9365 matches found
CVE-2026-53314
In the Linux kernel, the following vulnerability has been resolved: padata: Put CPU offline callback in ONLINE section to allow failure syzbot reported the following warning: DEAD callback error for CPU1 WARNING: kernel/cpu.c:1463 at cpudown+0x759/0x1020 kernel/cpu.c:1463, CPU0: syz.0.1960/14614 ...
EUVD-2026-39889
In the Linux kernel, the following vulnerability has been resolved: btrfs: only release the dirty pages io tree after successful writes WARNING With extra warning on dirty extent buffers at umount aka, the next patch in the series, test case generic/388 can trigger the following warning about dir...
CVE-2026-53284
In the Linux kernel, the following vulnerability has been resolved: btrfs: only release the dirty pages io tree after successful writes WARNING With extra warning on dirty extent buffers at umount aka, the next patch in the series, test case generic/388 can trigger the following warning about dir...
CVE-2026-53284
CVE-2026-53284 (Linux kernel, btrfs): The issue arises in btrfs_write_and_wait_transaction() where, after an error from btrfs_write_marked_extent(), the code still calls btrfs_extent_io_tree_release() to clear the dirty_pages io tree. This tree may contain records not yet submitted, and subsequen...
PT-2026-52953
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the padata component where the CPU offline callback was incorrectly placed in a hotplug state before CPUHP TEARDOWN CPU. Because failure is not permitted in these...
kernel: RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss()
A flaw was found in the Linux kernel's RDMA/mana component. A local user could trigger a kernel corruption by providing specific configurations through the user Application Programming Interface uAPI that cause an internal error. This issue arises when Work Queues WQs are specified to share the...
CVE-2026-53186
CVE-2026-53186 affects the Linux kernel SRP path in RDMA: the SRP_RSP data length (resp_data_len) is not bounded by the actual received bytes, risking an out-of-bounds read when processing sense data. The copy is capped to 96 bytes, but the source offset can point far past the received data, pote...
EUVD-2026-38834
In the Linux kernel, the following vulnerability has been resolved: drm: Replace old pointer to new idr Commit 5e28b7b94408 introduced a logical error by failing to replace the newly generated IDR pointer to old id's pointer at the correct location within the "change handle" logic; this resulted ...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: powerpc/kexec: Enable SMT before waking offline CPUs. If SMT is disabled or a partial SMT state is enabled, when a new kernel image is loaded for kexec, the following warning is observed upon reboot: kexec: Waking offline CPU 228...
CVE-2026-46547
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, a reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and ncBackUrl query parameters are used in window.location.href and tag bindings without validation, allowing javascript: URI...
CVE-2026-11819
Module: plugins/modules/keyringinfo.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring GNOME Keyring, macOS Keychain, Windows Credential Manager and places it directly into result"passphrase" with no output suppression...
CVE-2026-46547
CVE-2026-46547 (NocoDB) is a reflected XSS in the Page Leaving Warning page. The issue arises because the query parameters ncRedirectUrl and ncBackUrl are used in window.location.href and in an tag href without proper validation, allowing javascript: URI injection. Exploitation could enable arbi...
CVE-2026-46547 NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, a reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and ncBackUrl query parameters are used in window.location.href and tag bindings without validation, allowing javascript: URI...
CVE-2026-11819
Module: plugins/modules/keyringinfo.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring GNOME Keyring, macOS Keychain, Windows Credential Manager and places it directly into result"passphrase" with no output suppression...
PT-2026-51586
Name of the Vulnerable Software and Affected Versions Ansible affected versions not specified Description The plugins/modules/keyring info.py module retrieves passphrases from native operating system keyrings, such as GNOME Keyring, macOS Keychain, and Windows Credential Manager. The issue occurs...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fixed UBSAN shift-out-of-bounds warning If getnumsdmaqueues or getnumxgmisdmaqueues is 0, we perform a shift operation where the number of bits shifted equals the number of bits in the operand. This behavior is...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: The severity of the WARN message has been reduced to being sent to devdbg within the callback. The warning is triggered due to a known race condition, which is documented in the code above. This issue is now properl...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: “hungtask”: fixed warnings caused by unaligned lock pointers. The blocker tracking mechanism assumes that lock pointers are at least 4-byte aligned, so that their lower bits can be used for type encoding. However, as reported by...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: A bug has been fixed in ext4mbreleasegrouppa. If a malicious fuzzer overwrites the ext4 superblock while it is mounted, causing sfirstdatablock to be set to a very large number, the calculation of the block group may...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...