Lucene search
K

1075 matches found

OSV
OSV
added 5 days ago5 views

USN-8498-1 linux-nvidia-tegra vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; -...

9.8CVSS6.4AI score0.00686EPSS
Exploits4References298
OSV
OSV
added 5 days ago5 views

USN-8492-2 linux-aws-6.8, linux-gcp-6.8, linux-gke, linux-gkeop, linux-ibm-6.8, linux-nvidia-lowlatency, linux-oracle-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; -...

9.8CVSS6.4AI score0.00686EPSS
Exploits4References300
OSV
OSV
added 2026/06/25 6:43 p.m.5 views

GO-2026-5298 Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList() in github.com/google/go-attestation

Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList in github.com/google/go-attestation...

5.8AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 6:17 p.m.5 views

CVE-2026-53047

A flaw was found in the Linux kernel's EFI Extensible Firmware Interface capsule loader. An incorrect size calculation during memory reallocation for physical addresses can lead to an undersized buffer. This issue, specifically on 32-bit systems with Physical Address Extension PAE, may result in ...

5.5CVSS6.3AI score0.00195EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-53047

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - efi/capsule-loader: fix incorrect sizeof in phys array reallocation The krealloc call for capinfo-phys in eficapsulesetupinfo uses sizeofphysaddrt instead of...

6.2AI score0.00195EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 4:29 p.m.4 views

EUVD-2026-38915

In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect sizeof in phys array reallocation The krealloc call for capinfo-phys in eficapsulesetupinfo uses sizeofphysaddrt instead of sizeofphysaddrt, which might be causing an undersized allocation. The...

6AI score0.00195EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 4:29 p.m.8 views

CVE-2026-53047

CVE-2026-53047 affects the Linux kernel’s efi/capsule-loader. The vulnerability arises from a mis-sized allocation in __efi_capsule_setup_info(): the krealloc() for cap_info->phys uses sizeof(phys_addr_t *) instead of sizeof(phys_addr_t). This can produce an undersized allocation, inconsistent...

6AI score0.00195EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/24 12:49 a.m.14 views

EUVD-2026-38641

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList does not advance the buffer past vendor bytes before reading entries. For hashSHA256SigGUID lists, this allows attacker-controlled vendor header bytes to be appended ...

8.9CVSS6.2AI score0.00191EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51941

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An undersized allocation occurs in the efi capsule setup info function due to the use of sizeofphys addr t instead of sizeofphys addr t during a krealloc call for the cap info-phys...

6.2AI score0.00195EPSS
Exploits0References17
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerabilities have been resolved: tpm: efi: Use a local variable to calculate the final log size When tpmreadlogefi is called multiple times, which occurs when one loads and unloads a TPM2 driver multiple times, the global variable efitpmfinallogsize will...

5.5CVSS6.4AI score0.00235EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in edk2

A heap overflow in the LzmaUefiDecompressGetInfo function in EDK II...

6.7CVSS6.5AI score0.00386EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: EFI: Runtime: Avoid EFIv2 runtime services on Apple x86 machines Aditya reports that his recent MacBookPro crashes during firmware updates when variable services are used at runtime. The culprit seems to be a call to...

5.5CVSS5AI score0.00219EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.15

In the efirtasmwrapper of efi-rt-wrapper.S, there is a possible way to bypass shadow stack protection due to a logical error in the code. This could result in a local escalation of privileges without the need for additional execution privileges. User interaction is not required for exploitation...

7.8CVSS6.8AI score0.00189EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/06/17 2:30 a.m.14 views

SUSE CVE-2024-38798

EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local access. Successful exploitation of this vulnerability will lead to possible information disclosure or escalation of privilege and impact Confidentiality...

5.8CVSS5.3AI score0.00119EPSS
Exploits0References3
OSV
OSV
added 2026/06/15 5:11 p.m.3 views

SUSE-SU-2026:22137-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-38549: efivarfs: Fix memory leak of efivarfsfsinfo in fscontext error paths bsc1248235. - CVE-2025-68324: scsi: imm: Fix use-after-free bug cause...

9.8CVSS5.6AI score0.93235EPSS
Exploits40References208
Github Security Blog
Github Security Blog
added 2026/06/12 3:4 p.m.11 views

Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList()

Summary parseEfiSignatureList in attest/internal/events.go does not skip SignatureHeaderSize vendor bytes before reading EFISIGNATURELIST signature entries, violating UEFI specification section 31.4.1. Impact For hashSHA256SigGUID lists, attacker-controlled vendor header bytes are appended direct...

5.5AI score
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/12 3:4 p.m.7 views

GHSA-9R4W-JG96-92MV Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList()

Summary parseEfiSignatureList in attest/internal/events.go does not skip SignatureHeaderSize vendor bytes before reading EFISIGNATURELIST signature entries, violating UEFI specification section 31.4.1. Impact For hashSHA256SigGUID lists, attacker-controlled vendor header bytes are appended direct...

6.8CVSS5.6AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48875

⚠️ If you use hidden volumes in VeraCrypt: Versions 1.26.6 – 1.26.28 had a regression that could weaken plausible deniability of hidden volumes inside file containers CVE-2026-54073. Fixed in 1.26.29. If this applies to you, recreate the container + hidden volume with the new version and securely...

5.3AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48872

VeraCrypt 1.26.29 is now available!🎉 - Argon2id KDF for non-system volumes - Security fixes: CVE-2026-54073 & CVE-2026-53762 - Microsoft UEFI CA 2023 support for system encryption - Driver, EFI, Linux/macOS fixes 🔗More details at https://t.co/xdLi5dqTrX...

5.3AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-46290

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/efi: Fix graceful fault handling after FPU softirq changes Since commit d02198550423 x86/fpu: Improve crypto performance by making kernel-mode FPU reliably...

5.9AI score0.00166EPSS
Exploits0References2
Rows per page
Query Builder