CVE-2026-46243

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcalltarget that cifs.upcall treats as kernel-originating inputs. However,...

CVE-2026-46243

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcalltarget that cifs.upcall treats as kernel-originating inputs. However,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nfsd: A cred reference leak was fixed in nfsdnllistenersetdoit. The function nfsdnllistenersetdoit uses getcurrentcred without using putcred. As we can see from other calls, svcxprtcreatefromsa does not require an additional...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nfs/localio: Restore credentials before releasing pageio data. Otherwise, if the nfsd filecache code releases the nfsdfile immediately, it may trigger the BUGON condition cred == current-cred in putcred, when putting...

EUVD-2026-28700

In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix cred ref leak in nfsdnllistenersetdoit. nfsdnllistenersetdoit uses getcurrentcred without putcred. As we can see from other callers, svcxprtcreatefromsa does not require the extra refcount. nfsdnllistenersetdoit is alwa...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of getcurrentcred in nfsdnllistenersetdoit, followed by the omission of calling putcred...

Linux Distros Unpatched Vulnerability : CVE-2026-43394

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfsd: Fix cred ref leak in nfsdnllistenersetdoit. nfsdnllistenersetdoit uses getcurrentcred without putcred. As we can see from other callers, svcxprtcreatefrom...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: landlock: Don't lose track of restrictions on credtransfer When a process' cred struct is replaced, this almost always invokes the credprepare LSM hook; but in one special case when KEYCTLSESSIONTOPARENT updates the parent's...

SUSE CVE-2026-23297

In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix cred ref leak in nfsdnlthreadssetdoit. syzbot reported memory leak of struct cred. 0 nfsdnlthreadssetdoit passes getcurrentcred to nfsdsvc, but putcred is not called after that. The cred is finally passed down to...

CVE-2026-23297

A flaw was found in the Linux kernel's nfsd component. A local user could exploit this vulnerability due to a missing putcred call in the nfsdnlthreadssetdoit function. This oversight leads to a memory leak of struct cred objects, which can result in a denial of service by exhausting available...

CVE-2026-23297

In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix cred ref leak in nfsdnlthreadssetdoit. syzbot reported memory leak of struct cred. 0 nfsdnlthreadssetdoit passes getcurrentcred to nfsdsvc, but putcred is not called after that. The cred is finally passed down to...

CVE-2026-23297 nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit().

In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix cred ref leak in nfsdnlthreadssetdoit. syzbot reported memory leak of struct cred. 0 nfsdnlthreadssetdoit passes getcurrentcred to nfsdsvc, but putcred is not called after that. The cred is finally passed down to...

Linux Distros Unpatched Vulnerability : CVE-2026-23297

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfsd: Fix cred ref leak in nfsdnlthreadssetdoit. syzbot reported memory leak of struct cred. 0 nfsdnlthreadssetdoit passes getcurrentcred to nfsdsvc, but putcre...

📄 Qualcomm CVP Kernel Driver Pointer Disclosure / Privilege Escalation

This advisory describes a local privilege escalation vulnerability affecting the Qualcomm CVP kernel driver msmcvp, exposed through the /dev/cvp device node on Android systems using Qualcomm SoCs. The vulnerability originates from an improperly obfuscated kernel pointer returned to user space as ...

MiracleLinux 4 : kernel-2.6.32-696.3.1.el6 (AXSA:2017-1700:04)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-1700:04 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating system:...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002211)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002211 advisory. The scmsetcred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users...

EUVD-2025-20650

Malicious code in bioql PyPI...

EUVD-2025-24725

Malicious code in bioql PyPI...

EUVD-2024-53211

Malicious code in bioql PyPI...

UBUNTU-CVE-2025-39912

In the Linux kernel, the following vulnerability has been resolved: nfs/localio: restore creds before releasing pageio data Otherwise if the nfsd filecache code releases the nfsdfile immediately, it can trigger the BUGONcred == current-cred in putcred when it puts the nfsdfile-nffile-f-cred...