Lucene search
K

1079 matches found

OSV
OSV
β€’added 2026/07/06 10:8 a.m.β€’6 views

RHSA-2026:35846 Red Hat Security Advisory: edk2 security update

Bulletin has no description...

5.6CVSS6.1AI score0.01744EPSS
Exploits0References7
OSV
OSV
β€’added 2026/07/02 3:49 p.m.β€’6 views

USN-8498-1 linux-nvidia-tegra vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; -...

9.8CVSS6.4AI score0.00686EPSS
Exploits4References298
OSV
OSV
β€’added 2026/07/02 3:24 p.m.β€’10 views

USN-8492-2 linux-aws-6.8, linux-gcp-6.8, linux-gke, linux-gkeop, linux-ibm-6.8, linux-nvidia-lowlatency, linux-oracle-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; -...

9.8CVSS6.4AI score0.00686EPSS
Exploits4References300
OSV
OSV
β€’added 2026/06/25 6:43 p.m.β€’8 views

GO-2026-5298 Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList() in github.com/google/go-attestation

Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList in github.com/google/go-attestation...

8.9CVSS5.8AI score0.00191EPSS
Exploits0References4
RedhatCVE
RedhatCVE
β€’added 2026/06/25 6:17 p.m.β€’5 views

CVE-2026-53047

A flaw was found in the Linux kernel's EFI Extensible Firmware Interface capsule loader. An incorrect size calculation during memory reallocation for physical addresses can lead to an undersized buffer. This issue, specifically on 32-bit systems with Physical Address Extension PAE, may result in ...

5.5CVSS6.3AI score0.00195EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
β€’added 2026/06/25 12:0 a.m.β€’9 views

Linux Distros Unpatched Vulnerability : CVE-2026-53047

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - efi/capsule-loader: fix incorrect sizeof in phys array reallocation The krealloc call for capinfo-phys in eficapsulesetupinfo uses sizeofphysaddrt instead of...

6.2AI score0.00195EPSS
Exploits0References3
EUVD
EUVD
β€’added 2026/06/24 4:29 p.m.β€’4 views

EUVD-2026-38915

In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect sizeof in phys array reallocation The krealloc call for capinfo-phys in eficapsulesetupinfo uses sizeofphysaddrt instead of sizeofphysaddrt, which might be causing an undersized allocation. The...

6AI score0.00195EPSS
Exploits0References8
CVE
CVE
β€’added 2026/06/24 4:29 p.m.β€’8 views

CVE-2026-53047

CVE-2026-53047 affects the Linux kernel’s efi/capsule-loader. The vulnerability arises from a mis-sized allocation in __efi_capsule_setup_info(): the krealloc() for cap_info->phys uses sizeof(phys_addr_t *) instead of sizeof(phys_addr_t). This can produce an undersized allocation, inconsistent...

6AI score0.00195EPSS
Exploits0References8
EUVD
EUVD
β€’added 2026/06/24 12:49 a.m.β€’17 views

EUVD-2026-38641

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList does not advance the buffer past vendor bytes before reading entries. For hashSHA256SigGUID lists, this allows attacker-controlled vendor header bytes to be appended ...

8.9CVSS6.2AI score0.00191EPSS
Exploits0References3
Positive Technologies
Positive Technologies
β€’added 2026/06/24 12:0 a.m.β€’9 views

PT-2026-51941

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An undersized allocation occurs in the efi capsule setup info function due to the use of sizeofphys addr t instead of sizeofphys addr t during a krealloc call for the cap info-phys...

6.2AI score0.00195EPSS
Exploits0References17
AstraLinux
AstraLinux
β€’added 2026/06/19 11:10 a.m.β€’7 views

Astra Linux – Vulnerability in Linux 5.15

In the efirtasmwrapper of efi-rt-wrapper.S, there is a possible way to bypass shadow stack protection due to a logical error in the code. This could result in a local escalation of privileges without the need for additional execution privileges. User interaction is not required for exploitation...

