CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

37 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: phy: fsl-usb: Fixed a use-after-free issue during delayed work when removing a device. The delayed work item, otgevent, is initialized in fslotgconf and scheduled under two conditions: 1. When a host controller binds to the...

5.2AI score0.00181EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Bridge: cfm: Fixed a race condition in the peermep deletion process. When a peer MEP is being deleted, the canceldelayedworksync function is called on ccmrxdwork before freeing the object. However, brcfmframerx runs in a softirq...

7.8CVSS4.7AI score0.001EPSS

Exploits0References1

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: L2CAP: Fixed a deadlock in l2capconndel. The l2capconndel function calls canceldelayedworksync for both infotimer and idaddrtimer while holding conn-lock. However, the functions l2capinfotimeout and...

5.5CVSS5.8AI score0.00094EPSS

Exploits0References1

EUVD•added 2026/04/22 3:31 p.m.•2 views

EUVD-2026-24875

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix deadlock in l2capconndel l2capconndel calls canceldelayedworksync for both infotimer and idaddrtimer while holding conn-lock. However, the work functions l2capinfotimeout and l2capconnupdateidaddr both acqui...

5.6AI score0.00094EPSS

Exploits0References4

NVD•added 2026/04/22 2:16 p.m.•2 views

CVE-2026-31499

5.5CVSS0.00094EPSS

Exploits0References4

CVE•added 2026/04/22 1:54 p.m.•17 views

CVE-2026-31499

CVE-2026-31499 affects the Linux kernel Bluetooth L2CAP code. The vulnerability stems from l2cap_conn_del() canceling delayed work (info_timer and id_addr_timer) while holding conn->lock, while the corresponding work functions (l2cap_info_timeout() and l2cap_conn_update_id_addr()) also acquire...

5.5CVSS5.6AI score0.00094EPSS

Exploits0References4Affected Software1

ATTACKERKB•added 2026/04/22 1:54 p.m.•2 views

CVE-2026-31499

5.5CVSS5.7AI score0.00094EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2026/04/22 12:0 a.m.•5 views

PT-2026-34404

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock can occur in the Bluetooth L2CAP component within the l2cap conn del function. This happens because l2cap conn del calls cancel delayed work sync for both info timer and id ad...

7.8CVSS5.8AI score0.00378EPSS

Exploits0References117

Tenable Nessus•added 2026/04/17 12:0 a.m.•4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007420)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007420 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: imm: Fix use-after-free bug caused by unfinished delayed work The delayed work item 'immtq'...

5.8AI score0.00171EPSS

Exploits0References4

SUSE CVE•added 2026/04/06 11:25 p.m.•4 views

SUSE CVE-2026-31406

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrmnatkeepalivenetfini After canceldelayedworksync is called from xfrmnatkeepalivenetfini, xfrmstatefini flushes remaining states via xfrmstatedelete, which calls...

7CVSS5.7AI score0.00159EPSS

Exploits0References40

CVE•added 2026/04/06 7:38 a.m.•13 views

CVE-2026-31406

The CVE-2026-31406 issue is a race in the Linux kernel xfrm path during network cleanup. After cancel_delayed_work_sync() is invoked from xfrm_nat_keepalive_net_fini(), xfrm_state_fini() flushes states and __xfrm_state_delete() calls xfrm_nat_keepalive_state_updated(), which can re-schedule nat_k...

7.8CVSS5.7AI score0.00159EPSS

Exploits0References4Affected Software1

UbuntuCve•added 2026/03/25 11:16 a.m.•1 views

CVE-2026-23393

In the Linux kernel, the following vulnerability has been resolved: bridge: cfm: Fix race condition in peermep deletion When a peer MEP is being deleted, canceldelayedworksync is called on ccmrxdwork before freeing. However, brcfmframerx runs in softirq context under rcureadlock without RTNL and...

7.8CVSS5.7AI score0.001EPSS

Exploits0References6

OSV•added 2026/03/25 11:16 a.m.•3 views

UBUNTU-CVE-2026-23393

7.8CVSS5.7AI score0.001EPSS

Exploits0References7

ATTACKERKB•added 2026/03/25 10:33 a.m.•1 views

CVE-2026-23393

5.6AI score0.001EPSS

Exploits0References5Affected Software1

SUSE CVE•added 2026/03/11 12:27 a.m.•1 views

SUSE CVE-2026-23240

In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tlsswcancelworktx This issue was discovered during a code audit. After canceldelayedworksync is called from tlsskprotoclose, txworkhandler can still be scheduled from paths such as the Delayed ACK handl...

7CVSS5.7AI score0.0049EPSS

Exploits0References22

EUVD•added 2026/03/10 6:31 p.m.•2 views

EUVD-2026-10576

5.6AI score0.0049EPSS

Exploits0References5

EUVD•added 2026/03/10 6:31 p.m.•1 views

EUVD-2026-10575

5.6AI score0.0049EPSS

Exploits0References5

CVE•added 2026/03/10 5:28 p.m.•36 views

CVE-2026-23240

In CVE-2026-23240, the Linux kernel fixed a race condition in TLS handling where cancel_delayed_work_sync() used during tls_sk_proto_close() could allow tls_sw_cancel_work_tx() to schedule tx_work_handler() after the TLS object was freed. The root cause involved potential scheduling from paths li...

9.8CVSS5.6AI score0.0049EPSS

Exploits0References4Affected Software1

ATTACKERKB•added 2026/03/10 5:28 p.m.•2 views

CVE-2026-23240

5.5AI score0.0049EPSS

Exploits0References5Affected Software1