Lucene search
K

1723 matches found

RedHat Linux
RedHat Linux
added 4 days ago4 views

kernel: Linux kernel: Use-After-Free in net/gro due to improper handling of zerocopy skbs

A flaw was found in the Linux kernel's Generic Receive Offload GRO networking subsystem. This vulnerability occurs when skbgroreceive attempts to merge zerocopy socket buffers skbs without properly managing page reference counts, specifically when the SKBFLMANAGEDFRAGREFS flag is set. An attacker...

7.8CVSS7.3AI score0.00137EPSS
Exploits0References11
OSV
OSV
added 4 days ago2 views

UBUNTU-CVE-2026-53362

In the Linux kernel, the following vulnerability has been resolved: ipv6: account for fraggap on the paged allocation path In ip6appenddata, when the paged-allocation branch is taken MSGMORE / NETIFFSG / large fraglen, alloclen and pagedlen are computed as alloclen = fragheaderlen + transhdrlen;...

5.8AI score0.00176EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 5 days ago5 views

CVE-2026-53362

A flaw was found in the Linux kernel's ipv6 networking subsystem. An incorrect parameter length calculation allows an attacker with permissions to create UDP sockets to trigger overwrites of kernel memory, potentially leading to privilege escalation, data corruption, or a system crash. Mitigation...

7.8CVSS5.9AI score0.00176EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.7 views

Ubuntu 26.04 LTS : Linux kernel (OEM) vulnerabilities (USN-8489-1)

"The remote Ubuntu 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8489-1 advisory. It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag....

9.8CVSS7.3AI score0.93235EPSS
Exploits66References166
Cvelist
Cvelist
added 2026/07/02 9:19 p.m.28 views

CVE-2026-12413 IKEv2 Denial of Service via malformed fragmentation

An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemblev2incomingfragments would ignore unknown outer payloads but still store these in a fixed size array msgdigest.digestPAYLIMIT...

7.5CVSS0.00597EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/07/02 9:19 p.m.5 views

CVE-2026-12413

An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemblev2incomingfragments would ignore unknown outer payloads but still store these in a fixed size array msgdigest.digestPAYLIMIT...

7.5CVSS6.6AI score0.00597EPSS
Exploits0
OSV
OSV
added 2026/07/02 3:40 p.m.5 views

USN-8497-1 linux-lowlatency, linux-lowlatency-hwe-6.8 vulnerabilities

It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...

9.8CVSS6.3AI score0.93235EPSS
Exploits61References322
OSV
OSV
added 2026/07/02 12:0 a.m.4 views

ALSA-2026:34911 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: fs/smb/client: fix out-of-bounds read in cifssanitizeprepath CVE-2026-43112 kernel: rxrpc: Fix potential UAF after skbunshare failure CVE-2026-45998 kernel: drm/gem: Fix inconsistent plan...

9.3CVSS6.5AI score0.0053EPSS
Exploits0References14
RedHat Linux
RedHat Linux
added 2026/07/01 6:54 p.m.6 views

gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...

7.5CVSS6.1AI score0.01263EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/30 11:30 a.m.5 views

kernel: net: skbuff: propagate shared-frag marker through frag-transfer helpers

A flaw was found in the Linux kernel's networking skbuff component. When skbtrycoalesce attaches paged fragments, it can lose the SKBFLSHAREDFRAG marker. This can lead to the Encapsulating Security Payload ESP input decrypting data in place over page-cache backed fragments, potentially resulting ...

8.8CVSS6.4AI score0.00135EPSS
Exploits7References6
RedHat Linux
RedHat Linux
added 2026/06/29 10:17 a.m.11 views

gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service...

9.1CVSS5.7AI score0.00805EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/29 8:10 a.m.9 views

EUVD-2026-40054

Eclipse tinydtls before commit b3efd41ad111a4920f599f51ffa4f5e9f1e72221 contains an out-of-bounds read vulnerability in the checkservercertificate function that allows unauthenticated attackers to trigger reads beyond valid buffer boundaries by crafting a Certificate handshake message with a...

6.9CVSS6AI score0.00173EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 8:10 a.m.7 views

CVE-2026-9267

Eclipse tinydtls before commit b3efd41ad111a4920f599f51ffa4f5e9f1e72221 contains an out-of-bounds read vulnerability in the checkservercertificate function that allows unauthenticated attackers to trigger reads beyond valid buffer boundaries by crafting a Certificate handshake message with a...

6.9CVSS6AI score0.00173EPSS
Exploits0References2
CVE
CVE
added 2026/06/29 8:10 a.m.14 views

CVE-2026-9267

CVE-2026-9267 affects Eclipse tinydtls prior to commit b3efd41ad111a4920f599f51ffa4f5e9f1e72221. The issue is an out-of-bounds read in the check_server_certificate() function during DTLS epoch 0 where a Certificate handshake message with a crafted fragment_length can trigger reads beyond buffer b...

6.9CVSS6AI score0.00173EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 7:43 a.m.2 views

SUSE-SU-2026:22507-1 Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.26.1 fixes various security issues The following security issues were fixed: - CVE-2026-23278: netfilter: nftables: always walk all pending catchall elements bsc1260907. - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay...

9.8CVSS6.7AI score0.0049EPSS
Exploits8References16
RedHat Linux
RedHat Linux
added 2026/06/29 2:54 a.m.8 views

Important: Red Hat Security Advisory: gnutls and libtasn1 security update

An update for multiple packages is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

9.8CVSS7AI score0.01335EPSS
Exploits2References14
RedHat Linux
RedHat Linux
added 2026/06/29 2:54 a.m.5 views

gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...

7.5CVSS6.1AI score0.01263EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/29 2:40 a.m.4 views

gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...

7.5CVSS6.1AI score0.01263EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/29 2:40 a.m.5 views

gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service...

9.1CVSS5.7AI score0.00805EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.7 views

Oracle Linux 9 : gnutls (ELSA-2026-50346)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50346 advisory. - Fix CVE-2026-33846 DTLS fragment reassembly, High, heap overwrite - Fix CVE-2026-42009 DTLS fragment reassembly, High, undefined behaviour - Fix...

9.8CVSS5.9AI score0.01335EPSS
Exploits3References14
Rows per page
Query Builder