Lucene search
+L

1319 matches found

OSV
OSV
added 2026/06/25 9:16 a.m.4 views

UBUNTU-CVE-2026-53247

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: Fix use-after-free in metadata dst teardown mtkfreedev calls metadatadstfree which frees the metadatadst with kfree immediately, bypassing the RCU grace period. In the RX path, skbdstsetnoref sets a...

9.8CVSS5.7AI score0.00507EPSS
Exploits0References8
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53251

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not releasing hdev reference on isoconnbigsync hcigetroute returns a reference-counted hcidev pointer via hcidevhold. The function exits normally or with an error without ever releasing it...

5.7CVSS5.7AI score0.00127EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.8 views

CVE-2026-53269

In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: add mutex to guard hook reference counting As the synproxy infrastructure register netfilter hooks on-demand when a user adds the first iptables target or nftables expression, if done concurrently they can ra...

5.5CVSS5.6AI score0.00119EPSS
Exploits0
EUVD
EUVD
added 2026/06/25 8:39 a.m.8 views

EUVD-2026-39220

In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: add mutex to guard hook reference counting As the synproxy infrastructure register netfilter hooks on-demand when a user adds the first iptables target or nftables expression, if done concurrently they can ra...

5.7AI score0.00119EPSS
Exploits0References8
CVE
CVE
added 2026/06/25 8:39 a.m.61 views

CVE-2026-53269

The CVE-2026-53269 issue exists in the Linux kernel’s netfilter synproxy path, where concurrent registration of hooks could race, affecting refcount blocks. A mutex was added to serialize access to refcount control blocks in frontends, mitigating the race. Connected OSV entries report patches for...

5.5CVSS5.7AI score0.00119EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/06/25 8:39 a.m.3 views

CVE-2026-53269 netfilter: synproxy: add mutex to guard hook reference counting

In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: add mutex to guard hook reference counting As the synproxy infrastructure register netfilter hooks on-demand when a user adds the first iptables target or nftables expression, if done concurrently they can ra...

5.5CVSS5.8AI score0.00119EPSS
Exploits0References11
CVE
CVE
added 2026/06/25 8:39 a.m.16 views

CVE-2026-53262

CVE-2026-53262 affects the Linux kernel ioctl path for the pppol2tp module (l2tp) where pppol2tp_ioctl() dereferenced sock->sk->sk_user_data without proper locking while a sleep could occur during copy_from_user(). If a concurrent socket close happened, l2tp_session_close() could free the s...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/25 8:39 a.m.3 views

CVE-2026-53262 l2tp: pppol2tp: hold reference to session in pppol2tp_ioctl()

In the Linux kernel, the following vulnerability has been resolved: l2tp: pppol2tp: hold reference to session in pppol2tpioctl pppol2tpioctl read sock-sk-skuserdata directly without any locks or reference counting. If a controllable sleep was induced during copyfromuser e.g. via a userfaultfd pag...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.10 views

CVE-2026-53256

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: hold listener socket in rfcommconnectind rfcommgetsockbychannel scans rfcommsklist under the list lock, but returns the selected listener after dropping that lock without taking a reference. rfcommconnectind th...

5.7AI score0.00266EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2026/06/25 8:39 a.m.4 views

CVE-2026-53256 Bluetooth: RFCOMM: hold listener socket in rfcomm_connect_ind()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: hold listener socket in rfcommconnectind rfcommgetsockbychannel scans rfcommsklist under the list lock, but returns the selected listener after dropping that lock without taking a reference. rfcommconnectind th...

8CVSS5.8AI score0.00266EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/25 8:39 a.m.9 views

EUVD-2026-39198

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: Fix use-after-free in metadata dst teardown mtkfreedev calls metadatadstfree which frees the metadatadst with kfree immediately, bypassing the RCU grace period. In the RX path, skbdstsetnoref sets a...

5.7AI score0.00507EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/25 8:38 a.m.8 views

EUVD-2026-39251

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix use-after-free race in fastrpcmapcreate fastrpcmaplookup returns a raw pointer after releasing fl-lock. The caller fastrpcmapcreate then calls fastrpcmapget krefgetunlesszero on this unprotected pointer. A...

5.8AI score0.00125EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/25 8:38 a.m.36 views

CVE-2026-53161 misc: fastrpc: fix use-after-free of fastrpc_user in workqueue context

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix use-after-free of fastrpcuser in workqueue context There is a race between fastrpcdevicerelease and the workqueue that processes DSP responses. When the user closes the file descriptor, fastrpcdevicerelease fre...

7.8CVSS0.00135EPSS
Exploits0References8
OSV
OSV
added 2026/06/25 8:38 a.m.6 views

CVE-2026-53160 misc: fastrpc: fix use-after-free race in fastrpc_map_create

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix use-after-free race in fastrpcmapcreate fastrpcmaplookup returns a raw pointer after releasing fl-lock. The caller fastrpcmapcreate then calls fastrpcmapget krefgetunlesszero on this unprotected pointer. A...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/25 8:38 a.m.7 views

EUVD-2026-39252

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix use-after-free of fastrpcuser in workqueue context There is a race between fastrpcdevicerelease and the workqueue that processes DSP responses. When the user closes the file descriptor, fastrpcdevicerelease fre...

5.7AI score0.00135EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/25 8:38 a.m.8 views

EUVD-2026-39232

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix global performance monitor reference counting In the SETGLOBAL ioctl, v3dperfmonfind bumps the reference count on the perfmon it returns, but v3dperfmonsetglobalioctl and v3dperfmondelete fail to release that referen...

5.8AI score0.00121EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/25 8:38 a.m.6 views

CVE-2026-53141

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix global performance monitor reference counting In the SETGLOBAL ioctl, v3dperfmonfind bumps the reference count on the perfmon it returns, but v3dperfmonsetglobalioctl and v3dperfmondelete fail to release that referen...

5.5CVSS5.7AI score0.00121EPSS
Exploits0
CVE
CVE
added 2026/06/25 8:38 a.m.12 views

CVE-2026-53141

The CVE-2026-53141 issue affects the Linux kernel drm/v3d driver’s global performance monitor reference counting. The root cause is leaking references obtained by v3d_perfmon_find(): (1) the SET_GLOBAL_ioctl path leaks on error, (2) CLEAR_GLOBAL leaks the find reference and the earlier stash of t...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/25 8:38 a.m.5 views

CVE-2026-53141 drm/v3d: Fix global performance monitor reference counting

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix global performance monitor reference counting In the SETGLOBAL ioctl, v3dperfmonfind bumps the reference count on the perfmon it returns, but v3dperfmonsetglobalioctl and v3dperfmondelete fail to release that referen...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/25 2:20 a.m.9 views

SUSE CVE-2026-52918

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: serialize acceptq access btsockpoll walks the accept queue without synchronization, while child teardown can unlink the same socket and drop its last reference. The unsynchronized accept queue walk has existed since th...

7.1CVSS5.7AI score0.00266EPSS
Exploits0References15
Rows per page
Query Builder