2567 matches found
PT-2026-44726
Name of the Vulnerable Software and Affected Versions OpenTelemetry-Go versions prior to 0.0.17 Description The go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 modules leak one file descriptor on each successful ParseFile call. This occurs because ParseFile opens the...
EUVD-2026-32393
In the Linux kernel, the following vulnerability has been resolved: bpf: Require frozen map for calculating map hash Currently, bpfmapgetinfobyfd calculates and caches the hash of the map regardless of the map's frozen state. This leads to a TOCTOU bug where userspace can call BPFOBJGETINFOBYFD t...
CVE-2026-45966
CVE-2026-45966 concerns a Linux kernel/AppArmor regression. When receiving file descriptors via SCM_RIGHTS, both sock and sock->sk can be NULL, leading to NULL pointer dereferences in __unix_needs_revalidation() and a crash. The issue stems from added NULL checks in a new function without ensu...
CVE-2026-45932
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix tcx/netkit detach permissions when prog fd isn't given This commit fixes a security issue where BPFPROGDETACH on tcx or netkit devices could be executed by any user when no program fd was provided, bypassing permission...
PT-2026-43696
Name of the Vulnerable Software and Affected Versions libusb versions prior to 1.0.30 Description A NULL pointer dereference occurs when a malformed USB configuration descriptor is supplied. Specifically, if an interface claims bNumEndpoints greater than zero but is followed by a class-specific...
CVE-2026-45932
bpf: Fix tcx/netkit detach permissions when prog fd isnt given...
CVE-2026-46013
mm/memfdluo: fix physical address conversion in putfolios cleanup...
GHSA-4G75-9R48-JF92 ImageMagick: Race Condition in distributed pixel cache server can result in file descriptor hijacking
An attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met...
ImageMagick: Race Condition in distributed pixel cache server can result in file descriptor hijacking
An attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met...
EUVD-2026-31272
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Disallow re-exporting imported GEM objects Prevent re-exporting of imported GEM buffers by adding a custom primehandletofd callback that checks if the object is imported and returns -EOPNOTSUPP if so. Re-exporting...
CVE-2026-45251
A file descriptor can be closed while a thread is blocked in a poll2 or select2 call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed while the thread remains blocked. In this situation, t...
CVE-2026-39461 select(2) file descriptor set overflow causes stack overflow
libcasper3 communicates with helper processes via UNIX domain sockets, and uses the select2 system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select2's descriptor set size limit of FDSETSIZE 1024. An attacker able to cause an...
CVE-2026-39461 select(2) file descriptor set overflow causes stack overflow
libcasper3 communicates with helper processes via UNIX domain sockets, and uses the select2 system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select2's descriptor set size limit of FDSETSIZE 1024. An attacker able to cause an...
EUVD-2026-31256
A file descriptor can be closed while a thread is blocked in a poll2 or select2 call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed while the thread remains blocked. In this situation, t...
CVE-2026-45251 Kernel use-after-free via file descriptor syscalls
A file descriptor can be closed while a thread is blocked in a poll2 or select2 call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed while the thread remains blocked. In this situation, t...
CVE-2026-45251 Kernel use-after-free via file descriptor syscalls
A file descriptor can be closed while a thread is blocked in a poll2 or select2 call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed while the thread remains blocked. In this situation, t...
CVE-2026-45251
CVE-2026-45251 describes a kernel use-after-free vulnerability: a file descriptor can be closed while a thread is blocked in poll(2)/select(2). The blocked thread does not hold a reference to the underlying object, so freeing the object may occur while the thread is still waiting. In some fd type...
PT-2026-42397
Name of the Vulnerable Software and Affected Versions FreeBSD libcasper3 affected versions not specified Description libcasper3 communicates with helper processes via UNIX domain sockets and utilizes the select2 system call to wait for available data. The software fails to verify if the socket...
FreeBSD 资源管理错误漏洞
FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. There is a resource management vulnerability in FreeBSD. This vulnerability arises from threads being blocked during poll or select calls when file descriptors are closed. The kernel fails to remove the blocked threads...
FreeBSD : FreeBSD -- Kernel use-after-free via file descriptor syscalls (ee21f41f-54b5-11f1-8d7a-bc241121aa0a)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ee21f41f-54b5-11f1-8d7a-bc241121aa0a advisory. A file descriptor can be closed while a thread is blocked in a poll2 or select2 call waiting for that...