Lucene search
K

1049 matches found

CVE
CVE
added 2026/06/25 8:39 a.m.11 views

CVE-2026-53270

The CVE-2026-53270 issue affects the Linux kernel IP Virtual Server (IPVS). During ip_vs_edit_service(), unbinding the old scheduler did not clear the svc->scheduler pointer early enough, so packets could reference freed sched_data after the RCU grace period. The documented fix clears the poin...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/25 8:39 a.m.6 views

EUVD-2026-39221

In the Linux kernel, the following vulnerability has been resolved: ipvs: clear the svc scheduler ptr early on edit ipvseditservice while unbinding the old scheduler clears the svc-scheduler ptr after the scheduler module initiates RCU callbacks. This can cause packets to use the old scheduler at...

5.8AI score0.00129EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/25 8:39 a.m.6 views

EUVD-2026-39215

In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: use RCU with deferred freeing for action lifecycle When NEWTFILTER and DELFILTER are run concurrently it is possible to create a race with an associated action. Let's illustrate with CPU0 running NEWTFILTER and...

5.8AI score0.00129EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.4 views

CVE-2026-53264

In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: use RCU with deferred freeing for action lifecycle When NEWTFILTER and DELFILTER are run concurrently it is possible to create a race with an associated action. Let's illustrate with CPU0 running NEWTFILTER and...

7.8CVSS5.7AI score0.00129EPSS
Exploits0
CVE
CVE
added 2026/06/25 8:39 a.m.11 views

CVE-2026-53264

CVE-2026-53264 concerns the Linux kernel’s networking scheduler (net/sched) where a race between simultaneous NEWTFILTER and DELFILTER operations can lead to a use-after-free of an action. The provided description and patches state that final freeing of the action was incorrectly performed withou...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/25 8:39 a.m.27 views

CVE-2026-53264 net/sched: act_api: use RCU with deferred freeing for action lifecycle

In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: use RCU with deferred freeing for action lifecycle When NEWTFILTER and DELFILTER are run concurrently it is possible to create a race with an associated action. Let's illustrate with CPU0 running NEWTFILTER and...

7.8CVSS0.00129EPSS
Exploits0References8
CVE
CVE
added 2026/06/25 8:39 a.m.10 views

CVE-2026-53259

CVE-2026-53259 (Linux kernel) fixes a race in IPv6 anycast address management. The root cause was a window where inserting an aca into the global inet6_acaddr_lst[] and its hash could be separated from the teardown path (RTNL), causing the ac_addr to be freed while still linked, i.e., a slab-use-...

7.8CVSS5.7AI score0.00123EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 8:39 a.m.5 views

EUVD-2026-39203

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix memory leak in error path of hciallocdev Early failures in Bluetooth HCI UART configuration leak SRCU percpu memory. When device initialization fails before hciregisterdev completes, the HCIUNREGISTER flag is never...

5.7AI score0.00189EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/25 8:39 a.m.27 views

CVE-2026-53247 net: ethernet: mtk_eth_soc: Fix use-after-free in metadata dst teardown

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: Fix use-after-free in metadata dst teardown mtkfreedev calls metadatadstfree which frees the metadatadst with kfree immediately, bypassing the RCU grace period. In the RX path, skbdstsetnoref sets a...

9.8CVSS0.00507EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.3 views

CVE-2026-53247

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: Fix use-after-free in metadata dst teardown mtkfreedev calls metadatadstfree which frees the metadatadst with kfree immediately, bypassing the RCU grace period. In the RX path, skbdstsetnoref sets a...

5.7AI score0.00507EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/06/25 8:39 a.m.10 views

CVE-2026-53247

CVE-2026-53247: Linux kernel MTK ethernet driver (mtk_eth_soc) fix for use-after-free in metadata_dst teardown. mtk_free_dev() previously called metadata_dst_free() (kfree’d immediately, bypassing RCU). In RX, skb_dst_set_noref() kept non-refcounted pointers to metadata_dst; freed memory could ra...

9.8CVSS5.7AI score0.00507EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/25 8:38 a.m.29 views

CVE-2026-53157 net: phonet: free phonet_device after RCU grace period

In the Linux kernel, the following vulnerability has been resolved: net: phonet: free phonetdevice after RCU grace period phonetdevicedestroy removes a phonetdevice from the per-net device list with listdelrcu, but frees it immediately. RCU readers walking the same list can still hold a pointer t...

0.00173EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/25 8:38 a.m.5 views

EUVD-2026-39248

In the Linux kernel, the following vulnerability has been resolved: net: phonet: free phonetdevice after RCU grace period phonetdevicedestroy removes a phonetdevice from the per-net device list with listdelrcu, but frees it immediately. RCU readers walking the same list can still hold a pointer t...

5.7AI score0.00173EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 8:38 a.m.7 views

CVE-2026-53157

Summary of CVE-2026-53157 (Linux kernel, phonet): The vulnerability occurs in the phonet device teardown where phonet_device_destroy() removes the device from the per-net list with list_del_rcu(), but frees it immediately instead of after the RCU grace period. This allows RCU readers traversing t...

5.7AI score0.00173EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52342

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk eth soc: Fix use-after-free in metadata dst teardown mtk free dev calls metadata dst free which frees the metadata dst with kfree immediately, bypassing the RCU grace period. In the RX path, skb dst set noref...

9.8CVSS5.7AI score0.00507EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/24 6:32 p.m.5 views

EUVD-2026-38815

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix refcount saturation and potential UAF in qrtrportremove In qrtrportremove, the socket reference count is decremented via sockput before the port is removed from the qrtrports XArray and before the RCU grace period...

5.7AI score0.00135EPSS
Exploits0References9
NVD
NVD
added 2026/06/24 5:17 p.m.10 views

CVE-2026-53128

In the Linux kernel, the following vulnerability has been resolved: drbd: Balance RCU calls in drbdadmdumpdevices Make drbdadmdumpdevices call rcureadlock before rcureadunlock is called. This has been detected by the Clang thread-safety analyzer...

0.0018EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 5:17 p.m.10 views

CVE-2026-53096

In the Linux kernel, the following vulnerability has been resolved: bpf: Use RCU-safe iteration in devmapredirectmulti SKB path The DEVMAPHASH branch in devmapredirectmulti uses hlistforeachentrysafe to iterate hash buckets, but this function runs under RCU protection called from...

7.8CVSS0.00132EPSS
Exploits0References7
NVD
NVD
added 2026/06/24 5:17 p.m.5 views

CVE-2026-52975

In the Linux kernel, the following vulnerability has been resolved: bonding: 3ad: implement proper RCU rules for port-aggregator syzbot found a data-race in bond3adgetactiveagginfo / bond3adstatemachinehandler 1 which hints at lack of proper RCU implementation. Add rcu qualifier to port-aggregato...

7.8CVSS0.00138EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/24 4:30 p.m.4 views

EUVD-2026-38996

In the Linux kernel, the following vulnerability has been resolved: drbd: Balance RCU calls in drbdadmdumpdevices Make drbdadmdumpdevices call rcureadlock before rcureadunlock is called. This has been detected by the Clang thread-safety analyzer...

5.7AI score0.0018EPSS
Exploits0References8
Rows per page
Query Builder