1008 matches found
Exploit for CVE-2026-31431
CVE-2026-31431 Copy Fail – a 4‑byte page‑cache write prim...
CVE-2026-7270
An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve2 argument buffers. The bug may be exploitable by an unprivileged user to obtain superuser privileges...
CVE-2026-7270 Local privilege escalation via execve()
An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve2 argument buffers. The bug may be exploitable by an unprivileged user to obtain superuser privileges...
EUVD-2026-26353
An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve2 argument buffers. The bug may be exploitable by an unprivileged user to obtain superuser privileges...
FreeBSD : FreeBSD -- Local privilege escalation via execve() (f528ea29-4434-11f1-bb07-bc241121aa0a)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f528ea29-4434-11f1-bb07-bc241121aa0a advisory. An operator precedence bug in the kernel results in a scenario where a buffer overflow causes...
FreeBSD Security Advisory - FreeBSD-SA-26:13.exec
FreeBSD Security Advisory - An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve2 argument buffers...
FreeBSD -- Local privilege escalation via execve()
Problem Description: An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve2 argument buffers. Impact: The bug may be exploitable by an unprivileged user to obtain superuser privileges...
PT-2026-35872
Name of the Vulnerable Software and Affected Versions xen affected versions not specified Description Security issues were identified and addressed in the xen-4.21.1 04-1.1 package on the GA media of openSUSE Tumbleweed. Recommendations Update to the xen-4.21.1 04-1.1 package...
CVE-2026-31635
A flaw was found in the Linux kernel's rxrpc component. An inverted length check in the rxgkverifyresponse function allows oversized RESPONSE authenticators to be accepted. This can lead to an impossible length being passed to skbtosgvec, triggering a BUGON condition and resulting in a system...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ocfs2 file system’s ocfs2groupextend function. This function assumes that the global bitmap f...
CVE-2026-31438
A flaw was found in the Linux kernel's netfs component. When a process crashes and the kernel attempts to write a core dump to a 9P filesystem, the netfslimititer function does not properly handle ITERKVEC iterators. This oversight can lead to a kernel BUG, resulting in a system crash and a Denia...
EUVD-2026-24764
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel BUG in netfslimititer for ITERKVEC iterators When a process crashes and the kernel writes a core dump to a 9P filesystem, kernelwrite creates an ITERKVEC iterator. This iterator reaches netfslimititer via...
CVE-2026-31438
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel BUG in netfslimititer for ITERKVEC iterators When a process crashes and the kernel writes a core dump to a 9P filesystem, kernelwrite creates an ITERKVEC iterator. This iterator reaches netfslimititer via...
CVE-2026-31452
CVE-2026-31452 affects the Linux kernel ext4 filesystem. Connected sources confirm a concrete vulnerability in inline data storage: when truncate() increases a file beyond the inline capacity, ext4 currently risks the inode inline flag and the file size becoming inconsistent. The fix introduces a...
CVE-2026-31452 ext4: convert inline data to extents when truncate exceeds inline size
In the Linux kernel, the following vulnerability has been resolved: ext4: convert inline data to extents when truncate exceeds inline size Add a check in ext4setattr to convert files from inline data storage to extent-based storage when truncate grows the file size beyond the inline capacity. Thi...
CVE-2026-31438 netfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel BUG in netfslimititer for ITERKVEC iterators When a process crashes and the kernel writes a core dump to a 9P filesystem, kernelwrite creates an ITERKVEC iterator. This iterator reaches netfslimititer via...
CVE-2026-31438
CVE-2026-31438 affects the Linux kernel netfs code. A BUG occurs in netfs_limit_iter() when processing ITER_KVEC iterators (e.g., during core-dump to 9P), because ITER_KVEC is not dispatched like other supported types. The fix adds netfs_limit_kvec() (paralleling netfs_limit_bvec()) and dispatche...
CVE-2026-6386
In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shmcreatelargepage3 interface. In particular, it...
kernel: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match()
A flaw was found in the Linux kernel’s SMC Shared Memory Communication module: in smcclcprfxmatch, the function is called from smclistenwork without proper RCU or RTNL protection. The code previously used skdstgetsk-dev, which can lead to a use-after-free UAF condition if the sk’s destination is...
PT-2026-34418
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap ecred conn req Syzbot reported a KASAN stack-out-of-bounds read in l2cap build cmd that is triggered by a malformed Enhanced Credit Based Connection Request. The vulnerabili...