Lucene search
K

28161 matches found

OSV
OSV
added 2026/06/24 5:17 p.m.2 views

UBUNTU-CVE-2026-53028

In the Linux kernel, the following vulnerability has been resolved: usb: typec: Fix error pointer dereference The variable tps-partner is checked for an error pointer and then if it is, it sends an error message but does not return and then immediately dereferenced a few lines below: tps-partner ...

5.6AI score0.00166EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 5:17 p.m.2 views

UBUNTU-CVE-2026-52989

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: propagate nvmettcpbuildpduiovec errors to its callers Currently, when nvmettcpbuildpduiovec detects an out-of-bounds PDU length or offset, it triggers nvmettcpfatalerrorcmd-queue and returns early. However, because the...

9.8CVSS5.6AI score0.00342EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 5:17 p.m.2 views

UBUNTU-CVE-2026-52999

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix out-of-bounds read on option matching In nfosfmatch, the nfosfhdrctx structure is initialized once and passed by reference to nfosfmatchone for each fingerprint checked. During TCP option parsing,...

9.1CVSS5.6AI score0.00521EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 5:17 p.m.3 views

UBUNTU-CVE-2026-53010

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb2open during durable reconnect In smb2open, the call to ksmbdputdurablefdfp drops the reference to the durable file descriptor early during the durable reconnect process. If an error occurs...

9.8CVSS5.6AI score0.00435EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 5:17 p.m.2 views

UBUNTU-CVE-2026-52975

In the Linux kernel, the following vulnerability has been resolved: bonding: 3ad: implement proper RCU rules for port-aggregator syzbot found a data-race in bond3adgetactiveagginfo / bond3adstatemachinehandler 1 which hints at lack of proper RCU implementation. Add rcu qualifier to port-aggregato...

7.8CVSS5.6AI score0.00138EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 5:17 p.m.2 views

UBUNTU-CVE-2026-53090

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix ldabs,ind failure path analysis in subprogs Usage of ldabs,ind instructions got extended into subprogs some time ago via commit 09b28d76eac4 "bpf: Add abnormal return checks.". These are only allowed in subprograms when...

8.5CVSS5.8AI score0.00123EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 5:17 p.m.2 views

UBUNTU-CVE-2026-52971

In the Linux kernel, the following vulnerability has been resolved: net: ena: PHC: Fix potential use-after-free in gettimestamp Move the phc-active check and resp pointer assignment to after acquiring the spinlock. Previously, phc-active was checked without holding the lock, and resp was cached...

7.8CVSS5.6AI score0.00133EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 5:17 p.m.2 views

UBUNTU-CVE-2026-53079

In the Linux kernel, the following vulnerability has been resolved: netsched: fix skb memory leak in deferred qdisc drops When the network stack cleans up the deferred list via qdiscrunend, it operates on the root qdisc. If the root qdisc do not implement the TCQFDEQUEUEDROPS flag the packets que...

6.8CVSS5.6AI score0.00145EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 5:17 p.m.3 views

UBUNTU-CVE-2026-52990

In the Linux kernel, the following vulnerability has been resolved: fsnotify: fix inode reference leak in fsnotifyrecalcmask fsnotifyrecalcmask fails to handle the return value of fsnotifyrecalcmask, which may return an inode pointer that needs to be released via fsnotifydropobject when the...

5.6AI score0.00175EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 5:17 p.m.2 views

UBUNTU-CVE-2026-53085

In the Linux kernel, the following vulnerability has been resolved: bpf: fix mm lifecycle in open-coded taskvma iterator The open-coded taskvma iterator reads task-mm locklessly and acquires mmapreadtrylock but never calls mmget. If the task exits concurrently, the mmstruct can be freed as it is...

7.8CVSS5.6AI score0.00111EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/24 4:30 p.m.5 views

CVE-2026-53130

In the Linux kernel, the following vulnerability has been resolved: fs/omfs: reject ssysblocksize smaller than OMFSDIRSTART omfsfillsuper rejects oversized ssysblocksize values PAGESIZE, but it does not reject values smaller than OMFSDIRSTART 0x1b8 = 440. Later, omfsmakeempty uses sbi-ssysblocksi...

7.8CVSS5.6AI score0.0013EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/24 4:30 p.m.3 views

CVE-2026-53125

In the Linux kernel, the following vulnerability has been resolved: md: fix arraystate=clear sysfs deadlock When "clear" is written to arraystate, mdattrstore breaks sysfs active protection so the array can delete itself from its own sysfs store method. However, mdattrstore currently drops the...

5.7AI score0.00169EPSS
Exploits0
CVE
CVE
added 2026/06/24 4:30 p.m.9 views

CVE-2026-53106

CVE-2026-53106 affects the Linux kernel BPF storage deletion flow. The issue arises when local storage is freed via kfree_rcu(), call_rcu(), or call_rcu_tasks_trace() in NMI or reentrant contexts, which can lead to a deadlock. The documented mitigation in NMI is to return an error from bpf_xxx_st...

5.8AI score0.00145EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 4:30 p.m.3 views

EUVD-2026-38952

In the Linux kernel, the following vulnerability has been resolved: bpf: return VMA snapshot from taskvma iterator Holding the per-VMA lock across the BPF program body creates a lock ordering problem when helpers acquire locks that depend on mmaplock: vmlock - irwsem - mmaplock - vmlock Snapshot...

5.7AI score0.00156EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 4:30 p.m.3 views

EUVD-2026-38939

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: Add missing chan lock in l2capecredreconfrsp l2capecredreconfrsp calls l2capchandel without holding l2capchanlock. Every other l2capchandel caller in the file acquires the lock first. A remote BLE device can sen...

5.8AI score0.00146EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:30 p.m.27 views

CVE-2026-53055 crypto: hisilicon/sec2 - prevent req used-after-free for sec

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec2 - prevent req used-after-free for sec During packet transmission, if the system is under heavy load, the hardware might complete processing the packet and free the request memory req before the transmission...

9.8CVSS0.00435EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/24 4:29 p.m.3 views

CVE-2026-53040

In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate bgbits during freefrag scan BUG A crafted filesystem can trigger an out-of-bounds bitmap walk when OCFS2IOCINFO is issued with OCFS2INFOFLNONCOHERENT. BUG: KASAN: use-after-free in instrumentatomicread...

7.1CVSS5.7AI score0.00122EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/24 4:29 p.m.4 views

CVE-2026-53033

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Take state lock for afunix iter When a BPF iterator program updates a sockmap, there is a race condition in unixstreambpfupdateproto where the peer pointer can become stale1 during a state transition TCPESTABLISHED ...

7.8CVSS5.7AI score0.00131EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.27 views

CVE-2026-53024 greybus: raw: fix use-after-free if write is called after disconnect

In the Linux kernel, the following vulnerability has been resolved: greybus: raw: fix use-after-free if write is called after disconnect If a user writes to the chardev after disconnect has been called, the kernel panics with the following trace with CONFIGINITONFREEDEFAULTON=y: BUG: kernel NULL...

7.8CVSS0.00129EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/24 4:29 p.m.8 views

CVE-2026-53004

In the Linux kernel, the following vulnerability has been resolved: sctp: fix OOB write to userspace in sctpgetsockoptpeerauthchunks sctpgetsockoptpeerauthchunks checks that the caller's optval buffer is large enough for the peer AUTH chunk list with if len gauthchunks, which lives at offset...

5.9AI score0.00176EPSS
Exploits0
Rows per page
Query Builder