Lucene search
+L

9586 matches found

Cvelist
Cvelist
added 6 hours ago5 views

CVE-2026-64146 erofs: fix metabuf leak in inode xattr initialization

In the Linux kernel, the following vulnerability has been resolved: erofs: fix metabuf leak in inode xattr initialization commit bb88e8da0025 "erofs: use meta buffers for xattr operations" converted xattr operations to use on-stack erofsbuf instances. erofsinitinodexattrs uses such a metabuf whil...

Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 hours ago2 views

CVE-2026-64146

In the Linux kernel, the following vulnerability has been resolved: erofs: fix metabuf leak in inode xattr initialization commit bb88e8da0025 "erofs: use meta buffers for xattr operations" converted xattr operations to use on-stack erofsbuf instances. erofsinitinodexattrs uses such a metabuf whil...

5.3AI score
Exploits0References3Affected Software1
EUVD
EUVD
added 6 hours ago6 views

EUVD-2026-45831

In the Linux kernel, the following vulnerability has been resolved: erofs: fix metabuf leak in inode xattr initialization commit bb88e8da0025 "erofs: use meta buffers for xattr operations" converted xattr operations to use on-stack erofsbuf instances. erofsinitinodexattrs uses such a metabuf whil...

5.4AI score
Exploits0References2
Cvelist
Cvelist
added 6 hours ago4 views

CVE-2026-64145 wifi: wilc1000: fix dma_buffer leak on bus acquire failure

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix dmabuffer leak on bus acquire failure wilcwlanfirmwaredownload allocates dmabuffer with kmalloc at the top of the function and uses a 'fail:' label to free it via kfreedmabuffer on error. All later error paths...

Exploits0References3
ATTACKERKB
ATTACKERKB
added 6 hours ago2 views

CVE-2026-64145

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix dmabuffer leak on bus acquire failure wilcwlanfirmwaredownload allocates dmabuffer with kmalloc at the top of the function and uses a 'fail:' label to free it via kfreedmabuffer on error. All later error paths...

5.3AI score
Exploits0References4Affected Software1
Cvelist
Cvelist
added 6 hours ago4 views

CVE-2026-64120 net: ethtool: fix NULL pointer dereference in phy_reply_size

In the Linux kernel, the following vulnerability has been resolved: net: ethtool: fix NULL pointer dereference in phyreplysize In phypreparedata, several strings such as 'name', 'drvname', 'upstreamsfpname', and 'downstreamsfpname' are allocated using kstrdup. However, these allocations were not...

Exploits0References3
EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-45805

In the Linux kernel, the following vulnerability has been resolved: net: ethtool: fix NULL pointer dereference in phyreplysize In phypreparedata, several strings such as 'name', 'drvname', 'upstreamsfpname', and 'downstreamsfpname' are allocated using kstrdup. However, these allocations were not...

5.5AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 6 hours ago2 views

CVE-2026-64115

In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: fix UAF when peer resets connection during handshake vmcitransportrecvconnectingserver returned err = 0 for a peer RST in its default switch arm: err = pkt-type == VMCITRANSPORTPACKETTYPERST ? 0 : -EINVAL; That made...

5.3AI score
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 6 hours ago2 views

CVE-2026-64105

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic: Free privateirqs when init fails after allocation Companion to commit 250f25367b58 "KVM: arm64: Tear down vGIC on failed vCPU creation", which added the missing kvmvgicvcpudestroy call to the kvmsharehyp failure...

5.3AI score
Exploits0References5Affected Software1
CVE
CVE
added 6 hours ago4 views

CVE-2026-64105

The CVE concerns the Linux kernel KVM for arm64 vgic. A failure during vCPU creation could leak private IRQs if allocation happened before a redistributor iodev registration failure. The fix adds a call to kvm_vgic_vcpu_destroy() on the kvm_vgic_vcpu_init() failure path, ensuring that private IRQ...

