1712 matches found
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control C2 channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions. "Since...
CVE-2026-45837
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...
UBUNTU-CVE-2026-45837
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...
CVE-2026-45837 bpf: Fix use-after-free in arena_vm_close on fork
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...
CVE-2026-45837
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...
CVE-2026-45837
The CVE-2026-45837 issue affects the Linux kernel BPF arena memory management during fork. The root cause is that arena_vm_open() bumps mmap_count but does not register the child VMA in arena->vma_list, leaving vml->vma to point to the parent VMA. After the parent unmaps, a use-after-free c...
CVE-2026-45837
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...
EUVD-2026-32163
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...
PT-2026-43671
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arena vm close on fork arena vm open only bumps vml-mmap count but never registers the child VMA in arena-vma list. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangle...
Linux Distros Unpatched Vulnerability : CVE-2026-45837
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but nev...
PT-2026-43924
In the Linux kernel, the following vulnerability has been resolved: landlock: Fix LOG SUBDOMAINS OFF inheritance across fork hook cred transfer only copies the Landlock security blob when the source credential has a domain. This is inconsistent with landlock restrict self which can set LOG...
CVE-2026-45837
bpf: Fix use-after-free in arenavmclose on fork...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability arises from arenavmopen only increasing vml-mmapcount without registering the sub-VMA regions in...
CVE-2026-46057
landlock: Fix LOGSUBDOMAINSOFF inheritance across fork...
MAL-2026-4803 Malicious code in @fhkry/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75b00f1cbf8b88a31654d13fe812fd9201f0b0c92f9ddad31fea59376752a636 This package is a Baileys WhatsApp Web library fork that, on every WebSocket connection, silently performs WhatsApp newsletter actions on the...
Malicious code in @fhkry/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75b00f1cbf8b88a31654d13fe812fd9201f0b0c92f9ddad31fea59376752a636 This package is a Baileys WhatsApp Web library fork that, on every WebSocket connection, silently performs WhatsApp newsletter actions on the...
Malicious code in happy-dlscord.js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d183bf51c0f2be0102a7a7aeeda661f895e3b075f183d76d5f0f77c09c70860 The package name 'happy-dlscord.js' is a one-character edit of the top-tier npm package 'discord.js' and ships a near-verbatim fork of the upstream...
Malicious code in chromestaff-baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d5fad12014025f37f607a61051a445262f37bcee6682850dfd77cc0dcb0b486 chromestaff-baileys is a fork of the Baileys WhatsApp library that, on every successful WhatsApp connection, silently forces the connected user's...
Malicious code in hiura-baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ebb60061f29d4f4279bca1129ebfccefb928bd22364f26961205935ff71393f This is a fork of the Baileys WhatsApp library that adds undocumented behavior abusing the consumer's authenticated WhatsApp account for the author's...
Malicious code in @budetzzgantenk/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81b1fbb4415cf2858924d511ef2bf96ad5152dda4537a264f45d1b4d847ba25d Package @budetzzgantenk/baileys is a modified fork of @whiskeysockets/baileys that adopts the upstream's homepage...