Lucene search
K

3301 matches found

RedHat Linux
RedHat Linux
added last week6 views

kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()

A use-after-free flaw was found in the Linux kernel's iSCSI target subsystem. In the iscsitdecconnusagecount function, complete is called while still holding the conn-connusagelock spinlock. The waiting thread such as iscsitcloseconnection may wake up immediately and free the iscsitconn structure...

7.8CVSS6.9AI score0.00117EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/06 2:33 p.m.5 views

kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr

In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in security.ima and then...

5.8AI score0.00168EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/06 1:47 p.m.4 views

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

8.8CVSS6.2AI score0.003EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/02 2:52 p.m.6 views

kernel: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()

A flaw was found in the Linux kernel's Direct Rendering Manager DRM Graphics Execution Manager GEM component. This vulnerability arises from an inconsistent calculation of plane dimensions, which can lead to incorrect memory allocation checks. A local attacker could exploit this by creating a...

7.8CVSS6AI score0.00139EPSS
Exploits0References5
NVD
NVD
added 2026/07/01 2:16 p.m.5 views

CVE-2026-53341

In the Linux kernel, the following vulnerability has been resolved: fhandle: fix UAF due to unlocked -mntns read in maydecodefh maydecodefh accesses mount::mntns without holding any locks; that means the mount can concurrently be unmounted, and the mntnamespace can concurrently be freed after an...

0.00156EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 11:46 a.m.7 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.46 bug fix and security update

Red Hat OpenShift Container Platform release 4.18.46 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...

7.8CVSS6.4AI score0.00321EPSS
Exploits11References2
SUSE CVE
SUSE CVE
added 2026/06/28 1:8 a.m.9 views

SUSE CVE-2026-53303

In the Linux kernel, the following vulnerability has been resolved: f2fs: protect extensionlist reading with sblock in f2fssbishow In f2fssbishow, the extensionlist, extensioncount and hotextcount are read without holding sbi-sblock. If a concurrent sysfs store modifies the extension list via...

5.8AI score0.00126EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:6 a.m.7 views

ALSA: PCM: Fix wait queue list corruption in snd_pcm_drain() on linked streams

...

7.8CVSS5.8AI score0.00138EPSS
Exploits0
OSV
OSV
added 2026/06/26 8:17 p.m.3 views

DEBIAN-CVE-2026-53319

In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARNONONCE from wbtinitenabledefault wbtinitenabledefault uses WARNONONCE to check for failures from wbtalloc and wbtinit. However, both are expected failure paths: - wbtalloc can return NULL under memory pressure...

5.5CVSS5.8AI score0.001EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 8:17 p.m.6 views

CVE-2026-53310

In the Linux kernel, the following vulnerability has been resolved: soc/tegra: cbb: Fix cross-fabric target timeout lookup When a fabric receives an error interrupt, the error may have occurred on a different fabric. The target timeout lookup was using the wrong base address cbb-regs with offsets...

5.5CVSS0.00112EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 8:17 p.m.2 views

DEBIAN-CVE-2026-53298

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Move ndesc initialization at end of airohaqdmainitrxqueue If queue entry or DMA descriptor list allocation fails in airohaqdmainitrxqueue routine, airohaqdmacleanup will trigger a NULL pointer dereference running...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 8:17 p.m.5 views

UBUNTU-CVE-2026-53292

In the Linux kernel, the following vulnerability has been resolved: net: phonet: do not BUGON in pnsocketautobind on failed bind syzbot reported a kernel BUG triggered from pnsocketsendmsg via pnsocketautobind: kernel BUG at net/phonet/socket.c:213! RIP: 0010:pnsocketautobind...

5.5CVSS5.7AI score0.00107EPSS
Exploits0References5
OSV
OSV
added 2026/06/26 8:17 p.m.4 views

UBUNTU-CVE-2026-53286

In the Linux kernel, the following vulnerability has been resolved: idpf: fix double free and use-after-free in aux device error paths When auxiliarydeviceadd fails in idpfplugvportauxdev or idpfplugcoreauxdev, the errauxdevadd label calls auxiliarydeviceuninit and falls through to errauxdevinit...

7.8CVSS5.7AI score0.00126EPSS
Exploits0References6
OSV
OSV
added 2026/06/26 8:17 p.m.5 views

UBUNTU-CVE-2026-53316

In the Linux kernel, the following vulnerability has been resolved: drm/amd/ras: Fix NULL deref in rascorerasinterruptdetected Fixes a NULL pointer dereference when rascore is NULL and rascore-dev is accessed in the error path. Reported by: Dan Carpenter...

5.5CVSS5.7AI score0.001EPSS
Exploits0References5
CVE
CVE
added 2026/06/26 7:41 p.m.11 views

CVE-2026-53310

CVE-2026-53310 affects the Linux kernel’s soc/tegra: cbb component. The root cause was a misused base address during target timeout lookup: the code read target timeout registers from cbb->regs while applying offsets from a different fabric’s target map, which could trigger a kernel page fault...

5.5CVSS5.8AI score0.00112EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/26 7:41 p.m.34 views

CVE-2026-53309 ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dlmmatchregions region comparison The local-vs-remote region comparison loop uses '=' instead of '', causing it to read one entry past the valid range of qrregions. The other loops in the same functio...

9.8CVSS0.00404EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/26 7:41 p.m.9 views

EUVD-2026-39844

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dlmmatchregions region comparison The local-vs-remote region comparison loop uses '=' instead of '', causing it to read one entry past the valid range of qrregions. The other loops in the same functio...

5.8AI score0.00404EPSS
Exploits0References8
CVE
CVE
added 2026/06/26 7:41 p.m.34 views

CVE-2026-53309

CVE-2026-53309 relates to the Linux kernel OCFS2 DLM component. A bug in the dlm_match_regions() region comparison used a <= bound, allowing reads beyond the valid range of qr_regions. The fix modifies the loop condition to use

9.8CVSS5.8AI score0.00404EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/06/26 7:40 p.m.1 views

CVE-2026-53296 mailbox: mailbox-test: free channels on probe error

In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: free channels on probe error On probe error, free the previously obtained channels. This not only prevents a leak, but also UAF scenarios because the client structure will be removed nonetheless because it...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/26 7:40 p.m.6 views

EUVD-2026-39897

In the Linux kernel, the following vulnerability has been resolved: net: phonet: do not BUGON in pnsocketautobind on failed bind syzbot reported a kernel BUG triggered from pnsocketsendmsg via pnsocketautobind: kernel BUG at net/phonet/socket.c:213! RIP: 0010:pnsocketautobind...

5.8AI score0.00107EPSS
Exploits0References2
Rows per page
Query Builder