CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 6 days ago•3 views

kernel: nbd: defer config unlock in nbd_genl_connect

In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbdgenlconnect There is one use-after-free warning when running NBDCMDCONNECT and NBDCLEARSOCK: nbdgenlconnect nbdallocandinitconfig // configrefs=1 nbdstartdevice // configrefs=2 set NBDRTHASCONFIGREF...

5.5AI score0.00165EPSS

RedHat Linux•added 6 days ago•3 views

kernel: nbd: defer config unlock in nbd_genl_connect

5.4AI score0.00165EPSS

Vulnrichment•added 2026/06/12 2:39 p.m.•11 views

CVE-2026-48043 netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion

Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versions 4.1.135.Final and 4.2.15.Final, the DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the...

5.3CVSS5.2AI score0.00609EPSS

OSV•added 2026/06/11 1:28 p.m.•6 views

GHSA-C2GF-V879-257J netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion

Impact The DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the appropriate decompression codec gzip, deflate, zstd and forwards decompressed chunks to a wrapped listener. Each decompressed chunk is a pooled ByteBuf...

5.3CVSS5.5AI score0.00609EPSS

NVD•added 2026/06/08 5:16 p.m.•10 views

CVE-2026-46308

In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix use-after-free in scpsysgetbusprotectionlegacy In scpsysgetbusprotectionlegacy, offindnodewithproperty returns a device node with its reference count incremented. The function then calls ofnodeputnode befo...

0.00154EPSS

CVE•added 2026/06/08 3:41 p.m.•18 views

CVE-2026-46288

CVE-2026-46288 (Linux kernel). The issue is a use-after-free in unittest changeset handling of device-tree nodes: a pointer (parent) shares the same struct device_node as nchangeset, and of_node_put(nchangeset) can drop the refcount to zero while code still uses parent to inspect properties, lead...

8.4CVSS5.5AI score0.0014EPSS

SUSE CVE•added 2026/06/06 5:17 a.m.•8 views

SUSE CVE-2022-50077

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix reference count leak in aapivotroot The aapivotroot function has a reference counting bug in a specific path. When aareplacecurrentlabel returns on success, the function forgets to decrement the reference count of...

5.5CVSS6.2AI score0.00156EPSS

Exploits0References9

RedHat Linux•added 2026/06/04 1:4 p.m.•6 views

kernel: nbd: defer config unlock in nbd_genl_connect

5.7AI score0.00165EPSS

SUSE CVE•added 2026/06/04 2:21 a.m.•7 views

SUSE CVE-2026-46268

In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Fix p2pmemallocmmap warning condition Commit b7e282378773 has already changed the initial page refcount of p2pdma page from one to zero, however, in p2pmemallocmmap it uses "VMWARNONONCEPAGE!pagerefcountpage" to asser...

5.7AI score0.00113EPSS

RedhatCVE•added 2026/06/03 8:5 p.m.•7 views

CVE-2026-46268

A flaw was found in the Linux kernel's PCI/P2PDMA subsystem. Specifically, a warning condition in the p2pmemallocmmap function can be triggered due to an incorrect page reference count assertion. This issue occurs when the CONFIGDEBUGVM option is enabled, leading to kernel warning messages. While...

5.5CVSS5.8AI score0.00113EPSS

NVD•added 2026/06/03 6:16 p.m.•12 views

CVE-2026-46268

5.5CVSS0.00113EPSS

Cvelist•added 2026/06/03 3:50 p.m.•37 views

CVE-2026-46268 PCI/P2PDMA: Fix p2pmem_alloc_mmap() warning condition

0.00113EPSS

ATTACKERKB•added 2026/06/03 3:50 p.m.•5 views

CVE-2026-46268

5.7AI score0.00113EPSS

Exploits0References4Affected Software1

EUVD•added 2026/06/03 3:50 p.m.•8 views

EUVD-2026-34126

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix sysfs initialization In case of devmaddactionorreset failure the provided cleanup action will be run immediately on the not yet initialized kobject. This may lead to errors like: kobject: 'null' ff110001393608e0: i...

5.8AI score0.00112EPSS

Exploits0References2

SUSE CVE•added 2026/05/29 1:17 a.m.•9 views

SUSE CVE-2026-46107

In the Linux kernel, the following vulnerability has been resolved: dm-thin: fix metadata refcount underflow There's a bug in dm-thin in the function rebalancechildren. If the internal btree node has one entry, the code tries to copy all btree entries from the node's child to the node itself and...

6.1CVSS5.8AI score0.00129EPSS

RedhatCVE•added 2026/05/28 8:33 p.m.•9 views

CVE-2026-46107

A flaw was found in the Linux kernel's Device Mapper dm-thin component. This vulnerability, a metadata reference count underflow, occurs in the rebalancechildren function. When an internal btree node with a single entry is shared, the system incorrectly tracks the usage of child nodes. This can...

7.8CVSS5.8AI score0.00129EPSS

RedhatCVE•added 2026/05/28 6:11 p.m.•7 views

CVE-2026-46158

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. When an ADDADDR message is retransmitted, a socket reference count may not be properly decreased, leading to a potential resource leak. Over time, this resource exhaustion could allow a remote attacker to cause a Denial of...

7CVSS5.8AI score0.00127EPSS