Lucene search
K

232 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/27 5:32 p.m.5 views

CVE-2026-31688

In the Linux kernel, the following vulnerability has been resolved: driver core: enforce devicelock for drivermatchdevice Currently, drivermatchdevice is called from three sites. One site deviceattachdriver holds devicelockdev, but the other two bindstore and driverattach do not. This inconsisten...

5.4AI score0.0011EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.5 views

PT-2026-35494

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A race condition exists in the driver core due to inconsistent locking in the driver match device function. While one call site holds the device lockdev, others such as bind store and...

7.8CVSS5.3AI score0.0011EPSS
Exploits0References15
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the drivermatchdevice function not holding a device lock, which may lead to race conditions...

7.8CVSS5.8AI score0.0011EPSS
Exploits0References2
NVD
NVD
added 2026/04/22 2:16 p.m.8 views

CVE-2026-31487

In the Linux kernel, the following vulnerability has been resolved: spi: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which can cause ...

5.5CVSS0.00094EPSS
Exploits0References4
NVD
NVD
added 2026/04/03 4:16 p.m.5 views

CVE-2026-23434

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: serialize lock/unlock against other NAND operations nandlock and nandunlock call into chip-ops.lockarea/unlockarea without holding the NAND device lock. On controllers that implement SETFEATURES via multiple low-lev...

7.1CVSS0.00126EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/04/03 3:15 p.m.17 views

CVE-2026-23436 net: shaper: protect from late creation of hierarchy

In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect from late creation of hierarchy We look up a netdev during prep of Netlink ops pre- callbacks and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual...

0.00121EPSS
Exploits0References3
CVE
CVE
added 2026/04/03 3:15 p.m.13 views

CVE-2026-23434

CVE-2026-23434 affects the Linux kernel MTD NAND driver (mtd: rawnand) where nand_lock()/nand_unlock() call into chip->ops.lock_area/unlock_area without holding the NAND device lock. The fix introduces serialisation by wrapping those lock/unlock calls with nand_get_device()/nand_release_device...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.6 views

PT-2026-30155

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's Bluetooth L2CAP implementation, specifically within the l2cap unregister user function. A race condition occurs because l2cap register user and l2cap...

9.8CVSS5.8AI score0.00443EPSS
Exploits0References487
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of holding the device lock during nandlock and nandunlock operations, potentially leadin...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.8 views

PT-2026-36436

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the Bluetooth component. In the set cig params sync function, the lookup and field access of hci conn are not properly protected by the hdev lock,...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References47
NVD
NVD
added 2026/03/25 11:16 a.m.3 views

CVE-2026-23295

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix dead lock for suspend and resume When an application issues a query IOCTL while auto suspend is running, a deadlock can occur. The query path holds devlock and then calls pmruntimeresumeandget, which waits for...

5.5CVSS0.00087EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/25 12:28 a.m.3 views

SUSE CVE-2026-23999

Fleet is open source device management software. In versions prior to 4.80.1, Fleet generated device lock and wipe PINs using a predictable algorithm based solely on the current Unix timestamp. Because no secret key or additional entropy was used, the resulting PIN could potentially be derived if...

5.5CVSS6AI score0.00124EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.6 views

CVE-2026-23999

Fleet is open source device management software. In versions prior to 4.80.1, Fleet generated device lock and wipe PINs using a predictable algorithm based solely on the current Unix timestamp. Because no secret key or additional entropy was used, the resulting PIN could potentially be derived if...

5.5CVSS5.5AI score0.00124EPSS
Exploits0References1
OSV
OSV
added 2026/02/27 2:17 a.m.7 views

GO-2026-4564 Fleet: Device lock PIN can be predicted if lock time is known in github.com/fleetdm/fleet

Fleet: Device lock PIN can be predicted if lock time is known in github.com/fleetdm/fleet...

5.5CVSS5.8AI score0.00124EPSS
Exploits0References3
OSV
OSV
added 2026/02/26 7:35 p.m.5 views

GHSA-PPWX-5JQ7-PX2W Fleet: Device lock PIN can be predicted if lock time is known

Summary Fleet generated device lock and wipe PINs using a predictable algorithm based solely on the current Unix timestamp. Because no secret key or additional entropy was used, the resulting PIN could potentially be derived if the approximate time the device was locked is known. Impact Fleet’s...

4.1CVSS5.7AI score0.00124EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/26 7:35 p.m.7 views

Fleet: Device lock PIN can be predicted if lock time is known

Summary Fleet generated device lock and wipe PINs using a predictable algorithm based solely on the current Unix timestamp. Because no secret key or additional entropy was used, the resulting PIN could potentially be derived if the approximate time the device was locked is known. Impact Fleet’s...

5.5CVSS5.5AI score0.00124EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/26 2:45 a.m.3 views

CVE-2026-23999 Fleet: Device lock PIN can be predicted if lock time is known

Fleet is open source device management software. In versions prior to 4.80.1, Fleet generated device lock and wipe PINs using a predictable algorithm based solely on the current Unix timestamp. Because no secret key or additional entropy was used, the resulting PIN could potentially be derived if...

4.1CVSS6AI score0.00124EPSS
Exploits0References1
CVE
CVE
added 2026/02/26 2:45 a.m.337 views

CVE-2026-23999

CVE-2026-23999 affects Fleet open source device management before version 4.80.1. The vulnerability stems from a predictable 6‑digit PIN (device lock/wipe) derived from the current Unix timestamp without secret entropy, allowing an attacker with physical access and knowledge of approximate lock t...

5.5CVSS5.6AI score0.00124EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/26 2:45 a.m.2 views

CVE-2026-23999

Fleet is open source device management software. In versions prior to 4.80.1, Fleet generated device lock and wipe PINs using a predictable algorithm based solely on the current Unix timestamp. Because no secret key or additional entropy was used, the resulting PIN could potentially be derived if...

5.5CVSS5.6AI score0.00124EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/26 2:45 a.m.5 views

CVE-2026-23999 Fleet: Device lock PIN can be predicted if lock time is known

Fleet is open source device management software. In versions prior to 4.80.1, Fleet generated device lock and wipe PINs using a predictable algorithm based solely on the current Unix timestamp. Because no secret key or additional entropy was used, the resulting PIN could potentially be derived if...

4.1CVSS6AI score0.00124EPSS
Exploits0References3
Rows per page
Query Builder