1775 matches found
CVE-2026-46057 landlock: Fix LOG_SUBDOMAINS_OFF inheritance across fork()
In the Linux kernel, the following vulnerability has been resolved: landlock: Fix LOGSUBDOMAINSOFF inheritance across fork hookcredtransfer only copies the Landlock security blob when the source credential has a domain. This is inconsistent with landlockrestrictself which can set LOGSUBDOMAINSOFF...
CVE-2026-46057
The connected OpenSUSE advisory for CVE-2026-46057 documents a Linux kernel Landlock issue where fork() does not preserve the Landlock security blob because hook_cred_transfer() only copies the blob when a domain exists. The fix is to unconditionally copy the Landlock credential blob to ensure su...
CVE-2026-45837
A flaw was found in the Linux kernel. A use-after-free vulnerability exists in the arenavmclose function during a fork operation. This occurs because the child's Virtual Memory Area VMA is not correctly registered, leading to a dangling pointer. If a child process attempts to access this stale...
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control C2 channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions. "Since...
CVE-2026-45837
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...
UBUNTU-CVE-2026-45837
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...
CVE-2026-45837
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...
CVE-2026-45837 bpf: Fix use-after-free in arena_vm_close on fork
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...
CVE-2026-45837
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...
EUVD-2026-32163
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...
CVE-2026-45837
CVE-2026-45837 : In the Linux kernel, a use-after-free in arena_vm_close on fork was fixed. The root cause is that arena_vm_open() only bumps vml->mmap_count and does not register the child VMA in arena->vma_list, so vml->vma continues to point to the parent VMA after fork. If the child ...
PT-2026-43924
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Landlock security module where the LOG SUBDOMAINS OFF setting is not correctly inherited across fork. The hook cred transfer function only copies the Landlock...
CVE-2026-46057
landlock: Fix LOGSUBDOMAINSOFF inheritance across fork...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability arises from arenavmopen only increasing vml-mmapcount without registering the sub-VMA regions in...
CVE-2026-45837
bpf: Fix use-after-free in arenavmclose on fork...
PT-2026-43671
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the arena vm close function during a fork operation. The arena vm open function increments the vml-mmap count but fails to register the child Virtual...
Linux Distros Unpatched Vulnerability : CVE-2026-45837
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always poin...
Malicious code in @fhkry/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75b00f1cbf8b88a31654d13fe812fd9201f0b0c92f9ddad31fea59376752a636 This package is a Baileys WhatsApp Web library fork that, on every WebSocket connection, silently performs WhatsApp newsletter actions on the...
MAL-2026-4803 Malicious code in @fhkry/baileys (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75b00f1cbf8b88a31654d13fe812fd9201f0b0c92f9ddad31fea59376752a636 This package is a Baileys WhatsApp Web library fork that, on every WebSocket connection, silently performs WhatsApp newsletter actions on the...
Malicious code in happy-dlscord.js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d183bf51c0f2be0102a7a7aeeda661f895e3b075f183d76d5f0f77c09c70860 The package name 'happy-dlscord.js' is a one-character edit of the top-tier npm package 'discord.js' and ships a near-verbatim fork of the upstream...