Lucene search
+L

282 matches found

redhat
redhat
added 2026/07/06 3:20 a.m.9 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS7.1AI score0.00813EPSS
Exploits0References8
euvd
euvd
added 2026/07/01 1:32 p.m.8 views

EUVD-2026-40976

In the Linux kernel, the following vulnerability has been resolved: arm64: mm: call pagetable dtor when freeing hot-removed page tables Since 5e8eb9aeeda3 "arm64: mm: always call PTE/PMD ctor in createpgdmapping" page-table allocation on ARM64 always calls pagetablepte,pmd,pud,p4dctor. This sets...

5.8AI score0.00154EPSS
Exploits0References3
osv
osv
added 2026/06/24 4:28 p.m.2 views

CVE-2026-52955 libceph: Fix potential out-of-bounds access in crush_decode()

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in crushdecode A message of type CEPHMSGOSDMAP containing a crush map with at least one bucket has two fields holding the bucket algorithm. If the values in these two fields differ, an...

9.8CVSS5.8AI score0.00385EPSS
Exploits0References14
osv
osv
added 2026/06/08 3:41 p.m.2 views

CVE-2026-46283 tpm: Use kfree_sensitive() to free auth session in tpm_dev_release()

In the Linux kernel, the following vulnerability has been resolved: tpm: Use kfreesensitive to free auth session in tpmdevrelease tpmdevrelease uses plain kfree to free chip-auth, which contains sensitive cryptographic material including HMAC session keys, nonces, and passphrase data struct...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References7
susecve
susecve
added 2026/05/28 3:56 a.m.11 views

SUSE CVE-2026-45922

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix memory leak in GETDATADIRECTSYSFSPATH handler The UVERBSHANDLERMLX5IBMETHODGETDATADIRECTSYSFSPATH function allocates memory for the device path using kobjectgetpath. If the length of the device path exceeds the...

5.5CVSS5.9AI score0.00155EPSS
Exploits0References3
susecve
susecve
added 2026/05/28 3:53 a.m.14 views

SUSE CVE-2026-46067

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damosquotagoal-nid for nodememcgused,freebp Users can set damosquotagoal-nid with arbitrary value for nodememcgused,freebp. But DAMON core is using those for NODE-DATA without a validation of the value. Th...

5.5CVSS5.9AI score0.00117EPSS
Exploits0References3
nvd
nvd
added 2026/05/27 2:17 p.m.12 views

CVE-2026-45928

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix memory leak on codecinfo allocation failure In wave5vpuopenenc and wave5vpuopendec, a vpu instance is allocated via kzalloc. If the subsequent allocation for inst-codecinfo fails, the functions retu...

5.5CVSS0.00127EPSS
Exploits0References4
euvd
euvd
added 2026/05/27 12:57 p.m.12 views

EUVD-2026-32449

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damosquotagoal-nid for nodememcgused,freebp Users can set damosquotagoal-nid with arbitrary value for nodememcgused,freebp. But DAMON core is using those for NODE-DATA without a validation of the value. Th...

5.9AI score0.00117EPSS
Exploits0References2
cve
cve
added 2026/05/27 12:57 p.m.30 views

CVE-2026-46067

CVE-2026-46067 affects the Linux kernel DAMON core. The issue arises because the code path in mm/damon/core validates the node-datas used by NODE-DATA() relies on damos_quota_goal->nid but does not validate its value, allowing an arbitrary nid to be supplied for node_memcg_{used,free}_bp. This...

7.1CVSS5.9AI score0.00117EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/05/27 12:15 p.m.20 views

CVE-2026-45863

Summary: CVE-2026-45863 relates to the Linux kernel i3c dw driver, where dw_i3c_master_i2c_xfers() leaks memory when pm_runtime_resume_and_get() fails. The root cause is allocating the xfer structure via dw_i3c_master_alloc_xfer() without freeing on the error path. Consequence: memory leak potent...

5.5CVSS5.8AI score0.00155EPSS
Exploits0References4Affected Software1
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: comedi: A memory leak has been fixed in compatinsnlist. compatinsnlist handles the 32-bit version of the COMEDIINSNLIST ioctl function when CONFIGCOMPAT is enabled. It allocates memory to temporarily hold an array of struct...

5.5CVSS5.1AI score0.00239EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fixed the vport QoS cleanup mechanism in case of errors. When enabling vport QoS fails, the scheduling node never gets freed, resulting in a leak. The missing operations were added, and the vport scheduling node pointer...

5.5CVSS5.8AI score0.00161EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: zloop: Fixed the KASAN use-after-free of the tagset. When a zloop device is removed, the KASAN-enabled kernel reports a “BUG KASAN use-after-free” in the blkmqfreetagset function. This bug occurs because zloopctlRemove calls...

7.8CVSS6.1AI score0.00143EPSS
Exploits0References2
osv
osv
added 2026/05/15 10:30 a.m.16 views

CLSA-2026-1778798046 binutils: Fix of CVE-2022-48065

CVE-2022-48065: Fix memory leak in function findabstractinstance in dwarf2.c and free allocated memory...

5.5CVSS5.8AI score0.00654EPSS
Exploits1References1
cve
cve
added 2026/05/08 2:22 p.m.32 views

CVE-2026-43462

CVE-2026-43462 affects the Linux kernel spacemit network driver. An error in the function emac_tx_mem_map() could leak DMA mappings on a mapping failure. This resource mismanagement may lead to a denial of service, impacting system availability. The published fix frees the leaked DMA mappings usi...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/05/08 2:22 p.m.7 views

CVE-2026-43457

In the Linux kernel, the following vulnerability has been resolved: mctp: i2c: fix skb memory leak in receive path When 'midev-allowrx' is false, the newly allocated skb isn't consumed by netifrx, it needs to free the skb directly...

5.7AI score0.00114EPSS
Exploits0References7Affected Software1
euvd
euvd
added 2026/05/07 9:30 p.m.24 views

EUVD-2026-28419

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash...

5.8AI score0.00813EPSS
Exploits0References5
nvd
nvd
added 2026/05/07 8:16 p.m.26 views

CVE-2026-33811

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash...

7.5CVSS0.00813EPSS
Exploits0References38
attackerkb
attackerkb
added 2026/05/07 7:41 p.m.12 views

CVE-2026-33811

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash...

5.8AI score0.00813EPSS
Exploits0References5Affected Software1
cvelist
cvelist
added 2026/05/07 7:41 p.m.63 views

CVE-2026-33811 Crash when handling long CNAME response in net

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash...

0.00813EPSS
Exploits0References4
Rows per page
Query Builder