Lucene search
+L

81 matches found

OSV
OSV
added 2026/05/27 2:17 p.m.7 views

UBUNTU-CVE-2026-46037

In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmppointers Extended echo replies use ICMPEXTECHOREPLY as the outbound reply type. That value is outside the range covered by icmppointers, which only describes the traditional ICMP...

8.2CVSS5.6AI score0.00433EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:56 p.m.10 views

CVE-2026-46037

In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmppointers Extended echo replies use ICMPEXTECHOREPLY as the outbound reply type. That value is outside the range covered by icmppointers, which only describes the traditional ICMP...

8.2CVSS5.7AI score0.00433EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2026/05/27 12:56 p.m.36 views

CVE-2026-46037

The CVE-2026-46037 issue affects the Linux kernel IPv4 ICMP component. Extended echo replies could use ICMP_EXT_ECHOREPLY outside the icmp_pointers[] range; the fix avoids icmp_pointers[] lookups for out-of-range types and uses array_index_nospec() for in-range lookups. Multiple OS feeds report p...

8.2CVSS5.7AI score0.00433EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/05/27 12:56 p.m.2 views

CVE-2026-46037 ipv4: icmp: validate reply type before using icmp_pointers

In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmppointers Extended echo replies use ICMPEXTECHOREPLY as the outbound reply type. That value is outside the range covered by icmppointers, which only describes the traditional ICMP...

8.2CVSS6.5AI score0.00433EPSS
Exploits0References10
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: gpio: Prevent potential speculation leaks in gpiodevicegetdesc The userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do this by calling gpioioctl with an offset that is out of...

5.5CVSS6.4AI score0.00248EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: prevents potential Spectre v1 exploits. It seems that cmd could be a Spectre v1 exploit, as it is provided by a user and used as an array index. This vulnerability prevents the contents of kernel memory from being leake...

5.5CVSS6.2AI score0.00295EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: x86/fred: Correct speculative safety in fredextint The arrayindexnospec function is useless if the result is spilled to the stack, as it makes the supposedly safe-under-speculation value subject to memory predictions. For all...

7.8CVSS4.7AI score0.00129EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: netlink: prevents potential Spectre v1 exploits Most netlink attributes are parsed and validated via nlavalidateparse or validatenla. c u16 type = nlatypenla; if type == 0 || type maxtype / Error or continue / The @type value is...

7.8CVSS6.3AI score0.00199EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fixed potential Spectre v1 gadget It appears that nr could be a Spectre v1 gadget, as it is provided by a user and used as an array index. This issue prevents the contents of kernel memory from being leaked to use...

5.5CVSS6AI score0.00257EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Added a bounds check on patindex to prevent out-of-bounds kernel reads in madvise. When a user provides a bogus patindex value through the madvise IOCTL, the xepatindexgetcohmode function performs an array access without...

7.1CVSS5.7AI score0.00118EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/09 2:39 a.m.8 views

SUSE CVE-2026-43280

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Add bounds check on patindex to prevent OOB kernel read in madvise When user provides a bogus patindex value through the madvise IOCTL, the xepatindexgetcohmode function performs an array access without validating bounds...

7.1CVSS5.7AI score0.00118EPSS
Exploits0References3
NVD
NVD
added 2026/05/01 3:16 p.m.7 views

CVE-2026-31781

In the Linux kernel, the following vulnerability has been resolved: drm/ioc32: stop speculation on the drmcompatioctl path The drm compat ioctl path takes a user controlled pointer, and then dereferences it into a table of function pointers, the signature method of spectre problems. Fix this up b...

5.5CVSS0.00123EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/01 2:15 p.m.10 views

EUVD-2026-26594

In the Linux kernel, the following vulnerability has been resolved: drm/ioc32: stop speculation on the drmcompatioctl path The drm compat ioctl path takes a user controlled pointer, and then dereferences it into a table of function pointers, the signature method of spectre problems. Fix this up b...

5.8AI score0.00123EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/01 2:15 p.m.29 views

CVE-2026-31781 drm/ioc32: stop speculation on the drm_compat_ioctl path

In the Linux kernel, the following vulnerability has been resolved: drm/ioc32: stop speculation on the drmcompatioctl path The drm compat ioctl path takes a user controlled pointer, and then dereferences it into a table of function pointers, the signature method of spectre problems. Fix this up b...

0.00123EPSS
Exploits0References8
CVE
CVE
added 2026/05/01 2:15 p.m.14 views

CVE-2026-31781

CVE-2026-31781 concerns the Linux kernel drm/ioc32 compat ioctl path, where a user-controlled pointer was used to index a table of function pointers (spectre-like pattern). The issue is mitigated by applying array_index_nospec on the index to the function-pointer list, as described in the fix. Co...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2026/04/22 2:16 p.m.8 views

CVE-2026-31483

In the Linux kernel, the following vulnerability has been resolved: s390/syscalls: Add spectre boundary for syscall dispatch table The s390 syscall number is directly controlled by userspace, but does not have an arrayindexnospec boundary to prevent access past the syscall function pointer tables...

5.5CVSS0.00123EPSS
Exploits0References7
CVE
CVE
added 2026/04/22 1:54 p.m.25 views

CVE-2026-31483

CVE-2026-31483 affects the s390 architecture in the Linux kernel. The root cause is a missing array_index_nospec() boundary in the syscall dispatch table, allowing a user-controlled syscall number to exceed the function pointer table and potentially read kernel memory via speculative execution (S...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006920)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006920 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86: use arrayindexnospec with indices that come from guest min and destid are...

7.8CVSS5.7AI score0.00165EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.10 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006742)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006742 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86: use arrayindexnospec with indices that come from guest min and destid are...

7.8CVSS5.8AI score0.00165EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/25 4:55 p.m.7 views

SUSE CVE-2026-23354

In the Linux kernel, the following vulnerability has been resolved: x86/fred: Correct speculative safety in fredextint arrayindexnospec is no use if the result gets spilled to the stack, as it makes the believed safe-under-speculation value subject to memory predictions. For all practical purpose...

5.5CVSS5.8AI score0.00129EPSS
Exploits0References9
Rows per page
Query Builder