Lucene search
K

74044 matches found

OSV
OSV
added 2026/03/25 10:27 a.m.3 views

CVE-2026-23322 ipmi: Fix use-after-free and list corruption on sender error

In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix use-after-free and list corruption on sender error The analysis from Breno: When the SMI sender returns an error, smiwork delivers an error response but then jumps back to restart without cleaning up properly: 1...

7.8CVSS5.7AI score0.00124EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:27 a.m.4 views

CVE-2026-23317

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Return the correct value in vmwtranslateptr functions Before the referenced fixes these functions used a lookup function that returned a pointer. This was changed to another lookup function that returned an error code...

5.7AI score0.00129EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/03/25 10:27 a.m.17 views

CVE-2026-23317 drm/vmwgfx: Return the correct value in vmw_translate_ptr functions

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Return the correct value in vmwtranslateptr functions Before the referenced fixes these functions used a lookup function that returned a pointer. This was changed to another lookup function that returned an error code...

7.8CVSS0.00129EPSS
Exploits0References6
CVE
CVE
added 2026/03/25 10:27 a.m.14 views

CVE-2026-23317

The CVE-2026-23317 entry describes a Linux kernel vulnerability in drm/vmwgfx, specifically vmw_translate_ptr. The root cause was a previous change where a pointer-returning lookup was replaced by an error-code-returning lookup with the pointer as an out parameter; the error path was not updated,...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/25 10:27 a.m.2 views

CVE-2026-23317 drm/vmwgfx: Return the correct value in vmw_translate_ptr functions

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Return the correct value in vmwtranslateptr functions Before the referenced fixes these functions used a lookup function that returned a pointer. This was changed to another lookup function that returned an error code...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2026/03/25 10:27 a.m.3 views

CVE-2026-23305

In the Linux kernel, the following vulnerability has been resolved: accel/rocket: fix unwinding in error path in rocketprobe When rocketcoreinit fails as could be the case with EPROBEDEFER, we need to properly unwind by decrementing the counter we just incremented and if this is the first core we...

7.1CVSS5.2AI score0.00124EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:27 a.m.1 views

CVE-2026-23305

In the Linux kernel, the following vulnerability has been resolved: accel/rocket: fix unwinding in error path in rocketprobe When rocketcoreinit fails as could be the case with EPROBEDEFER, we need to properly unwind by decrementing the counter we just incremented and if this is the first core we...

5.6AI score0.00124EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/25 10:27 a.m.20 views

CVE-2026-23305 accel/rocket: fix unwinding in error path in rocket_probe

In the Linux kernel, the following vulnerability has been resolved: accel/rocket: fix unwinding in error path in rocketprobe When rocketcoreinit fails as could be the case with EPROBEDEFER, we need to properly unwind by decrementing the counter we just incremented and if this is the first core we...

0.00124EPSS
Exploits0References3
OSV
OSV
added 2026/03/25 10:27 a.m.4 views

CVE-2026-23305 accel/rocket: fix unwinding in error path in rocket_probe

In the Linux kernel, the following vulnerability has been resolved: accel/rocket: fix unwinding in error path in rocketprobe When rocketcoreinit fails as could be the case with EPROBEDEFER, we need to properly unwind by decrementing the counter we just incremented and if this is the first core we...

7.1CVSS5.7AI score0.00124EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/25 10:26 a.m.18 views

CVE-2026-23299 Bluetooth: purge error queues in socket destructors

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: purge error queues in socket destructors When TX timestamping is enabled via SOTIMESTAMPING, SKBs may be queued into skerrorqueue and will stay there until consumed. If userspace never gets to read the timestamps, or i...

0.00121EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:26 a.m.3 views

CVE-2026-23299

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: purge error queues in socket destructors When TX timestamping is enabled via SOTIMESTAMPING, SKBs may be queued into skerrorqueue and will stay there until consumed. If userspace never gets to read the timestamps, or i...

5.6AI score0.00121EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/03/25 10:26 a.m.4 views

CVE-2026-23299

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: purge error queues in socket destructors When TX timestamping is enabled via SOTIMESTAMPING, SKBs may be queued into skerrorqueue and will stay there until consumed. If userspace never gets to read the timestamps, or i...

5.5CVSS5.2AI score0.00121EPSS
Exploits0
CVE
CVE
added 2026/03/25 10:26 a.m.7 views

CVE-2026-23299

CVE-2026-23299 relates to a Linux kernel Bluetooth issue where, when TX timestamping is enabled (SO_TIMESTAMPING), SKBs may be queued in the sk_error_queue during socket destruction and could leak if unread or if the controller is removed. The fixed mitigation is the addition of skb_queue_purge()...

5.5CVSS5.6AI score0.00121EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/25 10:26 a.m.7 views

CVE-2026-23299 Bluetooth: purge error queues in socket destructors

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: purge error queues in socket destructors When TX timestamping is enabled via SOTIMESTAMPING, SKBs may be queued into skerrorqueue and will stay there until consumed. If userspace never gets to read the timestamps, or i...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References6
CVE
CVE
added 2026/03/25 10:26 a.m.12 views

CVE-2026-23288

The CVE-2026-23288 issue is in the Linux kernel’s accel/amdxdna component. It describes an out-of-bounds write caused by clearing the command header with memset() before validating the remaining space in a command slot, when the slot space is smaller than the header. The root cause is performing ...

7.8CVSS5.7AI score0.0012EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/25 10:26 a.m.16 views

CVE-2026-23285 drbd: fix null-pointer dereference on local read error

In the Linux kernel, the following vulnerability has been resolved: drbd: fix null-pointer dereference on local read error In drbdrequestendio, READCOMPLETEDWITHERROR is passed to reqmod with a NULL peerdevice: reqmodreq, what, NULL, &m; The READCOMPLETEDWITHERROR handler then unconditionally...

0.00122EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/03/25 10:26 a.m.3 views

CVE-2026-23285

In the Linux kernel, the following vulnerability has been resolved: drbd: fix null-pointer dereference on local read error In drbdrequestendio, READCOMPLETEDWITHERROR is passed to reqmod with a NULL peerdevice: reqmodreq, what, NULL, &m; The READCOMPLETEDWITHERROR handler then unconditionally...

5.5CVSS5.2AI score0.00122EPSS
Exploits0
OSV
OSV
added 2026/03/25 10:26 a.m.8 views

CVE-2026-23285 drbd: fix null-pointer dereference on local read error

In the Linux kernel, the following vulnerability has been resolved: drbd: fix null-pointer dereference on local read error In drbdrequestendio, READCOMPLETEDWITHERROR is passed to reqmod with a NULL peerdevice: reqmodreq, what, NULL, &m; The READCOMPLETEDWITHERROR handler then unconditionally...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/03/25 10:26 a.m.18 views

CVE-2026-23282 smb: client: fix oops due to uninitialised var in smb2_unlink()

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix oops due to uninitialised var in smb2unlink If SMB2openinit or SMB2closeinit fails e.g. reconnect, the iovs set @rqst will be left uninitialised, hence calling SMB2openfree, SMB2closefree or smb2setrelated on the...

0.00121EPSS
Exploits0References3
OSV
OSV
added 2026/03/25 7:8 a.m.5 views

SUSE-SU-2026:1000-1 Security update for the Linux Kernel (Live Patch 24 for SUSE Linux Enterprise 15 SP5)

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.97 fixes various security issues The following security issues were fixed: - CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc1255595. - CVE-2023-53257: wifi: mac80211: check S1G action frame siz...

7.8CVSS6.9AI score0.00278EPSS
Exploits0References23
Rows per page
Query Builder