Lucene search
K

6660 matches found

Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-10667 SMP use-after-free in Zephyr `CONFIG_USERSPACE` dynamic kernel-object tracking, reachable from unprivileged user threads

Zephyr's dynamic kernel-object tracking kernel/userspace/userspace.c, formerly kernel/userspace.c maintains a doubly-linked list objlist of dynamically allocated kernel objects. Iteration over this list in kobjectwordlistforeach was performed under listslock using the SAFE iterator which caches t...

7.8CVSS0.00103EPSS
Exploits0References2
CVE
CVE
added 2 days ago15 views

CVE-2026-10667

Zephyr CVE-2026-10667 affects SMP builds with CONFIG_USERSPACE and dynamic objects (CONFIG_DYNAMIC_OBJECTS). The bug is a use-after-free in the dynamic kernel-object tracker: k_object_wordlist_foreach() iterates obj_list under lists_lock while removals and frees occur under objfree_lock/obj_lock,...

7.8CVSS6.1AI score0.00103EPSS
Exploits0References2
NVD
NVD
added 4 days ago5 views

CVE-2026-45203

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but befo...

7.8CVSS0.00116EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-43043

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but befo...

6.1AI score0.00116EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-41154 GPU DDK - Incorrect Index Calculation in CMA Cleanup Path of AllocOSPages_Sparse

Software installed and run as a non-privileged user may cause OOB kernel memory reads or writes through GPU API calls. When indexing pages larger than 4kB in the page freeing logic of the sparse memory implementation, incorrect buffer indexing leads to OOB access...

0.00167EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-43034

Software installed and run as a non-privileged user may cause OOB kernel memory reads or writes through GPU API calls. When indexing pages larger than 4kB in the page freeing logic of the sparse memory implementation, incorrect buffer indexing leads to OOB access...

6.1AI score0.00167EPSS
Exploits0References1
CVE
CVE
added 4 days ago8 views

CVE-2026-41154

CVE-2026-41154 : The issue affects the GPU DDK in the CMA Cleanup Path of AllocOSPages_Sparse. When indexing pages larger than 4kB in the sparse memory page-freeing logic, an incorrect buffer indexing leads to out-of-bounds (OOB) reads/writes in kernel memory, exposed to software running as a non...

7.8CVSS6.1AI score0.00167EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/07 5:55 a.m.3 views

kernel: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path

A flaw was found in the Linux kernel, specifically within the RDMA Remote Direct Memory Access vmwpvrdma module. This vulnerability is a double free, which means the system attempts to release the same memory resource twice. This can occur in an error handling path within the pvrdmaallocucontext...

7.8CVSS5.9AI score0.00143EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/06 9:21 p.m.4 views

kernel: smb/client: fix out-of-bounds read in smb2_compound_op()

A flaw was found in the Linux kernel's Server Message Block SMB client. A remote attacker, acting as a malicious SMB server, could send a specially crafted, truncated response with an oversized buffer length. This could lead to an out-of-bounds read in the smb2compoundop function, allowing the...

9.1CVSS7.3AI score0.00478EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/06 4:54 a.m.5 views

kernel: kernel: ipv6 frag escape

A flaw was found in the Linux kernel's ipv6 networking subsystem. An incorrect parameter length calculation allows an attacker with permissions to create UDP sockets to trigger overwrites of kernel memory, potentially leading to privilege escalation, data corruption, or a system crash...

5.9AI score0.00176EPSS
Exploits0References6
NVD
NVD
added 2026/06/29 8:17 p.m.13 views

CVE-2026-43724

The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination or write kernel memory...

7.8CVSS0.00142EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 8:17 p.m.8 views

CVE-2026-39868

This issue was addressed with improved input validation. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination or corrupt kernel memory...

9.1CVSS0.00371EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/29 7:50 p.m.5 views

kernel: mm/page_alloc: clear page->private in free_pages_prepare()

A flaw was found in the Linux kernel's memory management subsystem. When pages are freed, the page-private field is not properly cleared. If these pages are later reallocated as high-order pages and split, the tail pages can retain stale page-private values. This can lead to a use-after-free...

7.8CVSS7AI score0.0013EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/29 7:43 p.m.6 views

CVE-2026-39868

This issue was addressed with improved input validation. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination or corrupt kernel memory...

5.7AI score0.00371EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 7:43 p.m.28 views

CVE-2026-39868

CVE-2026-39868 affects Apple platforms (macOS Tahoe, iOS, iPadOS) and centers on a risk from improper input validation in the kernel pathway that could allow an app to cause an unexpected system termination or kernel memory corruption. The vulnerability is addressed in macOS Tahoe 26.5.2 and iOS/...

9.1CVSS5.7AI score0.00371EPSS
Exploits0References2Affected Software3
Cvelist
Cvelist
added 2026/06/29 7:43 p.m.27 views

CVE-2026-39868

This issue was addressed with improved input validation. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination or corrupt kernel memory...

0.00371EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/29 7:42 p.m.7 views

CVE-2026-43724

The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination or write kernel memory...

6AI score0.00142EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/29 7:42 p.m.27 views

CVE-2026-43724

The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination or write kernel memory...

0.00142EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.12 views

PT-2026-53719

Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Insufficient input sanitization in Apple platforms allows an app to reach sensitive kernel code paths. This improper input validation...

7.8CVSS6.5AI score0.00142EPSS
Exploits0References15
NVD
NVD
added 2026/06/27 9:16 a.m.8 views

CVE-2026-49417

Second, the audio buffer backing a mapping could be freed when the device was closed even though the mapping remained valid. The freed memory could then be reused elsewhere while still accessible through the stale mapping. The /dev/dsp device nodes are world-accessible by default. On a system wit...

7CVSS0.00125EPSS
Exploits0References1
Rows per page
Query Builder