1703 matches found
UBUNTU-CVE-2026-23330
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: complete pending data exchange on device close In nciclosedevice, complete any pending data exchange before closing. The data exchange callback e.g. rawsockdataexchangecomplete holds a socket reference. NIPA occasionall...
CVE-2026-23282
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix oops due to uninitialised var in smb2unlink If SMB2openinit or SMB2closeinit fails e.g. reconnect, the iovs set @rqst will be left uninitialised, hence calling SMB2openfree, SMB2closefree or smb2setrelated on the...
CVE-2026-23380
CVE-2026-23380 (Linux kernel) describes a local vulnerability in tracing buffers memory management. When a process forks, the child’s VMAs copy the parent’s without incrementing user_mapped, so exiting both processes may cause tracing_buffers_mmap_close() to run twice; on the second call user_map...
CVE-2026-23380
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARNON in tracingbuffersmmapclose When a process forks, the child process copies the parent's VMAs but the usermapped reference count is not incremented. As a result, when both the parent and child processes exit,...
CVE-2026-23330 nfc: nci: complete pending data exchange on device close
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: complete pending data exchange on device close In nciclosedevice, complete any pending data exchange before closing. The data exchange callback e.g. rawsockdataexchangecomplete holds a socket reference. NIPA occasionall...
CVE-2026-23330
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: complete pending data exchange on device close In nciclosedevice, complete any pending data exchange before closing. The data exchange callback e.g. rawsockdataexchangecomplete holds a socket reference. NIPA occasionall...
CVE-2026-23330
Summary: CVE-2026-23330 affects the Linux kernel NFC/NCI subsystem. The issue arises in nci_close_device() where pending data exchanges may not be completed before closing, allowing a leaking unreferenced socket object (example: 0xff1100000f435000, size 2048) and associated references. This could...
CVE-2026-23330
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: complete pending data exchange on device close In nciclosedevice, complete any pending data exchange before closing. The data exchange callback e.g. rawsockdataexchangecomplete holds a socket reference. NIPA occasionall...
CVE-2026-23282 smb: client: fix oops due to uninitialised var in smb2_unlink()
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix oops due to uninitialised var in smb2unlink If SMB2openinit or SMB2closeinit fails e.g. reconnect, the iovs set @rqst will be left uninitialised, hence calling SMB2openfree, SMB2closefree or smb2setrelated on the...
CVE-2026-23282 smb: client: fix oops due to uninitialised var in smb2_unlink()
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix oops due to uninitialised var in smb2unlink If SMB2openinit or SMB2closeinit fails e.g. reconnect, the iovs set @rqst will be left uninitialised, hence calling SMB2openfree, SMB2closefree or smb2setrelated on the...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to clear the error queue during the socket destruction function. This vulnerability m...
Linux Distros Unpatched Vulnerability : CVE-2026-23282
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: client: fix oops due to uninitialised var in smb2unlink If SMB2openinit or SMB2closeinit fails e.g. reconnect, the iovs set @rqst will be left uninitialise...
CVE-2026-22321 Stack-Based Buffer Overflow in CLI Login Username Handling over CLI
A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI sessions remain...
ROS-20260313-73-0033
A vulnerability in the tipcconnclose function of the Linux operating system kernel is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
SUSE CVE-2026-23239
In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcpclose This issue was discovered during a code audit. After cancelworksync is called from espintcpclose, espintcptxwork can still be scheduled from paths such as the Delayed ACK handler or...
UBUNTU-CVE-2026-23239
In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcpclose This issue was discovered during a code audit. After cancelworksync is called from espintcpclose, espintcptxwork can still be scheduled from paths such as the Delayed ACK handler or...
CVE-2026-23239
In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcpclose This issue was discovered during a code audit. After cancelworksync is called from espintcpclose, espintcptxwork can still be scheduled from paths such as the Delayed ACK handler or...
CVE-2026-23239 espintcp: Fix race condition in espintcp_close()
In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcpclose This issue was discovered during a code audit. After cancelworksync is called from espintcpclose, espintcptxwork can still be scheduled from paths such as the Delayed ACK handler or...
CVE-2026-23239 espintcp: Fix race condition in espintcp_close()
In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcpclose This issue was discovered during a code audit. After cancelworksync is called from espintcpclose, espintcptxwork can still be scheduled from paths such as the Delayed ACK handler or...
freerdp: FreeRDP: Denial of Service via use after free in ecam_channel_write
A denial of service flaw has been found in FreeRDP. A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecamchannelwrite...