Lucene search
K

63134 matches found

ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-52998

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix potential NULL dereference in ttl check The nfosfttl function accessed skb-dev to perform a local interface address lookup without verifying that the device pointer was valid. Additionally, the...

5.7AI score0.00508EPSS
Exploits0References9Affected Software1
CVE
CVE
added last week7 views

CVE-2026-52998

CVE-2026-52998 affects the Linux kernel’s netfilter nfnetlink_osf module. The nf_osf_ttl() function can dereference a device pointer (skb->dev) without validating the device, risking a NULL dereference. The patch removes the device dereference and the in_dev_for_each_ifa_rcu loop used to match...

7.5CVSS5.8AI score0.00508EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-52957

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential null-ptr-deref in decodechooseargs A message of type CEPHMSGOSDMAP contains an OSD map that itself contains a CRUSH map. When decoding this CRUSH map in crushdecode, an array of maxbuckets CRUSH buckets is...

7.5CVSS5.7AI score0.0053EPSS
Exploits0References9Affected Software1
CVE
CVE
added last week6 views

CVE-2026-52957

Consolidated details from CVE-2026-52957 show a Linux kernel libceph flaw in processing CEPH_MSG_OSD_MAP: during CRUSH map decoding, bucket indices may reference NULL buckets when decoding crush_choose_arg_map, risking a NULL pointer dereference. A patch extends the validation to only access non-...

7.5CVSS5.7AI score0.0053EPSS
Exploits0References8
Cvelist
Cvelist
added last week26 views

CVE-2026-52957 libceph: Fix potential null-ptr-deref in decode_choose_args()

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential null-ptr-deref in decodechooseargs A message of type CEPHMSGOSDMAP contains an OSD map that itself contains a CRUSH map. When decoding this CRUSH map in crushdecode, an array of maxbuckets CRUSH buckets is...

7.5CVSS0.0053EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added last week6 views

CVE-2026-52941

A flaw was found in the Linux kernel's net/smc module. An unprivileged local user could trigger a null pointer dereference by performing sendmsg or recvmsg operations on an SMC-D Shared Memory Communications - Direct socket while the smcmsgevent tracepoint is enabled. This can lead to a general...

5.5CVSS5.8AI score0.00164EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added last week6 views

CVE-2026-52938

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF storage. A race condition can occur where a storage element is accessed after its associated map has been deallocated, leading to a null pointer dereference. This can cause a kernel crash, resulting in a Denial of Service DoS for t...

5.7AI score0.00145EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added last week5 views

CVE-2026-52922

A flaw was found in the Linux kernel's batman-adv Better Approach To Mobile Ad-hoc Networking module. This vulnerability occurs because the batadvdatforwarddata function fails to validate the success of a memory allocation operation. An attacker could exploit this by triggering a scenario where t...

7.5CVSS5.8AI score0.00394EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added last week5 views

CVE-2026-52939

A flaw was found in the Linux kernel's Reliable Datagram Sockets RDS component. An unprivileged local user can trigger a kernel panic by sending a specially crafted atomic control message cmsg over an active RDS/InfiniBand IB connection. This issue is caused by improper handling of masked atomic...

5.5CVSS5.8AI score0.00164EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 8:16 a.m.9 views

CVE-2026-52938

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix NULL pointer dereference in bpfskstorageclone and diag paths bpfselemunlinknofail sets SDATAselem-smap to NULL before removing the selem from the storage hlist. A concurrent RCU reader in bpfskstorageclone can observe th...

0.00145EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 8:16 a.m.8 views

CVE-2026-52929

In the Linux kernel, the following vulnerability has been resolved: sctp: stream: fully roll back denied add-stream state When ADDOUTSTREAMS is denied, SCTP only shrinks the queued chunks and then lowers outcnt. That leaves removed stream metadata behind, so a later re-add can reuse a stale ext a...

