CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE-2026-45845

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: fix NULL pointer dereference in class dump When a TAPRIO child qdisc is deleted via RTMDELQDISC, tapriograft is called with new == NULL and stores NULL into q-qdiscscl - 1. Subsequent RTMGETTCLASS dump operatio...

5.7AI score0.00024EPSS

CVE-2026-45843

In the Linux kernel, the following vulnerability has been resolved: slip: bound decode reads against the compressed packet length slhcuncompress parses a VJ-compressed TCP header by advancing a pointer through the packet via decode and pull16. Neither helper bounds-checks against isize, and decod...

5.8AI score0.00046EPSS

CVE•added 2026/05/27 9:24 a.m.•15 views

CVE-2026-45843

CVE-2026-45843 affects the Linux kernel’s SLIP/VJ-compressed TCP header handling (slip and slhc_uncompress). The vulnerability stems from decode() and pull16() not enforcing bounds against the packet end, and decode() masking its return value to 0xFFFF, causing potential over-reads when a compres...

8.2CVSS5.8AI score0.00046EPSS

CVE-2026-45842

In the Linux kernel, the following vulnerability has been resolved: slip: reject VJ receive packets on instances with no rstate array slhcinit accepts rslots == 0 as a valid configuration, with the documented meaning of 'no receive compression'. In that case the allocation loop in slhcinit is...

CVE•added 2026/05/27 9:24 a.m.•17 views

CVE-2026-45842

The CVE-2026-45842 issue affects the Linux kernel’s SLIP/Slip+PPP path. When rslots == 0 (no receive compression), comp->rstate remains NULL and rslot_limit becomes 0, but the receive helpers do not guard against this. As a result, slhc_uncompress() can dereference comp->rstate[x] and slhc_...

Cvelist•added 2026/05/27 9:24 a.m.•27 views

CVE-2026-45842 slip: reject VJ receive packets on instances with no rstate array

0.00032EPSS

ATTACKERKB•added 2026/05/27 9:24 a.m.•9 views

CVE-2026-45841

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix divide-by-zero in OSFWSSMODULO nfosfmatchone computes ctx-window % f-wss.val in the OSFWSSMODULO branch with no guard for f-wss.val == 0. A CAPNETADMIN user can add such a fingerprint via nfnetlink; a...

5.7AI score0.00032EPSS

CVE•added 2026/05/27 9:24 a.m.•16 views

CVE-2026-45841

The CVE concerns the Linux kernel, specifically netfilter nfnetlink_osf and the OSF_WSS_MODULO path. Root cause: nf_osf_match_one() can perform ctx->window % f->wss.val without guarding f->wss.val == 0, enabling a CAP_NET_ADMIN user to inject a bogus fingerprint via nfnetlink, leading to...

EUVD•added 2026/05/27 9:24 a.m.•7 views

EUVD-2026-32167

Cvelist•added 2026/05/27 9:24 a.m.•27 views

CVE-2026-45841 netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO

0.00032EPSS

CVE-2026-45840

In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with nlmsgnewNLMSGDEFAULTSIZE, ... but serialize the full upcall PID array via ovsvportgetupcallportids...

EUVD•added 2026/05/27 9:24 a.m.•8 views

EUVD-2026-32166

5.9AI score0.00032EPSS

ATTACKERKB•added 2026/05/27 9:24 a.m.•4 views

CVE-2026-45839

In the Linux kernel, the following vulnerability has been resolved: bpf: reject negative CO-RE accessor indices in bpfcoreparsespec CO-RE accessor strings are colon-separated indices that describe a path from a root BTF type to a target field, e.g. "0:1:2" walks through nested struct members...

5.7AI score0.00027EPSS

CVE•added 2026/05/27 9:24 a.m.•15 views

CVE-2026-45838

The CVE-2026-45838 entry concerns the Linux kernel BPF code: the function cgroup_storage_get_next_key() incorrectly handled end-of-list detection because list_next_entry() could wrap to the list head, making the subsequent NULL check dead code and causing -ENOENT not to be returned for the last e...

CVE-2026-45838

In the Linux kernel, the following vulnerability has been resolved: bpf: fix end-of-list detection in cgroupstoragegetnextkey listnextentry never returns NULL -- when the current element is the last entry it wraps to the list head via containerof. The subsequent NULL check is therefore dead code...

EUVD•added 2026/05/27 9:24 a.m.•8 views

EUVD-2026-32164

ATTACKERKB•added 2026/05/27 9:24 a.m.•4 views

CVE-2026-45837

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...

5.7AI score0.00023EPSS

Exploits0References5Affected Software1

RedHat Linux•added 2026/05/27 5:41 a.m.•10 views

kernel: nbd: defer config unlock in nbd_genl_connect

In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbdgenlconnect There is one use-after-free warning when running NBDCMDCONNECT and NBDCLEARSOCK: nbdgenlconnect nbdallocandinitconfig // configrefs=1 nbdstartdevice // configrefs=2 set NBDRTHASCONFIGREF...

5.8AI score0.00066EPSS

RedHat Linux•added 2026/05/27 5:41 a.m.•11 views

kernel: md/bitmap: fix GPF in write_page caused by resize race

A flaw was found in the Linux kernel's md/bitmap component. This vulnerability involves a use-after-free race condition that occurs during array resize operations. When the bitmapdaemonwork and bitmapresize functions execute concurrently, they can access memory pages that have already been freed...

4.7CVSS5.9AI score0.00014EPSS

RedHat Linux•added 2026/05/27 5:41 a.m.•6 views

kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation

A flaw was found in the Linux kernel. A use-after-free vulnerability exists in the traffic control actct path when it is incorrectly configured with non-ingress egress qdiscs queueing disciplines. This can allow a local user with specific privileges to trigger a kernel crash, leading to a denial ...

7.8CVSS5.8AI score0.00018EPSS