Lucene search
K

2592 matches found

Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.18 views

PT-2026-44233

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference can occur in the stmmac driver when RX memory is exhausted. The driver uses a shared ring array of DMA descriptors to coordinate between the CPU and MAC. The...

7.5CVSS5.9AI score0.005EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.15 views

PT-2026-47181

Albatross-console doesn't properly terminate when looping over the ringbuffer. This leads to denial of service and memory exhaustion. Scenario A user that has access to albatross-console either via the unix domain socket requires root:albatross by default or via albatross-tls-endpoint requires a...

7.1CVSS5.7AI score
Exploits0References2
EUVD
EUVD
added 2026/05/27 3:33 p.m.11 views

EUVD-2026-32291

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix userstruct uaf iofreerbufring usees a struct userstruct, which iozcrxifqfree puts it down before destroying the ring...

5.8AI score0.0012EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 2:17 p.m.12 views

CVE-2026-45995

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix userstruct uaf iofreerbufring usees a struct userstruct, which iozcrxifqfree puts it down before destroying the ring...

7.8CVSS0.0012EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 2:17 p.m.12 views

CVE-2026-45891

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix double free issue for tx spare buffer In hns3setringparam, a temporary copy tmprings of the ring structure is created for rollback. However, the txspare pointer in the original ring handle is incorrectly left...

7.8CVSS0.00129EPSS
Exploits0References7
OSV
OSV
added 2026/05/27 2:17 p.m.5 views

UBUNTU-CVE-2026-45891

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix double free issue for tx spare buffer In hns3setringparam, a temporary copy tmprings of the ring structure is created for rollback. However, the txspare pointer in the original ring handle is incorrectly left...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/27 12:55 p.m.45 views

CVE-2026-45995 io_uring/zcrx: fix user_struct uaf

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix userstruct uaf iofreerbufring usees a struct userstruct, which iozcrxifqfree puts it down before destroying the ring...

0.0012EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 12:17 p.m.40 views

CVE-2026-45891 net: hns3: fix double free issue for tx spare buffer

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix double free issue for tx spare buffer In hns3setringparam, a temporary copy tmprings of the ring structure is created for rollback. However, the txspare pointer in the original ring handle is incorrectly left...

0.00129EPSS
Exploits0References7
CVE
CVE
added 2026/05/27 12:17 p.m.23 views

CVE-2026-45891

CVE-2026-45891: Linux kernel hns3 driver double-free vulnerability. Root cause: in hns3_set_ringparam(), a temporary copy (tmp_rings) is used for rollback, but the tx_spare pointer in the original ring isn’t cleared after backup, leading to a stale non-NULL tx_spare. If allocation fails during hn...

7.8CVSS5.9AI score0.00129EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.19 views

PT-2026-43862

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the io uring/zcrx component. The function io free rbuf ring utilizes a struct user struct, but io zcrx ifq free releases this structure before the ring i...

7.8CVSS6AI score0.0012EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the iofreerbufring function in iouring zcrx. This function releases user structures before...

5.8AI score0.0012EPSS
Exploits0References2
Amazon
Amazon
added 2026/05/26 12:0 a.m.15 views

Important: kernel-livepatch-6.12.80-106.156

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails CVE-2026-43494 Affected Packages: kernel-livepatch-6.12.80-106.156 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

7.8CVSS5.2AI score0.00269EPSS
Exploits3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: igc: Fixed use-after-free errors during reset. The next descriptor to be watched nexttowatch is cleared when cleaning the TX ring. Failure to do this can lead to invalid memory accesses. If igcpoll runs while the controller is...

7.8CVSS6.3AI score0.00227EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: enetc: avoid buffer leaks on xdpdoredirect failure Before enetccleanrxringxdp calls xdpdoredirect, each software BD in the RX ring between index origi and i can have one of two refcount values on its page. We are the current...

5.5CVSS5.9AI score0.00154EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: i40e: Fixed DMA mapping leaks During the reallocation of RX buffers, new DMA mappings are created for those buffers. Reproduction steps: While doing the following: Do For i=0; i=8160; i=i+32 Do ethtool -G enp130s0f0 rx $i tx $...

6AI score0.00214EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: iouring: Fixed a null-ptr-deref in iotctxexitcb. Syzkaller reports a NULL deref bug as follows: BUG: KASAN: null-ptr-deref in iotctxexitcb+0x53/0xd3 Read of size 4 at address 0000000000000138 by task file1/1955 CPU: 1 PID: 195...

5.5CVSS6.2AI score0.00259EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Revert “xsk: Support redirecting to any socket bound to the same umem”. This change is reflected in commit 2863d665ea41282379f108e4da6c8a2366ba66db. This patch introduced a potential kernel crash when multiple NAPI instances...

4.7CVSS6.1AI score0.00138EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: xhci: sideband: do not dereference a freed ring when removing a sideband endpoint. xhcisidebandremoveendpoint incorrectly assumes that the endpoint is running and has a valid transfer ring. Lianqin reported a crash during...

5.5CVSS5.8AI score0.00135EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Ring Buffer: Check for NULL cpubuffer in ringbufferwakewaiters On some machines, the number of listed CPUs may be larger than the actual CPUs that exist. The tracing subsystem allocates a per-CPU directory with access to the...

5.5CVSS6.3AI score0.00164EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Ring-Buffer: Sync-IRQ works before the buffer is destroyed. If something was written to the buffer just before its destruction, it may be possible—though not in a real system—to destroy the ringbuffer before the IRQ-related...

7.8CVSS6AI score0.00153EPSS
Exploits0References1
Rows per page
Query Builder