Lucene search
K

338 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-23475

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves ...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/03 11:26 p.m.6 views

SUSE CVE-2026-31389

In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free of...

4.1CVSS5.7AI score0.00117EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2026/04/03 6:9 p.m.3 views

CVE-2026-23475

A flaw was found in the Linux kernel's Serial Peripheral Interface SPI component. The system's per-CPU statistics for the SPI controller were not allocated until after the controller was registered. This created a window where a local user or process could access system files sysfs attributes...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/03 5:23 p.m.11 views

CVE-2026-31389

A flaw was found in the Linux kernel's Serial Peripheral Interface SPI subsystem. During controller registration, a use-after-free vulnerability can occur if the allocation of per-CPU statistics fails. This could allow a local attacker to cause system instability or a denial of service by accessi...

7.8CVSS5.9AI score0.00117EPSS
Exploits0References4
NVD
NVD
added 2026/04/03 4:16 p.m.4 views

CVE-2026-31389

In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free of...

7.8CVSS0.00117EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/04/03 4:16 p.m.5 views

CVE-2026-31389

In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free of...

7.8CVSS5.7AI score0.00117EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/04/03 4:16 p.m.4 views

CVE-2026-23475

In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References8
OSV
OSV
added 2026/04/03 4:16 p.m.7 views

UBUNTU-CVE-2026-23459

In the Linux kernel, the following vulnerability has been resolved: iptunnel: adapt iptunnelxmitstats to NETDEVPCPUSTATDSTATS Blamed commits forgot that vxlan/geneve use udptunnel6xmitskb which call iptunnelxmitstats. iptunnelxmitstats was assuming tunnels were only using NETDEVPCPUSTATTSTATS...

8.2CVSS5.7AI score0.00299EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/03 3:15 p.m.2 views

CVE-2026-31389

In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free of...

5.7AI score0.00117EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/04/03 3:15 p.m.20 views

CVE-2026-31389

CVE-2026-31389 affects the Linux kernel SPI subsystem. The vulnerability is a use-after-free that can occur during controller registration if per-CPU statistics allocation fails, potentially leading to access of freed driver resources and unclocked register accesses. The issue is mitigated by a p...

7.8CVSS5.7AI score0.00117EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/03 3:15 p.m.3 views

CVE-2026-23475

In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a...

5.7AI score0.00123EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/04/03 3:15 p.m.16 views

CVE-2026-23475

CVE-2026-23475 affects the Linux kernel SPI subsystem. The issue was a NULL pointer dereference window in per‑CPU controller statistics: stats were allocated only after controller registration with driver core, so early sysfs access could dereference NULL. The fix moves statistics allocation to t...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/04/03 3:15 p.m.18 views

CVE-2026-23475 spi: fix statistics allocation

In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a...

0.00123EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/03 3:15 p.m.23 views

CVE-2026-23459 ip_tunnel: adapt iptunnel_xmit_stats() to NETDEV_PCPU_STAT_DSTATS

In the Linux kernel, the following vulnerability has been resolved: iptunnel: adapt iptunnelxmitstats to NETDEVPCPUSTATDSTATS Blamed commits forgot that vxlan/geneve use udptunnel6xmitskb which call iptunnelxmitstats. iptunnelxmitstats was assuming tunnels were only using NETDEVPCPUSTATTSTATS...

8.2CVSS0.00299EPSS
Exploits0References2
CVE
CVE
added 2026/04/03 3:15 p.m.13 views

CVE-2026-23459

The CVE-2026-23459 issue affects the Linux kernel IP tunnel code, specifically iptunnel_xmit_stats(). The bug arose because the function assumed tunnels used NETDEV_PCPU_STAT_TSTATS, while vxlan/geneve tunnels call udp_tunnel[6]_xmit_skb() and read NETDEV_PCPU_STAT_DSTATS, creating potential data...

8.2CVSS5.8AI score0.00299EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.15 views

PT-2026-30169

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a flaw where controller per-cpu statistics were not allocated until after the controller was registered, creating a window where accessing sysfs attributes cou...

9.8CVSS6.1AI score0.004EPSS
Exploits0References493
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-23294

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix race in devmap on PREEMPTRT On PREEMPTRT kernels, the per-CPU xdpdevbulkqueue bq ca...

7CVSS5.8AI score0.0009EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-23342

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix race in cpumap on PREEMPTRT On PREEMPTRT kernels, the per-CPU xdpbulkqueue bq can b...

4.7CVSS5.4AI score0.00088EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/25 6:56 p.m.5 views

CVE-2026-23374

A flaw was found in the Linux kernel's blktrace component. This vulnerability arises when the tracingrecordcmdline function attempts to access a per-CPU variable in a preemptible context, which is an unsafe operation. A local attacker could exploit this to trigger a kernel bug, potentially leadin...

5.5CVSS5.7AI score0.00119EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/25 4:57 p.m.4 views

SUSE CVE-2026-23294

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix race in devmap on PREEMPTRT On PREEMPTRT kernels, the per-CPU xdpdevbulkqueue bq can be accessed concurrently by multiple preemptible tasks on the same CPU. The original code assumes bqenqueue and devflush run atomically...

7CVSS5.8AI score0.0009EPSS
Exploits0References3
Rows per page
Query Builder