Lucene search
+L

17 matches found

nessus
nessus
added 2026/04/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-23475

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves ...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References3
susecve
susecve
added 2026/04/03 11:26 p.m.6 views

SUSE CVE-2026-31389

In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free of...

4.1CVSS5.7AI score0.00117EPSS
Exploits0References16
redhatcve
redhatcve
added 2026/04/03 6:9 p.m.3 views

CVE-2026-23475

A flaw was found in the Linux kernel's Serial Peripheral Interface SPI component. The system's per-CPU statistics for the SPI controller were not allocated until after the controller was registered. This created a window where a local user or process could access system files sysfs attributes...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References4
nvd
nvd
added 2026/04/03 4:16 p.m.4 views

CVE-2026-31389

In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free of...

7.8CVSS0.00117EPSS
Exploits0References8
ubuntucve
ubuntucve
added 2026/04/03 4:16 p.m.6 views

CVE-2026-31389

In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free of...

7.8CVSS5.7AI score0.00117EPSS
Exploits0References8
ubuntucve
ubuntucve
added 2026/04/03 4:16 p.m.4 views

CVE-2026-23475

In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References8
osv
osv
added 2026/04/03 4:16 p.m.8 views

UBUNTU-CVE-2026-23459

In the Linux kernel, the following vulnerability has been resolved: iptunnel: adapt iptunnelxmitstats to NETDEVPCPUSTATDSTATS Blamed commits forgot that vxlan/geneve use udptunnel6xmitskb which call iptunnelxmitstats. iptunnelxmitstats was assuming tunnels were only using NETDEVPCPUSTATTSTATS...

8.2CVSS5.7AI score0.00299EPSS
Exploits0References5
cve
cve
added 2026/04/03 3:15 p.m.22 views

CVE-2026-31389

CVE-2026-31389 affects the Linux kernel SPI subsystem. The vulnerability is a use-after-free that can occur during controller registration if per-CPU statistics allocation fails, potentially leading to access of freed driver resources and unclocked register accesses. The issue is mitigated by a p...

7.8CVSS5.7AI score0.00117EPSS
Exploits0References8Affected Software1
attackerkb
attackerkb
added 2026/04/03 3:15 p.m.2 views

CVE-2026-31389

In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free of...

5.7AI score0.00117EPSS
Exploits0References7Affected Software1
osv
osv
added 2026/04/03 3:15 p.m.2 views

CVE-2026-23475 spi: fix statistics allocation

In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References11
cve
cve
added 2026/04/03 3:15 p.m.17 views

CVE-2026-23475

CVE-2026-23475 affects the Linux kernel SPI subsystem. The issue was a NULL pointer dereference window in per‑CPU controller statistics: stats were allocated only after controller registration with driver core, so early sysfs access could dereference NULL. The fix moves statistics allocation to t...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References8Affected Software1
attackerkb
attackerkb
added 2026/04/03 3:15 p.m.3 views

CVE-2026-23475

In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a...

5.7AI score0.00123EPSS
Exploits0References7Affected Software1
cvelist
cvelist
added 2026/04/03 3:15 p.m.24 views

CVE-2026-23475 spi: fix statistics allocation

In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a...

0.00123EPSS
Exploits0References6
osv
osv
added 2026/04/03 3:15 p.m.2 views

CVE-2026-23459 ip_tunnel: adapt iptunnel_xmit_stats() to NETDEV_PCPU_STAT_DSTATS

In the Linux kernel, the following vulnerability has been resolved: iptunnel: adapt iptunnelxmitstats to NETDEVPCPUSTATDSTATS Blamed commits forgot that vxlan/geneve use udptunnel6xmitskb which call iptunnelxmitstats. iptunnelxmitstats was assuming tunnels were only using NETDEVPCPUSTATTSTATS...

8.2CVSS6.6AI score0.00299EPSS
Exploits0References5
cve
cve
added 2026/04/03 3:15 p.m.14 views

CVE-2026-23459

The CVE-2026-23459 issue affects the Linux kernel IP tunnel code, specifically iptunnel_xmit_stats(). The bug arose because the function assumed tunnels used NETDEV_PCPU_STAT_TSTATS, while vxlan/geneve tunnels call udp_tunnel[6]_xmit_skb() and read NETDEV_PCPU_STAT_DSTATS, creating potential data...

8.2CVSS5.8AI score0.00299EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2026/04/03 12:0 a.m.17 views

PT-2026-30169

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a flaw where controller per-cpu statistics were not allocated until after the controller was registered, creating a window where accessing sysfs attributes cou...

9.8CVSS6.1AI score0.00459EPSS
Exploits0References493
ubuntucve
ubuntucve
added 2026/03/20 12:0 a.m.9 views

CVE-2026-23277

In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: fix NULL pointer dereference in iptunnelxmit on TEQL slave xmit teqlmasterxmit calls netdevstartxmitskb, slave to transmit through slave devices, but does not update skb-dev to the slave device beforehand. When a...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References4
Rows per page
Query Builder