1311 matches found
CVE-2026-53312
In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: Remove overflows on the invalidation path Since RISC-V supports a sign extended page table it should support a gather-end of ULONGMAX, but if this happens it will infinite loop because of the overflow. Also avoid...
UBUNTU-CVE-2026-53312
In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: Remove overflows on the invalidation path Since RISC-V supports a sign extended page table it should support a gather-end of ULONGMAX, but if this happens it will infinite loop because of the overflow. Also avoid...
EUVD-2026-39847
In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: Remove overflows on the invalidation path Since RISC-V supports a sign extended page table it should support a gather-end of ULONGMAX, but if this happens it will infinite loop because of the overflow. Also avoid...
CVE-2026-53312
In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: Remove overflows on the invalidation path Since RISC-V supports a sign extended page table it should support a gather-end of ULONGMAX, but if this happens it will infinite loop because of the overflow. Also avoid...
CVE-2026-53312
In CVE-2026-53312, a Linux kernel iommu/riscv vulnerability is resolved: an integer overflow in the invalidation path could cause an infinite loop when handling sign-extended page tables (ULONG_MAX) during a gather/end computation. The fix moves the +1 away from the potentially overflowed compari...
SUSE CVE-2026-53265
In the Linux kernel, the following vulnerability has been resolved: dm cache policy smq: check allocation under invalidate lock commit 2d1f7b65f5de "dm cache policy smq: fix missing locks in invalidating cache blocks" added mq-lock around the destructive part of smqinvalidatemapping, but left the...
EUVD-2025-210341
Flowise before 3.0.10 affected versions 3.0.7 and earlier fails to invalidate existing sessions and session tokens after a user changes their password. An attacker who already holds an active session, for example via a stolen session token or a device left logged in, remains authenticated as the...
PT-2026-52951
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the RISC-V IOMMU invalidation path. Because RISC-V supports sign extended page tables, a gather-end value of ULONG MAX can cause an infinite loop due to an integer...
CVE-2025-71335
Flowise before 3.0.10 affected versions 3.0.7 and earlier fails to invalidate existing sessions and session tokens after a user changes their password. An attacker who already holds an active session, for example via a stolen session token or a device left logged in, remains authenticated as the...
CVE-2025-71335 Flowise - Session Invalidation Failure After Password Change
Flowise before 3.0.10 affected versions 3.0.7 and earlier fails to invalidate existing sessions and session tokens after a user changes their password. An attacker who already holds an active session, for example via a stolen session token or a device left logged in, remains authenticated as the...
CVE-2025-71335
Flowise prior to version 3.0.10 is affected. Versions 3.0.7 and earlier do not invalidate existing sessions or session tokens after a user changes their password, allowing an attacker with an active session (e.g., via a stolen token or an already-logged-in device) to remain authenticated post-pas...
CVE-2025-71335
Flowise before 3.0.10 affected versions 3.0.7 and earlier fails to invalidate existing sessions and session tokens after a user changes their password. An attacker who already holds an active session, for example via a stolen session token or a device left logged in, remains authenticated as the...
CVE-2026-56774
Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController::removeSession fails to validate the session id parameter before passing it to RememberMeSessionModel::remove, allowing authenticated users to delete other users' Remember Me sessions. Attackers can enumerate sequential session...
UBUNTU-CVE-2026-53201
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/xe: Skip exec queue schedule toggle if queue is idle during suspend" This reverts commit 8533051ce92015e9cc6f75e0d52119b9d91610b6. The idle-skip optimization bypasses GuC suspend, so the GPU may not perform the contex...
CVE-2026-53265 dm cache policy smq: check allocation under invalidate lock
In the Linux kernel, the following vulnerability has been resolved: dm cache policy smq: check allocation under invalidate lock commit 2d1f7b65f5de "dm cache policy smq: fix missing locks in invalidating cache blocks" added mq-lock around the destructive part of smqinvalidatemapping, but left the...
CVE-2026-53265 dm cache policy smq: check allocation under invalidate lock
In the Linux kernel, the following vulnerability has been resolved: dm cache policy smq: check allocation under invalidate lock commit 2d1f7b65f5de "dm cache policy smq: fix missing locks in invalidating cache blocks" added mq-lock around the destructive part of smqinvalidatemapping, but left the...
CVE-2026-53201 Revert "drm/xe: Skip exec queue schedule toggle if queue is idle during suspend"
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/xe: Skip exec queue schedule toggle if queue is idle during suspend" This reverts commit 8533051ce92015e9cc6f75e0d52119b9d91610b6. The idle-skip optimization bypasses GuC suspend, so the GPU may not perform the contex...
PT-2026-52614
Name of the Vulnerable Software and Affected Versions Flowise versions 3.0.0 through 3.0.7 Description Flowise fails to invalidate existing sessions and session tokens after a user changes their password. This allows an attacker who possesses an active session, such as through a stolen session...
Linux Distros Unpatched Vulnerability : CVE-2026-53062
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm cache policy smq: fix missing locks in invalidating cache blocks In passthrough mode, the policy invalidatemapping operation is called simultaneously from...
CVE-2026-53057
In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: Add IOTINVAL after updating DDT/PDT entries Add riscviommuiodiriotinval to perform required TLB and context cache invalidations after updating DDT or PDT entries, as mandated by the RISC-V IOMMU specification Section...