7.5CVSS0.00394EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 8:16 a.m.9 views

CVE-2026-52922

In the Linux kernel, the following vulnerability has been resolved: batman-adv: dat: handle forward allocation error batadvdatforwarddata calls pskbcopyforclone to duplicate an skb for each DHT candidate, but does not check the return value before passing it to batadvsendskbprepareunicast4addr...

7.5CVSS0.00394EPSS
Exploits0References8
OSV
OSV
added 2026/06/24 8:16 a.m.4 views

UBUNTU-CVE-2026-52925

In the Linux kernel, the following vulnerability has been resolved: vrf: Fix a potential NPD when removing a port from a VRF RCU readers that identified a net device as a VRF port using netifisl3slave assume that a subsequent call to netdevmasterupperdevgetrcu will return a VRF device. They then...

5.7AI score0.00164EPSS
Exploits0References11
OSV
OSV
added 2026/06/24 8:16 a.m.2 views

UBUNTU-CVE-2026-52939

In the Linux kernel, the following vulnerability has been resolved: net/rds: fix NULL deref in rdsibsendcqehandler on masked atomic completion rdsibxmitatomic always programs a masked atomic opcode IBWRMASKEDATOMICCMPANDSWP or IBWRMASKEDATOMICFETCHANDADD for every RDS atomic cmsg. But the...

5.7AI score0.00164EPSS
Exploits0References11
OSV
OSV
added 2026/06/24 8:16 a.m.5 views

UBUNTU-CVE-2026-52938

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix NULL pointer dereference in bpfskstorageclone and diag paths bpfselemunlinknofail sets SDATAselem-smap to NULL before removing the selem from the storage hlist. A concurrent RCU reader in bpfskstorageclone can observe th...

5.6AI score0.00145EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 8:16 a.m.2 views

UBUNTU-CVE-2026-52922

In the Linux kernel, the following vulnerability has been resolved: batman-adv: dat: handle forward allocation error batadvdatforwarddata calls pskbcopyforclone to duplicate an skb for each DHT candidate, but does not check the return value before passing it to batadvsendskbprepareunicast4addr...

7.5CVSS5.7AI score0.00394EPSS
Exploits0References11
OSV
OSV
added 2026/06/24 8:16 a.m.2 views

UBUNTU-CVE-2026-52913

In the Linux kernel, the following vulnerability has been resolved: batman-adv: v: stop OGMv2 on disabled interface When a batadvhardiface is disabled, its meshiface pointer is set to NULL. However, batadvvogmsendmeshif may still dispatch OGMs via batadvvogmqueueonif for interfaces that have sinc...

5.7AI score0.00176EPSS
Exploits0References11
OSV
OSV
added 2026/06/24 8:16 a.m.2 views

UBUNTU-CVE-2026-52941

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid NULL deref of conn-lnk in smcmsgevent tracepoint The smcmsgevent tracepoint class, shared by smctxsendmsg and smcrxrecvmsg, unconditionally dereferences smc-conn.lnk: stringname, smc-conn.lnk-ibname conn-lnk is onl...

5.7AI score0.00164EPSS
Exploits0References9
CVE
CVE
added 2026/06/24 7:14 a.m.8 views

CVE-2026-52941

The CVE-2026-52941 issue affects the Linux kernel’s SMC tracepoints. The smc_msg_event tracepoint unconditionally dereferences smc->conn.lnk->ibname, causing a NULL dereference when conn->lnk is NULL on SMC-D (while it is set for SMC-R). This can crash the first sendmsg()/recvmsg() on an...

5.8AI score0.00164EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:14 a.m.5 views

CVE-2026-52941

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid NULL deref of conn-lnk in smcmsgevent tracepoint The smcmsgevent tracepoint class, shared by smctxsendmsg and smcrxrecvmsg, unconditionally dereferences smc-conn.lnk: stringname, smc-conn.lnk-ibname conn-lnk is onl...

5.7AI score0.00164EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder