Lucene search
K

253 matches found

RedHat Linux
RedHat Linux
added 6 days ago4 views

kernel: smb/client: fix out-of-bounds read in smb2_compound_op()

A flaw was found in the Linux kernel's Server Message Block SMB client. A remote attacker, acting as a malicious SMB server, could send a specially crafted, truncated response with an oversized buffer length. This could lead to an out-of-bounds read in the smb2compoundop function, allowing the...

9.1CVSS6.1AI score0.00478EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-53360

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the GHCB spec, when using GHCB v2+ require the software scratch area to reside in the GHCB'...

7.2AI score0.00267EPSS
Exploits0References3
NVD
NVD
added 2026/06/28 12:16 a.m.13 views

CVE-2026-10643

Zephyr's IP socket recvmsg implementation subsys/net/lib/sockets/socketsinet.c, insertpktinfo validated the user-supplied ancillary msgcontrol buffer using only the payload length msg-msgcontrollen pktinfolen before writing a full control message consisting of an aligned cmsg header plus the...

8.7CVSS0.0012EPSS
Exploits0References1
CVE
CVE
added 2026/06/27 10:59 p.m.21 views

CVE-2026-10643

Zephyr CVE-2026-10643 affects the IP socket recvmsg() ancillary-data path (insert_pktinfo in subsys/net/lib/sockets/sockets_inet.c). A check only compared msg_controllen to pktinfo_len, omitting the cmsg header size, allowing an under-checked window (e.g., 16–27 bytes for IPv4 IP_PKTINFO on a 64‑...

8.7CVSS6AI score0.0012EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/27 9:25 a.m.38 views

CVE-2026-49416 Integer overflow in vt(4) CONS_HISTORY ioctl

The CONSHISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting in a heap allocation smaller than expected. Subsequent initialization of the buffer wrote beyond the end of the allocation. An...

0.00107EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.27 views

PT-2026-53076

Name of the Vulnerable Software and Affected Versions Zephyr versions 3.6.0 through 4.4.0 Description An out-of-bounds write exists in the IP socket recvmsg implementation within the insert pktinfo function. The issue occurs because the system validates the user-supplied ancillary msg control...

8.7CVSS6.1AI score0.0012EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/26 12:18 a.m.6 views

CVE-2026-53172

A flaw was found in the Linux kernel's accel/ethosu component. An incorrect mask used when processing the NPUSETIFMREGION command allows a local userspace caller to provide an out-of-bounds region index. This can lead to an out-of-bounds write, corrupting adjacent kernel heap data...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/16 1:13 p.m.8 views

CVE-2026-46655

A flaw was found in virtio-win. A low-integrity process can issue an IOCTL request to viosock.sys!VIOSockSelect with a maliciously crafted request that causes an integer overflow. This allows the process to circumvent bounds checking, resulting in a heap overflow in the NonPagedPool kernel heap...

7.8CVSS6.2AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.16 views

CVE-2026-22164

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types and presenting a set of parameters to the affected interface the exploit can be used to corrupt kernel memory...

7.5CVSS5.4AI score0.00338EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 4:16 p.m.15 views

CVE-2026-22164

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types and presenting a set of parameters to the affected interface the exploit can be used to corrupt kernel memory...

7.5CVSS0.00338EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/08 2:53 p.m.43 views

CVE-2026-22164 GPU DDK - Kernel heap OOB write in DevmemIntComputeVirtualIndicesFromLogical

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types and presenting a set of parameters to the affected interface the exploit can be used to corrupt kernel memory...

0.00338EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/08 2:53 p.m.9 views

CVE-2026-22164 GPU DDK - Kernel heap OOB write in DevmemIntComputeVirtualIndicesFromLogical

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types and presenting a set of parameters to the affected interface the exploit can be used to corrupt kernel memory...

5.4AI score0.00338EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 2:53 p.m.22 views

CVE-2026-22164

Technical details are not publicly available in the provided documents. Monitor for future updates.

7.5CVSS5.4AI score0.00338EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 2:53 p.m.10 views

EUVD-2026-35082

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types and presenting a set of parameters to the affected interface the exploit can be used to corrupt kernel memory...

7.5CVSS5.4AI score0.00338EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 a.m.14 views

CVE-2026-7762

A heap-based buffer overflow vulnerability in the dot11ah.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated attacker within radio range to cause a Denial of Service kernel panic or potentially achieve Remote Code Execution via a...

9.8CVSS6AI score0.00567EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.10 views

CVE-2026-45252

When a fusefs file system implements extended attributes, the kernel may send a FUSELISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated strings. The fusefs kernel...

5.5CVSS5.6AI score0.00284EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:17 a.m.6 views

CVE-2026-7764

An out-of-bounds read vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.12 allows an unauthenticated attacker within radio range to disclose a small amount of kernel heap memory or cause a Denial of Service kernel oops/panic via a...

5.7AI score0.0013EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an out-of-bounds read in the smb2compoundop function within the smb client. This vulnerability ma...

9.1CVSS5.8AI score0.00478EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-43861

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description An issue exists in the command file write handler where it allocates a kernel buffer based on a user-provided count but fails to validate this buffer against the dot command protocol before...

7.1CVSS6.1AI score0.00139EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/21 9:8 a.m.8 views

CVE-2026-45252

When a fusefs file system implements extended attributes, the kernel may send a FUSELISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated strings. The fusefs kernel...

5.5CVSS5.8AI score0.00284EPSS
Exploits0References2
Rows per page
Query Builder