505 matches found
CVE-2026-59822 LiteLLM: MCP Authentication Bypass via OAuth2 Passthrough Fallback
LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.84.0, LiteLLM's MCP Streamable HTTP endpoint allowed an unauthenticated attacker to use a fabricated Authorization header to trigger an OAuth2 passthrough fallback path that replaced failed LiteLLM key...
CVE-2026-59822
LiteLLM (proxy server for LLM APIs)Prior to 1.84.0, LiteLLM’s MCP Streamable HTTP endpoint was vulnerable to an unauthenticated exploit where a fabricated Authorization header triggered an OAuth2 passthrough fallback. This path replaced failed LiteLLM key validation with an empty UserAPIKeyAuth()...
CVE-2026-53324
In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pciname for debugfs directory naming Use pcinamepdev for the per-device debugfs directory instead of hardcoded "0" for PFs and pcislotnamepdev-slot for VFs. The previous approach had two issues: 1. pcislotname...
CVE-2026-53281
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid NULL pointer dereference or refcount corruption Commit 60f030f7418d "iommu/vt-d: Avoid use of NULL after WARNONONCE" fixed a NULL pointer dereference in an unlikely situation partly. If devpasid is not found in...
CVE-2026-53064
A flaw was found in the Linux kernel's device-mapper dm-cache component. When dm-cache operates in passthrough mode, a race condition can occur during concurrent write operations to the same cached block. This can lead to a null-pointer dereference in the invalidatecomplete function, potentially...
CVE-2026-53062
A flaw was found in the Linux kernel's device-mapper dm cache policy, specifically within the smq module. In passthrough mode, the invalidatemapping operation lacks proper locking, allowing for concurrent access. This can lead to data races, resulting in data corruption or use-after-free issues,...
CVE-2026-53061
A flaw was found in the Linux kernel's device-mapper dm cache component. This vulnerability arises from an incorrect assumption that table reloads only occur after suspension, which is violated by Logical Volume Manager LVM table preloading. The dirty mapping check for passthrough mode, performed...
CVE-2026-53164
In the Linux kernel, the following vulnerability has been resolved: iommu/dma: Do not try to iommumap a 0 length region in swiotlb iommudmaiovalinkswiotlb processes a mapping that is unaligned in three parts, the head, middle and trailer. If the middle is empty because there are no aligned pages ...
Linux Distros Unpatched Vulnerability : CVE-2026-53061
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm cache: fix dirty mapping checking in passthrough mode switching As mentioned in commit 9b1cc9f251af dm cache: share cache-metadata object across inactive and...
PT-2026-52260
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the iommu dma iova link swiotlb function when processing unaligned mappings divided into head, middle, and trailer parts. If the middle section is empty due to a lack ...
Linux Distros Unpatched Vulnerability : CVE-2026-53064
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm cache: fix null-deref with concurrent writes in passthrough mode In passthrough mode, when dm-cache starts to invalidate a cache entry and bio prison cell lo...
Linux Distros Unpatched Vulnerability : CVE-2026-53062
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm cache policy smq: fix missing locks in invalidating cache blocks In passthrough mode, the policy invalidatemapping operation is called simultaneously from...
CVE-2026-53062
In the Linux kernel, the following vulnerability has been resolved: dm cache policy smq: fix missing locks in invalidating cache blocks In passthrough mode, the policy invalidatemapping operation is called simultaneously from multiple workers, thus it should be protected by a lock. Otherwise, we...
EUVD-2026-38932
In the Linux kernel, the following vulnerability has been resolved: dm cache: fix null-deref with concurrent writes in passthrough mode In passthrough mode, when dm-cache starts to invalidate a cache entry and bio prison cell lock fails due to concurrent write to the same cached block, mg-cell...
EUVD-2026-38931
In the Linux kernel, the following vulnerability has been resolved: dm cache: fix write hang in passthrough mode The invalidateremove function has incomplete logic for handling write hit bios after cache invalidation. It sets up the remapping for the overwritebio but then drops it immediately...
EUVD-2026-38930
In the Linux kernel, the following vulnerability has been resolved: dm cache policy smq: fix missing locks in invalidating cache blocks In passthrough mode, the policy invalidatemapping operation is called simultaneously from multiple workers, thus it should be protected by a lock. Otherwise, we...
CVE-2026-53062 dm cache policy smq: fix missing locks in invalidating cache blocks
In the Linux kernel, the following vulnerability has been resolved: dm cache policy smq: fix missing locks in invalidating cache blocks In passthrough mode, the policy invalidatemapping operation is called simultaneously from multiple workers, thus it should be protected by a lock. Otherwise, we...
CVE-2026-53062
The CVE-2026-53062 entry describes a Linux kernel flaw in the dm-cache policy smq in passthrough mode where invalidate_mapping is invoked concurrently by multiple workers without proper locking. This race can cause data races on the allocated blocks counter and potential use-after-free issues in ...
EUVD-2026-38929
In the Linux kernel, the following vulnerability has been resolved: dm cache: fix dirty mapping checking in passthrough mode switching As mentioned in commit 9b1cc9f251af "dm cache: share cache-metadata object across inactive and active DM tables", dm-cache assumed table reload occurs after...
CVE-2026-53061
CVE-2026-53061 affects Linux kernel dm-cache. Concrete details in connected documents show a fix for dirty mapping checking in passthrough mode switching, addressing a preload-time issue that could load dirty mappings into passthrough mode and cause data loss. The root cause involves table reload...