Lucene search
K

1343 matches found

EUVD
EUVD
added 2026/06/09 12:11 p.m.13 views

EUVD-2026-35413

In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skbgroreceive can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFLMANAGEDFRAGREFS flag. When SKBFLMANAGEDFRAGREFS is set, the...

5.4AI score0.00137EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/09 12:11 p.m.35 views

CVE-2026-46320 tap: free page on error paths in tap_get_user_xdp()

In the Linux kernel, the following vulnerability has been resolved: tap: free page on error paths in tapgetuserxdp tapgetuserxdp rejects a frame shorter than ETHHLEN with -EINVAL, and returns -ENOMEM when buildskb fails. Both paths jump to the err label without freeing the page that...

7.4CVSS0.00235EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/06/09 2:21 a.m.12 views

SUSE CVE-2026-46275

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciuart: fix UAFs and race conditions in close and init paths Vulnerabilities leading to Use-After-Free UAF and Null Pointer Dereference NPD conditions were observed in the lifecycle management of hciuart. The primary...

5.5CVSS5.4AI score0.00185EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.13 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the tapgetuserxdp function failing when short frames are rejected or the buildskb function fails,...

7.4CVSS5.3AI score0.00235EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/08 3:27 a.m.26 views

kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

A flaw was found in the Linux kernel's IPv6 tunnel implementation. A remote attacker could exploit this flaw by sending malicious ICMPv6 error messages to cause a stack-based buffer overflow in the kernel's IPv4-over-IPv6 tunnel error handling code. This could result in a kernel crash denial of...

9.8CVSS6.4AI score0.00563EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/04 10:8 p.m.3 views

kernel: net: skbuff: propagate shared-frag marker through frag-transfer helpers

A flaw was found in the Linux kernel's networking skbuff component. When skbtrycoalesce attaches paged fragments, it can lose the SKBFLSHAREDFRAG marker. This can lead to the Encapsulating Security Payload ESP input decrypting data in place over page-cache backed fragments, potentially resulting ...

8.8CVSS6.4AI score0.00135EPSS
Exploits7References6
RedHat Linux
RedHat Linux
added 2026/06/04 10:49 a.m.10 views

kernel: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach()

A flaw was found in the Linux kernel's IPv6 ICMP error generation. A remote attacker could send a specially crafted IPv4 ICMP error packet with a Common Internet Protocol Security Option CIPSO IP option. This could lead to incorrect handling of packet control block data when generating an IPv6 IC...

9.8CVSS5.8AI score0.00255EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/03 7:37 p.m.10 views

kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service

A flaw was found in the Linux kernel's bonding driver. A local attacker with low privileges could exploit a use-after-free vulnerability in the bondxmitbroadcast function. This occurs due to a race condition during concurrent slave enslave/release operations, which can lead to the original socket...

7.8CVSS5.9AI score0.00124EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/03 3:25 p.m.15 views

kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

A flaw was found in the Linux kernel's IPv6 tunnel implementation. A remote attacker could exploit this flaw by sending malicious ICMPv6 error messages to cause a stack-based buffer overflow in the kernel's IPv4-over-IPv6 tunnel error handling code. This could result in a kernel crash denial of...

9.8CVSS6.4AI score0.00563EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/02 3:27 p.m.1 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net: skbuff: Preserve the shared-frag marker during coalescing The skbtrycoalesce function can attach paged fragments from @from to @to. If @from has the SKBFLSHAREDFRAG flag set, the resulting @to skb may contain the same...

7.8CVSS6.7AI score0.03663EPSS
Exploits11References3
AstraLinux
AstraLinux
added 2026/06/02 3:27 p.m.6 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags The MSGSPLICEPAGES function can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFLSHAREDFRAG after skbsplicefromiter, so later processes that may modi...

8.8CVSS6.7AI score0.93235EPSS
Exploits31References3
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-46140

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: btmtk: validate WMT event SKB length before struct access btmtkusbhciwmtsync casts the WMT event response SKB data to struct btmtkhciwmtevt 7 bytes a...

7.1CVSS6AI score0.00131EPSS
Exploits0References3
OSV
OSV
added 2026/05/28 10:16 a.m.9 views

UBUNTU-CVE-2026-46140

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: validate WMT event SKB length before struct access btmtkusbhciwmtsync casts the WMT event response SKB data to struct btmtkhciwmtevt 7 bytes and struct btmtkhciwmtevtfuncc 9 bytes without first checking that the...

7.1CVSS5.7AI score0.00131EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/05/28 9:40 a.m.8 views

CVE-2026-46207

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix empty payload in tap skb for non-linear buffers For non-linear skbs, virtiotransportbuildskb goes through virtiotransportcopynonlinearskb to copy the original payload in the new skb to be delivered to the vsockm...

5.5CVSS5.7AI score0.00127EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/28 9:36 a.m.38 views

CVE-2026-46188 octeon_ep_vf: add NULL check for napi_build_skb()

In the Linux kernel, the following vulnerability has been resolved: octeonepvf: add NULL check for napibuildskb napibuildskb can return NULL on allocation failure. In octepvfoqprocessrx, the result is used directly without a NULL check in both the single-buffer and multi-fragment paths, leading t...

0.00127EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/28 9:35 a.m.37 views

CVE-2026-46140 Bluetooth: btmtk: validate WMT event SKB length before struct access

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: validate WMT event SKB length before struct access btmtkusbhciwmtsync casts the WMT event response SKB data to struct btmtkhciwmtevt 7 bytes and struct btmtkhciwmtevtfuncc 9 bytes without first checking that the...

0.00131EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/28 9:35 a.m.12 views

CVE-2026-46140

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: validate WMT event SKB length before struct access btmtkusbhciwmtsync casts the WMT event response SKB data to struct btmtkhciwmtevt 7 bytes and struct btmtkhciwmtevtfuncc 9 bytes without first checking that the...

7.1CVSS5.7AI score0.00131EPSS
Exploits0
EUVD
EUVD
added 2026/05/28 9:35 a.m.13 views

EUVD-2026-32767

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: validate WMT event SKB length before struct access btmtkusbhciwmtsync casts the WMT event response SKB data to struct btmtkhciwmtevt 7 bytes and struct btmtkhciwmtevtfuncc 9 bytes without first checking that the...

5.8AI score0.00131EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2026/05/28 8:12 a.m.15 views

net: strparser: fix skb_head leak in strp_abort_strp()

...

7.5CVSS5.4AI score0.00501EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/05/28 2:21 a.m.14 views

kernel: can: j1939: j1939_session_new(): fix skb reference counting

In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939sessionnew: fix skb reference counting Since j1939sessionskbqueue does an extra skbget for each new skb, do the same for the initial one in j1939sessionnew to avoid refcount underflow. mkl: clean up commit messag...

5.5CVSS5.7AI score0.00224EPSS
Exploits0References5
Rows per page
Query Builder