Lucene search
K

149 matches found

OSV
OSV
added 2026/06/26 8:17 p.m.2 views

DEBIAN-CVE-2026-53296

In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: free channels on probe error On probe error, free the previously obtained channels. This not only prevents a leak, but also UAF scenarios because the client structure will be removed nonetheless because it...

5.7AI score0.00176EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 6:32 p.m.5 views

EUVD-2026-38849

In the Linux kernel, the following vulnerability has been resolved: neigh: let neighxmit take skb ownership neighxmit always releases the skb, except when no neighbour table is found. But even the first added user of neighxmit mpls relied on neighxmit to release the skb or queue it for tx. sashik...

5.8AI score0.00539EPSS
Exploits0References7
CVE
CVE
added 2026/06/24 4:28 p.m.9 views

CVE-2026-52981

CVE-2026-52981 concerns a Linux kernel issue in neigh_xmit: when called with an uninitialized neighbor table (e.g., NEIGH_ND_TABLE with IPv6 disabled), neigh_xmit can return -EAFNOSUPPORT without releasing the skb, risking a memory leak. The fix removes the remaining code path that could neither ...

7.5CVSS5.8AI score0.00539EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/24 4:28 p.m.26 views

CVE-2026-52981 neigh: let neigh_xmit take skb ownership

In the Linux kernel, the following vulnerability has been resolved: neigh: let neighxmit take skb ownership neighxmit always releases the skb, except when no neighbour table is found. But even the first added user of neighxmit mpls relied on neighxmit to release the skb or queue it for tx. sashik...

7.5CVSS0.00539EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51875

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the neigh xmit function where the socket buffer skb is not properly released when no neighbor table is found. Specifically, if the function is called with an...

7.5CVSS5.9AI score0.00539EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: correctly anchors the urb in the read bulk callback. When submitting an urb, that is using the anchor pattern, it needs to be anchored before submission. Otherwise, it could be leaked if the usbkillanchoredurbs...

5.5CVSS4.5AI score0.00127EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:40 a.m.9 views

CVE-2026-46231

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: put backbone reference on failed claim hash insert When batadvblaaddclaim fails to insert a new claim into the hash, it leaked a reference to the backbonegw for which the claim was intended. Call...

5.8AI score0.00119EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2026/05/28 9:36 a.m.34 views

CVE-2026-46172 ipv6: xfrm6: release dst on error in xfrm6_rcv_encap()

In the Linux kernel, the following vulnerability has been resolved: ipv6: xfrm6: release dst on error in xfrm6rcvencap xfrm6rcvencap performs an IPv6 route lookup when the skb does not already have a dst attached. ip6routeinputlookup returns a referenced dst entry even when the lookup resolves to...

0.00128EPSS
Exploits0References8
CVE
CVE
added 2026/05/28 9:36 a.m.21 views

CVE-2026-46172

** CWE-XXXX**: CVE-2026-46172 affects the Linux kernel IPv6 xfrm6 path. The issue occurs in xfrm6_rcv_encap() during an IPv6 route lookup when a dst is not yet attached; ip6_route_input_lookup() can return a dst with an error, and if dst->error is set, the skb is dropped without attaching/rele...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References8Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fixed the cxlregion leak, and cleaned up targets when a region is deleted. When a region is deleted, any targets that were previously assigned to that region still hold references to it. To trigger the release of thos...

5.5CVSS5.7AI score0.0014EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: virtio-net: Zeroed unused hash fields When a GSO tunnel is negotiated, the virtionethdrtnlfromskb function attempts to initialize the tunnel metadata. However, it forgets to zero the unused rxhash fields. This could lead to...

5.2AI score0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 1:11 p.m.30 views

CVE-2026-43314 dm: remove fake timeout to avoid leak request

In the Linux kernel, the following vulnerability has been resolved: dm: remove fake timeout to avoid leak request Since commit 15f73f5b3e59 "blk-mq: move failure injection out of blkmqcompleterequest", drivers are responsible for calling blkshouldfaketimeout at appropriate code paths and...

0.00138EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/05/07 2:24 a.m.7 views

SUSE CVE-2025-71271

In the Linux kernel, the following vulnerability has been resolved: hfsplus: ensure sb-sfsinfo is always cleaned up When hfsplus was converted to the new mount api a bug was introduced by changing the allocation pattern of sb-sfsinfo. If setupbdevsuper fails after a new superblock has been...

5.5CVSS5.8AI score0.00126EPSS
Exploits0References3
CVE
CVE
added 2026/05/06 11:27 a.m.17 views

CVE-2026-43146

CVE-2026-43146 relates to the Linux kernel iris media driver. The root cause was that internal buffers were enqueued in buffers->list before a DMA allocation completed. If dma_alloc_attrs() failed with -ENOMEM, a partially initialized buffer remained in the list, risking inconsistent state and...

5.5CVSS5.9AI score0.00126EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/06 11:27 a.m.25 views

CVE-2026-43146 media: iris: Add buffer to list only after successful allocation

In the Linux kernel, the following vulnerability has been resolved: media: iris: Add buffer to list only after successful allocation Move listaddtail to after dmaallocattrs succeeds when creating internal buffers. Previously, the buffer was enqueued in buffers-list before the DMA allocation. If t...

0.00126EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/05 3:23 p.m.10 views

CVE-2026-43064

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix not releasing workqueue on .release The workqueue associated with an DSA/IAA device is not released when the object is freed...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/04/22 1:54 p.m.20 views

CVE-2026-31481

CVE-2026-31481 affects the Linux kernel tracing code. The issue arises from boot-time trigger frees not being drained when kthread creation fails, causing boot-time deferred entries to leak and a NULL pointer dereference that crashes the system. The fix drains the entire queued list synchronously...

5.5CVSS5.6AI score0.00107EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/02 12:16 p.m.4 views

UBUNTU-CVE-2026-23414

In the Linux kernel, the following vulnerability has been resolved: tls: Purge asynchold in tlsdecryptasyncwait The asynchold queue pins encrypted input skbs while the AEAD engine references their scatterlist data. Once tlsdecryptasyncwait returns, every AEAD operation has completed and the engin...

7.5CVSS5.6AI score0.00238EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 4:56 p.m.9 views

SUSE CVE-2026-23324

In the Linux kernel, the following vulnerability has been resolved: can: usb: etases58x: correctly anchor the urb in the read bulk callback When submitting an urb, that is using the anchor pattern, it needs to be anchored before submitting it otherwise it could be leaked if usbkillanchoredurbs is...

4.7CVSS5.7AI score0.00123EPSS
Exploits0References16
EUVD
EUVD
added 2026/03/25 12:30 p.m.4 views

EUVD-2026-15277

In the Linux kernel, the following vulnerability has been resolved: can: usb: etases58x: correctly anchor the urb in the read bulk callback When submitting an urb, that is using the anchor pattern, it needs to be anchored before submitting it otherwise it could be leaked if usbkillanchoredurbs is...

5.6AI score0.00123EPSS
Exploits0References7
Rows per page
Query Builder