Lucene search
K

7112 matches found

RedHat Linux
RedHat Linux
added yesterday8 views

kernel: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock

A flaw was found in the Linux kernel's futex Fast Userspace Mutex requeue mechanism. When a non-top waiter attempts to requeue a Priority Inheritance PI futex it already owns, a NULL pointer dereference can occur. This issue, specifically within the removewaiter function during a self-deadlock...

6AI score0.00126EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 4 days ago10 views

kernel: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock

A flaw was found in the Linux kernel's futex Fast Userspace Mutex requeue mechanism. When a non-top waiter attempts to requeue a Priority Inheritance PI futex it already owns, a NULL pointer dereference can occur. This issue, specifically within the removewaiter function during a self-deadlock...

6AI score0.00126EPSS
Exploits0References6
OSV
OSV
added last week4 views

PYSEC-2026-1958 TensorFlow vulnerable to integer overflow in EditDistance

Impact TFversion 2.11.0 //tensorflow/core/ops/arrayops.cc:1067 const Tensor hypothesisshapet = c-inputtensor2; std::vector dimshypothesisshapet-NumElements - 1; for int i = 0; i MakeDimstd::maxhvaluesi, tvaluesi; if hypothesisshapet is empty, hypothesisshapet-NumElements - 1 will be integer...

7.5CVSS6.6AI score0.00391EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.8 views

next.js: Next.js: Denial of Service via crafted POST requests to server actions

A flaw was found in Next.js. Applications utilizing Partial Prerendering via the Cache Components feature are susceptible to connection exhaustion. A remote attacker can send crafted POST requests to a server action, triggering a request-body handling deadlock. This leaves connections open,...

7.5CVSS6AI score0.00546EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/07/01 5:8 p.m.7 views

CVE-2026-53326

A flaw was found in the Linux kernel's debugobjects subsystem. During early boot on a debug PREEMPTRT kernel on an ARM64 system, interrupts can occur before the scheduler is fully enabled. In this specific window, the hard interrupt context handler may attempt to fill a pool, which can lead to a...

5.5CVSS5.7AI score0.00172EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/01 4:50 p.m.8 views

CVE-2026-53331

A flaw was found in the Linux kernel's slimbus subsystem, specifically within the qcom-ngd-ctrl driver. This vulnerability arises from an incorrect ordering of lock acquisitions, known as an ABBA deadlock, when handling System State Reset SSR or Power Down Reset PDR notifications. A local attacke...

5.8AI score0.00172EPSS
Exploits0References4
NVD
NVD
added 2026/07/01 2:16 p.m.7 views

CVE-2026-53326

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't call fillpool in early boot hardirq context When booting a debug PREEMPTRT kernel on an ARM64 system, a "inconsistent HARDIRQ-ON-W - IN-HARDIRQ-W usage" lockdep warning message was reported to the console...

0.00172EPSS
Exploits0References6
OSV
OSV
added 2026/07/01 2:16 p.m.3 views

UBUNTU-CVE-2026-53331

In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd-ctrl: Avoid ABBA on txlock/ctrl-lock During the SSR/PDR down notification the txlock is taken with the intent to provide synchronization with active DMA transfers. But during this period qcomslimngddown is...

5.8AI score0.00172EPSS
Exploits0References10
OSV
OSV
added 2026/07/01 2:16 p.m.4 views

UBUNTU-CVE-2026-53326

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't call fillpool in early boot hardirq context When booting a debug PREEMPTRT kernel on an ARM64 system, a "inconsistent HARDIRQ-ON-W - IN-HARDIRQ-W usage" lockdep warning message was reported to the console...

5.7AI score0.00172EPSS
Exploits0References6
OSV
OSV
added 2026/07/01 1:35 p.m.3 views

SUSE-SU-2026:2722-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-10263: arm64: errata: Mitigate TLBI errata on various Arm CPUs bsc1266290. - CVE-2025-68822: Input: alps - fix use-after-free bugs caused by dev3registerwor...

9.8CVSS6.9AI score0.0053EPSS
Exploits0References133
EUVD
EUVD
added 2026/07/01 1:32 p.m.6 views

EUVD-2026-40965

In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd-ctrl: Avoid ABBA on txlock/ctrl-lock During the SSR/PDR down notification the txlock is taken with the intent to provide synchronization with active DMA transfers. But during this period qcomslimngddown is...

5.8AI score0.00172EPSS
Exploits0References7
CVE
CVE
added 2026/07/01 1:32 p.m.17 views

CVE-2026-53331

The CVE-2026-53331 entry describes a Linux kernel slimbus issue in qcom-ngd-ctrl where tx_lock and slim_controller lock could be acquired in opposite orders, risking a deadlock during SSR/PDR down notification. The report explains that qcom_slim_ngd_down() → slim_report_absent() takes the slim_co...

5.8AI score0.00172EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/01 1:32 p.m.37 views

CVE-2026-53326 debugobjects: Don't call fill_pool() in early boot hardirq context

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't call fillpool in early boot hardirq context When booting a debug PREEMPTRT kernel on an ARM64 system, a "inconsistent HARDIRQ-ON-W - IN-HARDIRQ-W usage" lockdep warning message was reported to the console...

0.00172EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/01 1:32 p.m.6 views

CVE-2026-53326

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't call fillpool in early boot hardirq context When booting a debug PREEMPTRT kernel on an ARM64 system, a "inconsistent HARDIRQ-ON-W - IN-HARDIRQ-W usage" lockdep warning message was reported to the console...

5.7AI score0.00172EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/07/01 1:32 p.m.8 views

EUVD-2026-40960

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't call fillpool in early boot hardirq context When booting a debug PREEMPTRT kernel on an ARM64 system, a "inconsistent HARDIRQ-ON-W - IN-HARDIRQ-W usage" lockdep warning message was reported to the console...

5.8AI score0.00172EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 1:32 p.m.14 views

CVE-2026-53326

The CVE-2026-53326 issue affects the Linux kernel (debugobjects) on ARM64 PREEMPT_RT builds during early boot. The root cause was attempting to fill a pool within hardirq context before the scheduler is enabled, potentially causing a deadlock when a hard interrupt hits a lock-protected allocation...

5.8AI score0.00172EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/01 12:13 p.m.5 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References8
OSV
OSV
added 2026/06/30 11:9 p.m.4 views

SUSE-SU-2026:22436-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-10263: arm64: errata: Mitigate TLBI errata on various Arm CPUs bsc1266290. - CVE-2025-68822: Input: alps - fix use-after-free bugs caused by...

9.8CVSS7AI score0.0053EPSS
Exploits1References145
RedHat Linux
RedHat Linux
added 2026/06/30 8:27 p.m.4 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/29 9:39 p.m.7 views

CVE-2026-10647

The USB CDC-NCM device class subsys/usb/devicenext/class/usbdcdcncm.c ignores the return value of usbdepenqueue in its ethernet transmit callback cdcncmsend. When the enqueue fails, the function still calls ksemtake&data-syncsem, KFOREVER, blocking on a completion semaphore that is only ever...

5.3CVSS6AI score0.00134EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder