CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 4 days ago•26 views

CVE-2026-53264 net/sched: act_api: use RCU with deferred freeing for action lifecycle

7.8CVSS0.00129EPSS

Debian CVE•added 4 days ago•3 views

CVE-2026-53264

7.8CVSS5.7AI score0.00129EPSS

Exploits0

CVE•added 4 days ago•7 views

CVE-2026-53264

CVE-2026-53264 concerns the Linux kernel’s networking scheduler (net/sched) where a race between simultaneous NEWTFILTER and DELFILTER operations can lead to a use-after-free of an action. The provided description and patches state that final freeing of the action was incorrectly performed withou...

7.8CVSS5.8AI score0.00129EPSS

EUVD•added 4 days ago•4 views

EUVD-2026-39313

In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: fix resource freeing order Commit a60fc3294a37 "ptp: rework ptpclockunregister to disable events" added a call to ptpdisableallevents which changes the configuration of pins if they support EXTTS events. In ptpocpdetach...

5.8AI score0.00155EPSS

CVE•added 4 days ago•9 views

CVE-2026-53222

The CVE-2026-53222 entry concerns the Linux kernel PTP subsystem (ptp: ocp). The vulnerability arises from an incorrect order of resource freeing and unregistration during driver removal: ptp_ocp_detach() freed resources before ptp_clock_unregister(), creating a use-after-free condition. The fix ...

5.8AI score0.00155EPSS

NVD•added 2026/06/19 3:16 p.m.•10 views

CVE-2026-52910

In the Linux kernel, the following vulnerability has been resolved: bpf: Free reuseport cBPF prog after RCU grace period. Eulgyu Kim reported the splat below with a repro. 0 The repro sets up a UDP reuseport group with a cBPF prog and replaces it with a new one while another thread is sending a U...

7.8CVSS0.0012EPSS

CVE•added 2026/06/19 2:43 p.m.•18 views

CVE-2026-52910

The CVE-2026-52910 issue is in the Linux kernel where a cBPF reuseport program may be freed immediately when detached from a reuseport group, without waiting for an RCU grace period. This can lead to a use-after-free and potential memory corruption when a concurrent UDP send crosses the fast path...

7.8CVSS5.7AI score0.0012EPSS

ATTACKERKB•added 2026/06/19 2:43 p.m.•4 views

CVE-2026-52910

5.6AI score0.0012EPSS

Exploits0References9Affected Software1

AstraLinux•added 2026/06/19 11:10 a.m.•9 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: The issue related to “slab-use-after-free” in smb3preauthhashrsp has been fixed. The function ksmbdusersessionput should be called under smb3preauthhashrsp. This will prevent freeing a session before calling...

7.8CVSS6.7AI score0.00243EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•11 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: IB/cm: A drop lockdep assertion and WARN are issued when freeing old messages. The send completion handler can run after cmid has advanced to another message. In this case, the cmid lock is not necessary. However, a recent change...

5.5CVSS5.7AI score0.00137EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/i915/bios: fixed a memory leak in generatelfpdataptrs When size != 0 || ptrs-lvdsentries != 3, the program attempts to use free on ptrs. However, ptrs is not created by calling kzmalloc; instead, it is obtained through a...

5.5CVSS5.2AI score0.00143EPSS

5.5CVSS5.2AI score0.00136EPSS

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fixed a possible memory leak if deviceadd fails. If deviceadd returns an error, the name allocated by devsetname needs to be freed. As noted in the comments for deviceadd, putdevice should be used to release the...

7.8CVSS5.7AI score0.0012EPSS

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: PCI: hv: Fixed double calls to idafree in the hvpciprobe error path. If hvpciprobe fails after storing the domain number in hbus-bridge-domainNr, a call to free this domainNr is made via pciBusReleaseEmulDomainNr. However, during...

Exploits0References1

AstraLinux•added 2026/06/19 11:10 a.m.•8 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uaudio: do not allow userspace to block driver unbind In the unbind callback for fuac1 and fuac2, a call to sndcardfree via gaudiocleanup will disconnect the card and then wait for all resources to be released, which...

5.5CVSS5.8AI score0.00121EPSS

5.5CVSS5.4AI score0.00122EPSS

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: ath12k – Fix for the dmafreecoherent pointer. dmaalloccoherent allocates a DMA-mapped buffer and stores the addresses in XXXunaligned fields. These addresses should be reused when freeing the buffer, rather than using th...

Exploits0References1