Lucene search
K

226484 matches found

OSV
OSV
added 2026/06/25 9:16 a.m.2 views

UBUNTU-CVE-2026-53140

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix vaddr leak when indirect CSD has zeroed workgroups v3drewritecsdjobwgcountsfromindirect maps both the indirect buffer and the workgroup buffer and is expected to release them before returning. When any of the workgro...

6.8CVSS5.9AI score0.00168EPSS
Exploits0References7
OSV
OSV
added 2026/06/25 9:16 a.m.2 views

UBUNTU-CVE-2026-53236

In the Linux kernel, the following vulnerability has been resolved: tcp: restrict SOATTACHFILTER to priv users This patch restricts the use of SOATTACHFILTER cBPF on TCP sockets to users with CAPNETADMIN capability. This blocks potential side-channel attack where an unprivileged application...

2CVSS5.7AI score0.0018EPSS
Exploits0References9
OSV
OSV
added 2026/06/25 9:16 a.m.2 views

UBUNTU-CVE-2026-53170

In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: reject DMA commands with uninitialized length cmdstateinit initializes the command state with memset0xff, leaving dma-len at U64MAX to signal missing setup. The only setter is NPUSETDMA0LEN; if userspace omits this...

8.8CVSS5.8AI score0.00137EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 9:16 a.m.2 views

UBUNTU-CVE-2026-53244

In the Linux kernel, the following vulnerability has been resolved: VFS: fix possible failure to unlock in nfsd4createfile atomiccreate in fs/namei.c drops the reference to the dentry when it returns an error. This behaviour was imported into dentrycreate so that it will drop the reference if an...

7.5CVSS5.7AI score0.00359EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 9:16 a.m.2 views

UBUNTU-CVE-2026-53179

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix buffer over-read in rtwupdateprotection rtwupdateprotection is called with a pointer offset into the ies buffer but the full ielength is passed, causing a potential buffer over-read...

5.3CVSS5.9AI score0.00173EPSS
Exploits0References6
OSV
OSV
added 2026/06/25 9:16 a.m.2 views

UBUNTU-CVE-2026-53233

In the Linux kernel, the following vulnerability has been resolved: netdev: fix double-free in netdevnlbindrxdoit Sashiko flags that genlmsgreply always consumes the skb. The error path calls nlmsgfreersp so we can't jump directly to it. Let's not unbind, just propagate the error to the user. Thi...

5.7AI score0.00175EPSS
Exploits0References7
OSV
OSV
added 2026/06/25 9:16 a.m.2 views

UBUNTU-CVE-2026-53161

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix use-after-free of fastrpcuser in workqueue context There is a race between fastrpcdevicerelease and the workqueue that processes DSP responses. When the user closes the file descriptor, fastrpcdevicerelease fre...

7.8CVSS5.7AI score0.00135EPSS
Exploits0References11
OSV
OSV
added 2026/06/25 9:16 a.m.2 views

UBUNTU-CVE-2026-53251

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not releasing hdev reference on isoconnbigsync hcigetroute returns a reference-counted hcidev pointer via hcidevhold. The function exits normally or with an error without ever releasing it...

5.7CVSS5.7AI score0.00175EPSS
Exploits0References7
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53136

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Clamp VBIOS HDMI retimer register count to array size Why & How The VBIOS integrated info tables v111 and v21 contain HdmiRegNum and Hdmi6GRegNum fields that are used as loop bounds when copying retimer I2C...

5.7AI score0.00172EPSS
Exploits0References10
OSV
OSV
added 2026/06/25 9:16 a.m.2 views

UBUNTU-CVE-2026-53186

In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: bound SRPRSP sense copy by the received length srpprocessrsp copies sense data from rsp-data + respdatalen, where respdatalen is the full 32-bit value supplied by the SRP target and is never checked against the number o...

