65 matches found
kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache
A flaw was found in the Linux kernel's NFSv4.0 server nfsd. A remote, unauthenticated attacker can exploit this heap overflow vulnerability in the NFSv4.0 LOCK replay cache. By using two cooperating NFSv4.0 clients, where one sets a lock with a large owner string and another requests a conflictin...
SUSE-SU-2026:22478-1 Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise Micro 6.0)
This update for the SUSE Linux Enterprise Kernel 6.4.0-31.1 fixes various security issues The following security issues were fixed: - CVE-2026-23278: netfilter: nftables: always walk all pending catchall elements bsc1260907. - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache...
Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50318)
The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50318 advisory. - net/tls: fix use-after-free in -EBUSY error path of tlsdoencryption Muhammad Alifa Ramdhan Orabug: 39543209 CVE-2026-31533 - net: fix fanout UAF...
Linux Distros Unpatched Vulnerability : CVE-2026-45983
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfsd: never defer requests during idmap lookup During v4 request compound arg decoding, some ops e.g. SETATTR can trigger idmap lookup upcalls. When those upcal...
RHEL 10 : kernel (RHSA-2026:13566)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13566 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Use-after-free...
EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2026-1123)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : cifs: Fix UAF in cifsdemultiplexthreadCVE-2023-52572 net: fix data-races around sk-skforwardallocCVE-2024-53124 quota: flush...
Azure Linux 3.0 Security Update: kernel (CVE-2025-38430)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38430 advisory. - In the Linux kernel, the following vulnerability has been resolved: nfsd: nfsd4spomustallow must check this ...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001835)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001835 advisory. nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, an...
Important: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
MiracleLinux 7 : kernel-3.10.0-1160.119.1.0.14.el7.AXS7 (AXSA:2025-10933:76)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10933:76 advisory. x86/kvm: Disable kvmclock on all CPUs on shutdown CVE-2021-47110 posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: NFSD: Avoid calling OPDESC with ops-opnum == OPILLEGAL CVE-2023-53680 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...
Moderate: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...
SUSE-SU-2025:20920-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_2
This update for kernel-livepatch-MICRO-6-0-RTUpdate2 fixes the following issues: - CVE-2024-49974: NFSD: limit the number of concurrent async COPY operations bsc1232384 - CVE-2025-21971: netsched: Prevent creation of classes with TCHROOT bsc1245794 - CVE-2025-38206: exfat: fix double free in...
Moderate: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
RHEL 9 : kernel (RHSA-2025:18281)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:18281 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: nfsd: don't ignore the return...
EUVD-2009-1073
Malware in sbrugna...
Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2025-20649)
The remote Oracle Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20649 advisory. - nfsd: handle getclientlocked failure in nfsd4setclientidconfirm Jeff Layton Orabug: 38500610 CVE-2025-38724 - iouring/futex: ensure iofutexwait...
EUVD-2025-5127
Malicious code in bioql PyPI...
EUVD-2025-13182
Malicious code in bioql PyPI...
CVE-2025-38430 nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request
In the Linux kernel, the following vulnerability has been resolved: nfsd: nfsd4spomustallow must check this is a v4 compound request If the request being processed is not a v4 compound request, then examining the cstate can have undefined results. This patch adds a check that the rpc procedure...