Lucene search
K

2473 matches found

Cvelist
Cvelist
added 2026/05/28 9:36 a.m.38 views

CVE-2026-46152 wifi: mac80211: drop stray 'static' from fast-RX rx_result

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rxresult ieee80211invokefastrx is documented as safe for parallel RX, but its per-invocation rxresult is declared static. Concurrent callers then share one instance and can overwri...

8.8CVSS0.00167EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/28 9:35 a.m.37 views

CVE-2026-46137 mptcp: pm: ADD_ADDR rtx: fix potential data-race

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADDADDR rtx: fix potential data-race This mptcppmaddtimer helper is executed as a timer callback in softirq context. To avoid any data races, the socket lock needs to be held with bhlocksock. If the socket is in use,...

9.8CVSS0.00426EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/28 9:35 a.m.12 views

EUVD-2026-32764

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADDADDR rtx: fix potential data-race This mptcppmaddtimer helper is executed as a timer callback in softirq context. To avoid any data races, the socket lock needs to be held with bhlocksock. If the socket is in use,...

5.8AI score0.00426EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:35 a.m.6 views

CVE-2026-46137

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADDADDR rtx: fix potential data-race This mptcppmaddtimer helper is executed as a timer callback in softirq context. To avoid any data races, the socket lock needs to be held with bhlocksock. If the socket is in use,...

9.8CVSS5.7AI score0.00426EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/05/28 9:35 a.m.59 views

CVE-2026-46137

CVE-2026-46137 affects the Linux kernel MPTCP implementation. The mptcp_pm_add_timer() helper runs as a timer callback in softirq context and can race with socket state unless the socket lock is held with bh_lock_sock(). The mitigation is to hold the lock and retry if the socket is in use, mirror...

9.8CVSS5.8AI score0.00426EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2026/05/28 9:35 a.m.12 views

CVE-2026-46137

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADDADDR rtx: fix potential data-race This mptcppmaddtimer helper is executed as a timer callback in softirq context. To avoid any data races, the socket lock needs to be held with bhlocksock. If the socket is in use,...

9.8CVSS5.7AI score0.00426EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from data competition within the runtime.oss.trigger field in the ALSA pcm oss module, potentially...

7.8CVSS5.8AI score0.00099EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.28 views

PT-2026-44280

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A data race exists in the ALSA PCM OSS component when accessing the runtime.oss.trigger field. Because this field is a bit field, concurrent access without protection can cause writes to...

7.8CVSS5.9AI score0.00099EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from data competition within the ADDADDR retransmission timer in mptcp pm, potentially leading to...

9.8CVSS5.8AI score0.00426EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.28 views

PT-2026-44260

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A data race exists in the Multipath TCP MPTCP implementation. The mptcp pm add timer helper function, which operates as a timer callback in softirq context, fails to properly hold the...

9.8CVSS5.8AI score0.00426EPSS
Exploits0
NVD
NVD
added 2026/05/27 8:16 p.m.14 views

CVE-2026-48066

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...

5.7CVSS0.00116EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 7:57 p.m.18 views

CVE-2026-48066

pam_usb fixes a thread-unsafe behavior: before 0.9.1, src/log.c used a process-wide static pointer written on every PAM invocation to a stack-local address, creating a data race when PAM is invoked concurrently by multiple threads. The issue is resolved in version 0.9.1. Affected component: pam_u...

5.7CVSS5.8AI score0.00116EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/27 7:57 p.m.10 views

CVE-2026-48066 pam_usb: Thread-unsafe static pointer in log.c causes data race under concurrent PAM authentication

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...

5.7CVSS5.8AI score0.00116EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 7:57 p.m.45 views

CVE-2026-48066 pam_usb: Thread-unsafe static pointer in log.c causes data race under concurrent PAM authentication

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...

5.7CVSS0.00116EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 7:57 p.m.11 views

EUVD-2026-32648

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...

5.7CVSS5.8AI score0.00116EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:57 p.m.8 views

CVE-2026-48066

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...

5.7CVSS5.8AI score0.00116EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/27 2:17 p.m.13 views

CVE-2026-45977

In the Linux kernel, the following vulnerability has been resolved: fbnic: close fwlog race between users and teardown Fixes a theoretical race on fwlog between the teardown path and fwlog write functions. fwlog is written inside fbnicfwlogwrite and can be reached from the mailbox handler...

5.5CVSS0.00121EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.17 views

PT-2026-44090

pam usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...

5.7CVSS5.8AI score0.00116EPSS
Exploits0References4
OSV
OSV
added 2026/05/22 9:5 a.m.31 views

CLSA-2026-1779375889 kernel: Fix of 95 CVEs

perf/x86/intel/uncore: Fix die ID init and look up bugs CVE-2026-43344 - x86/apic: Disable x2apic on resume if the kernel expects so CVE-2026-43363 - drm/amdgpu: Fix use-after-free race in VM acquire CVE-2026-43370 - dm: remove fake timeout to avoid leak request CVE-2026-43314 - md/bitmap: fix...

7.8CVSS5.9AI score0.00283EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.1 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed a data race around the sysctltcpprobeinterval variable. When reading sysctltcpprobeinterval, it can be changed concurrently. Therefore, we need to add READONCE to its reader function...

4.7CVSS6.1AI score0.00181EPSS
Exploits0References1
Rows per page
Query Builder