91 matches found
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an issue with TOCTOU function calls in the rustbinder module. This vulnerability could allow the...
PT-2026-39094
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Time-of-Check to Time-of-Use TOCTOU issue exists in the rust binder component. When a transaction is sent, the offsets array is copied into the target process's virtual memory area VMA...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, caused by an error in the execution order of the one-way garbage detection logic in rustbinder, as well as the...
SUSE CVE-2026-23400
In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...
CVE-2026-23400
A flaw was found in the Linux kernel's rustbinder component. A local user could potentially trigger a deadlock condition. This occurs when the setnotificationdone function is called while the proc lock is already held and the current thread is not a 'looper' a thread designed to handle specific...
EUVD-2026-16993
In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...
CVE-2026-23400
In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...
UBUNTU-CVE-2026-23400
In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...
CVE-2026-23400
In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...
CVE-2026-23400 rust_binder: call set_notification_done() without proc lock
In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...
CVE-2026-23400
Summary of CVE-2026-23400 : In the Linux kernel, the rust_binder component is affected by a deadlock risk when processing death notifications. The root cause is calling set_notification_done() while the process lock (proc lock) is still held and the current thread is not a looper, which can cause...
CVE-2026-23400 rust_binder: call set_notification_done() without proc lock
In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...
CVE-2026-23400
In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...
Linux Distros Unpatched Vulnerability : CVE-2026-23400
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from rustbinder calling setnotificationdone when holding the proc lock, potentially leading to a...
SUSE CVE-2026-23194
In the Linux kernel, the following vulnerability has been resolved: rustbinder: correctly handle FDA objects of length zero Fix a bug where an empty FDA fd array object with 0 fds would cause an out-of-bounds error. The previous implementation used skip == 0 to mean "this is a pointer fixup", but...
CVE-2026-23194
In the Linux kernel, the following vulnerability has been resolved: rustbinder: correctly handle FDA objects of length zero Fix a bug where an empty FDA fd array object with 0 fds would cause an out-of-bounds error. The previous implementation used skip == 0 to mean "this is a pointer fixup", but...
CVE-2026-23194
In the Linux kernel, the following vulnerability has been resolved: rustbinder: correctly handle FDA objects of length zero Fix a bug where an empty FDA fd array object with 0 fds would cause an out-of-bounds error. The previous implementation used skip == 0 to mean "this is a pointer fixup", but...
UBUNTU-CVE-2026-23194
In the Linux kernel, the following vulnerability has been resolved: rustbinder: correctly handle FDA objects of length zero Fix a bug where an empty FDA fd array object with 0 fds would cause an out-of-bounds error. The previous implementation used skip == 0 to mean "this is a pointer fixup", but...
CVE-2026-23194
In the Linux kernel, the following vulnerability has been resolved: rustbinder: correctly handle FDA objects of length zero Fix a bug where an empty FDA fd array object with 0 fds would cause an out-of-bounds error. The previous implementation used skip == 0 to mean "this is a pointer fixup", but...