675 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-53085
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: fix mm lifecycle in open-coded taskvma iterator The open-coded taskvma iterator reads task-mm locklessly and acquires mmapreadtrylock but never calls mmget...
SUSE CVE-2026-53033
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Take state lock for afunix iter When a BPF iterator program updates a sockmap, there is a race condition in unixstreambpfupdateproto where the peer pointer can become stale1 during a state transition TCPESTABLISHED ...
CVE-2026-53085 bpf: fix mm lifecycle in open-coded task_vma iterator
In the Linux kernel, the following vulnerability has been resolved: bpf: fix mm lifecycle in open-coded taskvma iterator The open-coded taskvma iterator reads task-mm locklessly and acquires mmapreadtrylock but never calls mmget. If the task exits concurrently, the mmstruct can be freed as it is...
CVE-2026-53085
The CVE-2026-53085 issue affects the Linux kernel BPF subsystem where the open-coded task_vma iterator reads task->mm locklessly and uses mmap_read_trylock() without taking an mm reference, risking use-after-free if the task exits concurrently. The patch reads task->mm with a trylock on all...
EUVD-2026-38953
In the Linux kernel, the following vulnerability has been resolved: bpf: fix mm lifecycle in open-coded taskvma iterator The open-coded taskvma iterator reads task-mm locklessly and acquires mmapreadtrylock but never calls mmget. If the task exits concurrently, the mmstruct can be freed as it is...
CVE-2026-53033 bpf, sockmap: Take state lock for af_unix iter
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Take state lock for afunix iter When a BPF iterator program updates a sockmap, there is a race condition in unixstreambpfupdateproto where the peer pointer can become stale1 during a state transition TCPESTABLISHED ...
CVE-2026-53033
CVE-2026-53033 affects the Linux kernel’s BPF sockmap path, causing a race in unix_stream_bpf_update_proto() that can yield a Use-After-Free when a BPF iterator updates a sockmap during a TCP state transition. The issue is resolved by taking the state lock for AF_UNIX iterations to keep the unix ...
CVE-2026-52989 nvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its callers
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: propagate nvmettcpbuildpduiovec errors to its callers Currently, when nvmettcpbuildpduiovec detects an out-of-bounds PDU length or offset, it triggers nvmettcpfatalerrorcmd-queue and returns early. However, because the...
CVE-2026-52989
CVE-2026-52989 affects the Linux kernel nvmet-tcp component. The root cause is that nvmet_tcp_build_pdu_iovec() detects out-of-bounds PDU length/offset but does not propagate the error to callers; it returns void and triggers nvmet_tcp_fatal_error(cmd->queue) without alerting the caller, leavi...
CVE-2026-52921
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: stop hash: range iteration at end The following hash set variants: hash:ip,mark hash:ip,port hash:ip,port,ip hash:ip,port,net iterate IPv4 ranges with a 32-bit iterator. The iterator must stop once the last...
UBUNTU-CVE-2026-52921
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: stop hash: range iteration at end The following hash set variants: hash:ip,mark hash:ip,port hash:ip,port,ip hash:ip,port,net iterate IPv4 ranges with a 32-bit iterator. The iterator must stop once the last...
PT-2026-51978
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A lock ordering problem exists in the BPF subsystem when using the task vma iterator. Holding the per-VMA lock across the BPF program body can lead to a deadlock when helpers attempt to...
PT-2026-51979
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free flaw exists in the Berkeley Packet Filter BPF subsystem. The task vma iterator reads task-mm locklessly and acquires mmap read trylock without calling mmget. If a task...
PT-2026-51927
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the unix stream bpf update proto function within the Linux kernel's sockmap functionality. This issue occurs when a BPF Berkeley Packet Filter iterator program...
PT-2026-51883
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the nvmet-tcp component occurs because the nvmet tcp build pdu iovec function does not propagate errors to its callers when detecting out-of-bounds PDU Protocol Data Unit lengt...
EUVD-2026-38003
Cloudflare Quiche: Use-after-free in connection ID iterator FFI functions...
Cloudflare Quiche: Use-after-free in connection ID iterator FFI functions
Impact Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The quicheconnectioniditernext and quicheconnretiredscidnext functions would return a pointer to a ConnectionId to the applications via function arguments, but the the owned...
CVE-2026-11941 Use-after-free in connection ID iterator and FFI functions
Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The “quicheconnectioniditernext” and “quicheconnretiredscidnext” functions would return a pointer to a “ConnectionId” to the applications via function arguments, but the owned...
CVE-2026-11941
Cloudflare Quiche contains two use-after-free flaws in the FFI path for connection IDs. The issues affect the quiche_connection_id_iter_next and quiche_conn_retired_scid_next functions, where a owned ConnectionId is returned to the application via an argument but is dropped at the end of the func...
CVE-2026-11941
Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The “quicheconnectioniditernext” and “quicheconnretiredscidnext” functions would return a pointer to a “ConnectionId” to the applications via function arguments, but the owned...