CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

7.7CVSS5.9AI score0.00016EPSS

UBUNTU-CVE-2026-46123

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: clamp rx length before skbput virtbtrxwork calls skbputskb, len where len comes directly from virtqueuegetbuf with no validation against the buffer we posted to the device. The RX skb is allocated in...

7.1CVSS5.7AI score0.00013EPSS

UBUNTU-CVE-2026-46149

In the Linux kernel, the following vulnerability has been resolved: scsi: target: configfs: Bound snprintf return in tgptgpmembersshow targettgptgpmembersshow formats LUN paths with snprintf into a 256-byte stack buffer, then will memcpy curlen bytes from that buffer. snprintf returns the length...

OSV•added 2026/05/28 10:16 a.m.•4 views

UBUNTU-CVE-2026-46167

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl Just like in a previous problem in this driver, usblpctrlmsg will collapse the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferre...

UBUNTU-CVE-2026-46236

In the Linux kernel, the following vulnerability has been resolved: media: rc: xboxremote: heed DMA restrictions The buffer for IO must not be part of the device structure because that violates the DMA coherency rules...

9.1CVSS5.7AI score0.0006EPSS

UBUNTU-CVE-2026-46155

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...

7.1CVSS6AI score0.00013EPSS

UBUNTU-CVE-2026-46218

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Add bounds checking to ibget,setvalue The uvd/vce/vcn code accesses the IB at predefined offsets without checking that the IB is large enough. Check the bounds here. The caller is responsible for making sure it can...

UBUNTU-CVE-2026-46128

In the Linux kernel, the following vulnerability has been resolved: ipmi: Check event message buffer response for bad data The event message buffer response data size got checked later when processing, but check it right after the response comes back. It appears some BMCs may return an empty...

OSV•added 2026/05/28 10:16 a.m.•2 views

UBUNTU-CVE-2026-46105

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Limit NVMe request size to 2 MiB The HBA firmware reports NVMe MDTS values based on the underlying drive capability. However, because the driver allocates a fixed 4K buffer for the PRP list, accommodating at most 5...

7.8CVSS5.8AI score0.00013EPSS

Exploits0References6

OSV•added 2026/05/28 10:16 a.m.•2 views

UBUNTU-CVE-2026-46140

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: validate WMT event SKB length before struct access btmtkusbhciwmtsync casts the WMT event response SKB data to struct btmtkhciwmtevt 7 bytes and struct btmtkhciwmtevtfuncc 9 bytes without first checking that the...

5.7AI score0.00023EPSS

Exploits0References7

UBUNTU-CVE-2026-46234

In the Linux kernel, the following vulnerability has been resolved: vsock: fix buffer size clamping order In vsockupdatebuffersize, the buffer size was being clamped to the maximum first, and then to the minimum. If a user sets a minimum buffer size larger than the maximum, the minimum check...

RedHat Linux•added 2026/05/28 10:3 a.m.•9 views

xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...

7.8CVSS6AI score0.00005EPSS

Exploits0References4

EUVD•added 2026/05/28 9:41 a.m.•10 views

EUVD-2026-32758

In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix use-after-free in irisreleaseinternalbuffers The recent change in commit 1dabf00ee206 "media: iris: gen1: Destroy internal buffers after FW releases" introduced a regression where sessionreleasebuf may free the...

5.8AI score0.00013EPSS

Exploits0References3

Cvelist•added 2026/05/28 9:41 a.m.•25 views

CVE-2026-46240 media: iris: Fix use-after-free in iris_release_internal_buffers()

7.8CVSS0.00013EPSS

Exploits0References3

CVE•added 2026/05/28 9:41 a.m.•12 views

CVE-2026-46240

The CVE-2026-46240 issue affects the Linux kernel iris driver. A use-after-free occurs when iris_release_internal_buffers() accesses a buffer after session_release_buf() frees it, caused by a regression from a change that destroys internal buffers after FW releases. The documented fix sets BUF_AT...

7.8CVSS5.8AI score0.00013EPSS

Exploits0References3

Cvelist•added 2026/05/28 9:41 a.m.•25 views

CVE-2026-46236 media: rc: xbox_remote: heed DMA restrictions

0.00032EPSS

Cvelist•added 2026/05/28 9:40 a.m.•25 views

CVE-2026-46234 vsock: fix buffer size clamping order

0.00032EPSS

ATTACKERKB•added 2026/05/28 9:40 a.m.•5 views

CVE-2026-46234

Exploits0References9Affected Software1

EUVD•added 2026/05/28 9:40 a.m.•13 views

EUVD-2026-32752

5.9AI score0.00032EPSS

Exploits0References5

Debian CVE•added 2026/05/28 9:40 a.m.•7 views

CVE-2026-46234

CVE•added 2026/05/28 9:40 a.m.•14 views

Exploits0

CVE-2026-46234

The CVE-2026-46234 entry concerns the Linux kernel vsock subsystem. The bug is in vsock_update_buffer_size(), where buffer_size was clamped to the maximum first, then to the minimum; if min > max, the minimum check could override the maximum, allowing vsk->buffer_size to exceed vsk->buff...

5.9AI score0.00032EPSS