Lucene search
+L

132 matches found

NVD
NVD
added 2026/06/26 11:16 a.m.14 views

CVE-2026-57918

libnfs through 6.0.2 before 935b8db has an xid integer underflow in READIOVEC in rpcreadfromsocket in lib/socket.c during a connection to a crafted NFS server, when the expected pdu size exceeds the absolute pdu size from the xid/record-marker...

7.1CVSS0.00195EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 11:16 a.m.5 views

UBUNTU-CVE-2026-57918

libnfs through 6.0.2 before 935b8db has an xid integer underflow in READIOVEC in rpcreadfromsocket in lib/socket.c during a connection to a crafted NFS server, when the expected pdu size exceeds the absolute pdu size from the xid/record-marker...

7.1CVSS5.8AI score0.00195EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/26 10:54 a.m.10 views

CVE-2026-57918

libnfs through 6.0.2 before 935b8db has an xid integer underflow in READIOVEC in rpcreadfromsocket in lib/socket.c during a connection to a crafted NFS server, when the expected pdu size exceeds the absolute pdu size from the xid/record-marker...

7.1CVSS5.8AI score0.00195EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.23 views

PT-2026-52694

Name of the Vulnerable Software and Affected Versions libnfs versions prior to 6.0.2 Description An integer underflow occurs in the READ IOVEC section of the rpc read from socket function within lib/socket.c. This issue is triggered during a connection to a crafted NFS server when the expected PD...

7.1CVSS6.1AI score0.00195EPSS
Exploits0References16
EUVD
EUVD
added 2026/06/24 6:32 p.m.7 views

EUVD-2026-38857

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: propagate nvmettcpbuildpduiovec errors to its callers Currently, when nvmettcpbuildpduiovec detects an out-of-bounds PDU length or offset, it triggers nvmettcpfatalerrorcmd-queue and returns early. However, because the...

5.7AI score0.00347EPSS
Exploits0References7
NVD
NVD
added 2026/06/24 5:17 p.m.10 views

CVE-2026-52989

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: propagate nvmettcpbuildpduiovec errors to its callers Currently, when nvmettcpbuildpduiovec detects an out-of-bounds PDU length or offset, it triggers nvmettcpfatalerrorcmd-queue and returns early. However, because the...

9.8CVSS0.00347EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.32 views

CVE-2026-52989 nvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its callers

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: propagate nvmettcpbuildpduiovec errors to its callers Currently, when nvmettcpbuildpduiovec detects an out-of-bounds PDU length or offset, it triggers nvmettcpfatalerrorcmd-queue and returns early. However, because the...

9.8CVSS0.00347EPSS
Exploits0References6
OSV
OSV
added 2026/06/24 4:29 p.m.3 views

CVE-2026-52989 nvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its callers

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: propagate nvmettcpbuildpduiovec errors to its callers Currently, when nvmettcpbuildpduiovec detects an out-of-bounds PDU length or offset, it triggers nvmettcpfatalerrorcmd-queue and returns early. However, because the...

9.8CVSS5.8AI score0.00347EPSS
Exploits0References12
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: nvme-tcp: A NULL pointer dereference was fixed in the nvmettcpbuildpduiovec function. The commit efa56305908b “nvmet-tcp: Fixed a kernel panic when the host sends an invalid H2C PDU length” added bounds checking for the ttag...

7.5CVSS6.1AI score0.0071EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: nvmet-tcp: bounds checks were added in nvmettcpbuildpduiovec. The nvmettcpbuildpduiovec function could exceed the range of cmd-req.sg when the length or offset of the PDU exceeds sgcnt. As a result, it might use bogus values f...

9.8CVSS5.8AI score0.00399EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: fixed the uninit-value in caifseqpktsendmsg When nrsegs equals zero in iovecfromuser, the object msg-msgiter.iov contains uninitialized stack memory in caifseqpktsendmsg, which is defined in syssendmsg. Therefore, we cannot...

5.5CVSS6.1AI score0.00226EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/rw: Potential allocated iovec in the cache may be freed after a failure. If a read/write request passes through ioreqrwcleanup, and an allocated iovec is attached to the request but fails to be placed into the rwcache, it...

5.5CVSS5.1AI score0.001EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/rw: Ensure that the allocated iovec is cleared in case of an early failure. A previous commit reused the recycling infrastructure for early cleanup, but this is not sufficient in cases where our internal caches overflow. ...

6AI score0.0015EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/07 7:41 p.m.12 views

kernel: out-of-bound read in memcpy_fromiovecend()

A flaw was found in the Linux kernel that allows the userspace to call memcpyfromiovecend and similar functions with a zero offset and buffer length. This can cause a read beyond the buffer boundaries flaw and, in certain cases, cause a memory access fault and a system halt by accessing invalid...

5.5CVSS6.7AI score0.00427EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.20 views

Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1514)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1514 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: fix reservation leak in some error paths when inserting inline extent CVE-2025-71268 In the Linux kernel, the followi...

9.8CVSS5.5AI score0.00686EPSS
Exploits0References165
Amazon
Amazon
added 2026/03/27 12:0 a.m.12 views

Important: kernel6.18

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: btrfs: fix reservation leak in some error paths when inserting inline extent CVE-2025-71268 In the Linux kernel, the following vulnerability has been resolved: btrfs: do not free data reservation in fallback from...

9.8CVSS5.5AI score0.00686EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/03/20 8:1 a.m.5 views

io_uring/rw: free potentially allocated iovec on cache put failure

...

5.5CVSS5.8AI score0.001EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/19 12:26 a.m.4 views

SUSE CVE-2026-23259

In the Linux kernel, the following vulnerability has been resolved: iouring/rw: free potentially allocated iovec on cache put failure If a read/write request goes through ioreqrwcleanup and has an allocated iovec attached and fails to put to the rwcache, then it may end up with an unaccounted iov...

5.5CVSS5.6AI score0.001EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/18 6:31 p.m.4 views

EUVD-2026-12892

In the Linux kernel, the following vulnerability has been resolved: iouring/rw: free potentially allocated iovec on cache put failure If a read/write request goes through ioreqrwcleanup and has an allocated iovec attached and fails to put to the rwcache, then it may end up with an unaccounted iov...

5.7AI score0.001EPSS
Exploits0References3
NVD
NVD
added 2026/03/18 6:16 p.m.5 views

CVE-2026-23259

In the Linux kernel, the following vulnerability has been resolved: iouring/rw: free potentially allocated iovec on cache put failure If a read/write request goes through ioreqrwcleanup and has an allocated iovec attached and fails to put to the rwcache, then it may end up with an unaccounted iov...

5.5CVSS0.001EPSS
Exploits0References2
Rows per page
Query Builder