CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/27 9:24 a.m.•28 views

CVE-2026-45841 netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix divide-by-zero in OSFWSSMODULO nfosfmatchone computes ctx-window % f-wss.val in the OSFWSSMODULO branch with no guard for f-wss.val == 0. A CAPNETADMIN user can add such a fingerprint via nfnetlink; a...

0.00164EPSS

ATTACKERKB•added 2026/05/27 9:24 a.m.•9 views

CVE-2026-45841

5.7AI score0.00164EPSS

EUVD•added 2026/05/27 9:24 a.m.•7 views

EUVD-2026-32167

CVE•added 2026/05/27 9:24 a.m.•16 views

CVE-2026-45841

The CVE concerns the Linux kernel, specifically netfilter nfnetlink_osf and the OSF_WSS_MODULO path. Root cause: nf_osf_match_one() can perform ctx->window % f->wss.val without guarding f->wss.val == 0, enabling a CAP_NET_ADMIN user to inject a bogus fingerprint via nfnetlink, leading to...

ATTACKERKB•added 2026/05/27 9:24 a.m.•5 views

CVE-2026-45840

In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with nlmsgnewNLMSGDEFAULTSIZE, ... but serialize the full upcall PID array via ovsvportgetupcallportids...

5.8AI score0.0018EPSS

EUVD•added 2026/05/27 9:24 a.m.•8 views

EUVD-2026-32166

5.9AI score0.0018EPSS

ATTACKERKB•added 2026/05/27 9:24 a.m.•4 views

CVE-2026-45839

In the Linux kernel, the following vulnerability has been resolved: bpf: reject negative CO-RE accessor indices in bpfcoreparsespec CO-RE accessor strings are colon-separated indices that describe a path from a root BTF type to a target field, e.g. "0:1:2" walks through nested struct members...

5.7AI score0.00161EPSS

ATTACKERKB•added 2026/05/27 9:24 a.m.•5 views

CVE-2026-45838

In the Linux kernel, the following vulnerability has been resolved: bpf: fix end-of-list detection in cgroupstoragegetnextkey listnextentry never returns NULL -- when the current element is the last entry it wraps to the list head via containerof. The subsequent NULL check is therefore dead code...

EUVD•added 2026/05/27 9:24 a.m.•8 views

EUVD-2026-32164

CVE•added 2026/05/27 9:24 a.m.•16 views

CVE-2026-45838

The CVE-2026-45838 entry concerns the Linux kernel BPF code: the function cgroup_storage_get_next_key() incorrectly handled end-of-list detection because list_next_entry() could wrap to the list head, making the subsequent NULL check dead code and causing -ENOENT not to be returned for the last e...

ATTACKERKB•added 2026/05/27 9:24 a.m.•4 views

CVE-2026-45837

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...

5.7AI score0.00156EPSS

Exploits0References5Affected Software1

RedHat Linux•added 2026/05/27 5:41 a.m.•26 views

kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service

A flaw was found in the Linux kernel's bonding driver. A local attacker with low privileges could exploit a use-after-free vulnerability in the bondxmitbroadcast function. This occurs due to a race condition during concurrent slave enslave/release operations, which can lead to the original socket...

7.8CVSS5.9AI score0.00117EPSS

RedHat Linux•added 2026/05/27 5:41 a.m.•9 views

kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation

A flaw was found in the Linux kernel. A use-after-free vulnerability exists in the traffic control actct path when it is incorrectly configured with non-ingress egress qdiscs queueing disciplines. This can allow a local user with specific privileges to trigger a kernel crash, leading to a denial ...

7.8CVSS5.8AI score0.00123EPSS

RedHat Linux•added 2026/05/27 5:41 a.m.•12 views

kernel: md/bitmap: fix GPF in write_page caused by resize race

A flaw was found in the Linux kernel's md/bitmap component. This vulnerability involves a use-after-free race condition that occurs during array resize operations. When the bitmapdaemonwork and bitmapresize functions execute concurrently, they can access memory pages that have already been freed...

4.7CVSS5.9AI score0.00091EPSS

RedHat Linux•added 2026/05/27 5:41 a.m.•11 views

kernel: Linux kernel: Denial of service and memory corruption in RDMA umad

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA umad User Mode Access Device component. A local user can exploit this vulnerability by manipulating input, causing an integer underflow that leads to an out-of-bounds memory write. This memory corruption can result in a denia...

7.8CVSS5.7AI score0.00125EPSS

RedHat Linux•added 2026/05/27 5:41 a.m.•11 views

kernel: nbd: defer config unlock in nbd_genl_connect

In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbdgenlconnect There is one use-after-free warning when running NBDCMDCONNECT and NBDCLEARSOCK: nbdgenlconnect nbdallocandinitconfig // configrefs=1 nbdstartdevice // configrefs=2 set NBDRTHASCONFIGREF...

5.8AI score0.00165EPSS