CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/27 2:16 p.m.•3 views

CVE-2026-45849

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add missing lock protection in ocelotportxmitinj ocelotportxmitinj calls ocelotcaninject and ocelotportinjectframe without holding the injection group lock. Both functions contain lockdepassertheld for the...

0.00032EPSS

Exploits0References6

NVD•added 2026/05/27 2:16 p.m.•3 views

CVE-2025-71309

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix deadlock in nireadfoliocmpr Syzbot reported a task hung in nireadpagecmpr now nireadfoliocmpr. This is caused by a lock inversion deadlock involving the inode mutex nilock and page locks. Scenario: 1. Task A enters...

0.00024EPSS

Exploits0References2

OSV•added 2026/05/27 2:16 p.m.•1 views

UBUNTU-CVE-2025-71309

5.7AI score0.00024EPSS

ATTACKERKB•added 2026/05/27 12:58 p.m.•4 views

CVE-2026-46093

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: take vmappurgelock in shrinker decayvapoolnode can be invoked concurrently from two paths: purgevmaparealazy when pools are being purged, and the shrinker via vmapnodeshrinkscan. However, decayvapoolnode is not safe t...

5.7AI score0.00013EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/05/27 12:58 p.m.•31 views

CVE-2026-46093 mm/vmalloc: take vmap_purge_lock in shrinker

7.8CVSS0.00013EPSS

EUVD•added 2026/05/27 12:58 p.m.•10 views

EUVD-2026-32476

5.7AI score0.00013EPSS

Debian CVE•added 2026/05/27 12:58 p.m.•4 views

CVE-2026-46093

7.8CVSS5.7AI score0.00013EPSS

Exploits0

CVE•added 2026/05/27 12:58 p.m.•12 views

CVE-2026-46093

CVE-2026-46093 affects the Linux kernel mm/vmalloc subsystem. The issue arises because decay_va_pool_node() can be invoked concurrently from two paths—the purge path and the shrinker path via vmap_node_shrink_scan—without proper serialization. This leads to races and potential memory leaks. The d...

7.8CVSS5.7AI score0.00013EPSS

EUVD•added 2026/05/27 12:58 p.m.•3 views

EUVD-2026-32473

In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopbackcheckformat may stop the capture side when playback starts with parameters that no longer match a running capture stream. Commit 826af7fa62e3 "ALSA: aloop: Fix...

5.8AI score0.00013EPSS

Exploits0References4

EUVD•added 2026/05/27 12:57 p.m.•4 views

EUVD-2026-32445

In the Linux kernel, the following vulnerability has been resolved: x86/shstk: Prevent deadlock during shstk sigreturn During sigreturn the shadow stack signal frame is popped. The kernel does this by reading the shadow stack using normal read accesses. When it can't assume the memory is shadow...

ATTACKERKB•added 2026/05/27 12:57 p.m.•4 views

CVE-2026-46063

Exploits0References6Affected Software1

Cvelist•added 2026/05/27 12:57 p.m.•28 views

CVE-2026-46063 x86/shstk: Prevent deadlock during shstk sigreturn

0.00024EPSS

CVE•added 2026/05/27 12:57 p.m.•10 views

CVE-2026-46063

The CVE-2026-46063 issue affects the Linux kernel (x86/shstk) where a deadlock could occur during sigreturn while popping the shadow stack frame. The root cause was reading the shadow stack with the mmap lock held; a page fault could trigger a recursive mmap lock acquisition, risking deadlock if ...

EUVD•added 2026/05/27 12:57 p.m.•6 views

EUVD-2026-32438

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: fix potential UAF in SSP passkey handlers hciconn lookup and field access must be covered by hdev lock in hciuserpasskeynotifyevt and hcikeypressnotifyevt, otherwise the connection can be freed concurrently...

5.8AI score0.0003EPSS

ATTACKERKB•added 2026/05/27 12:57 p.m.•3 views

CVE-2026-46056

8.8CVSS5.7AI score0.0003EPSS

Exploits0References7Affected Software1

CVE•added 2026/05/27 12:57 p.m.•11 views

CVE-2026-46056

The CVE-2026-46056 entry documents a Linux kernel Bluetooth UAF vulnerability in the SSP passkey handlers (hci_event path). The issue arises when hci_conn lookup and field access are performed without holding the hdev lock, creating a window where a connection could be freed concurrently in hci_u...

8.8CVSS5.8AI score0.0003EPSS

Exploits0References6

EUVD•added 2026/05/27 12:56 p.m.•3 views

EUVD-2026-32406

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix damoncall vs kdamondfn exit race Patch series "mm/damon/core: fix damoncall/damoswalk vs kdmond exit race". damoncall and damoswalk can leak memory and/or deadlock when they race with kdamond terminations. Fix...

5.7AI score0.00022EPSS

EUVD•added 2026/05/27 12:56 p.m.•5 views

EUVD-2026-32402

In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix thermal zone governor cleanup issues If thermalzonedeviceregisterwithtrips fails after adding a thermal governor to the thermal zone being registered, the governor is not removed from it as appropriate which ma...