Lucene search
K

10 matches found

RedHat Linux
RedHat Linux
added 2026/06/22 6:28 a.m.8 views

kernel: Linux kernel: Use-After-Free in net/gro due to improper handling of zerocopy skbs

A flaw was found in the Linux kernel's Generic Receive Offload GRO networking subsystem. This vulnerability occurs when skbgroreceive attempts to merge zerocopy socket buffers skbs without properly managing page reference counts, specifically when the SKBFLMANAGEDFRAGREFS flag is set. An attacker...

7.8CVSS6.1AI score0.00129EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2026/06/10 2:25 a.m.6 views

SUSE CVE-2026-46323

In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skbgroreceive can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFLMANAGEDFRAGREFS flag. When SKBFLMANAGEDFRAGREFS is set, the...

7CVSS5.3AI score0.00129EPSS
Exploits0References25
RedhatCVE
RedhatCVE
added 2026/06/09 1:41 p.m.10 views

CVE-2026-46323

A flaw was found in the Linux kernel's Generic Receive Offload GRO networking subsystem. This vulnerability occurs when skbgroreceive attempts to merge zerocopy socket buffers skbs without properly managing page reference counts, specifically when the SKBFLMANAGEDFRAGREFS flag is set. An attacker...

7.8CVSS5.4AI score0.00129EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-47760

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The skb gro receive function fails to check the zerocopy status, specifically the SKBFL MANAGED FRAG REFS flag, when copying fragments between the source and Generic Receive Offload GRO...

7.8CVSS5.2AI score0.00129EPSS
Exploits0
Snyk
Snyk
added 2026/06/04 2:38 p.m.8 views

Uncontrolled Recursion

Overview strawberry-graphql is an A library for creating GraphQL APIs Affected versions of this package are vulnerable to Uncontrolled Recursion in the determinedepth function when processing GraphQL queries containing circular fragment references. An attacker can exhaust server CPU resources and...

6.9CVSS5.5AI score0.00296EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/04 2:38 p.m.17 views

Strawberry GraphQL has a Circular Fragment Reference DOS

Summary The QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determinedepth function enters an infinite recursion, leading to a RecursionError and crashing the...

5.3CVSS5.8AI score0.00296EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 2:6 p.m.6 views

CVE-2026-47706

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determinedepth...

5.3CVSS5.8AI score0.00296EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/06/04 2:6 p.m.21 views

CVE-2026-47706

The CVE affects Strawberry GraphQL versions 0.71.0–0.315.6, where the QueryDepthLimiter lacks cycle detection in fragment spreads, causing infinite recursion and an application-level DOS (RecursionError) during validation. The issue is fixed in 0.315.7. Remediation: upgrade to 0.315.7 or later. T...

5.3CVSS5.8AI score0.00296EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.12 views

PT-2026-46249

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determine depth...

5.3CVSS5.8AI score0.00296EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the XDP multiple buffer fragment count in the net mlx5e RX component. This count is not properly...

7.5CVSS5.9AI score0.00402EPSS
Exploits0References1
Rows per page
Query Builder