5.4AI score
Exploits0References4
CVE
CVE
added 6 hours ago4 views

CVE-2026-64095

CVE-2026-64095 concerns the Linux kernel’s batman-adv subsystem, where the bla.num_requests counter could be decremented concurrently in non-atomic TOCTOU scenarios. The vulnerability arises from non-atomic handling of request_sent and bla.num_requests across multiple code paths (announcement, ba...

5.4AI score
Exploits0References8
Cvelist
Cvelist
added 6 hours ago5 views

CVE-2026-64095 batman-adv: bla: avoid double decrement of bla.num_requests

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: avoid double decrement of bla.numrequests The bla.numrequests is increased when no requestsent was in progress. And it is decremented in various places announcement was received, backbone is purged, periodic work...

Exploits0References8
ATTACKERKB
ATTACKERKB
added 6 hours ago2 views

CVE-2026-64095

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: avoid double decrement of bla.numrequests The bla.numrequests is increased when no requestsent was in progress. And it is decremented in various places announcement was received, backbone is purged, periodic work...

5.4AI score
Exploits0References9Affected Software1
CVE
CVE
added 6 hours ago3 views

CVE-2026-64093

The CVE-2026-64093 issue is in batman-adv’s TP meter cleanup within the Linux kernel. The defect arose from batadv_tp_sender_cleanup() calling timer_delete_sync() and then timer_delete(), creating a double-deletion scenario that could permit re-arming after cleanup. The root cause is a timer that...

5.4AI score
Exploits0References7
Cvelist
Cvelist
added 6 hours ago3 views

CVE-2026-64093 batman-adv: tp_meter: directly shut down timer on cleanup

In the Linux kernel, the following vulnerability has been resolved: batman-adv: tpmeter: directly shut down timer on cleanup batadvtpsendercleanup was calling timerdeletesync followed by timerdelete to guard against the timer handler re-arming itself between the two calls. This double-deletion ha...

Exploits0References7
EUVD
EUVD
added 6 hours ago3 views

EUVD-2026-45778

In the Linux kernel, the following vulnerability has been resolved: batman-adv: tpmeter: directly shut down timer on cleanup batadvtpsendercleanup was calling timerdeletesync followed by timerdelete to guard against the timer handler re-arming itself between the two calls. This double-deletion ha...

5.4AI score
Exploits0References7
EUVD
EUVD
added 6 hours ago3 views

EUVD-2026-45627

In the Linux kernel, the following vulnerability has been resolved: net: shaper: reject duplicate leaves in GROUP request netshapernlgroupdoit does not deduplicate NETSHAPERALEAVES entries. When userspace supplies the same leaf handle twice, the same old-parent pointer lands twice in oldnodes. Th...

5.3AI score
Exploits0References3
Cvelist
Cvelist
added 6 hours ago5 views

CVE-2026-64038 hwmon: (lm90) Stop work before releasing hwmon device

In the Linux kernel, the following vulnerability has been resolved: hwmon: lm90 Stop work before releasing hwmon device Sashiko reports: In lm90probe, the devm action to cancel the alertwork and reportwork lm90restoreconf is registered in lm90initclient before devmhwmondeviceregisterwithinfo is...

Exploits0References3
Cvelist
Cvelist
added 6 hours ago4 views

CVE-2026-64035 igc: set tx buffer type for SMD frames

In the Linux kernel, the following vulnerability has been resolved: igc: set tx buffer type for SMD frames Sashiko pointed out that igcfpeinitsmdframe initializes igctxbuffer fields for an SMD skb, but does not set the buffer type:...

Exploits0References3
CVE
CVE
added 6 hours ago3 views

CVE-2026-64035

The CVE-2026-64035 issue affects the Linux kernel igc driver: igc_fpe_init_smd_frame() initializes igc_tx_buffer for SMD skbs but omits setting the buffer type, allowing reused entries to retain a stale XDP/XSK type and cause TX completion to take the wrong cleanup path. The fix sets the buffer t...

5.6AI score
Exploits0References3
Rows per page
Query Builder