224231 matches found
cve-2026-poc-collection
CVE-2026 PoC Collection Report Collection date: May 19, 2...
CVE-2026-43496
A flaw was found in the Linux kernel's networking scheduler component. This vulnerability occurs when a specific queueing discipline qdisc configuration is used, where a parent qdisc attempts to retrieve a network packet from a child qdisc. An incorrect function call during this process can lead ...
CVE-2026-43495
A flaw was found in the Linux kernel, specifically within the net: wwan: t7xx module. A malicious modem could exploit this vulnerability by sending a specially crafted message with an invalid portcount value. This could lead to a slab-out-of-bounds read, potentially allowing an attacker to access...
CVE-2026-43494
A flaw was found in the Linux kernel, specifically within the net/rds module. When a zerocopy page pin operation fails, a counter used for memory management opnents is not correctly reset. This can result in a double-free vulnerability, where the same memory is released twice. A local attacker...
kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel
A flaw was found in the Linux kernel's XFRM ESP-in-TCP subsystem. Unsafe in-place cryptographic processing allows a low-privileged local attacker to write arbitrary bytes into the page cache of read-only files, including sensitive system files. An attacker can exploit this to overwrite privileged...
kernel: Read root-owned files as an unprivileged user
A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...
Important: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel
A flaw was found in the Linux kernel's XFRM ESP-in-TCP subsystem. Unsafe in-place cryptographic processing allows a low-privileged local attacker to write arbitrary bytes into the page cache of read-only files, including sensitive system files. An attacker can exploit this to overwrite privileged...
SUSE CVE-2022-50299
In the Linux kernel, the following vulnerability has been resolved: md: Replace snprintf with scnprintf Current code produces a warning as shown below when total characters in the constituent block device names plus the slashes exceeds 200. snprintf returns the number of characters generated from...
CVE-2026-43497
In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: add vmops to dlfbopsmmap to prevent use-after-free dlfbopsmmap uses remappfnrange to map vmalloc framebuffer pages to userspace but sets no vmops on the VMA. This means the kernel cannot track active mmaps. When...
CVE-2026-43499
In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in removewaiter removewaiter is used by the slowlock paths, but it is also used for proxy-lock rollback in rtmutexstartproxylock when invoked from futexrequeue. In the latter case...
CVE-2026-43502
In the Linux kernel, the following vulnerability has been resolved: net/rds: handle zerocopy send cleanup before the message is queued A zerocopy send can fail after user pages have been pinned but before the message is attached to the sending socket. The purge path currently infers zerocopy stat...
CVE-2026-43498
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Disallow re-exporting imported GEM objects Prevent re-exporting of imported GEM buffers by adding a custom primehandletofd callback that checks if the object is imported and returns -EOPNOTSUPP if so. Re-exporting...
CVE-2026-43495
In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: validate portcount against message length in t7xxportenummsghandler t7xxportenummsghandler uses the modem-supplied portcount field as a loop bound over portmsg-data without checking that the message buffer contai...
CVE-2026-43496
In the Linux kernel, the following vulnerability has been resolved: net/sched: schred: Replace direct dequeue call with peek and qdiscdequeuepeeked When red qdisc has children eg qfq qdisc whose peek callback is qdiscpeekdequeued, we could get a kernel panic. When the parent of such qdiscs eg...
CVE-2026-43496
In the Linux kernel, the following vulnerability has been resolved: net/sched: schred: Replace direct dequeue call with peek and qdiscdequeuepeeked When red qdisc has children eg qfq qdisc whose peek callback is qdiscpeekdequeued, we could get a kernel panic. When the parent of such qdiscs eg...
CVE-2026-43497
In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: add vmops to dlfbopsmmap to prevent use-after-free dlfbopsmmap uses remappfnrange to map vmalloc framebuffer pages to userspace but sets no vmops on the VMA. This means the kernel cannot track active mmaps. When...
CVE-2026-43498
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Disallow re-exporting imported GEM objects Prevent re-exporting of imported GEM buffers by adding a custom primehandletofd callback that checks if the object is imported and returns -EOPNOTSUPP if so. Re-exporting...
CVE-2026-43495
In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: validate portcount against message length in t7xxportenummsghandler t7xxportenummsghandler uses the modem-supplied portcount field as a loop bound over portmsg-data without checking that the message buffer contai...
CVE-2026-43501
In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve maclen headroom when recompressed SRH grows ipv6rplsrhrcv decompresses an RFC 6554 Source Routing Header, swaps the next segment into ipv6hdr-daddr, recompresses, then pulls the old header and pushes the new on...