7.8CVSS6.8AI score0.00189EPSS
Exploits1References2
SUSE CVE
SUSE CVE
β€’added 2026/06/17 2:30 a.m.β€’16 views

SUSE CVE-2024-38798

EDK2 contains a vulnerability in BIOS where an attacker may cause β€œExposure of Sensitive Information to an Unauthorized Actor” by local access. Successful exploitation of this vulnerability will lead to possible information disclosure or escalation of privilege and impact Confidentiality...

5.8CVSS5.3AI score0.00123EPSS
Exploits0References3
OSV
OSV
β€’added 2026/06/15 5:11 p.m.β€’3 views

SUSE-SU-2026:22137-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-38549: efivarfs: Fix memory leak of efivarfsfsinfo in fscontext error paths bsc1248235. - CVE-2025-68324: scsi: imm: Fix use-after-free bug cause...

9.8CVSS5.6AI score0.93235EPSS
Exploits51References208
Github Security Blog
Github Security Blog
β€’added 2026/06/12 3:4 p.m.β€’12 views

Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList()

Summary parseEfiSignatureList in attest/internal/events.go does not skip SignatureHeaderSize vendor bytes before reading EFISIGNATURELIST signature entries, violating UEFI specification section 31.4.1. Impact For hashSHA256SigGUID lists, attacker-controlled vendor header bytes are appended direct...

5.5AI score
Exploits0References5Affected Software1
OSV
OSV
β€’added 2026/06/12 3:4 p.m.β€’9 views

GHSA-9R4W-JG96-92MV Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList()

Summary parseEfiSignatureList in attest/internal/events.go does not skip SignatureHeaderSize vendor bytes before reading EFISIGNATURELIST signature entries, violating UEFI specification section 31.4.1. Impact For hashSHA256SigGUID lists, attacker-controlled vendor header bytes are appended direct...

6.8CVSS5.6AI score0.00191EPSS
Exploits0References5
Positive Technologies
Positive Technologies
β€’added 2026/06/12 12:0 a.m.β€’19 views

PT-2026-48872

VeraCrypt 1.26.29 is now available!πŸŽ‰ - Argon2id KDF for non-system volumes - Security fixes: CVE-2026-54073 & CVE-2026-53762 - Microsoft UEFI CA 2023 support for system encryption - Driver, EFI, Linux/macOS fixes πŸ”—More details at https://t.co/xdLi5dqTrX...

5.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
β€’added 2026/06/12 12:0 a.m.β€’17 views

PT-2026-48875

⚠️ If you use hidden volumes in VeraCrypt: Versions 1.26.6 – 1.26.28 had a regression that could weaken plausible deniability of hidden volumes inside file containers CVE-2026-54073. Fixed in 1.26.29. If this applies to you, recreate the container + hidden volume with the new version and securely...

5.3AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
β€’added 2026/06/10 12:0 a.m.β€’9 views

Linux Distros Unpatched Vulnerability : CVE-2026-46290

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/efi: Fix graceful fault handling after FPU softirq changes Since commit d02198550423 x86/fpu: Improve crypto performance by making kernel-mode FPU reliably...

5.5CVSS6.1AI score0.00121EPSS
Exploits0References2
SUSE CVE
SUSE CVE
β€’added 2026/06/09 2:20 a.m.β€’12 views

SUSE CVE-2026-46290

In the Linux kernel, the following vulnerability has been resolved: x86/efi: Fix graceful fault handling after FPU softirq changes Since commit d02198550423 "x86/fpu: Improve crypto performance by making kernel-mode FPU reliably usable in softirqs", kernelfpubegin calls fpregslock which uses...

5.5CVSS5.4AI score0.00121EPSS
Exploits0References3
OSV
OSV
β€’added 2026/06/08 5:16 p.m.β€’9 views

UBUNTU-CVE-2026-46290

In the Linux kernel, the following vulnerability has been resolved: x86/efi: Fix graceful fault handling after FPU softirq changes Since commit d02198550423 "x86/fpu: Improve crypto performance by making kernel-mode FPU reliably usable in softirqs", kernelfpubegin calls fpregslock which uses...

5.7CVSS5.3AI score0.00121EPSS
Exploits0References7
Rows per page
Query Builder