787 matches found
CVE-2026-53267
A flaw was found in the Linux kernel's netfilter subsystem. A local attacker can exploit this vulnerability by creating specially crafted netfilter rules. This can lead to a memory corruption issue, where data on the kernel's memory stack is overwritten. Successful exploitation could result in...
CVE-2026-53263
In the Linux kernel, the following vulnerability has been resolved: 6lowpan: fix off-by-one in multicast context address compression The second memcpy in lowpaniphcmcastctxaddrcompress uses &data1 as destination and &ipaddr-s6addr11 as source, but both should be offset by one: &data2 and...
CVE-2026-53267
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: bail out on template ct in get eval I noticed this issue while looking at a historic syzbot report 1. A rule like the one below is enough to trigger the bug: table ip t chain pre type filter hook prerouting...
UBUNTU-CVE-2026-53267
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: bail out on template ct in get eval I noticed this issue while looking at a historic syzbot report 1. A rule like the one below is enough to trigger the bug: table ip t chain pre type filter hook prerouting...
CVE-2026-52940
A flaw was found in the Linux kernel's tun driver. An unprivileged user can exploit this vulnerability by setting the virtual network vnet header size to 24 bytes. This action causes the kernel to copy partially initialized stack memory to userspace when reading non-tunnel packets, leading to the...
CVE-2026-52940
In the Linux kernel, the following vulnerability has been resolved: tun: zero the whole vnet header in tunputuser tunputuser declares an on-stack struct virtionethdrv1hashtunnel without zeroing it. For a non-tunnel skb, virtionethdrtnlfromskb only initializes the first 10 bytes sizeofstruct...
UBUNTU-CVE-2026-52916
In the Linux kernel, the following vulnerability has been resolved: batman-adv: frag: disallow unicast fragment in fragment batadvfragskbbuffer is called by batadvbatmanskbrecv when a BATADVUNICASTFRAG packet is received. Once all fragments are collected and the packet is reassembled,...
EUVD-2026-38710
In the Linux kernel, the following vulnerability has been resolved: tun: zero the whole vnet header in tunputuser tunputuser declares an on-stack struct virtionethdrv1hashtunnel without zeroing it. For a non-tunnel skb, virtionethdrtnlfromskb only initializes the first 10 bytes sizeofstruct...
CVE-2026-52940
The CVE-2026-52940 issue affects the Linux kernel tun driver. tun_put_user() allocates an on‑stack virtio_net_hdr_v1_hash_tunnel without zeroing, while virtio_net_hdr_tnl_from_skb() only initializes the first 10 bytes for non‑tunnel SKBs. This allows an unprivileged user to set the vnet header to...
CVE-2026-52916
CVE-2026-52916 affects the Linux kernel’s BATMAN-adv frag handling. A crafted BATADV_UNICAST_FRAG packet can defragment into another BATADV_UNICAST_FRAG, causing unbounded recursion in batadv_batman_skb_recv() and leading to kernel stack exhaustion. The published description specifies that refrag...
PT-2026-51709
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the batman-adv module where the batadv frag skb buffer function is called by batadv batman skb recv upon receiving a BATADV UNICAST FRAG packet. After reassembling the...
Linux Distros Unpatched Vulnerability : CVE-2026-52940
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tun: zero the whole vnet header in tunputuser tunputuser declares an on-stack struct virtionethdrv1hashtunnel without zeroing it. For a non-tunnel skb,...
Linux Distros Unpatched Vulnerability : CVE-2026-52916
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batman-adv: frag: disallow unicast fragment in fragment batadvfragskbbuffer is called by batadvbatmanskbrecv when a BATADVUNICASTFRAG packet is received. Once a...
Linux Distros Unpatched Vulnerability : CVE-2026-52937
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tap: fix stack info leak in tapioctl SIOCGIFHWADDR In the SIOCGIFHWADDR path, tapioctl copies 16 bytes of an uninitialised on-stack struct sockaddrstorage to...
📄 OpenBSD mpls_do_error Stack Disclosure
OpenBSD suffers from an mplsdoerror remote kernel stack disclosure vulnerability via an MPLS label stack. ------------------------------------------------------------------------ OpenBSD mplsdoerror: Remote Kernel Stack Disclosure via MPLS Label Stack Over-read...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: powerpc/tm: Fixed corruption in user space r13. The commit cf13435b730a “powerpc/tm: Fixed corruption in user space r13” fixes a problem in treclaim, where a SLB miss can occur on threadstruct-ckpt regs, when SCRATCH0 is active a...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: RISCV: Kernel mappings of the EFI page table must be synchronized before switching to the EFI page table. The EFI page table is initially created as a copy of the kernel page table. When VMAPSTACK is enabled, kernel stacks are...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A flaw was discovered in the exFAT driver of the Linux kernel. The vulnerability resides in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long...
CVE-2026-56099
OpenBSD before commit 6a23123 2026-06-18 contains an out-of-bounds read vulnerability in the mplsdoerror function within sys/netmpls/mplsinput.c that allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack bit set...
CVE-2026-56099
OpenBSD before commit 6a23123 2026-06-18 contains an out-of-bounds read vulnerability in the mplsdoerror function within sys/netmpls/mplsinput.c that allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack bit set...