1252 matches found
Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50280)
The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50280 advisory. - ptrace: slightly saner 'getdumpable' logic Linus Torvalds Orabug: 39391447 CVE-2026-46333 - nfsd: fix heap overflow in NFSv4.0 LOCK replay cache Jeff...
CVE-2026-45253
ptracePTSCREMOTE failed to properly validate parameters for the syscall2 and syscall2 meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges. The missing validation allows ...
CVE-2026-45253
ptracePTSCREMOTE failed to properly validate parameters for the syscall2 and syscall2 meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges. The missing validation allows ...
CVE-2026-45253
CVE-2026-45253 describes a missing validation in ptrace(PT_SC_REMOTE) related to syscall(2) and __syscall(2) meta-system calls. The issue allows an unprivileged local user who can debug a process to trigger arbitrary code execution in the kernel, potentially gaining full control of the affected s...
EUVD-2026-31257
ptracePTSCREMOTE failed to properly validate parameters for the syscall2 and syscall2 meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges. The missing validation allows ...
CVE-2026-45253 Missing validation in ptrace(PT_SC_REMOTE)
ptracePTSCREMOTE failed to properly validate parameters for the syscall2 and syscall2 meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges. The missing validation allows ...
9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 CVSS score: 5.5, is a case of improper privilege management that could permit an unprivileged local user to disclose...
TencentOS Server 4: kernel (TSSA-2026:0334)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0334 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
FreeBSD 缓冲区错误漏洞
FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. FreeBSD has a buffer error vulnerability, which stems from ptracePTSCREMOTE failing to properly validate the parameters of syscall2 and syscall2 system calls. This vulnerability may allow users with debugging capabilitie...
PT-2026-42400
Notice FreeBSD-EN-26:13.freebsd-update Advisories FreeBSD-SA-26:18.setcred Stack buffer overflow via setcred2 CVE Record: CVE-2026-45250 FreeBSD-SA-26:19.file Kernel use-after-free via file descriptor syscalls CVE Record: CVE-2026-45251 FreeBSD-SA-26:20.fusefs Heap overflow in FUSE LISTXATTR CVE...
PT-2026-42402
In the case of the cap net service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected. In certain scenarios, an application that had previously restricted a subset of network operations could ask for a new limi...
PT-2026-42403
Name of the Vulnerable Software and Affected Versions FreeBSD bsdinstall/bsdconfig affected versions not specified Description When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they use a shell script to build a list of network names and prompt the user for selection vi...
PT-2026-42399
Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A use-after-free issue exists where a file descriptor can be closed while a thread is blocked in a poll2 or select2 call waiting for that descriptor. Since the blocked thread does not ho...
PT-2026-42397
Name of the Vulnerable Software and Affected Versions FreeBSD libcasper3 affected versions not specified Description libcasper3 communicates with helper processes via UNIX domain sockets and utilizes the select2 system call to wait for available data. The software fails to verify if the socket...
FreeBSD : FreeBSD -- Missing validation in ptrace(PT_SC_REMOTE) (6c96da5e-54b6-11f1-8d7a-bc241121aa0a)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6c96da5e-54b6-11f1-8d7a-bc241121aa0a advisory. ptracePTSCREMOTE failed to properly validate parameters for the syscall2 and syscall2 meta-system calls...
MiracleLinux 9 : kernel-5.14.0-611.54.6.el9_7 (AXSA:2026-692:35)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-692:35 advisory. kernel: net: skbuff: propagate shared-frag marker through frag-transfer helpers CVE-2026-46300 kernel: ptrace: require CAPSYSPTRACE when task has no ...
CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path
The Qualys Threat Research Unit TRU has discovered and published the full advisory for CVE-2026-46333, a logic flaw in the Linux kernel's ptracemayaccess function that permits an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of...
Advisory ROSA-SA-2026-3289
software: kernel-6.1 6.1.152 OS: ROSA-CHROME unaffected versions = kernel-6.1-6.1.1.152-4 affected versions data.opnents field during buffer management. By exploiting the RDS TCP transport SORDSTRANSPORT=2 in conjunction with iouring, a local unprivileged attacker can cause memory corruption and...
Advisory ROSA-SA-2026-3290
software: kernel-5.15 5.15.193 WASP: ROSA-CHROME unaffected versions = kernel-5.15-5.15.193-6 affected versions data.opnents field during buffer management. By exploiting the RDS TCP transport SORDSTRANSPORT=2 in conjunction with iouring, a local unprivileged attacker can cause memory corruption...
Advisory ROSA-SA-2026-3288
software: kernel-6.6 6.6.126 WASP: ROSA-CHROME unaffected versions = kernel-6.6-6.6.6.126-6 affected versions data.opnents field during buffer management. By exploiting the RDS TCP transport SORDSTRANSPORT=2 in conjunction with iouring, a local unprivileged attacker can cause memory corruption an...