7294 matches found
EUVD-2026-26579
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate doorbelloffset in user queue creation amdgpuuserqgetdoorbellindex passes the user-provided doorbelloffset to amdgpudoorbellindexonbar without bounds checking. An arbitrarily large doorbelloffset can cause the...
CVE-2026-31755
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: fix NULL pointer dereference in epqueue When the gadget endpoint is disabled or not yet configured, the ep-desc pointer can be NULL. This leads to a NULL pointer dereference when cdns3gadgetepqueue is called,...
EUVD-2026-26544
In the Linux kernel, the following vulnerability has been resolved: thermal: core: Address thermal zone removal races with resume Since thermalzonepmcomplete and thermalzonedeviceresume re-initialize the pollqueue delayed work for the given thermal zone, the canceldelayedworksync in...
CVE-2026-31721
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: move list and spinlock inits from bind to alloc There was an issue when you did the following: - setup and bind an hid gadget - open /dev/hidg0 - use the resulting fd in EPOLLCTLADD - unbind the UDC - bind the...
CVE-2026-31703 writeback: Fix use after free in inode_switch_wbs_work_fn()
In the Linux kernel, the following vulnerability has been resolved: writeback: Fix use after free in inodeswitchwbsworkfn inodeswitchwbsworkfn has a loop like: wbgetnewwb; while 1 list = llistdelall&newwb-switchwbsctxs; / Nothing to do? / if !list break; ... process the items ... Now adding of...
CVE-2026-31703
The CVE-2026-31703 entry is supported by multiple connected sources describing a Linux kernel use-after-free in the writeback path. Specifically, inode_switch_wbs_work_fn() loops over switch_wbs_ctxs and can have wb->switch_work pending while the wb reference is dropped, enabling a use-after-f...
Exploit for Missing Authentication for Critical Function in Cpanel
cPanel-CVE-2026-41940-Scanner !Licensehttps://img.shields...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an error in the calculation of the BQL of a multi BD TX packet in the xilinx axienet driver, which could lea...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel. The vulnerability stems from a call to kfreeskb when allocskb fails in x25queuerxframe, which can be exploited b...
PT-2026-36446
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix soft lockup in mptcp recvmsg syzbot reported a soft lockup in mptcp recvmsg 0. When receiving data with MSG PEEK | MSG WAITALL flags, the skb is not removed from the sk receive queue. This causes sk wait data to always...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from hcicmdsyncqueueonce in Bluetooth hcisync does not correctly indicate if a queue item already exists, which...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the failure to deny immediate NFQUEUE verdicts in netfilter nftables, which could lead to undefined behavior...
PT-2026-36368
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the sched ext component where the ddsp dsq id state can remain set non-SCX DSQ INVALID, leading to a spurious warning in the mark direct dispatch function. This occurs...
PT-2026-36448
In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Fix BQL accounting for multi-BD TX packets When a TX packet spans multiple buffer descriptors scatter-gather, axienet free tx chain sums the per-BD actual length from descriptor status into a caller-provided...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from a failure to call the destruction callback when hcicmdsyncqueueonce fails in hcisync in Bluetooth, which...
PT-2026-36467
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the Linux kernel between the lec atm close function setting priv-lecd to NULL and concurrent access to priv-lecd within the send to lecd, lec handle bridge, an...
PT-2026-36401
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate doorbell offset in user queue creation amdgpu userq get doorbell index passes the user-provided doorbell offset to amdgpu doorbell index on bar without bounds checking. An arbitrarily large doorbell offset ca...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an inconsistency between the state of the work queue and the list in the inodeswitchwbsworkfn...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the drm amdgpu driver not validating the doorbelloffset boundary in user queue creation, which could lead to...
PT-2026-36356
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the USB gadget HID function where list and spinlock initializations were performed during the bind process. Specifically, queues registered via poll wait were...