Lucene search
K

71 matches found

Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-10660 Shared reassembly buffer in Bluetooth BAP Broadcast Assistant enables cross-connection memory corruption

The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bapbroadcastassistant.c reassembled remote Broadcast Receive State data into a single file-static netbufsimple attbuf, BTATTMAXATTRIBUTELEN = 512 bytes shared by all connection instances, while the BUSY flag, long-read...

6.4CVSS0.00159EPSS
Exploits0References2
OSV
OSV
added 3 days ago3 views

CVE-2026-10660 Shared reassembly buffer in Bluetooth BAP Broadcast Assistant enables cross-connection memory corruption

The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bapbroadcastassistant.c reassembled remote Broadcast Receive State data into a single file-static netbufsimple attbuf, BTATTMAXATTRIBUTELEN = 512 bytes shared by all connection instances, while the BUSY flag, long-read...

6.4CVSS6.2AI score0.00159EPSS
Exploits0References5
NVD
NVD
added 5 days ago5 views

CVE-2025-58151

varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The...

9.4CVSS0.0012EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago6 views

EUVD-2025-210447

varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The...

9.4CVSS6.2AI score0.0012EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.12 views

PT-2026-55986

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption occurs when processing multiple IOCTL Input/Output Control calls that use the same buffer file descriptor input. This issue is caused by a...

7.8CVSS6.1AI score0.00064EPSS
Exploits0References3
CVE
CVE
added 2026/07/04 11:53 a.m.34 views

CVE-2026-53360

The CVE affects the Linux kernel KVM-SEV/SNP path: when GHCB v2+ is in use, an OOB/heap-privacy flaw arises because end_entry is validated only against VMGEXIT_PSC_MAX_COUNT (253) instead of the actual buffer size, allowing a guest to read/write adjacent kmalloc-cg-32 objects via VMGEXITs. This c...

6AI score0.00267EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/28 12:57 a.m.12 views

CVE-2026-45929

A flaw was found in the Linux kernel's ovpn module. A use-after-free vulnerability exists in the ovpnnetxmit function where a freed skb socket buffer pointer can be used for subsequent operations. This can occur when skbsharecheck frees the original skb if it is shared, leading to a stale pointer...

7.8CVSS5.8AI score0.00157EPSS
Exploits0References4
CVE
CVE
added 2026/05/27 12:55 p.m.22 views

CVE-2026-46000

CVE-2026-46000 in the Linux kernel: rxrpc vulnerability where security checks decrypt bits of a packet in place while the skb may be shared with a packet sniffer, potentially exposing a decrypted (apparently corrupted) packet. The fix: when a packet was cloned, the kernel now hands a copy of the ...

5.5CVSS5.8AI score0.00159EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/16 7:4 a.m.5 views

SUSE-SU-2026:1877-1 Security update for the Linux Kernel (Live Patch 35 for SUSE Linux Enterprise 15 SP5)

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.136 fixes one security issue The following security issue was fixed: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags bsc1264459...

8.8CVSS6.1AI score0.93235EPSS
Exploits31References3
Oracle linux
Oracle linux
added 2026/05/09 12:0 a.m.25 views

Unbreakable Enterprise kernel security update: Dirty Frag

5.4.17-2136.354.4.3 - xfrm: esp: avoid in-place decrypt on shared skb frags Kuan-Ting Chen Orabug: 39342682 CVE-2026-43284...

8.8CVSS6AI score0.93235EPSS
Exploits31
Amazon
Amazon
added 2026/05/09 12:0 a.m.21 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: add seqadj extension for natted connections CVE-2025-68206 In the Linux kernel, the following vulnerability has been resolved: netfilter: xtIDLETIMER: reject rev0 reuse of ALARM timer labels...

9.8CVSS6AI score0.00514EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/03/04 1:56 a.m.6 views

CVE-2025-47386

Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs...

7.8CVSS6AI score0.00071EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/04 1:56 a.m.5 views

CVE-2025-47379

Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources...

7.8CVSS6AI score0.00071EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/04 1:56 a.m.4 views

CVE-2025-47376

Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls...

7.8CVSS6AI score0.00071EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/04 1:56 a.m.5 views

CVE-2025-47381

Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs...

7.8CVSS6AI score0.00071EPSS
Exploits0References1
NVD
NVD
added 2026/03/02 5:16 p.m.5 views

CVE-2025-47386

Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs...

7.8CVSS0.00071EPSS
Exploits0References1
NVD
NVD
added 2026/03/02 5:16 p.m.10 views

CVE-2025-47381

Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs...

7.8CVSS0.00071EPSS
Exploits0References1
NVD
NVD
added 2026/03/02 5:16 p.m.6 views

CVE-2025-47379

Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources...

7.8CVSS0.00071EPSS
Exploits0References1
NVD
NVD
added 2026/03/02 5:16 p.m.4 views

CVE-2025-47376

Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls...

7.8CVSS0.00071EPSS
Exploits0References1
CVE
CVE
added 2026/03/02 4:53 p.m.17 views

CVE-2025-47386

CVE-2025-47386 affects automotive audio (per CVE listing) with memory corruption arising during IOCTL handling under concurrent access to a shared buffer. The connected CVE record notes a Use After Free root cause. Exploitation details are not provided in the available documents. No explicit reme...

7.8CVSS6AI score0.00071EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder