10 matches found
kernel: Linux kernel: Use-After-Free in net/gro due to improper handling of zerocopy skbs
A flaw was found in the Linux kernel's Generic Receive Offload GRO networking subsystem. This vulnerability occurs when skbgroreceive attempts to merge zerocopy socket buffers skbs without properly managing page reference counts, specifically when the SKBFLMANAGEDFRAGREFS flag is set. An attacker...
SUSE CVE-2026-46323
In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skbgroreceive can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFLMANAGEDFRAGREFS flag. When SKBFLMANAGEDFRAGREFS is set, the...
CVE-2026-46323
A flaw was found in the Linux kernel's Generic Receive Offload GRO networking subsystem. This vulnerability occurs when skbgroreceive attempts to merge zerocopy socket buffers skbs without properly managing page reference counts, specifically when the SKBFLMANAGEDFRAGREFS flag is set. An attacker...
PT-2026-47760
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The skb gro receive function fails to check the zerocopy status, specifically the SKBFL MANAGED FRAG REFS flag, when copying fragments between the source and Generic Receive Offload GRO...
Uncontrolled Recursion
Overview strawberry-graphql is an A library for creating GraphQL APIs Affected versions of this package are vulnerable to Uncontrolled Recursion in the determinedepth function when processing GraphQL queries containing circular fragment references. An attacker can exhaust server CPU resources and...
Strawberry GraphQL has a Circular Fragment Reference DOS
Summary The QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determinedepth function enters an infinite recursion, leading to a RecursionError and crashing the...
CVE-2026-47706
Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determinedepth...
CVE-2026-47706
The CVE affects Strawberry GraphQL versions 0.71.0–0.315.6, where the QueryDepthLimiter lacks cycle detection in fragment spreads, causing infinite recursion and an application-level DOS (RecursionError) during validation. The issue is fixed in 0.315.7. Remediation: upgrade to 0.315.7 or later. T...
PT-2026-46249
Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determine depth...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the XDP multiple buffer fragment count in the net mlx5e RX component. This count is not properly...