Lucene search
K

226423 matches found

OSV
OSV
added 2026/06/24 8:16 a.m.2 views

UBUNTU-CVE-2026-52937

In the Linux kernel, the following vulnerability has been resolved: tap: fix stack info leak in tapioctl SIOCGIFHWADDR In the SIOCGIFHWADDR path, tapioctl copies 16 bytes of an uninitialised on-stack struct sockaddrstorage to userspace via ifrhwaddr, but netifgetmacaddress only writes safamily an...

5.6AI score0.00154EPSS
Exploits0References6
OSV
OSV
added 2026/06/24 8:16 a.m.2 views

UBUNTU-CVE-2026-52920

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtpolicy: fix strict mode inbound policy matching matchpolicyin walks secpath entries from the last transform to the first one, but strict policy matching needs to consume info-pol in the same forward order as the rule...

8.3CVSS5.6AI score0.00299EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:14 a.m.6 views

CVE-2026-52942

In the Linux kernel, the following vulnerability has been resolved: netfilter: nflog: validate MAC header was set before dumping it The fallback path of dumpmacheader guards the MAC header access only with "skb-macheader != skb-networkheader", without checking skbmacheaderwasset. When the MAC...

7.1CVSS5.6AI score0.00123EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:14 a.m.5 views

CVE-2026-52941

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid NULL deref of conn-lnk in smcmsgevent tracepoint The smcmsgevent tracepoint class, shared by smctxsendmsg and smcrxrecvmsg, unconditionally dereferences smc-conn.lnk: stringname, smc-conn.lnk-ibname conn-lnk is onl...

5.7AI score0.00164EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/06/24 7:14 a.m.14 views

EUVD-2026-38710

In the Linux kernel, the following vulnerability has been resolved: tun: zero the whole vnet header in tunputuser tunputuser declares an on-stack struct virtionethdrv1hashtunnel without zeroing it. For a non-tunnel skb, virtionethdrtnlfromskb only initializes the first 10 bytes sizeofstruct...

5.8AI score0.00154EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 7:14 a.m.8 views

EUVD-2026-38709

In the Linux kernel, the following vulnerability has been resolved: net/rds: fix NULL deref in rdsibsendcqehandler on masked atomic completion rdsibxmitatomic always programs a masked atomic opcode IBWRMASKEDATOMICCMPANDSWP or IBWRMASKEDATOMICFETCHANDADD for every RDS atomic cmsg. But the...

5.8AI score0.00164EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/24 7:14 a.m.9 views

EUVD-2026-38708

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix NULL pointer dereference in bpfskstorageclone and diag paths bpfselemunlinknofail sets SDATAselem-smap to NULL before removing the selem from the storage hlist. A concurrent RCU reader in bpfskstorageclone can observe th...

5.8AI score0.00145EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:14 a.m.7 views

CVE-2026-52938

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix NULL pointer dereference in bpfskstorageclone and diag paths bpfselemunlinknofail sets SDATAselem-smap to NULL before removing the selem from the storage hlist. A concurrent RCU reader in bpfskstorageclone can observe th...

5.7AI score0.00145EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/24 7:14 a.m.7 views

CVE-2026-52937

CVE-2026-52937 details a stack information leak in the Linux kernel related to the macvtap mac address path. In tap_ioctl() for SIOCGIFHWADDR, the code copies 16 bytes from an uninitialized on-stack sockaddr_storage to userspace via ifr_hwaddr. The implementation only writes sa_family and dev-&gt...

5.8AI score0.00154EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:14 a.m.6 views

CVE-2026-52937

In the Linux kernel, the following vulnerability has been resolved: tap: fix stack info leak in tapioctl SIOCGIFHWADDR In the SIOCGIFHWADDR path, tapioctl copies 16 bytes of an uninitialised on-stack struct sockaddrstorage to userspace via ifrhwaddr, but netifgetmacaddress only writes safamily an...

