Lucene search
K

6068 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.6 views

CVE-2026-53218

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftexthdr: fix register tracking for FPRESENT flag nftexthdrinit passes user-controlled priv-len to nftparseregisterstore, which marks that many bytes in the register bitmap as initialized. However, when...

5.7AI score0.00128EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/06/25 8:39 a.m.15 views

CVE-2026-53218

CVE-2026-53218 affects the Linux kernel netfilter nft_exthdr path. The root cause is a mismatch in register initialization: nft_exthdr_init() passes priv->len to nft_parse_register_store(), which marks that many bytes as initialized, but when NFT_EXTHDR_F_PRESENT is set the eval paths write on...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.4 views

CVE-2026-53211

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftmetabridge: fix stale stack leak via IIFHWADDR register NFTMETABRIIIFHWADDR declares its destination register with len = ETHALEN 6 bytes, which the register-init tracking rounds up to two 32-bit registers 8 bytes...

5.5CVSS5.6AI score0.00126EPSS
Exploits0
CVE
CVE
added 2026/06/25 8:39 a.m.7 views

CVE-2026-53211

CVE-2026-53211 (Linux kernel netfilter nft_meta_bridge) : The NFT_META_BRI_IIFHWADDR destination register is declared as 6 bytes but tracked as two 32-bit registers (8 bytes). In nft_meta_bridge_get_eval(), a memcpy writes 6 bytes of br_dev->dev_addr, leaving the upper 2 bytes of the second re...

5.5CVSS5.7AI score0.00126EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.5 views

CVE-2026-53211

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftmetabridge: fix stale stack leak via IIFHWADDR register NFTMETABRIIIFHWADDR declares its destination register with len = ETHALEN 6 bytes, which the register-init tracking rounds up to two 32-bit registers 8 bytes...

5.6AI score0.00126EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.4 views

CVE-2026-53210

In the Linux kernel, the following vulnerability has been resolved: tee: shm: fix shm leak in registershmhelper registershmhelper allocates shm before calling ioviternpages. If ioviternpages returns 0, the function jumps to errctxput and leaks shm. This can be triggered by TEEIOCSHMREGISTER with...

5.5CVSS5.6AI score0.00127EPSS
Exploits0
EUVD
EUVD
added 2026/06/25 8:39 a.m.3 views

EUVD-2026-39301

In the Linux kernel, the following vulnerability has been resolved: tee: shm: fix shm leak in registershmhelper registershmhelper allocates shm before calling ioviternpages. If ioviternpages returns 0, the function jumps to errctxput and leaks shm. This can be triggered by TEEIOCSHMREGISTER with...

5.7AI score0.00127EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.5 views

CVE-2026-53210

In the Linux kernel, the following vulnerability has been resolved: tee: shm: fix shm leak in registershmhelper registershmhelper allocates shm before calling ioviternpages. If ioviternpages returns 0, the function jumps to errctxput and leaks shm. This can be triggered by TEEIOCSHMREGISTER with...

5.7AI score0.00127EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/25 8:39 a.m.7 views

CVE-2026-53210

The CVE-2026-53210 issue is in the Linux kernel’s Trusted Execution Environment (TEE) subsystem. A shm leak occurs in register_shm_helper() when TEE_IOC_SHM_REGISTER registers a zero-length shared memory, because shm is allocated before iov_iter_npages() and not freed if it returns 0; the code pa...

5.5CVSS5.7AI score0.00127EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/25 8:39 a.m.4 views

EUVD-2026-39283

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Fix UAF at sndtimeruserparams At releasing a timer object, e.g. when a userspace timer CONFIGSNDUTIMER gets closed and sndtimerfree is called, it tries to detach the timer instances and release the resources. However...

5.8AI score0.00134EPSS
Exploits0References8
CVE
CVE
added 2026/06/25 8:39 a.m.13 views

CVE-2026-53192

CVE-2026-53192 — Linux kernel ALSA timer UAF fix The vulnerability affects the ALSA timer path (snd_timer_user_params) in the Linux kernel. A race can occur during timer object release when a concurrent SNDRV_TIMER_IOCTL_PARAMS ioctl is in flight, potentially leading to a use-after-free if anothe...

7.8CVSS5.8AI score0.00134EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 8:39 a.m.26 views

CVE-2026-53192 ALSA: timer: Fix UAF at snd_timer_user_params()

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Fix UAF at sndtimeruserparams At releasing a timer object, e.g. when a userspace timer CONFIGSNDUTIMER gets closed and sndtimerfree is called, it tries to detach the timer instances and release the resources. However...

7.8CVSS0.00134EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/25 8:38 a.m.6 views

CVE-2026-53136

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Clamp VBIOS HDMI retimer register count to array size Why & How The VBIOS integrated info tables v111 and v21 contain HdmiRegNum and Hdmi6GRegNum fields that are used as loop bounds when copying retimer I2C...

5.6AI score0.00172EPSS
Exploits0
CVE
CVE
added 2026/06/25 8:38 a.m.9 views

CVE-2026-53136

The CVE pertains to the Linux kernel driver drm/amd/display. A malformed VBIOS can set HdmiRegNum/Hdmi6GRegNum to values up to 255, used as loop bounds when copying retimer I2C settings into fixed-size arrays, causing an out-of-bounds heap write during driver probe. The fix clamps each register c...

5.7AI score0.00172EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:38 a.m.5 views

CVE-2026-53136

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Clamp VBIOS HDMI retimer register count to array size Why & How The VBIOS integrated info tables v111 and v21 contain HdmiRegNum and Hdmi6GRegNum fields that are used as loop bounds when copying retimer I2C...

5.8AI score0.00172EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 8:38 a.m.3 views

CVE-2026-53134

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftfib: fix stale stack leak via the OIFNAME register For NFTFIBRESULTOIFNAME the destination register is declared with len = IFNAMSIZ four 32-bit registers, but on the lookup-fail, RTNLOCAL and oif-mismatch paths...

5.7AI score0.00176EPSS
Exploits0
EUVD
EUVD
added 2026/06/24 6:32 p.m.4 views

EUVD-2026-38900

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix NULL deref in mapkptrmatchtype for scalar regs Commit ab6c637ad027 "bpf: Fix a bpfkptrxchg issue with local kptr" refactored mapkptrmatchtype to branch on btfiskernel before checking basetype. A scalar register stored in...

5.7AI score0.00168EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/24 6:32 p.m.4 views

EUVD-2026-38999

Missing Authentication for Critical Function CWE-306 in the RegisterView apps/accounts/views.py, exposed at POST /api/auth/register/, in MailerUp 1.0.1 allows a remote, unauthenticated attacker to self-register a working account on instances where registration is intended to be restricted, becaus...

8.8CVSS6AI score0.00406EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 5:17 p.m.10 views

CVE-2026-53092

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix linked reg delta tracking when srcreg == dstreg Consider the case of rX += rX where srcreg and dstreg are pointers to the same bpfregstate in adjustregminmaxvals. The latter first modifies the dstreg in-place, and later ...

7.8CVSS0.00123EPSS
Exploits0References6
NVD
NVD
added 2026/06/24 5:17 p.m.7 views

CVE-2026-53078

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix same-register dst/src OOB read and pointer leak in sockops When a BPF sockops program accesses ctx fields with dstreg == srcreg, the SOCKOPSGETSK and SOCKOPSGETFIELD macros fail to zero the destination register in the...

7.8CVSS0.00112EPSS
Exploits0References2
Rows per page
Query Builder