CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added yesterday•5 views

CVE-2026-53063

A flaw was found in the Linux kernel's device-mapper dm cache component. Incomplete logic within the invalidateremove function, which handles write operations after cache invalidation, can lead to a system hang. This occurs because the function sets up remapping for write operations but fails to...

5.5CVSS5.7AI score0.0018EPSS

RedhatCVE•added yesterday•8 views

CVE-2026-53060

A flaw was found in the Linux kernel's device-mapper dm cache metadata. This memory leak vulnerability occurs when the dmcachemetadataabort function fails to acquire the root lock because the block manager is read-only, leading to the improper release of a temporary block manager. A local attacke...

5.5CVSS5.8AI score0.00184EPSS

RedhatCVE•added 2 days ago•5 views

CVE-2026-53062

A flaw was found in the Linux kernel's device-mapper dm cache policy, specifically within the smq module. In passthrough mode, the invalidatemapping operation lacks proper locking, allowing for concurrent access. This can lead to data races, resulting in data corruption or use-after-free issues,...

7CVSS5.8AI score0.00176EPSS

RedhatCVE•added 2 days ago•4 views

CVE-2026-53061

A flaw was found in the Linux kernel's device-mapper dm cache component. This vulnerability arises from an incorrect assumption that table reloads only occur after suspension, which is violated by Logical Volume Manager LVM table preloading. The dirty mapping check for passthrough mode, performed...

5.5CVSS5.8AI score0.00176EPSS

RedhatCVE•added 2 days ago•4 views

CVE-2026-53059

A flaw was found in the Linux kernel's device-mapper log dm log component. A local attacker could exploit an integer overflow vulnerability where a 64-bit value is truncated to 32 bits, leading to undersized memory allocations. This allows for out-of-bounds writes to kernel memory during log...

7CVSS5.8AI score0.00176EPSS

EUVD•added 3 days ago•4 views

EUVD-2026-38931

In the Linux kernel, the following vulnerability has been resolved: dm cache: fix write hang in passthrough mode The invalidateremove function has incomplete logic for handling write hit bios after cache invalidation. It sets up the remapping for the overwritebio but then drops it immediately...

5.7AI score0.0018EPSS

Exploits0References6

EUVD•added 3 days ago•3 views

EUVD-2026-38930

In the Linux kernel, the following vulnerability has been resolved: dm cache policy smq: fix missing locks in invalidating cache blocks In passthrough mode, the policy invalidatemapping operation is called simultaneously from multiple workers, thus it should be protected by a lock. Otherwise, we...

5.7AI score0.00176EPSS

CVE•added 3 days ago•4 views

CVE-2026-53062

The CVE-2026-53062 entry concerns the Linux kernel dm-cache policy smq. In passthrough mode, the invalidate_mapping operation can be invoked concurrently by multiple workers, and the lack of proper locking may cause data races on the allocated blocks counter and potential use-after-free issues in...

5.7AI score0.00176EPSS

EUVD•added 3 days ago•3 views

EUVD-2026-38929

In the Linux kernel, the following vulnerability has been resolved: dm cache: fix dirty mapping checking in passthrough mode switching As mentioned in commit 9b1cc9f251af "dm cache: share cache-metadata object across inactive and active DM tables", dm-cache assumed table reload occurs after...

5.7AI score0.00176EPSS

EUVD•added 3 days ago•5 views

EUVD-2026-38927

In the Linux kernel, the following vulnerability has been resolved: dm log: fix out-of-bounds write due to regioncount overflow The local variable regioncount in createlogcontext is declared as unsigned int 32-bit, but dmsectordivup returns sectort 64-bit. When a device-mapper target has a...

5.8AI score0.00176EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•5 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: - dm clone: Fixed a UAF Use-after-Free in clonedtr. - Dmclone also has the same UAF issue when dmresume and dmdestroy are executed concurrently. Therefore, the timer is canceled again in clonedtr...

5.4AI score0.00206EPSS

Exploits0References1

AstraLinux•added 2026/06/19 11:10 a.m.•6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dm mpath: Added the missing dmputdevice call when failing to obtain the scsi dh name. When commit fd81bc5cca8f “scsi: devicehandler: Returning an error pointer in scsidhattachedhandlername”, code was added to fail the parsing of...

5.5CVSS5.6AI score0.00112EPSS

Exploits0References1

AstraLinux•added 2026/06/19 11:10 a.m.•8 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: In the dmstats function, check for and propagate the allocpercpu failure. Check the return value of allocprecpu, and return an error from dmstatsinit if it fails. Update allocdev to fail if dmstatsinit does so. Otherwise, a NULL...

5.5CVSS5.6AI score0.00161EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: dm integrity: Memory corruption occurs when tagsize is less than digestsize. It is possible to configure dm-integrity in such a way that the tagsize parameter is smaller than the actual digestsize. In this case, a portion of the...

7.8CVSS6.1AI score0.00263EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•6 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: dm: fixed a NULL pointer race issue when completing IO operations. The dmiodecpending function calls endioacct first, and then decreases the number of pending DMA operations. However, if a task swaps the DM table at the same...

4.7CVSS6AI score0.00239EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•5 views

Astra Linux – Vulnerability in libjackson-json-java

A flaw was discovered in the org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities, similar to CVE-2016-3720, also affect the codehaus jackson-mapper-asl libraries, but in different classes...

7.5CVSS6.5AI score0.17044EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•4 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: dm thin: Make getfirstthin use listfirstornullrcu instead of rcu-safe list first function. The documentation in rculist.h explains the absence of listemptyrcu and warns programmers against relying on a sequence of listempty -...

5.5CVSS6.2AI score0.0021EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: dm: A NULL pointer dereference occurred in dmsuspend. There is a race condition between the suspension of the dm device and the loading of data into the table, which can lead to a NULL pointer dereference. This issue occurs when...

5.6AI score0.00184EPSS

RedhatCVE•added 2026/06/16 11:29 a.m.•6 views

CVE-2026-41731

A flaw was found in the spring-kafka component. A remote attacker, by supplying crafted header values, could exploit a vulnerability in JsonKafkaHeaderMapper and DefaultKafkaHeaderMapper that incorrectly matched type headers against trusted packages. This issue, combined with Jackson's default be...

8.1CVSS5.7AI score0.0034EPSS