CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added yesterday•5 views

CVE-2026-10637

subsys/net/ip/ipv6mld.c:mldsend read the packet interface via netpktifacepkt after netsenddatapkt returned successfully. Per the network stack's ownership contract include/zephyr/net/netcore.h, and the explicit warning in subsys/net/ip/netcore.c:453-460 'do not use pkt after that call', a...

5.9CVSS

Cvelist•added yesterday•21 views

CVE-2026-10639 Use-after-free reading `net_pkt_iface()` of a sent ICMPv4 echo-reply packet in `icmpv4_handle_echo_request()`

In Zephyr's native IPv4 stack, icmpv4handleechorequest in subsys/net/ip/icmpv4.c builds an echo-reply packet reply, hands it to nettrysenddata, and then, on success, calls netstatsupdateicmpsentnetpktifacereply. nettrysenddata transfers ownership of reply to the TX path netiftryqueuetx - netiftx ...

4.8CVSS

EUVD•added 4 days ago•7 views

EUVD-2026-36630

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed...

5.3AI score0.00118EPSS

NVD•added 5 days ago•7 views

CVE-2026-41158

7.8CVSS0.00118EPSS

CVE•added 5 days ago•12 views

CVE-2026-41158

Summary of CVE-2026-41158: The vulnerability concerns GPU DDK where backed sparse PMRs are not handled by the deferred free mechanism after shrink, allowing a non-privileged user to perform GPU system calls that write to arbitrarily freed physical pages. The root cause is that physical memory all...

7.8CVSS5.3AI score0.00118EPSS

Cvelist•added 5 days ago•28 views

CVE-2026-41158 GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink

0.00118EPSS

Vulnrichment•added 5 days ago•3 views

CVE-2026-41158 GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink

5.3AI score0.00118EPSS

Positive Technologies•added 5 days ago•6 views

PT-2026-49023

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Software installed and run as a non-privileged user may perform GPU system calls to write to arbitrary freed physical pages. This occurs because physical memory...

5.2AI score0.00118EPSS

RedhatCVE•added 2026/06/08 6:27 p.m.•8 views

CVE-2026-46309

A flaw was found in the Linux kernel's drm/xe/uapi component. This vulnerability allows a Graphics Processing Unit GPU using cohnone coherency mode to bypass CPU caches and read stale sensitive data directly from Dynamic Random-Access Memory DRAM. This can lead to information disclosure, where da...

7CVSS5.5AI score0.00164EPSS

RedhatCVE•added 2026/06/08 4:28 p.m.•8 views

CVE-2026-46274

A flaw was found in the Linux kernel's input/output work queue io-wq component. This vulnerability occurs because the system incorrectly handles work queue entries, leading to a stale pointer. A local attacker could exploit this issue by manipulating work queue operations. Successful exploitation...

7.8CVSS5.4AI score0.00138EPSS

Microsoft CVE•added 2026/06/07 8:2 a.m.•6 views

HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities

...

7.5CVSS5.4AI score0.00303EPSS

Exploits0

RedhatCVE•added 2026/06/05 7:15 p.m.•5 views

CVE-2026-24082

Memory Corruption when copying data from a freed source while executing performance counter deselect operation...

7.8CVSS5.4AI score0.00075EPSS

ATTACKERKB•added 2026/06/04 2:3 a.m.•5 views

CVE-2026-8829

HTML::Entities versions before 3.84 for Perl read freed heap memory in decodeentities. The XS routine backing HTML::Entities::decodeentities cached a pointer repl into the entity-value SV returned by hvfetch on the entity2char hash. When the input SV was identical to a value SV in that hash, and...

5.9AI score0.00303EPSS

Tenable Nessus•added 2026/05/29 12:0 a.m.•10 views

Linux Distros Unpatched Vulnerability : CVE-2026-46224

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/xe: Fix bo leak in xedmabufinitobj on allocation failure When drmgpuvmresvobjectalloc fails, the pre-allocated storage bo is not freed. Add xebofreestorage...

5.5CVSS5.4AI score0.00117EPSS

NVD•added 2026/05/28 10:16 a.m.•10 views

CVE-2026-46224

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix bo leak in xedmabufinitobj on allocation failure When drmgpuvmresvobjectalloc fails, the pre-allocated storage bo is not freed. Add xebofreestorage before returning the error. xedmabufinitobj calls xeboinitlocked, whi...

5.5CVSS0.00117EPSS

EUVD•added 2026/05/28 9:41 a.m.•9 views

EUVD-2026-32759

In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on registration failure Make sure to disable and free the interrupts in case controller registration fails to avoid a potential use-after-free and resource leak. This issue was flagged by Sashiko...

5.8AI score0.00125EPSS

ATTACKERKB•added 2026/05/28 9:36 a.m.•6 views

CVE-2026-46170

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADDADDR rtx: free sk if last When an ADDADDR is retransmitted, the sk is held in skresettimer, and released at the end. If at that moment, it was the last reference being held, the sk would not be freed. sockput should...

5.7AI score0.00127EPSS

Exploits0References6Affected Software1

RedhatCVE•added 2026/05/28 12:29 a.m.•7 views

CVE-2026-45939

A flaw was found in the Linux kernel's gpib module. Improper error handling within the niusbinit function can lead to a memory leak. This occurs when the niusbsetupinit function fails to initialize, causing an allocated buffer to not be freed. Over time, this could result in reduced system...

5.9AI score0.00166EPSS