9.1CVSS5.9AI score0.00544EPSS
Exploits0References11
OSV
OSV
added 2026/06/25 9:16 a.m.2 views

UBUNTU-CVE-2026-53154

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: restore reservation on error in hugetlb folio copy paths Two sites in mm/hugetlb.c allocate a hugetlb folio via allochugetlbfolio consuming a VMA reservation and then call copyuserlargefolio, which became int-returnin...

5.7AI score0.00168EPSS
Exploits0References8
OSV
OSV
added 2026/06/25 9:16 a.m.2 views

UBUNTU-CVE-2026-53269

In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: add mutex to guard hook reference counting As the synproxy infrastructure register netfilter hooks on-demand when a user adds the first iptables target or nftables expression, if done concurrently they can ra...

7.3CVSS5.7AI score0.00172EPSS
Exploits0References11
OSV
OSV
added 2026/06/25 9:16 a.m.2 views

UBUNTU-CVE-2026-53264

In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: use RCU with deferred freeing for action lifecycle When NEWTFILTER and DELFILTER are run concurrently it is possible to create a race with an associated action. Let's illustrate with CPU0 running NEWTFILTER and...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References11
OSV
OSV
added 2026/06/25 9:16 a.m.4 views

UBUNTU-CVE-2026-53182

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject oversized EMA RNR lists nl80211parsernrelems stores the parsed element count in a u8-backed cfg80211rnrelems::cnt field and uses that count to size the flexible array allocation. Reject nested...

8.5CVSS5.7AI score0.00138EPSS
Exploits0References9
OSV
OSV
added 2026/06/25 9:16 a.m.4 views

UBUNTU-CVE-2026-53201

In the Linux kernel, the following vulnerability has been resolved: Revert "drm/xe: Skip exec queue schedule toggle if queue is idle during suspend" This reverts commit 8533051ce92015e9cc6f75e0d52119b9d91610b6. The idle-skip optimization bypasses GuC suspend, so the GPU may not perform the contex...

7.8CVSS5.7AI score0.00137EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 9:16 a.m.4 views

UBUNTU-CVE-2026-53232

In the Linux kernel, the following vulnerability has been resolved: net: phy: clean the sfp upstream if phy probing fails Sashiko reported that we don't call sfpbusdelupstream in the probe failure path, so let's add it, otherwise the sfp-bus is left with a dangling 'upstream' field, that may be...

8.8CVSS5.7AI score0.00221EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 9:16 a.m.2 views

UBUNTU-CVE-2026-53138

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Bound VBIOS record-chain walk loops Why & How All record-chain walk loops in biosparser.c and biosparser2.c use for;; and only terminate on a 0xFF recordtype sentinel or zero recordsize. A malformed VBIOS image...

5.1CVSS5.7AI score0.00168EPSS
Exploits0References7
OSV
OSV
added 2026/06/25 9:16 a.m.2 views

UBUNTU-CVE-2026-53200

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: nv: Fix handling of XN0 when !FEATXNX XN has already been extracted from its bitfield position so using FIELDPREP on the mask that clears XN0 is completely broken, having the effect of unconditionally granting execute...

8.8CVSS5.8AI score0.00129EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 9:16 a.m.2 views

UBUNTU-CVE-2026-53181

In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: fix skackbacklog leak on failed handshake When vmcitransportrecvconnectingserver returns an error, vmcitransportrecvlisten calls vsockremovepending but never calls skacceptqremoved. This leaves skackbacklog incremente...

5.7CVSS5.8AI score0.00184EPSS
Exploits0References11
OSV
OSV
added 2026/06/25 9:16 a.m.2 views

UBUNTU-CVE-2026-53252

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix memory leak in error path of hciallocdev Early failures in Bluetooth HCI UART configuration leak SRCU percpu memory. When device initialization fails before hciregisterdev completes, the HCIUNREGISTER flag is never...

6.7CVSS5.7AI score0.00189EPSS
Exploits0References10
Rows per page
Query Builder