CVE-2026-20238 Improper Access Control through Role Inheritance in Splunk AI Toolkit app

In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through srchFilter configurations on custom roles.The app contains an authorize.conf configuration file with a srchFilter entry that...

PT-2020-1258 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.7.3 Description: The issue is related to the get user pages aka gup implementation in mm/gup.c and mm/huge memory.c, which does not properly consider the semantics of read operations when used for a...