kernel: Read root-owned files as an unprivileged user

A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...

RXSA-2025:4341 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: kobjectuevent: Fix OOB access within zapmodaliasenv CVE-2024-42292 kernel: ipvs: properly dereference pe in ipvsaddservice CVE-2024-42322 kernel: bonding: fix null pointer deref in...

RXSA-2026:13565 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Denial of Service in libceph OSD client due to unreset sparse-read state CVE-2026-23136 kernel: Linux kernel: Use-after-free in traffic control actct may lead to denial of...

CVE-2026-43499

A flaw was found in the Linux kernel. When the kernel's real-time mutex rtmutex component performs a specific operation called 'proxy-lock rollback' during futex requeue, it incorrectly handles task pointers. This can lead to a 'Use-After-Free' UAF vulnerability, where the system attempts to use...

CVE-2026-43498

A flaw was found in the Linux kernel's accel/ivpu module. This vulnerability allows for the re-exporting of imported Graphics Execution Manager GEM buffers. When these buffers are re-exported, it leads to a loss of their original flag settings, which can result in incorrect device access and...

CVE-2026-43497

A flaw was found in the Linux kernel's udlfb driver. This use-after-free vulnerability occurs because the dlfbopsmmap function does not properly track active memory mappings. When the framebuffer is reallocated, existing memory page table entries PTEs are not invalidated. This allows a local...

CVE-2026-43502

A flaw was found in the Linux kernel, specifically within the Remote Direct Memory Access RDMA subsystem's handling of zerocopy send operations. When a zerocopy send fails before the message is attached to the sending socket, the kernel may incorrectly clean up the associated memory. This can lea...

CVE-2026-43501

A flaw was found in the Linux kernel. A local attacker can exploit an out-of-bounds write vulnerability when the kernel recomputes an IPv6 Source Routing Header SRH. This issue occurs because insufficient headroom is reserved during the recompression process, leading to memory corruption...

cve-2026-poc-collection

CVE-2026 PoC Collection Report Collection date: May 19, 2...

CVE-2026-43496

A flaw was found in the Linux kernel's networking scheduler component. This vulnerability occurs when a specific queueing discipline qdisc configuration is used, where a parent qdisc attempts to retrieve a network packet from a child qdisc. An incorrect function call during this process can lead ...

CVE-2026-43495

A flaw was found in the Linux kernel, specifically within the net: wwan: t7xx module. A malicious modem could exploit this vulnerability by sending a specially crafted message with an invalid portcount value. This could lead to a slab-out-of-bounds read, potentially allowing an attacker to access...

CVE-2026-43494

A flaw was found in the Linux kernel, specifically within the net/rds module. When a zerocopy page pin operation fails, a counter used for memory management opnents is not correctly reset. This can result in a double-free vulnerability, where the same memory is released twice. A local attacker...

kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's XFRM ESP-in-TCP subsystem. Unsafe in-place cryptographic processing allows a low-privileged local attacker to write arbitrary bytes into the page cache of read-only files, including sensitive system files. An attacker can exploit this to overwrite privileged...

kernel: Read root-owned files as an unprivileged user

A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's XFRM ESP-in-TCP subsystem. Unsafe in-place cryptographic processing allows a low-privileged local attacker to write arbitrary bytes into the page cache of read-only files, including sensitive system files. An attacker can exploit this to overwrite privileged...

SUSE CVE-2022-50299

In the Linux kernel, the following vulnerability has been resolved: md: Replace snprintf with scnprintf Current code produces a warning as shown below when total characters in the constituent block device names plus the slashes exceeds 200. snprintf returns the number of characters generated from...

CVE-2026-43498

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Disallow re-exporting imported GEM objects Prevent re-exporting of imported GEM buffers by adding a custom primehandletofd callback that checks if the object is imported and returns -EOPNOTSUPP if so. Re-exporting...

CVE-2026-43499

In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in removewaiter removewaiter is used by the slowlock paths, but it is also used for proxy-lock rollback in rtmutexstartproxylock when invoked from futexrequeue. In the latter case...

CVE-2026-43502

In the Linux kernel, the following vulnerability has been resolved: net/rds: handle zerocopy send cleanup before the message is queued A zerocopy send can fail after user pages have been pinned but before the message is attached to the sending socket. The purge path currently infers zerocopy stat...