SUSE CVE-2026-45995

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix userstruct uaf iofreerbufring usees a struct userstruct, which iozcrxifqfree puts it down before destroying the ring...

kernel: io_uring/rsrc: reject zero-length fixed buffer import

A flaw was found in the Linux kernel's iouring subsystem. A local attacker can exploit a vulnerability in the ioimportfixed function by importing a zero-length fixed buffer. This can lead to an out-of-bounds read from slab memory, potentially resulting in information disclosure or a denial of...

Linux Distros Unpatched Vulnerability : CVE-2026-45975

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ublk: use READONCE to read struct ublksrvctrlcmd struct ublksrvctrlcmd is part of the...

CVE-2026-45962

A flaw was found in the Linux kernel's userspace block ublk driver. This vulnerability allows a local attacker to cause an out-of-boundary memory access by providing a specially crafted command that bypasses the IOURINGFSQE128 flag check. This could lead to a system crash, resulting in a denial o...

CVE-2026-45995

A flaw was found in the Linux kernel's iouring/zcrx subsystem. This use-after-free UAF vulnerability occurs because the iofreerbufring function uses a struct userstruct that is prematurely freed by iozcrxifqfree before the ring is destroyed. A local attacker could potentially exploit this flaw to...

EUVD-2026-32291

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix userstruct uaf iofreerbufring usees a struct userstruct, which iozcrxifqfree puts it down before destroying the ring...

EUVD-2026-32259

In the Linux kernel, the following vulnerability has been resolved: ublk: use READONCE to read struct ublksrvctrlcmd struct ublksrvctrlcmd is part of the iouringsqe, which may lie in userspace-mapped memory. It's racy to access its fields with normal loads, as userspace may write to them...

CVE-2026-45995

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix userstruct uaf iofreerbufring usees a struct userstruct, which iozcrxifqfree puts it down before destroying the ring...

UBUNTU-CVE-2026-45995

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix userstruct uaf iofreerbufring usees a struct userstruct, which iozcrxifqfree puts it down before destroying the ring...

CVE-2026-45995

The CVE-2026-45995 entry concerns the Linux kernel io_uring subsystem. A use-after-free (UAF) was fixed where io_free_rbuf_ring() used a struct user_struct and io_zcrx_ifq_free() released it before destroying the ring. The patch resolves the UAF by ensuring correct lifetime management of the user...

CVE-2026-45995 io_uring/zcrx: fix user_struct uaf

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix userstruct uaf iofreerbufring usees a struct userstruct, which iozcrxifqfree puts it down before destroying the ring...

CVE-2026-45995

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix userstruct uaf iofreerbufring usees a struct userstruct, which iozcrxifqfree puts it down before destroying the ring...

CVE-2026-45975

CVE-2026-45975 affects the Linux kernel’s block I/O path: reading the ublksrv_ctrl_cmd (part of io_uring_sqe) from userspace-mapped memory using normal loads can race with concurrent writes. The fix applies READ_ONCE() to copy the ublksrv_ctrl_cmd from the io_uring_sqe to the stack and use the lo...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the iofreerbufring function in iouring zcrx. This function releases user structures before...

Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1754)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1754 advisory. PinTheft is a Linux local privilege escalation exploit for an RDS zerocopy double-free that can be turned into a page-cache overwrite through iouring fixed buffers. Tenable has extracted the preceding...

Linux Distros Unpatched Vulnerability : CVE-2022-29582

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel before 5.17.3, fs/iouring.c has a use-after-free due to a race condition in iouring timeouts. This can be triggered by a local user who has ...

CVE-2026-45995

iouring/zcrx: fix userstruct uaf...

Important: kernel-livepatch-6.12.73-95.123

Issue Overview: PinTheft is a Linux local privilege escalation exploit for an RDS zerocopy double-free that can be turned into a page-cache overwrite through iouring fixed buffers. Affected Packages: kernel-livepatch-6.12.73-95.123 Issue Correction: Please ensure you have live patching enabled. R...

Important: kernel-livepatch-5.10.252-250.992

Issue Overview: PinTheft is a Linux local privilege escalation exploit for an RDS zerocopy double-free that can be turned into a page-cache overwrite through iouring fixed buffers. Affected Packages: kernel-livepatch-5.10.252-250.992 Issue Correction: Please ensure you have live patching enabled...

Important: kernel

Issue Overview: PinTheft is a Linux local privilege escalation exploit for an RDS zerocopy double-free that can be turned into a page-cache overwrite through iouring fixed buffers. Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page t...