Lucene search
K

24002 matches found

NVD
NVD
added 2026/04/24 3:16 p.m.5 views

CVE-2026-31552

In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom Since upstream commit e75665dd0968 "wifi: wlcore: ensure skb headroom before skbpush", wl1271txallocate and with it wl1271preparetxframe returns...

7.5CVSS0.00501EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/04/24 2:44 p.m.4 views

CVE-2026-31640

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial In rxrpcpostresponse, the code should be comparing the challenge serial number from the cached response before deciding to switch to a newer response, but...

5.5AI score0.00426EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/24 2:44 p.m.31 views

CVE-2026-31640 rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial In rxrpcpostresponse, the code should be comparing the challenge serial number from the cached response before deciding to switch to a newer response, but...

7.5CVSS0.00426EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/24 2:44 p.m.4 views

EUVD-2026-25533

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial In rxrpcpostresponse, the code should be comparing the challenge serial number from the cached response before deciding to switch to a newer response, but...

5.5AI score0.00426EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/04/24 2:44 p.m.4 views

CVE-2026-31640

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial In rxrpcpostresponse, the code should be comparing the challenge serial number from the cached response before deciding to switch to a newer response, but...

7.5CVSS5.4AI score0.00426EPSS
Exploits0
CVE
CVE
added 2026/04/24 2:44 p.m.18 views

CVE-2026-31640

CVE-2026-31640 affects the Linux kernel rxrpc component. The issue occurs in rxrpc_post_response() where the code compares the challenge serial number using the newer packet private data instead of the cached/older response, causing the comparison to always be false and potentially preventing the...

7.5CVSS5.5AI score0.00426EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/24 2:44 p.m.29 views

CVE-2026-31638 rxrpc: Only put the call ref if one was acquired

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Only put the call ref if one was acquired rxrpcinputpacketonconn can process a to-client packet after the current client call on the channel has already been torn down. In that case chan-call is NULL, rxrpctrygetcall retur...

7.5CVSS0.00441EPSS
Exploits0References5
CVE
CVE
added 2026/04/24 2:44 p.m.17 views

CVE-2026-31638

The CVE-2026-31638 issue affects the Linux kernel rxrpc subsystem. When a client call on a channel has already been torn down, rxrpc_input_packet_on_conn() could still process a to-client packet; rxrpc_try_get_call() could return NULL and there would be no reference to drop. The code path then un...

7.5CVSS5.4AI score0.00441EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/24 2:44 p.m.2 views

CVE-2026-31635

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix oversized RESPONSE authenticator length check rxgkverifyresponse decodes authlen from the packet and is supposed to verify that it fits in the remaining bytes. The existing check is inverted, so oversized RESPONSE...

5.4AI score0.00817EPSS
Exploits4References4Affected Software1
Cvelist
Cvelist
added 2026/04/24 2:44 p.m.37 views

CVE-2026-31635 rxrpc: fix oversized RESPONSE authenticator length check

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix oversized RESPONSE authenticator length check rxgkverifyresponse decodes authlen from the packet and is supposed to verify that it fits in the remaining bytes. The existing check is inverted, so oversized RESPONSE...

7.5CVSS0.00817EPSS
Exploits4References3
Debian CVE
Debian CVE
added 2026/04/24 2:44 p.m.5 views

CVE-2026-31635

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix oversized RESPONSE authenticator length check rxgkverifyresponse decodes authlen from the packet and is supposed to verify that it fits in the remaining bytes. The existing check is inverted, so oversized RESPONSE...

7.5CVSS5.2AI score0.00817EPSS
Exploits4
EUVD
EUVD
added 2026/04/24 2:44 p.m.7 views

EUVD-2026-25526

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix integer overflow in rxgkverifyresponse In rxgkverifyresponse, there's a potential integer overflow due to rounding up tokenlen before checking it, thereby allowing the length check to be bypassed. Fix this by checking...

5.4AI score0.00469EPSS
Exploits0References3
CVE
CVE
added 2026/04/24 2:44 p.m.17 views

CVE-2026-31633

In the Linux kernel rxrpc subsystem, CVE-2026-31633 is addressed by fixing an integer overflow in rxgk_verify_response(). The bug arises when token_len is rounded up before the length check, allowing the check to be bypassed. The patch ensures the unrounded token_len is also compared against len,...

9.8CVSS5.4AI score0.00469EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/24 2:44 p.m.33 views

CVE-2026-31633 rxrpc: Fix integer overflow in rxgk_verify_response()

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix integer overflow in rxgkverifyresponse In rxgkverifyresponse, there's a potential integer overflow due to rounding up tokenlen before checking it, thereby allowing the length check to be bypassed. Fix this by checking...

9.8CVSS0.00469EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/04/24 2:44 p.m.8 views

CVE-2026-31633

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix integer overflow in rxgkverifyresponse In rxgkverifyresponse, there's a potential integer overflow due to rounding up tokenlen before checking it, thereby allowing the length check to be bypassed. Fix this by checking...

9.8CVSS5.2AI score0.00469EPSS
Exploits0
EUVD
EUVD
added 2026/04/24 2:42 p.m.6 views

EUVD-2026-25516

In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc-phonet: fix skb frags overflow in rxcomplete A malicious USB device claiming to be a CDC Phonet modem can overflow the skbsharedinfo-frags array by sending an unbounded sequence of full-page bulk transfers. Drop the...

5.3AI score0.00125EPSS
Exploits0References4
CVE
CVE
added 2026/04/24 2:33 p.m.14 views

CVE-2026-31552

CVE-2026-31552 affects the Linux kernel wlcore wifi path. A memory-allocation failure in wl1271_tx_allocate()/wl1271_prepare_tx_frame() could yield -EAGAIN and be misinterpreted by wlcore_tx_work_locked() as a full aggregation buffer, causing a retry loop under wl->mutex with GFP_ATOMIC. This ...

7.5CVSS5.7AI score0.00501EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/04/24 2:25 p.m.6 views

SUSE-SU-2026:1618-1 Security update for dnsdist

This update for dnsdist fixes the following issues: Update to version 1.9.12. - https://www.dnsdist.org/changelog.htmlchange-1.9.12 Security issues fixed: - CVE-2026-0396: crafted DNS queries triggering domain-based dynamic rules can lead to HTML injection in the web dashboard bsc1261236. -...

8.2CVSS5.6AI score0.01028EPSS
Exploits0References15
Cvelist
Cvelist
added 2026/04/24 12:25 p.m.28 views

CVE-2026-5265 Ovn: ovn: heap over-read in icmp error response generation

When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...

6.5CVSS0.00629EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/04/24 12:25 p.m.4 views

CVE-2026-5265

When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...

6.5CVSS5.6AI score0.00629EPSS
Exploits0References12
Rows per page
Query Builder