5.7AI score0.00154EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/24 7:14 a.m.10 views

EUVD-2026-38706

In the Linux kernel, the following vulnerability has been resolved: crypto: jitterentropy - replace long-held spinlock with mutex jentkcapirandom serializes the shared jitterentropy state, but it currently holds a spinlock across the jentreadentropy call. That path performs expensive jitter...

5.8AI score0.00156EPSS
Exploits0References5
CVE
CVE
added 2026/06/24 7:14 a.m.9 views

CVE-2026-52936

The CVE-2026-52936 entry describes a Linux kernel fix in crypto/jitterentropy where the jent_kcapi_random() path previously held a spinlock across jent_read_entropy(), causing potential stalls during entropy generation. The vulnerability arises because this spinlock protected an expensive operati...

5.8AI score0.00156EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/24 7:14 a.m.9 views

EUVD-2026-38705

In the Linux kernel, the following vulnerability has been resolved: xfrm: espintcp: do not reuse an in-progress partial send espintcp keeps a single in-flight transmit in ctx-partial. Before building a new skmsg, espintcpsendmsg first tries to flush that state through espintcppushmsgs. For blocki...

5.9AI score0.0012EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 7:14 a.m.8 views

CVE-2026-52935

In the Linux kernel, CVE-2026-52935 affects the espintcp path under xfrm, where a retransmit/reuse of an in-flight partial send could lead to an out-of-bounds read in the send path. The root cause is reinitializing an sk_msg and reusing ctx->partial while a previous transfer still owns that st...

7.8CVSS5.9AI score0.0012EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:14 a.m.6 views

CVE-2026-52935

In the Linux kernel, the following vulnerability has been resolved: xfrm: espintcp: do not reuse an in-progress partial send espintcp keeps a single in-flight transmit in ctx-partial. Before building a new skmsg, espintcpsendmsg first tries to flush that state through espintcppushmsgs. For blocki...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:14 a.m.6 views

CVE-2026-52934

In the Linux kernel, the following vulnerability has been resolved: batman-adv: tvlv: reject oversized TVLV packets batadvtvlvcontainerogmappend builds a TVLV packet section from the tvlv.containerlist. The total size of this section is computed by batadvtvlvcontainerlistsize, which sums the size...

8.8CVSS5.7AI score0.00247EPSS
Exploits0References9Affected Software1
EUVD
EUVD
added 2026/06/24 7:14 a.m.10 views

EUVD-2026-38704

In the Linux kernel, the following vulnerability has been resolved: batman-adv: tvlv: reject oversized TVLV packets batadvtvlvcontainerogmappend builds a TVLV packet section from the tvlv.containerlist. The total size of this section is computed by batadvtvlvcontainerlistsize, which sums the size...

5.7AI score0.00247EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 7:14 a.m.27 views

CVE-2026-52935 xfrm: espintcp: do not reuse an in-progress partial send

In the Linux kernel, the following vulnerability has been resolved: xfrm: espintcp: do not reuse an in-progress partial send espintcp keeps a single in-flight transmit in ctx-partial. Before building a new skmsg, espintcpsendmsg first tries to flush that state through espintcppushmsgs. For blocki...

7.8CVSS0.0012EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:14 a.m.6 views

CVE-2026-52933

In the Linux kernel, the following vulnerability has been resolved: iouring/poll: fix signed comparison in iopollgetownership iopollgetownership uses a signed comparison to check whether pollrefs has reached the threshold for the slowpath: if unlikelyatomicread&req-;pollrefs = IOPOLLREFBIAS...

7.8CVSS5.7AI score0.0012EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/06/24 7:14 a.m.13 views

CVE-2026-52933

CVE-2026-52933 affects the Linux kernel’s io_uring/poll component. The root cause is a signed comparison in io_poll_get_ownership() where atomic_read(&req->poll_refs) is compared to IO_POLL_REF_BIAS; when IO_POLL_CANCEL_FLAG (BIT(31)) is set, the value becomes negative, causing the slowpath to...

7.8CVSS5.7AI score0.0012EPSS
Exploits0References6
Rows per page
Query Builder