CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 8 hours ago•4 views

CVE-2026-53181

The CVE describes a Linux kernel issue in vsock/vmci where on failed handshake vmci_transport_recv_listen() could skip balancing sk_acceptq_added/removed, leaving sk_ack_backlog incremented and potentially causing ECONNREFUSED for new connections once the backlog limit is reached. Concrete detail...

5.8AI score

AstraLinux•added 6 days ago•2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fixed an oops due to the absence of the prealloc backlog struct. If an AFRXRPC service socket is opened and bound, but the calls are pre-allocated, then rxrpcallocincomingcall will cause an oops because the rxrpcbacklog...

5.5CVSS6.6AI score0.00148EPSS

9.8CVSS5.5AI score0.00263EPSS

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/tls: The use-after-free issue in the -EBUSY error handling path of tlsdoencryption has been fixed. The -EBUSY handling in tlsdoencryption, introduced with commit 859054147318 “net: tls: handle backlogging of crypto requests”,...

Exploits0References1

5.5CVSS5.8AI score0.00246EPSS

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1, Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: tls: handling of backlogging of crypto requests Since we are setting the CRYPTOTFMREQMAYBACKLOG flag on our requests to the crypto API, cryptoaeadencrypt,decrypt can return -EBUSY instead of -EINPROGRESS in valid situations...

AstraLinux•added 6 days ago•4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Avoid using sksocket after free when sending The sk-sksocket is not locked or referenced in backlog thread, and during the call to skbsendsock, there is a race condition with the release of sksocket. All types of...

7.8CVSS6.4AI score0.00154EPSS

5.5CVSS6.3AI score0.00251EPSS

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - In the net:sched section, there is a fix for the order of qlen adjustment. - Changes to sch-q.qlen related to qdisctreereducebacklog need to occur before a call to that function. Otherwise, it may fail to notify the parent...

AstraLinux•added 6 days ago•1 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: schhtb: Make htbqlennotify idempotent. htbqlennotify always disactivates the HTB class, and actually might trigger a warning if it is already disactivated. Therefore, it is not idempotent and is not friendly to its callers, like...

5.5CVSS6.1AI score0.00174EPSS

AstraLinux•added 6 days ago•2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: netem: Update sch-q.qlen before qdisctreereducebacklog. The qdisctreereducebacklog function only notifies the parent qdisc if the child qdisc becomes empty. Therefore, we need to reduce the backlog of the child qdisc before calli...

7.8CVSS6.1AI score0.00275EPSS

5.5CVSS6.3AI score0.00171EPSS

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: net/sched: fixed the lockdep issue in qdisctreereducebacklog The qdisctreereducebacklog function is called with the qdisc lock held, not RTNL. We must use qdisclookuprcu instead of qdisclookup. syzbot reported: WARNING:...

AstraLinux•added 6 days ago•1 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: xts – Properly handles the EBUSY status. Since xts only handles the special return value EINPROGRESS, it means that in all other cases, it will free the data related to the request. However, since the caller of xts may...

7.8CVSS5.3AI score0.00146EPSS

SUSE CVE•added 2026/05/29 1:14 a.m.•7 views

SUSE CVE-2026-46214

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix accept queue count leak on transport mismatch virtiotransportrecvlisten calls skacceptqadded before vsockassigntransport. If vsockassigntransport fails or selects a different transport, the error path returns...

4.7CVSS5.8AI score0.00128EPSS

Exploits0References3

RedhatCVE•added 2026/05/28 1:19 p.m.•9 views

CVE-2026-46214

A flaw was found in the Linux kernel's vsock/virtio component. This vulnerability occurs when virtiotransportrecvlisten calls skacceptqadded before transport validation, leading to a permanent increment of the skackbacklog counter if transport assignment fails. A remote attacker could exploit thi...

5.5CVSS5.7AI score0.00128EPSS

Exploits0References4

NVD•added 2026/05/28 10:16 a.m.•12 views

CVE-2026-46214

5.5CVSS0.00128EPSS

OSV•added 2026/05/28 10:16 a.m.•5 views

UBUNTU-CVE-2026-46214

5.5CVSS5.7AI score0.00128EPSS

EUVD•added 2026/05/28 9:40 a.m.•13 views

EUVD-2026-32841

5.8AI score0.00128EPSS

Exploits0References5

CVE•added 2026/05/28 9:40 a.m.•27 views

CVE-2026-46214

CVE-2026-46214 relates to the Linux kernel vsock/virtio transport: a backlog count leak occurs when vsock_assign_transport() fails or switches transport, because sk_acceptq_added() is called before transport validation and not removed on error. This can cause sk_acceptq_is_full() to reject new co...

5.5CVSS5.8AI score0.00128EPSS

Exploits0References8Affected Software1

Cvelist•added 2026/05/28 9:40 a.m.•33 views

CVE-2026-46214 vsock/virtio: fix accept queue count leak on transport mismatch

0.00128EPSS