5435 matches found
UBUNTU-CVE-2026-23361
In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry Endpoint drivers use dwpcieepraisemsixirq to raise an MSI-X interrupt to the host using a writel, which generates a PCI posted write transaction. There's no completio...
CVE-2026-23377
In the Linux kernel, the following vulnerability has been resolved: ice: change XDP RxQ fragsize from DMA write length to xdp.framesz The only user of fragsize field in XDP RxQ info is bpfxdpfragsincreasetail. It clearly expects whole buff size instead of DMA write size. Different assumptions in...
CVE-2026-23361
In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry Endpoint drivers use dwpcieepraisemsixirq to raise an MSI-X interrupt to the host using a writel, which generates a PCI posted write transaction. There's no completio...
CVE-2026-23361 PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry
In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry Endpoint drivers use dwpcieepraisemsixirq to raise an MSI-X interrupt to the host using a writel, which generates a PCI posted write transaction. There's no completio...
CVE-2026-23359 bpf: Fix stack-out-of-bounds write in devmap
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stack-out-of-bounds write in devmap getupperifindexes iterates over all upper devices and writes their indices into an array without checking bounds. Also the callers assume that the max number of upper devices is...
CVE-2026-23343 xdp: produce a warning when calculated tailroom is negative
In the Linux kernel, the following vulnerability has been resolved: xdp: produce a warning when calculated tailroom is negative Many ethernet drivers report xdp Rx queue frag size as being the same as DMA write size. However, the only user of this field, namely bpfxdpfragsincreasetail, clearly...
CVE-2026-23343
In the Linux kernel, the following vulnerability has been resolved: xdp: produce a warning when calculated tailroom is negative Many ethernet drivers report xdp Rx queue frag size as being the same as DMA write size. However, the only user of this field, namely bpfxdpfragsincreasetail, clearly...
CVE-2026-23327
The CVE-2026-23327 issue is a Linux kernel vulnerability in the CXL mailbox driver (cxl/mbox). The root cause is that cxl_payload_from_user_allowed() casts and dereferences the user payload without validating its size, allowing an undersized mailbox command to trigger a read past the allocated bu...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, caused by an incorrect configuration of the XDP RxQ fragsize field, which may lead to negative tail space...
Linux Distros Unpatched Vulnerability : CVE-2026-23360
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nvme: fix admin queue leak on controller reset When nvmeallocadmintagset is called during a controller reset, a previous admin queue may still exist. Release it...
FreeBSD -- Remote denial of service via null pointer dereference
Problem Description: On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID. Impact: An attacker with network access to the NVMe/TCP target can trigger an unauthenticated Denial of Service...
Malicious code in env-express-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c836e2eb4b78603e8fa096a1eb11b7b3b9e49a91bcfe0b82be74b1bdd1c58a03 The package env-express-cli was found to contain malicious code...
MAL-2026-2362 Malicious code in env-express-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c836e2eb4b78603e8fa096a1eb11b7b3b9e49a91bcfe0b82be74b1bdd1c58a03 The package env-express-cli was found to contain malicious code...
Malicious code in env-express (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 641ecb34e7cfa3af77893add29d18b3c9c1e2b95012ff76c775a7bd8ca97ea4b The package env-express was found to contain malicious code...
MAL-2026-2361 Malicious code in env-express (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 641ecb34e7cfa3af77893add29d18b3c9c1e2b95012ff76c775a7bd8ca97ea4b The package env-express was found to contain malicious code...
Malicious code in env-cli-express (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46e9b2427571d9edd96dfaefcc677578a0296dcf49d197e9482a67b794ea440e The package env-cli-express was found to contain malicious code...
MAL-2026-2358 Malicious code in env-cli-express (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46e9b2427571d9edd96dfaefcc677578a0296dcf49d197e9482a67b794ea440e The package env-cli-express was found to contain malicious code...
Malicious code in dotenv-express (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87c063897212774df4e13b1d7bf70cc74a98ac1ca824d2bb1f1e8c60d0662b5e Package impersonates the popular dotenv package: package.json points its repository field to git://github.com/motdotla/dotenv.git and homepage to...
MAL-2026-2350 Malicious code in dotenv-express (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87c063897212774df4e13b1d7bf70cc74a98ac1ca824d2bb1f1e8c60d0662b5e Package impersonates the popular dotenv package: package.json points its repository field to git://github.com/motdotla/dotenv.git and homepage to...
Malicious code in express-session-validator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3beac16c32c8776482bafbb2ad95b50b7b18bf6e93fbf712238f60a4d7ae363d The package express-session-validator was found to contain malicious code. Source: ghsa-malware...