Lucene search
K

1775 matches found

Cvelist
Cvelist
added 2026/05/27 12:57 p.m.38 views

CVE-2026-46057 landlock: Fix LOG_SUBDOMAINS_OFF inheritance across fork()

In the Linux kernel, the following vulnerability has been resolved: landlock: Fix LOGSUBDOMAINSOFF inheritance across fork hookcredtransfer only copies the Landlock security blob when the source credential has a domain. This is inconsistent with landlockrestrictself which can set LOGSUBDOMAINSOFF...

0.00118EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 12:57 p.m.22 views

CVE-2026-46057

The connected OpenSUSE advisory for CVE-2026-46057 documents a Linux kernel Landlock issue where fork() does not preserve the Landlock security blob because hook_cred_transfer() only copies the blob when a domain exists. The fix is to unconditionally copy the Landlock credential blob to ensure su...

3.3CVSS5.8AI score0.00118EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/27 12:39 p.m.14 views

CVE-2026-45837

A flaw was found in the Linux kernel. A use-after-free vulnerability exists in the arenavmclose function during a fork operation. This occurs because the child's Virtual Memory Area VMA is not correctly registered, leading to a dangling pointer. If a child process attempts to access this stale...

7.8CVSS5.8AI score0.00116EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2026/05/27 11:48 a.m.26 views

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control C2 channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions. "Since...

6.2AI score
Exploits0
NVD
NVD
added 2026/05/27 11:16 a.m.15 views

CVE-2026-45837

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...

7.8CVSS0.00116EPSS
Exploits0References4
OSV
OSV
added 2026/05/27 11:16 a.m.4 views

UBUNTU-CVE-2026-45837

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...

7.8CVSS5.7AI score0.00116EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/27 9:24 a.m.10 views

CVE-2026-45837

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...

7.8CVSS5.7AI score0.00116EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/27 9:24 a.m.37 views

CVE-2026-45837 bpf: Fix use-after-free in arena_vm_close on fork

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...

0.00116EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:24 a.m.7 views

CVE-2026-45837

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...

5.7AI score0.00116EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/05/27 9:24 a.m.13 views

EUVD-2026-32163

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...

5.8AI score0.00116EPSS
Exploits0References4
CVE
CVE
added 2026/05/27 9:24 a.m.32 views

CVE-2026-45837

CVE-2026-45837 : In the Linux kernel, a use-after-free in arena_vm_close on fork was fixed. The root cause is that arena_vm_open() only bumps vml->mmap_count and does not register the child VMA in arena->vma_list, so vml->vma continues to point to the parent VMA after fork. If the child ...

7.8CVSS5.8AI score0.00116EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.17 views

PT-2026-43924

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Landlock security module where the LOG SUBDOMAINS OFF setting is not correctly inherited across fork. The hook cred transfer function only copies the Landlock...

3.3CVSS5.9AI score0.00118EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/05/27 12:0 a.m.10 views

CVE-2026-46057

landlock: Fix LOGSUBDOMAINSOFF inheritance across fork...

5.8AI score0.00118EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.13 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability arises from arenavmopen only increasing vml-mmapcount without registering the sub-VMA regions in...

5.8AI score0.00116EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/27 12:0 a.m.8 views

CVE-2026-45837

bpf: Fix use-after-free in arenavmclose on fork...

5.8AI score0.00116EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-43671

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the arena vm close function during a fork operation. The arena vm open function increments the vml-mmap count but fails to register the child Virtual...

9.8CVSS5.9AI score0.03663EPSS
Exploits15References283
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.19 views

Linux Distros Unpatched Vulnerability : CVE-2026-45837

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always poin...

7.8CVSS5.8AI score0.00116EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 12:15 p.m.13 views

Malicious code in @fhkry/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75b00f1cbf8b88a31654d13fe812fd9201f0b0c92f9ddad31fea59376752a636 This package is a Baileys WhatsApp Web library fork that, on every WebSocket connection, silently performs WhatsApp newsletter actions on the...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/26 12:15 p.m.9 views

MAL-2026-4803 Malicious code in @fhkry/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75b00f1cbf8b88a31654d13fe812fd9201f0b0c92f9ddad31fea59376752a636 This package is a Baileys WhatsApp Web library fork that, on every WebSocket connection, silently performs WhatsApp newsletter actions on the...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 7:2 p.m.13 views

Malicious code in happy-dlscord.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d183bf51c0f2be0102a7a7aeeda661f895e3b075f183d76d5f0f77c09c70860 The package name 'happy-dlscord.js' is a one-character edit of the top-tier npm package 'discord.js' and ships a near-verbatim fork of the upstream...

5.8AI score
Exploits0References1
Rows per page
Query Builder