1444 matches found
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: espintcp: A race condition in espintcpclose has been fixed. This issue was discovered during a code audit. After espintcpclose is called, espintcptxwork can still be scheduled using functions like the Delayed ACK handler or...
CVE-2025-59616
Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory...
EUVD-2025-210437
Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory...
CVE-2025-59616
Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory...
PT-2026-55986
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption occurs when processing multiple IOCTL Input/Output Control calls that use the same buffer file descriptor input. This issue is caused by a...
EUVD-2026-41511
Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed...
kernel: ALSA: aloop: Fix peer runtime UAF during format-change stop
A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture aloop driver. This Use-After-Free UAF vulnerability occurs when loopbackcheckformat stops the capture side during a format change, while a concurrent close operation detaches or frees the runtime. An attacker could...
CVE-2026-53228
A flaw was found in the Linux kernel's Simple Internet Transition SIT tunnel driver for IPv6. When processing network traffic with Generic Segmentation Offload GSO enabled, the driver may use a stale pointer to the inner IPv6 header after the socket buffer skb head has been reallocated. This can...
CVE-2026-53185
A flaw was found in the Linux kernel, specifically within the zram module. This vulnerability is a use-after-free error, where the system attempts to use a piece of memory after it has been freed. This occurs when the zrambvecwritepartial function allows an asynchronous read to write into a page...
DEBIAN-CVE-2026-53322
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Clean up DMABUFs before disabling function On device shutdown, make vfiopcicoreclosedevice call vfiopcidmabufcleanup before the function is disabled via vfiopcicoredisable. This ensures that all access via DMABUFs is...
CVE-2026-53189
A flaw was found in the Linux kernel's memory management, specifically within the huge page mechanism. When a huge page is split, the system updates a counter after releasing a reference to the memory. This timing issue can lead to the system attempting to read from memory that has already been...
SUSE CVE-2026-53189
In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: update file PMD counter before folioput splithugepmdlocked updates the file/shmem RSS counter after dropping the PMD mapping's folio reference. If folioput drops the last reference, mmcounterfile can later read fre...
CVE-2026-7531 Use-after-free in PQC hybrid key-share handling
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...
CVE-2026-53094
A flaw was found in the Linux kernel's Berkeley Packet Filter BPF component. When a dev-bound-only BPF program undergoes Just-In-Time JIT compilation with constant blinding enabled, a stale pointer to a freed program can occur. This issue arises when the network namespace is destroyed, leading to...
CVE-2026-57236
A flaw was found in Nokogiri, an XML and HTML library for Ruby. When an attacker provides an invalid encoding to the Documentencoding= function, the library frees the document's current encoding string without replacing it. This leaves the document referencing freed memory, which can lead to a...
libxslt: use-after-free with key data stored cross-RVT
A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...
UBUNTU-CVE-2026-53189
In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: update file PMD counter before folioput splithugepmdlocked updates the file/shmem RSS counter after dropping the PMD mapping's folio reference. If folioput drops the last reference, mmcounterfile can later read fre...
PT-2026-52281
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the zram bvec write partial function. The zram read page function determines whether to use a synchronous or asynchronous backing device read path based ...
CVE-2026-52912
A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs because a queued bridge packet can retain a freed bridge master in its skb-dev field until it is reinjected. When the packet is later reinjected, the system attempts to use the freed bridge master, leading to a...
EUVD-2026-38839
In the Linux kernel, the following vulnerability has been resolved: net: ena: PHC: Fix potential use-after-free in gettimestamp Move the phc-active check and resp pointer assignment to after acquiring the spinlock. Previously, phc-active was checked without holding the lock, and resp was cached...