Lucene search
K

163 matches found

Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.13 views

PT-2026-34893

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix trace marker copy link list updates When the "copy trace marker" option is enabled for an instance, anything written into /sys/kernel/tracing/trace marker is also copied into that instances buffer. When the option is...

5.4AI score0.00127EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/22 6:50 p.m.15 views

Inspektor Gadget uses unsanitized ANSI Escape Sequences In `columns` Output Mode

Description String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences. Therefore, a maliciously forged – partially or completely – event payload, coming from an observed container, might inject the...

9.8CVSS5.9AI score0.0056EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013368)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013368 advisory. In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix deadloop issue on reading tracepipe Soft lockup occurs when reading file...

7.1CVSS6AI score0.00139EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.9 views

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011094)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011094 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Fix race issue between cpu buffer write and swap Warning happened in rbendcommit at cod...

4.7CVSS5.8AI score0.00123EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.8 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006955)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006955 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing/hist: Fix out-of-bound write on 'actiondata.varrefidx' When generate a synthetic event wi...

5.5CVSS5.8AI score0.00192EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2026/03/26 8:3 a.m.6 views

tracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflow

...

7.8CVSS5.8AI score0.00131EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/03/25 10:29 a.m.3 views

CVE-2026-23390

In the Linux kernel, the following vulnerability has been resolved: tracing/dma: Cap dmamapsg tracepoint arrays to prevent buffer overflow The dmamapsg tracepoint can trigger a perf buffer overflow when tracing large scatter-gather lists. With devices like virtio-gpu creating large DRM buffers,...

7.8CVSS5.6AI score0.00131EPSS
Exploits0
Cvelist
Cvelist
added 2026/03/25 10:27 a.m.19 views

CVE-2026-23309 tracing: Add NULL pointer check to trigger_data_free()

In the Linux kernel, the following vulnerability has been resolved: tracing: Add NULL pointer check to triggerdatafree If triggerdataalloc fails and returns NULL, eventhisttriggerparse jumps to the outfree error path. While kfree safely handles a NULL pointer, triggerdatafree does not. This cause...

0.00123EPSS
Exploits0References6
CVE
CVE
added 2026/03/25 10:27 a.m.13 views

CVE-2026-23309

CVE-2026-23309 refers to a Linux kernel vulnerability in the tracing subsystem. The issue was a NULL pointer dereference in trigger_data_free() when data->cmd_ops->set_filter is evaluated after a failed trigger_data_alloc() and returning NULL. The root cause was that trigger_data_free() did...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References6Affected Software1
Packet Storm News
Packet Storm News
added 2026/03/23 12:0 a.m.19 views

Auditing MCP Servers for Over-Privileged Tool Capabilities

The Model Context Protocol MCP has emerged as a standard for connecting Large Language Models LLMs to external tools and data. However, MCP servers often expose privileged capabilities, such as file system access, network requests, and command execution that can be exploited if not properly...

6AI score
Exploits0
CVE
CVE
added 2026/02/18 2:21 p.m.27 views

CVE-2026-23217

CVE-2026-23217 relates to the Linux kernel on RISC-V where tracing the sbi_ecall functions can cause a deadlock in the snapshot path. The root cause is that sbi_ecall triggers a ringbuffer snapshot which may re-enter __sbi_ecall via an IPI, creating an endless loop when initial __sbi_ecall is pre...

5.5CVSS5.3AI score0.0008EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2026/02/18 12:25 a.m.4 views

SUSE CVE-2026-23138

In the Linux kernel, the following vulnerability has been resolved: tracing: Add recursion protection in kernel stack trace recording A bug was reported about an infinite recursion caused by tracing the rcu events with the kernel stack trace trigger enabled. The stack trace code called back into...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/02/16 12:0 a.m.6 views

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2025-39683)

In the Linux kernel, the following vulnerability has been resolved: tracing: Limit access to parser-buffer when tracegetuser failed When the length of the string written to setftracefilter exceeds FTRACEBUFFMAX, the following KASAN alarm will be triggered: BUG: KASAN: slab-out-of-bounds in...

7.1CVSS5.3AI score0.00164EPSS
Exploits0References2
NVD
NVD
added 2026/02/14 4:15 p.m.5 views

CVE-2026-23138

In the Linux kernel, the following vulnerability has been resolved: tracing: Add recursion protection in kernel stack trace recording A bug was reported about an infinite recursion caused by tracing the rcu events with the kernel stack trace trigger enabled. The stack trace code called back into...

5.5CVSS0.00122EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/14 3:22 p.m.25 views

CVE-2026-23138 tracing: Add recursion protection in kernel stack trace recording

In the Linux kernel, the following vulnerability has been resolved: tracing: Add recursion protection in kernel stack trace recording A bug was reported about an infinite recursion caused by tracing the rcu events with the kernel stack trace trigger enabled. The stack trace code called back into...

0.00122EPSS
Exploits0References4
CVE
CVE
added 2026/02/12 8:6 p.m.17 views

CVE-2026-25996

CVE-2026-25996 affects Inspektor Gadget. The vulnerability arises because string fields from eBPF events in the columns output mode are rendered to the terminal without sanitizing control characters or ANSI escape sequences, enabling injection via crafted event payloads. Affected surface includes...

9.8CVSS5.6AI score0.0056EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/04 4:8 p.m.27 views

CVE-2026-23088 tracing: Fix crash on synthetic stacktrace field usage

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix crash on synthetic stacktrace field usage When creating a synthetic event based on an existing synthetic event that had a stacktrace field and the new synthetic event used that field a kernel crash occurred: cd...

0.00122EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/04 4:8 p.m.5 views

EUVD-2026-5454

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix crash on synthetic stacktrace field usage When creating a synthetic event based on an existing synthetic event that had a stacktrace field and the new synthetic event used that field a kernel crash occurred: cd...

5.2AI score0.00122EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/01/26 11:37 a.m.5 views

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: CVE-2025-38321: smb: Log an error when closeallcacheddirs fails bsc1246328. CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd bsc1249256. CVE-2025-39890:...

8.7CVSS7.1AI score0.00319EPSS
Exploits0References1434
OSV
OSV
added 2026/01/14 3:6 p.m.5 views

CVE-2025-71125 tracing: Do not register unsupported perf events

In the Linux kernel, the following vulnerability has been resolved: tracing: Do not register unsupported perf events Synthetic events currently do not have a function to register perf events. This leads to calling the tracepoint register functions with a NULL function pointer which triggers:...

5.5CVSS5.4AI score0.00136EPSS
Exploits0References10
Rows per page
Query Builder