Lucene search
K

226319 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/24 7:14 a.m.7 views

CVE-2026-52920

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtpolicy: fix strict mode inbound policy matching matchpolicyin walks secpath entries from the last transform to the first one, but strict policy matching needs to consume info-pol in the same forward order as the rule...

5.7AI score0.00299EPSS
Exploits0References9Affected Software1
EUVD
EUVD
added 2026/06/24 7:14 a.m.9 views

EUVD-2026-38721

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: serialize acceptq access btsockpoll walks the accept queue without synchronization, while child teardown can unlink the same socket and drop its last reference. The unsynchronized accept queue walk has existed since th...

5.7AI score0.00266EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 7:14 a.m.27 views

CVE-2026-52918 Bluetooth: serialize accept_q access

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: serialize acceptq access btsockpoll walks the accept queue without synchronization, while child teardown can unlink the same socket and drop its last reference. The unsynchronized accept queue walk has existed since th...

8.8CVSS0.00266EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 7:14 a.m.7 views

CVE-2026-52918

The CVE-2026-52918 entry concerns a race in the Linux kernel Bluetooth subsystem. Specifically, bt_sock_poll() traverses the accept_q without proper synchronization, allowing a race between normal polling and child socket teardown which can drop the last reference on the same socket. The advisory...

8.8CVSS5.7AI score0.00266EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/24 7:14 a.m.9 views

EUVD-2026-38719

In the Linux kernel, the following vulnerability has been resolved: batman-adv: frag: disallow unicast fragment in fragment batadvfragskbbuffer is called by batadvbatmanskbrecv when a BATADVUNICASTFRAG packet is received. Once all fragments are collected and the packet is reassembled,...

5.7AI score0.00177EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/24 7:14 a.m.7 views

EUVD-2026-38718

In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6thbh: reject oversized option lists struct ip6topts stores at most IP6TOPTSOPTSNR option descriptors, but hbhmt6check does not reject larger optsnr values supplied from userspace. Validate optsnr in the rule setup...

5.7AI score0.00126EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 7:14 a.m.28 views

CVE-2026-52915 netfilter: ip6t_hbh: reject oversized option lists

In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6thbh: reject oversized option lists struct ip6topts stores at most IP6TOPTSOPTSNR option descriptors, but hbhmt6check does not reject larger optsnr values supplied from userspace. Validate optsnr in the rule setup...

7.1CVSS0.00126EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/24 7:14 a.m.8 views

EUVD-2026-38717

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix fragment reassembly length accounting batman-adv keeps a running payload length for queued fragments and uses it to validate a fragment chain before reassembly. That accounting currently allows the accumulated...

5.7AI score0.00519EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 7:14 a.m.8 views

CVE-2026-52914

In the Linux kernel, the batman-adv component is affected by CVE-2026-52914. The root cause is an accounting bug where the accumulated fragment length used for validating queued fragment chains can be truncated during updates. This allows malformed fragment chains to bypass validation and drive r...

9.8CVSS5.7AI score0.00519EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/24 7:14 a.m.9 views

EUVD-2026-38716

In the Linux kernel, the following vulnerability has been resolved: batman-adv: v: stop OGMv2 on disabled interface When a batadvhardiface is disabled, its meshiface pointer is set to NULL. However, batadvvogmsendmeshif may still dispatch OGMs via batadvvogmqueueonif for interfaces that have sinc...

5.8AI score0.00176EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/24 4:43 a.m.6 views

kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

A flaw was found in the Linux kernel's IPv6 tunnel implementation. A remote attacker could exploit this flaw by sending malicious ICMPv6 error messages to cause a stack-based buffer overflow in the kernel's IPv4-over-IPv6 tunnel error handling code. This could result in a kernel crash denial of...

9.8CVSS7AI score0.00563EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/24 4:42 a.m.4 views

kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

A flaw was found in the Linux kernel's IPv6 tunnel implementation. A remote attacker could exploit this flaw by sending malicious ICMPv6 error messages to cause a stack-based buffer overflow in the kernel's IPv4-over-IPv6 tunnel error handling code. This could result in a kernel crash denial of...

9.8CVSS6.8AI score0.00563EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/24 4:34 a.m.4 views

kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

A flaw was found in the Linux kernel's IPv6 tunnel implementation. A remote attacker could exploit this flaw by sending malicious ICMPv6 error messages to cause a stack-based buffer overflow in the kernel's IPv4-over-IPv6 tunnel error handling code. This could result in a kernel crash denial of...

9.8CVSS6.8AI score0.00563EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/24 4:29 a.m.4 views

kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

A flaw was found in the Linux kernel's IPv6 tunnel implementation. A remote attacker could exploit this flaw by sending malicious ICMPv6 error messages to cause a stack-based buffer overflow in the kernel's IPv4-over-IPv6 tunnel error handling code. This could result in a kernel crash denial of...

9.8CVSS6.9AI score0.00563EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/24 4:29 a.m.5 views

kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

A flaw was found in the Linux kernel's IPv6 tunnel implementation. A remote attacker could exploit this flaw by sending malicious ICMPv6 error messages to cause a stack-based buffer overflow in the kernel's IPv4-over-IPv6 tunnel error handling code. This could result in a kernel crash denial of...

9.8CVSS6.9AI score0.00563EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/24 4:20 a.m.4 views

kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

A flaw was found in the Linux kernel's IPv6 tunnel implementation. A remote attacker could exploit this flaw by sending malicious ICMPv6 error messages to cause a stack-based buffer overflow in the kernel's IPv4-over-IPv6 tunnel error handling code. This could result in a kernel crash denial of...

9.8CVSS6.8AI score0.00563EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/24 4:13 a.m.4 views

kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

A flaw was found in the Linux kernel's IPv6 tunnel implementation. A remote attacker could exploit this flaw by sending malicious ICMPv6 error messages to cause a stack-based buffer overflow in the kernel's IPv4-over-IPv6 tunnel error handling code. This could result in a kernel crash denial of...

9.8CVSS6.8AI score0.00563EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51991

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the mt76 wireless driver for the mt7996 PCI chip. A race condition occurs when the chip is detaching; the mt7996 coredump unregister function releases...

5.8AI score0.00168EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51707

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the batman-adv module where the running payload length for queued fragments can be truncated during updates. This allows malformed fragment chains to bypass validation...

9.8CVSS5.7AI score0.00519EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51995

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential deadlock exists in the mt7921 roc abort sync function within the mt76 wireless driver. The issue occurs when roc abort sync calls cancel work sync, which waits for roc work t...

5.8AI score0.00166EPSS
Exploits0References5
Rows per page
Query Builder