Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 2026/06/25 11:7 p.m.4 views

CVE-2026-53034

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF and sockmap components, specifically within the afunix socket operations. A race condition occurs during the connection process where a socket's state is updated before its peer is fully assigned. This timing issue can lead to a...

7CVSS5.8AI score0.0018EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: AppArmor: Fixed the issue where NULL sock was used in aasockfileperm. Consider the possibility that sock and sock-sk could become NULL during socket setup or tear-down. This could lead to an error. The fix for NULL pointer...

5.5CVSS5.7AI score0.0016EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 12:15 p.m.39 views

CVE-2026-45848 apparmor: fix NULL sock in aa_sock_file_perm

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL sock in aasockfileperm Deal with the potential that sock and sock-sk can be NULL during socket setup or teardown. This could lead to an oops. The fix for NULL pointer dereference in unixneedsrevalidation shows...

0.0016EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.11 views

PT-2026-43715

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the AppArmor module. Specifically, the aa sock file perm function does not properly handle cases where sock and sock-sk can be NULL during socket set...

5.7CVSS5.4AI score0.0016EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Flatpak

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak applications that had direct access to AFUNIX sockets—such as those used by Wayland, Pipewire, or pipewire-pulse—could trick portals and other host-...

8.8CVSS6.7AI score0.00406EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-6479

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of...

7.5CVSS5.9AI score0.00471EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-43016

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: sockmap: Fix use-after-free of sk-sksocket in skpsockverdictdataready. syzbot reported use- after-free of AFUNIX socket's sk-sksocket in...

7.8CVSS7.1AI score0.00125EPSS
Exploits0References4
CVE
CVE
added 2026/03/25 10:26 a.m.20 views

CVE-2026-23302

Summary (CVE-2026-23302): The Linux kernel patch resolves a data-race in data-path pointers sk->sk_data_ready and sk->sk_write_space, where skmsg and possibly other layers could modify these pointers while others may read them concurrently. The fix adds corresponding READ_ONCE()/WRITE_ONCE(...

4.7CVSS5.7AI score0.00089EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: flatpak (UTSA-2025-680655)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680655 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct...

8.8CVSS6.9AI score0.00406EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2025/09/19 9:1 a.m.8 views

USN-7758-1: Linux kernel vulnerability

It was discovered that the AFUNIX socket garbage collection implementation in Ubuntu Noble's 6.8 kernel did not properly handle out-of-band OOB messages, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary...

5.6AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/10/30 1:41 a.m.6 views

kernel: af_unix: Fix garbage collector racing against connect()

A flaw was found in the Linux kernel, where the management of inter-process communication uses AFUNIX sockets. The issue arises from a race condition where a partially initialized socket with specific permissions carrying SCMRIGHTS is improperly handled during garbage collection. This situation...

4.7CVSS6.7AI score0.00193EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/09/24 2:39 a.m.3 views

kernel: af_unix: Fix garbage collector racing against connect()

A flaw was found in the Linux kernel, where the management of inter-process communication uses AFUNIX sockets. The issue arises from a race condition where a partially initialized socket with specific permissions carrying SCMRIGHTS is improperly handled during garbage collection. This situation...

4.7CVSS6.7AI score0.00193EPSS
Exploits0References5
OSV
OSV
added 2024/04/03 5:15 p.m.3 views

DEBIAN-CVE-2024-26732

In the Linux kernel, the following vulnerability has been resolved: net: implement lockless setsockoptSOPEEKOFF syzbot reported a lockdep violation 1 involving afunix support of SOPEEKOFF. Since SOPEEKOFF is inherently not thread safe it uses a per-socket skpeekoff field, there is really no point...

5.5CVSS5.4AI score0.00158EPSS
Exploits0References1
OSV
OSV
added 2021/10/08 2:15 p.m.1 views

DEBIAN-CVE-2021-41133

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AFUNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services int...

7.8CVSS6.7AI score0.00406EPSS
Exploits0References1
OSV
OSV
added 2021/10/08 2:15 p.m.3 views

UBUNTU-CVE-2021-41133

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AFUNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services int...

8.8CVSS6.8AI score0.00406EPSS
Exploits0References4
Rows per page
Query Builder