86 matches found
CVE-2026-45257
The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through non-anonymous MEXTPG pages or...
EUVD-2026-39780
The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through non-anonymous MEXTPG pages or...
CVE-2026-45257
CVE-2026-45257 : FreeBSD KTLS receive path decrypts in place, enabling an unprivileged local user to overwrite a file’s page cache via sendfile(2) data over a loopback connection when KTLS receive is enabled. This can corrupt the backing file and allow privilege escalation by overwriting setuid/t...
New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets
DirtyClone is a new Linux kernel privilege escalation in the DirtyFrag family. JFrog Security Research published a working exploit walkthrough for the flaw on June 25, the first public demonstration for this variant. Tracked as CVE-2026-43503 CVSS 8.8, it lets a local user corrupt file-backed...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: erofs: fixed the UAF issue for file-backed mounts with the directio option 9.269940 T3222 Call trace: 9.269948 T3222 ext4filereadIter+0xac/0x108 9.269979 T3222 vfsiocbiterread+0xac/0x198 9.269993 T3222...
SUSE CVE-2026-46329
In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...
CVE-2026-46329
In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...
UBUNTU-CVE-2026-46329
In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...
EUVD-2026-35430
In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...
CVE-2026-46329 erofs: handle end of filesystem properly for file-backed mounts
In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...
CVE-2026-46329
The CVE-2026-46329 entry concerns the erofs filesystem in the Linux kernel. The underlying issue was handling end-of-filesystem conditions for file-backed mounts, where I/O requests beyond the filesystem end should be zeroed (as with loopback devices). The advisory indicates this has been resolve...
CVE-2026-46329
In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...
FreeBSD Security Advisory - FreeBSD-SA-26:26.ktls
FreeBSD Security Advisory - The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through...
FreeBSD -- Arbitrary file overwrite via the KTLS receive path
Problem Description: The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through non-anonymous...
FreeBSD-SA-26:26.ktls
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:26.ktls Security Advisory The FreeBSD Project Topic: Arbitrary file overwrite via the KTLS receive path Category: core Module: ktls Announced: 2026-06-09...
PT-2026-47787
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the EROFS Enhanced Read-Only File System implementation regarding file-backed mounts. I/O requests that extend beyond the end of the filesystem are not handled properl...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: erofs: limited the level of fs stacking for file-backed mounts. Otherwise, it could cause potential kernel stack overflows e.g., when mounting EROFS itself...
Deserialization of Untrusted Data
Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the FileBackedSessionManager. An attacker can execute arbitrary code by placing a crafted serialized payload into the sessions directory, which is deserialized without...
pgAdmin 4 has deserialization of untrusted data in its FileBackedSessionManager
Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...
GHSA-4RHG-H8F2-V4JM pgAdmin 4 has deserialization of untrusted data in its FileBackedSessionManager
Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...