1023 matches found
16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems
A use-after-free bug in Linux's KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it. Dubbed 'Januscape' and tracked as CVE-2026-53359, the flaw sits in the shadow MMU code that KVM shares across both Intel and AMD. The publ...
CVE-2026-53343
In the Linux kernel, the following vulnerability has been resolved: ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow Commit 44e9a3bb76e5 "ARM: 9430/1: entry: Do a dummy read from VMAP shadow" added a dummy read from the KASAN VMAP stack shadow in switchto. The read uses ldr, but the...
CVE-2026-53337
In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL pointer dereference in bonddoioctl In bonddoioctl, slavedev is obtained via devgetbyname which can return NULL if the requested interface name does not exist. However, the subsequent slavedbg call is placed...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.65 bug fix and security update
Red Hat OpenShift Container Platform release 4.16.65 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...
Linux Distros Unpatched Vulnerability : CVE-2026-53163
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - locking/rtmutex: Skip removewaiter when waiter is not enqueued syzbot triggered the following splat in removewaiter via FUTEXCMPREQUEUEPI: KASAN: null-ptr-deref...
Linux Distros Unpatched Vulnerability : CVE-2026-53292
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: phonet: do not BUGON in pnsocketautobind on failed bind syzbot reported a kernel BUG triggered from pnsocketsendmsg via pnsocketautobind: kernel BUG at...
UBUNTU-CVE-2026-53292
In the Linux kernel, the following vulnerability has been resolved: net: phonet: do not BUGON in pnsocketautobind on failed bind syzbot reported a kernel BUG triggered from pnsocketsendmsg via pnsocketautobind: kernel BUG at net/phonet/socket.c:213! RIP: 0010:pnsocketautobind...
EUVD-2026-39223
In the Linux kernel, the following vulnerability has been resolved: erofs: fix use-after-free on sbi-syncdecompress zerofsdecompresskickoff can race with filesystem unmount, causing a use-after-free on sbi-syncdecompress. When I/O completes, zerofsendio calls zerofsdecompresskickoff to queue...
CVE-2026-53267
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: bail out on template ct in get eval I noticed this issue while looking at a historic syzbot report 1. A rule like the one below is enough to trigger the bug: table ip t chain pre type filter hook prerouting...
EUVD-2026-39210
In the Linux kernel, the following vulnerability has been resolved: ipv6: anycast: insert aca into global hash under idev-lock syzbot reported a splat 1: a slab-use-after-free in ipv6chkacastaddr, which walks the global inet6acaddrlst hash under RCU and dereferences a struct ifacaddr6 that has...
CVE-2026-53243
CVE-2026-53243 affects the Linux kernel component related to RSEQ (rseq_exit_user_update). The issue is an uninitialized stack variable used in the initialization of the struct rseq_ids, where ids.node_id is derived from ids.cpu_id before it is initialized, enabling potential information leakage....
CVE-2026-53135
The CVE-2026-53135 issue affects the Linux kernel’s DRM AMD display path, specifically SDP debugfs writes. Root cause: dp_sdp_message_debugfs_write() dereferenced connector->base.state->crtc without NULL checks, potentially crashing when a connected-but-unbound connector exists (e.g., after...
CVE-2026-57589
sys/kern/sysvsem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in syssemget...
Linux Distros Unpatched Vulnerability : CVE-2026-52954
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libceph: handle rbtree insertion error in decodechooseargs A message of type CEPHMSGOSDMAP contains an OSD map that itself contains a CRUSH map. The received...
Linux Distros Unpatched Vulnerability : CVE-2026-53041
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ocfs2: fix listxattr handling when the buffer is full BUG If an OCFS2 inode has both inline and block- based xattrs, listxattr can return a size larger than the...
EUVD-2026-38821
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix oops due to out of scope access Below oops triggers when kill QEMU process: Oops: general protection fault, probably for non-canonical address 0x7fffffff844eaaa7: 0000 1 SMP NOPTI Call Trace: dorawspinlock+0xaa/0x...
CVE-2026-53039
In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate group add input before caching BUG OCFS2IOCGROUPADD can trigger a BUGON in ocfs2setnewbufferuptodate: kernel BUG at fs/ocfs2/uptodate.c:509! Oops: invalid opcode: 0000 1 SMP KASAN NOPTI RIP:...
CVE-2026-53018
In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid reading already updated pages during GC We found the following issue during fuzz testing: page: refcount:3 mapcount:0 mapping:00000000b6e89c65 index:0x18b2dc pfn:0x161ba9 memcg:f8ffff800e269c00 aops:f2fsmetaaops ino:2...
CVE-2026-53078
The CVE-2026-53078 issue is a Linux kernel BPF sock_ops vulnerability. When a BPF sock_ops program accesses ctx fields with the same destination and source registers (dst_reg == src_reg), SOCK_OPS_GET_SK() and SOCK_OPS_GET_FIELD() failed to zero the destination register in the !fullsock/!locked_t...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ext4: Refresh the inline data size before write operations The cached ei-iInlineSize can become stale between the initial size check and when ext4updateInlineData/ext4createInlineData use it. Although ext4getmaxInlineSize reads t...