28199 matches found
CVE-2026-53004
In the Linux kernel, the following vulnerability has been resolved: sctp: fix OOB write to userspace in sctpgetsockoptpeerauthchunks sctpgetsockoptpeerauthchunks checks that the caller's optval buffer is large enough for the peer AUTH chunk list with if len gauthchunks, which lives at offset...
CVE-2026-52995
The CVE-2026-52995 issue affects the Linux kernel’s RDS path: rds_for_each_conn_info() and rds_walk_conn_path_info() pass a caller-allocated on-stack buffer to visitors and then copy item_len bytes back to user space, potentially exposing uninitialized stack data. In particular, rds_ib_conn_info_...
CVE-2026-52989 nvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its callers
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: propagate nvmettcpbuildpduiovec errors to its callers Currently, when nvmettcpbuildpduiovec detects an out-of-bounds PDU length or offset, it triggers nvmettcpfatalerrorcmd-queue and returns early. However, because the...
CVE-2026-52987
In the Linux kernel, CVE-2026-52987 arises from drm/amdgpu: double calls to drm_exec_fini() in userq_validate when new_addition is true. The code calls drm_exec_fini(&exec) before iterating HMM ranges and then, if amdgpu_ttm_tt_get_user_pages() fails, executes a second drm_exec_fini(&exec) on the...
CVE-2026-52956
The CVE-2026-52956 issue affects the Linux kernel’s libceph code, specifically __ceph_x_decrypt(), where a buffer region can be misinterpreted as a ceph_x_encrypt_header and hdr->magic accessed without ensuring sufficient plaintext size. This can trigger an out-of-bounds memory access when cip...
CVE-2026-52954
In the Linux kernel, the following vulnerability has been resolved: libceph: handle rbtree insertion error in decodechooseargs A message of type CEPHMSGOSDMAP contains an OSD map that itself contains a CRUSH map. The received CRUSH map may optionally contain chooseargs that get decoded in...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ublk: The SQE128 flag is validated before accessing the cmd field. The ublkctrlcmddump function accesses the sqe-cmd field before checking the IOURINGFSQE128 flag. This could lead to out-of-boundary memory access. The flag...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: power: supply: In the pm8916bmsvm module, there was a use-after-free issue in the powersupplychanged function. The use of the devm variant for requesting IRQs before using the devm variant for allocating/registering the powersupp...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: drm/panel: A possible null pointer dereference in jdipaneldsiremove has been fixed. In jdipaneldsiremove, jdi is explicitly checked, indicating that it may be NULL: c if !jdi mipidsidetachdsi; However, when jdi is NULL, the...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: genirq/irqsim: Proper initialization of work context pointers Proper initialization of the pointers to the ops member by using kzalloc instead of kmalloc when allocating the simulation work context. Otherwise, the pointers may...
UBUNTU-CVE-2026-52943
In the Linux kernel, the following vulnerability has been resolved: net: skbuff: fix missing zerocopy reference in pskbcarve helpers pskbcarveinsideheader and pskbcarveinsidenonlinear both copy the old skbsharedinfo header into a new buffer via memcpy, which includes the destructorarg pointer uar...
CVE-2026-52924
In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctpstreamupdate is only invoked when the association is moved into COOKIEWAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state...
UBUNTU-CVE-2026-52940
In the Linux kernel, the following vulnerability has been resolved: tun: zero the whole vnet header in tunputuser tunputuser declares an on-stack struct virtionethdrv1hashtunnel without zeroing it. For a non-tunnel skb, virtionethdrtnlfromskb only initializes the first 10 bytes sizeofstruct...
CVE-2026-52924
In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctpstreamupdate is only invoked when the association is moved into COOKIEWAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state...
CVE-2026-52924
The CVE-2026-52924 entry describes a Linux kernel SCTP use-after-free vulnerability triggered during Stale COOKIE-ECHO handling. In COOKIE_WAIT transitions, sctp_stream_update() can leave a stale out_curr pointer after rolling back from COOKIE_ECHOED to COOKIE_WAIT, so scheduler paths (FCFS/RR/PR...
CVE-2026-52922
CVE-2026-52922 affects batman-adv in the Linux kernel. The root cause is that batadv_dat_forward_data() duplicates an skb via pskb_copy_for_clone() but does not verify the allocation result before passing the skb to batadv_send_skb_prepare_unicast_4addr(), which can dereference a NULL skb and tri...
PT-2026-51863
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer overflow exists in the kvm reset dirty gfn function within the Kernel-based Virtual Machine KVM component. A local attacker with access to /dev/kvm can manipulate dirty ring...
PT-2026-51758
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Linux kernel due to a missing zerocopy reference in the pskb carve inside header and pskb carve inside nonlinear functions. Both functions copy the s...
PT-2026-51898
Name of the Vulnerable Software and Affected Versions Linux kernel version 7.0-13-generic Description An out-of-bounds write to userspace exists in the sctp getsockopt peer auth chunks function. The function fails to account for the 8-byte header of the struct sctp authchunks when validating the...
AlmaLinux 8 : kernel (ALSA-2026:27811)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:27811 advisory. kernel: selinux: fix overlayfs mmap and mprotect access checks CVE-2026-46054 Tenable has extracted the preceding description block directly from the AlmaLinux...