128 matches found
CVE-2026-45866
A flaw was found in the Linux kernel's CAIF serial line discipline. A race condition exists between the ldiscclose function, which frees the terminal tty device, and the handletx function, which may attempt to access the freed device. This use-after-free UAF vulnerability allows a local attacker ...
SUSE CVE-2026-45866
In the Linux kernel, the following vulnerability has been resolved: serial: caif: fix use-after-free in caifserial ldiscclose There is a use-after-free bug in caifserial where handletx may access ser-tty after the tty has been freed. The race condition occurs between ldiscclose and packet...
SUSE CVE-2026-46098
In the Linux kernel, the following vulnerability has been resolved: net: caif: clear client service pointer on teardown caifconnect can tear down an existing client after remote shutdown by calling caifdisconnectclient followed by caiffreeclient. caiffreeclient releases the service layer referenc...
EUVD-2026-32332
In the Linux kernel, the following vulnerability has been resolved: serial: caif: fix use-after-free in caifserial ldiscclose There is a use-after-free bug in caifserial where handletx may access ser-tty after the tty has been freed. The race condition occurs between ldiscclose and packet...
CVE-2026-46098
In the Linux kernel, the following vulnerability has been resolved: net: caif: clear client service pointer on teardown caifconnect can tear down an existing client after remote shutdown by calling caifdisconnectclient followed by caiffreeclient. caiffreeclient releases the service layer referenc...
UBUNTU-CVE-2026-46098
In the Linux kernel, the following vulnerability has been resolved: net: caif: clear client service pointer on teardown caifconnect can tear down an existing client after remote shutdown by calling caifdisconnectclient followed by caiffreeclient. caiffreeclient releases the service layer referenc...
CVE-2026-45866
In the Linux kernel, the following vulnerability has been resolved: serial: caif: fix use-after-free in caifserial ldiscclose There is a use-after-free bug in caifserial where handletx may access ser-tty after the tty has been freed. The race condition occurs between ldiscclose and packet...
UBUNTU-CVE-2026-45866
In the Linux kernel, the following vulnerability has been resolved: serial: caif: fix use-after-free in caifserial ldiscclose There is a use-after-free bug in caifserial where handletx may access ser-tty after the tty has been freed. The race condition occurs between ldiscclose and packet...
CVE-2026-46098
CVE-2026-46098 affects the Linux kernel’s CAIF net subsystem. The issue arises when caif_connect() tears down a client via caif_disconnect_client() and caif_free_client(), where caif_free_client() releases the service layer pointer (adap_layer->dn) but leaves the pointer stale. If the socket i...
CVE-2026-46098 net: caif: clear client service pointer on teardown
In the Linux kernel, the following vulnerability has been resolved: net: caif: clear client service pointer on teardown caifconnect can tear down an existing client after remote shutdown by calling caifdisconnectclient followed by caiffreeclient. caiffreeclient releases the service layer referenc...
EUVD-2026-32481
In the Linux kernel, the following vulnerability has been resolved: net: caif: clear client service pointer on teardown caifconnect can tear down an existing client after remote shutdown by calling caifdisconnectclient followed by caiffreeclient. caiffreeclient releases the service layer referenc...
CVE-2026-46098
In the Linux kernel, the following vulnerability has been resolved: net: caif: clear client service pointer on teardown caifconnect can tear down an existing client after remote shutdown by calling caifdisconnectclient followed by caiffreeclient. caiffreeclient releases the service layer referenc...
CVE-2026-45866
The CVE-2026-45866 issue is a use-after-free in caif_serial within the Linux kernel where handle_tx() may access ser->tty after the tty is freed due to tty_kref_put() occurring in ldisc_close() while the network device is still active. The race between ldisc_close() and packet transmission can...
CVE-2026-45866
In the Linux kernel, the following vulnerability has been resolved: serial: caif: fix use-after-free in caifserial ldiscclose There is a use-after-free bug in caifserial where handletx may access ser-tty after the tty has been freed. The race condition occurs between ldiscclose and packet...
CVE-2026-45866 serial: caif: fix use-after-free in caif_serial ldisc_close()
In the Linux kernel, the following vulnerability has been resolved: serial: caif: fix use-after-free in caifserial ldiscclose There is a use-after-free bug in caifserial where handletx may access ser-tty after the tty has been freed. The race condition occurs between ldiscclose and packet...
CVE-2026-45866
serial: caif: fix use-after-free in caifserial ldiscclose...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the caif driver failing to clear the client service pointers during disassembly. This could lead ...
PT-2026-43733
In the Linux kernel, the following vulnerability has been resolved: serial: caif: fix use-after-free in caif serial ldisc close There is a use-after-free bug in caif serial where handle tx may access ser-tty after the tty has been freed. The race condition occurs between ldisc close and packet...
Linux Distros Unpatched Vulnerability : CVE-2026-45866
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - serial: caif: fix use-after-free in caifserial ldiscclose There is a use-after-free bug in caifserial where handletx may access ser-tty after the tty has been...
PT-2026-43966
In the Linux kernel, the following vulnerability has been resolved: net: caif: clear client service pointer on teardown caif connect can tear down an existing client after remote shutdown by calling caif disconnect client followed by caif free client. caif free client releases the service layer...