Lucene search
K

41 matches found

RedHat Linux
RedHat Linux
added 2026/05/06 6:51 p.m.4 views

kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache

A flaw was found in the Linux kernel's NFSv4.0 server nfsd. A remote, unauthenticated attacker can exploit this heap overflow vulnerability in the NFSv4.0 LOCK replay cache. By using two cooperating NFSv4.0 clients, where one sets a lock with a large owner string and another requests a conflictin...

9.8CVSS6.4AI score0.00197EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/05 5:58 a.m.16 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.8CVSS6.9AI score0.02194EPSS
Exploits227References6
OSV
OSV
added 2026/05/05 12:0 a.m.8 views

ALSA-2026:13577 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: nvme: avoid double free special payload CVE-2024-41073 kernel: net: qlogic/qede: fix potential out-of-bounds read in qedetpacont and qedetpaend CVE-2025-40252 kernel: crypto: asymmetricke...

9.8CVSS6.9AI score0.02194EPSS
Exploits227References13
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fixed a credential leak in nfs4discovertrunking...

5.7AI score0.00028EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/04/03 4:16 p.m.0 views

CVE-2026-31402

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache The NFSv4.0 replay cache uses a fixed 112-byte inline buffer rpibufNFSD4REPLAYISIZE to store encoded operation responses. This size was calculated based on OPEN responses and...

9.8CVSS5.8AI score0.00197EPSS
Exploits0References8
OSV
OSV
added 2026/04/03 4:16 p.m.1 views

UBUNTU-CVE-2026-31402

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache The NFSv4.0 replay cache uses a fixed 112-byte inline buffer rpibufNFSD4REPLAYISIZE to store encoded operation responses. This size was calculated based on OPEN responses and...

9.8CVSS5.9AI score0.00197EPSS
Exploits0References9
Amazon
Amazon
added 2026/03/27 12:0 a.m.7 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: pagepool: Fix use-after-free in pagepoolrecycleinring CVE-2025-38129 In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper CVE-2025-40110 In th...

7.8CVSS6.6AI score0.0009EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/02/25 8:8 a.m.3 views

kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid

A flaw null pointer dereference in the Linux kernel NFS functionality was found in the way client does some specific action for existing NFS connection. A client user could use this flaw to crash the server system...

5.8AI score0.00055EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.3 views

PT-2026-30185

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel’s Network File System daemon nfsd contained a heap overflow in the NFSv4.0 LOCK replay cache. The NFSv4.0 replay cache uses a fixed 112-byte inline buffer to store encod...

9.8CVSS6.4AI score0.00197EPSS
Exploits0References77
Tenable Nessus
Tenable Nessus
added 2026/02/16 12:0 a.m.5 views

Oracle Linux 10 : kernel (ELSA-2026-2721)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-2721 advisory. - nvme-tcp: fix NULL pointer dereferences in nvmettcpbuildpduiovec CKI Backport Bot RHEL-144335 CVE-2026-22998 - smc: Fix use-after-free in...

7.8CVSS5.9AI score0.00208EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.2 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001551)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001551 advisory. fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of...

6.5CVSS6.4AI score0.0019EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.2 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001293)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001293 advisory. The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service resource consumption by leveraging improper channel...

5.5CVSS6.6AI score0.0012EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.2 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002694)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002694 advisory. The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service resource consumption by leveraging improper channel...

5.5CVSS6.6AI score0.0012EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/01/13 3:29 p.m.4 views

CVE-2025-68803

In the Linux kernel, the following vulnerability has been resolved: NFSD: NFSv4 file creation neglects setting ACL An NFSv4 client that sets an ACL with a named principal during file creation retrieves the ACL afterwards, and finds that it is only a default ACL based on the mode bits and not the...

5.2AI score0.00068EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2025/12/30 12:15 p.m.18 views

CVE-2022-50853 NFSv4: Fix a credential leak in _nfs4_discover_trunking()

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a credential leak in nfs4discovertrunking...

0.00028EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2025/12/24 10:32 a.m.1 views

CVE-2025-68349

In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Clear NFSINOLAYOUTCOMMIT in pnfsmarklayoutstateidinvalid Fixes a crash when layout is null during this call stack: writeinode - nfs4writeinode - pnfslayoutcommitinode pnfssetlayoutcommit relies on the lseg refcount to...

5.2AI score0.00055EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2025/11/21 11:15 a.m.3 views

AZL-70660 CVE-2025-40210 affecting package kernel for versions less than 6.6.112-1

In the Linux kernel, the following vulnerability has been resolved: Revert "NFSD: Remove the cap on number of operations per NFSv4 COMPOUND" I've found that pynfs COMP6 now leaves the connection or lease in a strange state, which causes CLOSE9 to hang indefinitely. I've dug into it a little, but ...

5.6AI score0.0002EPSS
Exploits0References1
OSV
OSV
added 2025/11/21 10:21 a.m.5 views

CVE-2025-40210 Revert "NFSD: Remove the cap on number of operations per NFSv4 COMPOUND"

In the Linux kernel, the following vulnerability has been resolved: Revert "NFSD: Remove the cap on number of operations per NFSv4 COMPOUND" I've found that pynfs COMP6 now leaves the connection or lease in a strange state, which causes CLOSE9 to hang indefinitely. I've dug into it a little, but ...

6.3AI score0.0002EPSS
Exploits0References5
SUSE Linux
SUSE Linux
added 2025/10/20 8:7 a.m.3 views

Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024133 fixes several issues. The following security issues were fixed: CVE-2025-38678: netfilter: nftables: reject duplicate device on updates bsc1249534. CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns...

8.7CVSS7.3AI score0.00071EPSS
Exploits1References24
Positive Technologies
Positive Technologies
added 2025/10/08 12:0 a.m.3 views

PT-2025-41270

Name of the Vulnerable Software and Affected Versions Dell PowerScale OneFS versions prior to 9.12.0.0 Description The software contains an authorization bypass through a user-controlled key issue. A high privileged attacker with local access could potentially exploit this to gain unauthorized...

4.4CVSS6.2AI score0.00017EPSS
Exploits0References4
Rows per page
Query Builder