Lucene search
K

168 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-53162

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - memcg: use round-robin victim selection in refillstock Harry Yoo reported that getrandomu32below is not safe to call in the nmi context and memcg charge drainin...

7.8CVSS6.1AI score0.00136EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-53153

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/listlru: drain before clearing xarray entry on reparent memcgreparentlistlrus clears the dying memcg's xarray entry with xasstore&xas, NULL before reparentin...

7.8CVSS6AI score0.00106EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/26 7:40 a.m.7 views

CVE-2026-53162

A flaw was found in the Linux kernel's memory cgroup memcg subsystem. When a non-maskable interrupt NMI occurs during an update of the system's random number generation state, it can lead to corruption of that state. This issue can result in memory cgroup charge draining, potentially causing syst...

7.8CVSS5.8AI score0.00136EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/26 2:11 a.m.8 views

SUSE CVE-2026-53162

In the Linux kernel, the following vulnerability has been resolved: memcg: use round-robin victim selection in refillstock Harry Yoo reported that getrandomu32below is not safe to call in the nmi context and memcg charge draining can happen in nmi context. More specifically getrandomu32below is...

7.8CVSS5.8AI score0.00136EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 9:16 a.m.4 views

CVE-2026-53162

In the Linux kernel, the following vulnerability has been resolved: memcg: use round-robin victim selection in refillstock Harry Yoo reported that getrandomu32below is not safe to call in the nmi context and memcg charge draining can happen in nmi context. More specifically getrandomu32below is...

7.8CVSS0.00136EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 9:16 a.m.7 views

CVE-2026-53153

In the Linux kernel, the following vulnerability has been resolved: mm/listlru: drain before clearing xarray entry on reparent memcgreparentlistlrus clears the dying memcg's xarray entry with xasstore&xas, NULL before reparenting its per-node lists into the parent. This opens a window where a...

7.8CVSS0.00106EPSS
Exploits0References6
OSV
OSV
added 2026/06/25 9:16 a.m.4 views

UBUNTU-CVE-2026-53162

In the Linux kernel, the following vulnerability has been resolved: memcg: use round-robin victim selection in refillstock Harry Yoo reported that getrandomu32below is not safe to call in the nmi context and memcg charge draining can happen in nmi context. More specifically getrandomu32below is...

7.8CVSS5.8AI score0.00136EPSS
Exploits0References6
OSV
OSV
added 2026/06/25 9:16 a.m.4 views

UBUNTU-CVE-2026-53153

In the Linux kernel, the following vulnerability has been resolved: mm/listlru: drain before clearing xarray entry on reparent memcgreparentlistlrus clears the dying memcg's xarray entry with xasstore&xas, NULL before reparenting its per-node lists into the parent. This opens a window where a...

7.8CVSS5.8AI score0.00106EPSS
Exploits0References6
CVE
CVE
added 2026/06/25 8:38 a.m.7 views

CVE-2026-53162

Summary (CVE-2026-53162) : In the Linux kernel memcg subsystem, a non-NMI-safe path around random-number generation during NMI handling could corrupt the ChaCha batch state, enabling memcg charge draining. The fix replaces the get_random_u32_below() path with a per-CPU round-robin counter stored ...

7.8CVSS5.8AI score0.00136EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/25 8:38 a.m.5 views

EUVD-2026-39244

In the Linux kernel, the following vulnerability has been resolved: mm/listlru: drain before clearing xarray entry on reparent memcgreparentlistlrus clears the dying memcg's xarray entry with xasstore&xas, NULL before reparenting its per-node lists into the parent. This opens a window where a...

5.8AI score0.00106EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm: Property blob allocations to memcg The DRMIOCTLMODECREATEPROPBLOB function allows userspace to allocate property blobs of arbitrary size, which are backed by kernel memory. Currently, the blob data allocation is not accounte...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: mm/slab: Added alloctaggingslabfreehook for memcgallocabortsingle When CONFIGMEMALLOCPROFILINGDEBUG is enabled, the following warning may be observed: 3959.023862 ------------ Cut here ------------ 3959.023891 alloctag was not...

5.5CVSS5.8AI score0.00112EPSS
Exploits0References2
OSV
OSV
added 2026/05/28 10:16 a.m.7 views

UBUNTU-CVE-2026-46121

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: protect memcgpath kfree with damonsysfslock Patch series "mm/damon/sysfs-schemes: fix use-after-free for memcgpath". Reads of 'memcgpath' and 'path' files in DAMON sysfs interface could race with their...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References8
CVE
CVE
added 2026/05/28 9:35 a.m.25 views

CVE-2026-46121

The CVE-2026-46121 issue affects the Linux kernel DAMON sysfs interface (mm/damon/sysfs-schemes). A race between reads and writes of memcg_path and path can lead to a use-after-free when a user reads or writes the sysfs files while a buffer is being deallocated. The root cause is that user-direct...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/05/27 12:57 p.m.29 views

CVE-2026-46067

CVE-2026-46067 affects the Linux kernel DAMON core. The issue arises because the code path in mm/damon/core validates the node-datas used by NODE-DATA() relies on damos_quota_goal->nid but does not validate its value, allowing an arbitrary nid to be supplied for node_memcg_{used,free}_bp. This...

7.1CVSS5.9AI score0.00117EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/27 12:57 p.m.12 views

EUVD-2026-32449

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damosquotagoal-nid for nodememcgused,freebp Users can set damosquotagoal-nid with arbitrary value for nodememcgused,freebp. But DAMON core is using those for NODE-DATA without a validation of the value. Th...

5.9AI score0.00117EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 12:57 p.m.43 views

CVE-2026-46067 mm/damon/core: validate damos_quota_goal->nid for node_memcg_{used,free}_bp

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damosquotagoal-nid for nodememcgused,freebp Users can set damosquotagoal-nid with arbitrary value for nodememcgused,freebp. But DAMON core is using those for NODE-DATA without a validation of the value. Th...

0.00117EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/27 12:57 p.m.8 views

CVE-2026-46067

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damosquotagoal-nid for nodememcgused,freebp Users can set damosquotagoal-nid with arbitrary value for nodememcgused,freebp. But DAMON core is using those for NODE-DATA without a validation of the value. Th...

7.1CVSS5.9AI score0.00117EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43934

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the DAMON core where the damos quota goal-nid value for node memcg used bp and node memcg free bp is not validated before being used in the NODE-DATA macro. This allow...

7.1CVSS6AI score0.00117EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fixed a NULL crash in the shrinker function when cgroupdisable=memory is set. Christian reported a NULL dereference in zswap; he was able to trace the issue back to the zswap shrinker function. This issue also appeared...

5.5CVSS6AI score0.0019EPSS
Exploits0References2
Rows per page
Query Builder