1281 matches found
kernel: selinux: fix overlayfs mmap() and mprotect() access checks
A flaw was found in the Linux kernel's SELinux security module when handling overlayfs. The existing security model for overlayfs does not properly enforce access controls for mmap and mprotect operations. This oversight could allow a local attacker to bypass intended security policies, potential...
CVE-2026-45258 Multiple vulnerabilities in the sound(4) mmap path
dspmmapsingle validated the requested mapping by checking the sum of the user-supplied offset and length against the buffer size. This addition could overflow, so that a large offset and length wrapped around and passed the check. The offset was then narrowed from 64 to 32 bits when converted to ...
CVE-2026-45258
The CVE-2026-45258 issue affects FreeBSD sound(4) mmap support. dsp_mmap_single() overflows when validating the requested mapping because offset+length can wrap the size check, and the offset is reduced from 64 to 32 bits for the buffer address, allowing a mapping that extends past the audio buff...
CVE-2026-49417 Multiple vulnerabilities in the sound(4) mmap path
Second, the audio buffer backing a mapping could be freed when the device was closed even though the mapping remained valid. The freed memory could then be reused elsewhere while still accessible through the stale mapping. The /dev/dsp device nodes are world-accessible by default. On a system wit...
CVE-2026-49417
CVE-2026-49417 is part of two memory-safety issues in FreeBSD’s sound(4) mmap path. The advisories describe: (1) dsp_mmap_single() could overflow when validating a requested mapping, allowing a mapping to extend past the audio buffer into kernel memory (CVE-2026-45258), and (2) the audio buffer b...
CVE-2026-38641
An issue in the DSO::mmapandcopy function of relibc commit 61f42d allows attackers to cause a Denial of Service DoS via loading a crafted shared library...
CVE-2026-53084
A flaw was found in the Linux kernel's Berkeley Packet Filter BPF subsystem. This vulnerability involves a lock ordering problem that occurs when BPF programs acquire certain locks that depend on the mmaplock. This issue could potentially lead to system instability or unexpected behavior due to...
CVE-2026-38641
An issue in the DSO::mmapandcopy function of relibc commit 61f42d allows attackers to cause a Denial of Service DoS via loading a crafted shared library...
CVE-2026-38641
An issue in the DSO::mmapandcopy function of relibc commit 61f42d allows attackers to cause a Denial of Service DoS via loading a crafted shared library...
RLSA-2026:27812 Important: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: selinux: fix overlayfs mmap and mprotect access checks CVE-2026-46054 For more details about the security issues, including the...
kernel-rt security update
An update is available for kernel-rt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel-rt packages provide the Real Time Linux Kernel, which enables...
RLSA-2026:27811 Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: selinux: fix overlayfs mmap and mprotect access checks CVE-2026-46054 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
kernel security update
An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...
RockyLinux 8 : kernel (RLSA-2026:27811)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:27811 advisory. kernel: selinux: fix overlayfs mmap and mprotect access checks CVE-2026-46054 Tenable has extracted the preceding description block directly from the RockyLinux...
RockyLinux 8 : kernel-rt (RLSA-2026:27812)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:27812 advisory. kernel: selinux: fix overlayfs mmap and mprotect access checks CVE-2026-46054 Tenable has extracted the preceding description block directly from the RockyLinux...
CVE-2026-53084
The Linux kernel CVE-2026-53084 is addressed by changing the VMA snapshot handling in the task_vma iterator used by BPF. The per-VMA lock is no longer held across the BPF program body; instead, the VMA is snapshot via memcpy() under the lock in _next(), and the lock is dropped before returning. T...
EUVD-2026-38952
In the Linux kernel, the following vulnerability has been resolved: bpf: return VMA snapshot from taskvma iterator Holding the per-VMA lock across the BPF program body creates a lock ordering problem when helpers acquire locks that depend on mmaplock: vmlock - irwsem - mmaplock - vmlock Snapshot...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: procfs: Avoid fetching the build ID while holding the VMA lock. Fix the PROCMAPQUERY to fetch the optional build ID only after releasing the mmaplock or the per-VMA lock, whichever was used to lock the VMA, to prevent deadlock...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: migrate: corrected lock ordering for hugetlb file folio operations Syzbot has identified a deadlock analyzed by Lance Yang: 1 Task 5749: Holds foliolock, then attempts to acquire immaprwsem read lock. 2 Task 5754: Holds...
AlmaLinux 8 : kernel (ALSA-2026:27811)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:27811 advisory. kernel: selinux: fix overlayfs mmap and mprotect access checks CVE-2026-46054 Tenable has extracted the preceding description block directly from the AlmaLinux...