8 matches found
CVE-2026-63802
The CVE-2026-63802 entry details a Linux kernel vulnerability in blk-cgroup: a use-after-free (UAF) can occur when multiple blkgs in the same blkcg are released concurrently. The race arises because __blkcg_rstat_flush() may remove another blkg’s iostat entries via ll ist_del_all(), causing the s...
EUVD-2026-45468
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix UAF in blkcgrstatflush When multiple blkgs in the same blkcg are released concurrently, a use-after-free can occur. The race happens when one blkg's blkcgrstatflush removes another blkg's iostat entries via...
EUVD-2026-36727
Zephyr's native TCP stack iterates the global connection list in nettcpforeach subsys/net/ip/tcp.c using the SYSSLISTFOREACHCONTAINERSAFE macro, which caches a pointer to the next list node. Prior to this fix the function released tcplock while invoking the per-connection callback and re-acquired...
SUSE CVE-2026-46233
In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: only purge non-released claims When batadvblapurgeclaims goes through the list of claims, it is only traversing the hash list with an rcureadlock. Due to a potential parallel batadvclaimput, it can happen that it...
CVE-2026-46233
CVE-2026-46233 affects the Linux kernel batman-adv component (batadv_bla_purge_claims). The issue arises when iterating the claims list with an rcu_read_lock() and encountering a claim being released, potentially setting backbone_gw to NULL before the delayed kfree, making batadv_bla_claim_get_ba...
CVE-2026-46233 batman-adv: bla: only purge non-released claims
In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: only purge non-released claims When batadvblapurgeclaims goes through the list of claims, it is only traversing the hash list with an rcureadlock. Due to a potential parallel batadvclaimput, it can happen that it...
PT-2026-6133
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue related to the uacce subsystem and safe queue release. Directly calling the put queue function poses a risk because it does not guarantee that resource...
DRUPAL-CONTRIB-2025-025
This module can be used to render Open API Documentation using the RapiDoc library. The module provides a custom formatter for link fields. Drupal core does not sufficiently sanitize link element attributes, which can lead to a Cross Site Scripting vulnerability XSS. A separate fix for Drupal cor...