EUVD-2026-31982

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, consumeNonce only checks that the module-level variable is set and unexpired. It does not validate any value from the incoming HTTP request or bind the nonce to the admin's session. If the admin's auth.api.signUpEmail call fails...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: fix use-after-free caused by uec-work The delayed work uec-work is scheduled in gaokunucsiprobe but never properly canceled in gaokunucsiremove. This creates use-after-free scenarios where the ucsi and gaokunucs...

CVE-2026-23101 leds: led-class: Only Add LED to leds_list when it is fully ready

In the Linux kernel, the following vulnerability has been resolved: leds: led-class: Only Add LED to ledslist when it is fully ready Before this change the LED was added to ledslist before ledinitcore gets called adding it the list before ledclassdev.setbrightnesswork gets initialized. This leave...

filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock

Vulnerability Summary Title: Time-of-Check-Time-of-Use TOCTOU Symlink Vulnerability in SoftFileLock Affected Component: filelock package - SoftFileLock class File: src/filelock/soft.py lines 17-27 CWE: CWE-362, CWE-367, CWE-59 --- Description A TOCTOU race condition vulnerability exists in the...

Windows Exploitation Techniques: Winning Race Conditions with Path Lookups

Posted by James Forshaw This post was originally written in 2016 for the Project Zero blog. However, in the end it was published separately in the journal PoC||GTFOissue 13 as well as in the second volume of the printed version. In honor of our new blog we’re republishing it on this blog and...

CVE-2025-40242 gfs2: Fix unlikely race in gdlm_put_lock

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix unlikely race in gdlmputlock In gdlmputlock, there is a small window of time in which the DFLUNMOUNT flag has been set but the lockspace hasn't been released, yet. In that window, dlm may still call gdlmast and gdlmbast...

CVE-2025-21984

In the Linux kernel, the following vulnerability has been resolved: mm: fix kernel BUG when userfaultfdmove encounters swapcache userfaultfdmove checks whether the PTE entry is present or a swap entry. - If the PTE entry is present, movepresentpte handles folio migration by setting: srcfolio-inde...

CVE-2025-21984 mm: fix kernel BUG when userfaultfd_move encounters swapcache

In the Linux kernel, the following vulnerability has been resolved: mm: fix kernel BUG when userfaultfdmove encounters swapcache userfaultfdmove checks whether the PTE entry is present or a swap entry. - If the PTE entry is present, movepresentpte handles folio migration by setting: srcfolio-inde...

CVE-2022-49286

In the Linux kernel, the following vulnerability has been resolved: tpm: use trygetops in tpm-space.c As part of the series conversion to remove nested TPM operations: https://lore.kernel.org/all/[email protected]/ exposure of the chip-tpmmutex was removed fro...

CVE-2024-50154

A use-after-free UAF vulnerability was found and fixed in the Linux kernel's TCP subsystem related to request socket reqsk timers during handshake handling. This issue stems from a race condition caused by relying on timerpending in reqskqueueunlink. This could result in the timer continuing to r...

CVE-2024-50154

CVE-2024-50154 (Linux kernel) : The vulnerability arises from tcp/dccp code using timer_pending() in reqsk_queue_unlink(), which can miss del_timer_sync() in reqsk_timer_handler() and create a use-after-free (UAF) when req->sk is closed before timer expiry (default ~63s). Affected: Linux kerne...

CVE-2022-48874 misc: fastrpc: Fix use-after-free and race in fastrpc_map_find

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free and race in fastrpcmapfind Currently, there is a race window between the point when the mutex is unlocked in fastrpcmaplookup and the reference count increasing fastrpcmapget in fastrpcmapfind,...

CVE-2024-43830

In the Linux kernel, the following vulnerability has been resolved: leds: trigger: Unregister sysfs attributes before calling deactivate Triggers which have trigger specific sysfs attributes typically store related data in trigger-data allocated by the activate callback and freed by the deactivat...

CVE-2024-42270

In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix null-ptr-deref in iptablenattableinit. We had a report that iptables-restore sometimes triggered null-ptr-deref at boot time. 0 The problem is that iptablenattableinit is exposed to user space before the...

CVE-2024-42270 netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().

In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix null-ptr-deref in iptablenattableinit. We had a report that iptables-restore sometimes triggered null-ptr-deref at boot time. 0 The problem is that iptablenattableinit is exposed to user space before the...

CVE-2024-42270 netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().

In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix null-ptr-deref in iptablenattableinit. We had a report that iptables-restore sometimes triggered null-ptr-deref at boot time. 0 The problem is that iptablenattableinit is exposed to user space before the...

CVE-2024-42152 nvmet: fix a possible leak when destroy a ctrl during qp establishment

In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a possible leak when destroy a ctrl during qp establishment In nvmetsqdestroy we capture sq-ctrl early and if it is non-NULL we know that a ctrl was allocated in the admin connect request handler and we need to release...

CVE-2024-41041 udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().

In the Linux kernel, the following vulnerability has been resolved: udp: Set SOCKRCUFREE earlier in udplibgetport. syzkaller triggered the warning 0 in udpv4earlydemux. In udpv46earlydemux and sklookup, we do not touch the refcount of the looked-up sk and use sockpfree as skb-destructor, so we...

CVE-2024-41041 udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().

In the Linux kernel, the following vulnerability has been resolved: udp: Set SOCKRCUFREE earlier in udplibgetport. syzkaller triggered the warning 0 in udpv4earlydemux. In udpv46earlydemux and sklookup, we do not touch the refcount of the looked-up sk and use sockpfree as skb-destructor, so we...

CVE-2022-48816

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: lock against -sock changing during sysfs read -sock can be set to NULL asynchronously unless -recvmutex is held. So it is important to hold that mutex. Otherwise a sysfs read can trigger an oops. Commit 17f09d3f619a...