Lucene search
K

6905 matches found

NVD
NVD
added 2 days ago4 views

CVE-2026-20458

In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for...

7.5CVSS0.00202EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-20458

In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for...

0.00202EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40871

In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for...

7.5CVSS6AI score0.00202EPSS
Exploits0References1
CVE
CVE
added 2 days ago13 views

CVE-2026-20458

CVE-2026-20458 affects the Modem with a memory corruption via a missing bounds check. This could enable remote escalation of privilege if a UE connects to a rogue base station, with no extra execution privileges required and no user interaction. Exploitation is described as adjacent access under ...

7.5CVSS6AI score0.00202EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2 days ago6 views

kernel: libceph: prevent potential out-of-bounds reads in handle_auth_done()

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handleauthdone Perform an explicit bounds check on payloadlen to avoid a possible out-of-bounds access in the callout. idryomov: changelog...

9.8CVSS6.7AI score0.00351EPSS
Exploits0References5
Debian CVE
Debian CVE
added 3 days ago5 views

CVE-2026-58374

In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 IEEE 802.11be Multi-Link Operation MLO association request processing allows an unauthenticated attacker within wireless range to send a crafted management frame containing a malformed Multi-Link Element or Per-STA Profile...

7.1CVSS5.8AI score0.00282EPSS
Exploits0
AlpineLinux
AlpineLinux
added 3 days ago4 views

CVE-2026-58374

In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 IEEE 802.11be Multi-Link Operation MLO association request processing allows an unauthenticated attacker within wireless range to send a crafted management frame containing a malformed Multi-Link Element or Per-STA Profile...

7.1CVSS5.7AI score0.00282EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-53206

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add bounds check for firmware runtime memory Validate that the firmware runtime memory specified in the image header is properly aligned and sized to hold the firmware image. This prevents errors during memory...

5.5CVSS5.7AI score0.00162EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 5 days ago6 views

SUSE CVE-2026-53283

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Bounds-check devid in rlookupamdiommu iommudeviceregister walks every device on the PCI bus via busforeachdev and calls amdiommuprobedevice for each. The inlined checkdevice path computes the device's sbdf, calls...

5.8AI score0.00166EPSS
Exploits0References3
OSV
OSV
added last week2 views

UBUNTU-CVE-2026-53283

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Bounds-check devid in rlookupamdiommu iommudeviceregister walks every device on the PCI bus via busforeachdev and calls amdiommuprobedevice for each. The inlined checkdevice path computes the device's sbdf, calls...

5.8AI score0.00166EPSS
Exploits0References6
EUVD
EUVD
added last week6 views

EUVD-2026-39888

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Bounds-check devid in rlookupamdiommu iommudeviceregister walks every device on the PCI bus via busforeachdev and calls amdiommuprobedevice for each. The inlined checkdevice path computes the device's sbdf, calls...

5.8AI score0.00166EPSS
Exploits0References3
CVE
CVE
added last week7 views

CVE-2026-53283

CVE-2026-53283 covers a bounds-check failure in the Linux kernel AMD IOMMU path. The issue arises in __rlookup_amd_iommu(): rlookup_table[devid] is indexed without an internal bounds check, and iommu_device_register() iterates all PCI devices, calling amd_iommu_probe_device() for each. If a devic...

5.8AI score0.00166EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/25 11:42 p.m.8 views

CVE-2026-53178

A flaw was found in the Linux kernel, specifically within the rtl8723bs Wi-Fi driver's rtwmlme component. This vulnerability is due to a missing bounds check before subtracting fixed offsets from the ielength variable, which can lead to an unsigned integer underflow. This issue could potentially...

8.1CVSS5.8AI score0.00214EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 9:16 a.m.8 views

CVE-2026-53250

In the Linux kernel, the following vulnerability has been resolved: xsk: cache csumstart/csumoffset to fix TOCTOU in xskskbmetadata The TX metadata area resides in the UMEM buffer which is memory-mapped and concurrently writable by userspace. In xskskbmetadata, csumstart and csumoffset are read...

7.8CVSS0.00145EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 9:16 a.m.7 views

CVE-2026-53246

In the Linux kernel, the following vulnerability has been resolved: sctp: validate cached peer INIT chunk length in COOKIEECHO processing When a listening SCTP server processes a COOKIEECHO chunk, the cached peer INIT chunk embedded after the cookie is parsed and its parameters are later walked b...

9.8CVSS0.00481EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 9:16 a.m.5 views

CVE-2026-53206

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add bounds check for firmware runtime memory Validate that the firmware runtime memory specified in the image header is properly aligned and sized to hold the firmware image. This prevents errors during memory...

5.5CVSS0.00162EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 9:16 a.m.5 views

CVE-2026-53186

In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: bound SRPRSP sense copy by the received length srpprocessrsp copies sense data from rsp-data + respdatalen, where respdatalen is the full 32-bit value supplied by the SRP target and is never checked against the number o...

9.1CVSS0.00544EPSS
Exploits0References8
NVD
NVD
added 2026/06/25 9:16 a.m.6 views

CVE-2026-53149

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Bound root directory content to block size tbpropertyparsedir does not check that contentoffset + contentlen fits within blocklen for the root directory case. When rootdir-length equals or exceeds blocklen - 2, the...

0.00176EPSS
Exploits0References8
OSV
OSV
added 2026/06/25 9:16 a.m.2 views

UBUNTU-CVE-2026-53149

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Bound root directory content to block size tbpropertyparsedir does not check that contentoffset + contentlen fits within blocklen for the root directory case. When rootdir-length equals or exceeds blocklen - 2, the...

5.1CVSS5.7AI score0.00176EPSS
Exploits0References11
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53246

In the Linux kernel, the following vulnerability has been resolved: sctp: validate cached peer INIT chunk length in COOKIEECHO processing When a listening SCTP server processes a COOKIEECHO chunk, the cached peer INIT chunk embedded after the cookie is parsed and its parameters are later walked b...

9.8CVSS5.9AI score0.00481EPSS
Exploits0References6
Rows per page
Query Builder