16498 matches found
CVE-2026-53233
A flaw was found in the Linux kernel. A double-free vulnerability exists within the netdevnlbindrxdoit function, which is responsible for binding network device receive operations. This vulnerability arises when genlmsgreply consumes the socket buffer skb, and the error handling path subsequently...
CVE-2026-53198
A flaw was found in ksmbd, a Linux kernel module that provides an in-kernel SMB server. An authenticated SMB client can trigger a use-after-free vulnerability by sending a double SMB2CANCEL request for the same asynchronous operation. This can lead to memory corruption, potentially allowing an...
PT-2026-52925
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the idpf driver where a double free and use-after-free occur during auxiliary device error paths. When the auxiliary device add function fails within idpf plug vport a...
PT-2026-52933
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mailbox-test component where a double-free occurs during the process of freeing channels. This happens because the RX channel can be aliased to the TX channel if i...
Curl 8.15.0 < 8.21.0 SASL Double-Free
The version of curl installed on the remote host is 8.15.0 prior to 8.21.0. It is, therefore, affected by a double-free vulnerability: - The curl logic that works with SASL authentication could end up cleaning up the GSASL context twice without clearing the pointer in between, making it free the...
Debian dla-4650 : giflib-tools - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4650 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4650-1 [email protected]...
PT-2026-52936
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the mana remove function where a double invocation can lead to a kernel panic. This occurs when a Power Management PM resume fails, causing mana probe to call mana remov...
Oracle Linux 9 : kernel (ELSA-2026-27789)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-27789 advisory. - net/sched: fix pedit partial COW leading to page cache corruption Ivan Vecera RHEL-177392 CVE-2026-46331 - scsi: qla2xxx: Completely fix fcport doub...
kernel: scsi: qla2xxx: Completely fix fcport double free
A flaw was found in the Linux kernel's qla2xxx SCSI driver. An issue exists where a Fibre Channel port fcport object can be freed twice due to an error in the qla2x00elsdcmdspfree function. This double free vulnerability can lead to memory corruption, potentially causing system instability or a...
kernel: nvmet-tcp: fix race between ICReq handling and queue teardown
A flaw was found in the Linux kernel's NVMe over TCP nvmet-tcp implementation. A race condition exists between the handling of an Initialization Connection Request ICReq and the teardown of a queue. A remote attacker, by sending an ICReq and immediately closing the connection, could trigger a...
CVE-2026-52993
A flaw was found in the Linux kernel's Transparent Inter-Process Communication TIPC module. This vulnerability, a double-free, occurs when the tipcbufappend function incorrectly handles memory after a socket buffer skb reallocation. An attacker could potentially exploit this to cause system...
CVE-2026-53009
A flaw was found in the Linux kernel's ice network driver. An error in the driver's handling of network packet transmission, specifically when icetso or icetxcsum functions fail, can lead to a double-free of a network buffer skb. This occurs because a transmit buffer txbuf may still point to an...
EUVD-2026-39535
SeaweedFS is a distributed storage system for object storage S3, file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter.SkipCleantrue. With path cleaning disabled, a .. segment inside the URL survives...
CVE-2026-55699
pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin object keys such as "", ".", and ".." passed pnpm's bin-name guard. When a malicious package was installed globally, later global remove, update, or add-replacement flows could re-derive those names from the installed manifest a...
CVE-2026-53233
In the Linux kernel, the following vulnerability has been resolved: netdev: fix double-free in netdevnlbindrxdoit Sashiko flags that genlmsgreply always consumes the skb. The error path calls nlmsgfreersp so we can't jump directly to it. Let's not unbind, just propagate the error to the user. Thi...
CVE-2026-53198
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of a deferred filelock on double SMB2CANCEL A deferred byte-range lock an SMB2LOCK that blocks registers an async work on conn-asyncrequests via setupasyncwork, with cancelfn = smb2removeblockedlock and...
UBUNTU-CVE-2026-53233
In the Linux kernel, the following vulnerability has been resolved: netdev: fix double-free in netdevnlbindrxdoit Sashiko flags that genlmsgreply always consumes the skb. The error path calls nlmsgfreersp so we can't jump directly to it. Let's not unbind, just propagate the error to the user. Thi...
UBUNTU-CVE-2026-53198
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of a deferred filelock on double SMB2CANCEL A deferred byte-range lock an SMB2LOCK that blocks registers an async work on conn-asyncrequests via setupasyncwork, with cancelfn = smb2removeblockedlock and...
CVE-2026-53233
In the Linux kernel, CVE-2026-53233 concerns a double-free in netdev_nl_bind_rx_doit(). The fix addresses a faulty interaction with genlmsg_reply(), where genlmsg_reply() is expected to consume the skb. The error path previously invoked nlmsg_free(rsp), which was incompatible with unbinding flow;...
EUVD-2026-39324
In the Linux kernel, the following vulnerability has been resolved: netdev: fix double-free in netdevnlbindrxdoit Sashiko flags that genlmsgreply always consumes the skb. The error path calls nlmsgfreersp so we can't jump directly to it. Let's not unbind, just propagate the error to the user. Thi...