Lucene search
K

774 matches found

OSV
OSV
added 2026/07/01 2:46 p.m.7 views

USN-8489-1 linux-oem-7.0 vulnerabilities

It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...

9.8CVSS7.2AI score0.93235EPSS
Exploits74References166
NVD
NVD
added 2026/07/01 2:16 p.m.6 views

CVE-2026-53327

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Do not fillpool if piblockedon On RT enabled kernels, fillpool ends up calling rtlocklock, which asserts if current::piblockedon is set, because a task can obviously only block on one lock as otherwise the priority...

0.00172EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/01 1:32 p.m.9 views

EUVD-2026-40961

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Do not fillpool if piblockedon On RT enabled kernels, fillpool ends up calling rtlocklock, which asserts if current::piblockedon is set, because a task can obviously only block on one lock as otherwise the priority...

5.8AI score0.00172EPSS
Exploits0References3
OSV
OSV
added 2026/07/01 1:32 p.m.1 views

CVE-2026-53327 debugobjects: Do not fill_pool() if pi_blocked_on

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Do not fillpool if piblockedon On RT enabled kernels, fillpool ends up calling rtlocklock, which asserts if current::piblockedon is set, because a task can obviously only block on one lock as otherwise the priority...

5.8AI score0.00172EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/29 4:39 a.m.9 views

CVE-2026-53923

A flaw was found in vLLM. Integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels leads to partial tensor processing. This results in the output tensor retaining previously used GPU memory, which, in multi-tenant inference deployments, can expose sensitive tensor data from other...

7.5CVSS5.7AI score0.00281EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2026/06/29 12:0 a.m.4 views

The vulnerability of the skbuff network component in Linux operating system kernels allows attackers to increase their privileges.

The vulnerability of the skbuff network component in Linux operating systems is related to insufficient resource control during its existence. Exploiting this vulnerability can allow attackers to enhance their privileges...

8.8CVSS6.2AI score0.00135EPSS
Exploits7References18Affected Software6
BDU FSTEC
BDU FSTEC
added 2026/06/26 12:0 a.m.4 views

The vulnerability of the dwc3_remove_requests() function in Linux operating system kernels allows a attacker to cause a service failure or execute arbitrary code.

The vulnerability of the dwc3removerequests function in Linux operating system kernels is related to the situation of signal handling. Exploiting this vulnerability can allow an attacker to cause service failures or execute arbitrary code...

7CVSS6AI score0.00194EPSS
Exploits0References14Affected Software5
Ubuntu
Ubuntu
added 2026/06/22 10:51 p.m.10 views

USN-8461-1: Linux kernel (Azure) vulnerabilities

It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...

8.8CVSS7AI score0.93235EPSS
Exploits57
OSV
OSV
added 2026/06/22 10:51 p.m.5 views

USN-8461-1 linux-azure vulnerabilities

It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...

8.8CVSS6.4AI score0.93235EPSS
Exploits57References19
OSV
OSV
added 2026/06/22 9:59 p.m.2 views

CVE-2026-54235 vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, ll temperature validation gates use comparison operators , which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and propagat...

6.9CVSS5.9AI score0.00261EPSS
Exploits1References5
CVE
CVE
added 2026/06/22 9:59 p.m.26 views

CVE-2026-54235

Summary: CVE-2026-54235 affects vLLM prior to 0.23.1rc0, where temperature validation gates using can silently mis-handle NaN and positive Infinity due to Python IEEE 754 behavior. This allows non-finite temperatures to bypass guards and propagate to GPU sampling kernels, causing undefined behav...

6.9CVSS5.9AI score0.00261EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/06/22 9:59 p.m.25 views

CVE-2026-54235 vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, ll temperature validation gates use comparison operators , which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and propagat...

6.9CVSS0.00261EPSS
Exploits1References3
CVE
CVE
added 2026/06/22 9:55 p.m.18 views

CVE-2026-53923

Summary of CVE-2026-53923 : The vulnerability affects vLLM (GGUF dequantize kernels) where integer truncation of tensor dimensions causes partially filled output tensors. From 0.5.5 up to 0.23.1rc0, the code allocates the full output tensor (torch::empty) but the CUDA kernel processes only a trun...

7.5CVSS5.8AI score0.00281EPSS
Exploits0References3Affected Software1
CBLMariner
CBLMariner
added 2026/06/22 9:21 p.m.7 views

CVE-2026-46127 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46127 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS5.8AI score0.00128EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux

The bpf verifier in the Linux kernel failed to properly handle truncation of the mod32 destination register when the source register was known to be 0. A local attacker who had the ability to load bpf programs could exploit this vulnerability by performing out-of-bounds reads in kernel memory,...

7.8CVSS6.8AI score0.0061EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.13 views

PT-2026-50490

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.23.1rc0 Description Temperature validation gates use comparison operators that silently evaluate to False when encountering NaN Not a Number or positive Infinity due to Python's IEEE 754 float semantics. These values...

6.9CVSS5.9AI score0.00261EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.24 views

PT-2026-50472

Name of the Vulnerable Software and Affected Versions vLLM versions 0.5.5 through 0.23.1rc0 Description Integer truncation of tensor dimensions in GGUF dequantize kernels within csrc/quantization/gguf/gguf kernel.cu leads to partial tensor processing. The output tensor is allocated at full size...

7.5CVSS5.8AI score0.00281EPSS
Exploits0References10
Amazon
Amazon
added 2026/06/08 12:0 a.m.10 views

Important: cuda-drivers

Issue Overview: NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...

8.8CVSS6AI score0.00206EPSS
Exploits0
OSV
OSV
added 2026/06/02 5:12 p.m.22 views

USN-8373-1 linux, linux-aws, linux-aws-6.8, linux-aws-fips, linux-azure, linux-fips, linux-gcp, linux-gcp-6.8, linux-gcp-fips, linux-gke, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-ibm-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-nvidia-tegra, linux-oracle, linux-oracle-6.8, linux-raspi, linux-raspi-realtime, linux-realtime, linux-realtime-6.8 vulnerabilities

It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...

8.8CVSS6.3AI score0.93235EPSS
Exploits57References22
Ubuntu
Ubuntu
added 2026/06/02 5:12 p.m.29 views

USN-8373-1: Linux kernel vulnerabilities

It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...

8.8CVSS6.5AI score0.93235EPSS
Exploits57
Rows per page
Query Builder