Exploits22References6
redhat
redhat
added 2 days ago5 views

kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup

A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackhelper. When a connection tracking helper is unregistered, its associated expectations are not properly cleaned up. This oversight can lead to a use-after-free vulnerability, where the system attempts t...

7.8CVSS6AI score0.00131EPSS
Exploits0References5
redhat
redhat
added 2 days ago6 views

kernel: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock

A flaw was found in the Linux kernel's futex Fast Userspace Mutex requeue mechanism. When a non-top waiter attempts to requeue a Priority Inheritance PI futex it already owns, a NULL pointer dereference can occur. This issue, specifically within the removewaiter function during a self-deadlock...

6AI score0.00126EPSS
Exploits0References6
redhat
redhat
added 2 days ago5 views

kernel: nvmet-tcp: fix race between ICReq handling and queue teardown

A flaw was found in the Linux kernel's NVMe over TCP nvmet-tcp implementation. A race condition exists between the handling of an Initialization Connection Request ICReq and the teardown of a queue. A remote attacker, by sending an ICReq and immediately closing the connection, could trigger a...

9.8CVSS6.1AI score0.00353EPSS
Exploits0References5
redhat
redhat
added 2 days ago5 views

kernel: net: sched: act_csum: validate nested VLAN headers

A flaw was found in the Linux kernel's network scheduler component. A remote attacker could send specially crafted network packets containing nested Virtual Local Area Network VLAN headers. This could cause the kernel to read beyond allocated memory, leading to a system crash and a denial of...

5.5CVSS6.1AI score0.00117EPSS
Exploits0References5
redhat
redhat
added 2 days ago6 views

kernel: rtmutex: Use waiter::task instead of current in remove_waiter()

A flaw was found in the Linux kernel. When the kernel's real-time mutex rtmutex component performs a specific operation called 'proxy-lock rollback' during futex requeue, it incorrectly handles task pointers. This can lead to a 'Use-After-Free' UAF vulnerability, where the system attempts to use...

7.8CVSS6.7AI score0.00125EPSS
Exploits22References6
redhat
redhat
added 2 days ago5 views

kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup

A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackhelper. When a connection tracking helper is unregistered, its associated expectations are not properly cleaned up. This oversight can lead to a use-after-free vulnerability, where the system attempts t...

7.8CVSS6AI score0.00131EPSS
Exploits0References5
redhat
redhat
added 2 days ago5 views

kernel: smb: client: fix OOB reads parsing symlink error response

A flaw was found in the Linux kernel's Server Message Block SMB client. A remote, untrusted server could send a specially crafted symlink error response, leading to an out-of-bounds read vulnerability. This could result in the disclosure of sensitive information from the kernel's memory to a loca...

8.1CVSS6.6AI score0.00378EPSS
Exploits0References5
Rows per page
Query Builder