228 matches found
CVE-2026-23394
A flaw was found in the Linux kernel's afunix component. A race condition exists between the MSGPEEK operation and the garbage collection process. This can allow a local user to cause the garbage collector to incorrectly purge the receive queue of an alive socket, potentially leading to a denial ...
CVE-2026-23289
A flaw was found in the Linux kernel's IB/mthca component. A local user could exploit this vulnerability by triggering a system call failure path related to the mthcacreatesrq function. This oversight leads to a missed unmapping of user database resources, resulting in a resource leak...
EUVD-2026-15218
In the Linux kernel, the following vulnerability has been resolved: IB/mthca: Add missed mthcaunmapuserdb for mthcacreatesrq Fix a user triggerable leak on the system call failure path...
CVE-2026-23394
CVE-2026-23394 – af_unix GC race with MSG_PEEK (Linux kernel) : A race between MSG_PEEK and garbage collection can cause the GC to incorrectly GC dead sockets, since MSG_PEEK silently bumps a file refcount. The issue originates from a change in the current GC algorithm and the removal of the lock...
CVE-2026-23377 ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz
In the Linux kernel, the following vulnerability has been resolved: ice: change XDP RxQ fragsize from DMA write length to xdp.framesz The only user of fragsize field in XDP RxQ info is bpfxdpfragsincreasetail. It clearly expects whole buff size instead of DMA write size. Different assumptions in...
CVE-2026-23377
In the Linux kernel, the following vulnerability has been resolved: ice: change XDP RxQ fragsize from DMA write length to xdp.framesz The only user of fragsize field in XDP RxQ info is bpfxdpfragsincreasetail. It clearly expects whole buff size instead of DMA write size. Different assumptions in...
CVE-2026-23377
In the Linux kernel, the following vulnerability has been resolved: ice: change XDP RxQ fragsize from DMA write length to xdp.framesz The only user of fragsize field in XDP RxQ info is bpfxdpfragsincreasetail. It clearly expects whole buff size instead of DMA write size. Different assumptions in...
CVE-2026-23289
In the Linux kernel, the following vulnerability has been resolved: IB/mthca: Add missed mthcaunmapuserdb for mthcacreatesrq Fix a user triggerable leak on the system call failure path...
CVE-2026-23289 IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()
In the Linux kernel, the following vulnerability has been resolved: IB/mthca: Add missed mthcaunmapuserdb for mthcacreatesrq Fix a user triggerable leak on the system call failure path...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, caused by an incorrect configuration of the XDP RxQ fragsize field, which may lead to negative tail space...
PT-2026-36467
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the Linux kernel between the lec atm close function setting priv-lecd to NULL and concurrent access to priv-lecd within the send to lecd, lec handle bridge, an...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005442)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005442 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Return the firmware result upon destroying QP/RQ Previously when destroying a QP/RQ, t...
CVE-2026-23057
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Coalesce only linear skb vsock/virtio common tries to coalesce buffers in rx queue: if a linear skb with a spare tail room is followed by a small skb length limited by GOODCOPYLEN = 128, an attempt is made to join...
Azure Linux 3.0 Security Update: kernel (CVE-2024-36972)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-36972 advisory. - In the Linux kernel, the following vulnerability has been resolved: afunix: Update unixsksk-oobskb under...
CVE-2024-48077
NanoMQ v0.22.7 is vulnerable to Denial of Service DoS due to improper resource throttling. A crafted sequence of requests causes the recv-q queue to saturate, leading to the rapid exhaustion of system file descriptors FDs. This exhaustion triggers a process crash, rendering the broker unable to...
CVE-2024-48077
An issue in nanomq v0.22.7 allows attackers to cause a Denial of Service DoS via a crafted request. The number of data packets received in the recv-q queue of the Nanomq process continues to increase, causing the nanomq broker to fall into a deadlock and be unable to provide normal services...
CVE-2024-48077
NanoMQ v0.22.7 is vulnerable to Denial of Service DoS due to improper resource throttling. A crafted sequence of requests causes the recv-q queue to saturate, leading to the rapid exhaustion of system file descriptors FDs. This exhaustion triggers a process crash, rendering the broker unable to...
CVE-2024-48077
An issue in nanomq v0.22.7 allows attackers to cause a Denial of Service DoS via a crafted request. The number of data packets received in the recv-q queue of the Nanomq process continues to increase, causing the nanomq broker to fall into a deadlock and be unable to provide normal services...
kernel: i40e: add validation for ring_len param
A flaw was identified in the Intel “i40e” Ethernet driver in the Linux Kernel where the ringlen parameter supplied by a VF virtual function is passed unchecked to the hardware memory context. If a malicious Virtual function provides a too-large or misaligned ringlen, it may allow the device to...
PT-2026-6127
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the vsock/virtio subsystem related to buffer coalescing in the receive queue. Specifically, the code attempts to join a linear skb socket buffer...