Lucene search
+L

1450 matches found

CVE
CVE
added 3 days ago8 views

CVE-2026-10673

The CVE-2026-10673 affects the Zephyr ADIN2111/ADIN1110 Ethernet driver (drivers/ethernet/eth_adin2111.c) in OA SPI mode. The code reassembles frames by copying device-supplied 64-byte chunks into a fixed buffer (CONFIG_ETH_ADIN2111_BUFFER_SIZE, default 1524) without verifying that the write curs...

8.3CVSS6.2AI score0.00233EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/08 3:22 p.m.7 views

kernel: wifi: mac80211: drop stray 'static' from fast-RX rx_result

A flaw was found in the Linux kernel's Wi-Fi mac80211 subsystem. The ieee80211invokefastrx function uses a static variable for rxresult, which is shared across concurrent calls. This can lead to incorrect processing of Wi-Fi packets, where a packet might be mishandled or its status incorrectly...

8.8CVSS5.9AI score0.00167EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/30 4:1 p.m.7 views

CVE-2026-9263 Out-of-bounds read in Bluetooth Controller ISOAL framed RX reassembly leaks adjacent memory into host HCI ISO packets

The Zephyr Bluetooth controller ISO Adaptation Layer subsys/bluetooth/controller/llsw/isoal.c fails to validate the length field of a framed ISO PDU start segment. Per the Bluetooth specification a start segment sc=0 always carries a 3-byte timeoffset, so its segment-header len must be at least...

6.5CVSS6AI score0.00201EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-53298

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: airoha: Move ndesc initialization at end of airohaqdmainitrxqueue If queue entry or DMA descriptor list allocation fails in airohaqdmainitrxqueue routine,...

5.5CVSS6.1AI score0.00122EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/28 4:2 a.m.7 views

CVE-2026-10644 Out-of-bounds write in Microchip SERCOM-G1 (PIC32CM-JH) async UART RX with 1-byte buffer

The Microchip SERCOM-G1 UART driver drivers/serial/uartmchpsercomg1.c, used by the PIC32CM-JH SoC family, contains an out-of-bounds write in its asynchronous DMA receive path. When uartrxenable is invoked with a one-byte receive buffer len == 1 and CONFIGUARTMCHPASYNC is enabled, the RX-complete...

4.2CVSS6.2AI score0.00148EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:18 a.m.11 views

net: mvpp2: refill RX buffers before XDP or skb use

...

9.8CVSS5.8AI score0.00546EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:7 a.m.8 views

drm/amd/display: Clamp HDMI HDCP2 rx_id_list read to buffer size

...

7.8CVSS5.8AI score0.00143EPSS
Exploits0
OSV
OSV
added 2026/06/26 8:17 p.m.2 views

DEBIAN-CVE-2026-53294

In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: don't free the reused channel The RX channel can be aliased to the TX channel if it has a different MMIO. This special case needs to be handled when freeing the channels otherwise a double-free occurs...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 7:40 p.m.19 views

CVE-2026-53298

In CVE-2026-53298, the Linux kernel airoha network driver is affected by a race in initialization: ndesc is initialized too early in airoha_qdma_init_rx_queue(), causing a NULL pointer dereference during cleanup if allocation fails. The documented fix moves ndesc initialization to the end of airo...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/26 7:40 p.m.3 views

CVE-2026-53298 net: airoha: Move ndesc initialization at end of airoha_qdma_init_rx_queue()

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Move ndesc initialization at end of airohaqdmainitrxqueue If queue entry or DMA descriptor list allocation fails in airohaqdmainitrxqueue routine, airohaqdmacleanup will trigger a NULL pointer dereference running...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/26 2:9 a.m.7 views

SUSE CVE-2026-53215

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: refill RX buffers before XDP or skb use The RX error path returns the current descriptor buffer to the hardware BM pool. That is only valid while the driver still owns the buffer. mvpp2rxrefill can fail after the...

9.8CVSS6AI score0.00546EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/26 12:18 a.m.21 views

CVE-2026-53215

A flaw was found in the Linux kernel's mvpp2 network driver. This vulnerability occurs due to incorrect handling of receive RX buffers, where a buffer is returned to the hardware Buffer Manager BM pool after it has been passed to the eXpress Data Path XDP or attached to a socket buffer skb. This...

9.8CVSS5.9AI score0.00546EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.11 views

Oracle Linux 9 : kernel (ELSA-2026-27789)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-27789 advisory. - net/sched: fix pedit partial COW leading to page cache corruption Ivan Vecera RHEL-177392 CVE-2026-46331 - scsi: qla2xxx: Completely fix fcport doub...

9.8CVSS7.2AI score0.00563EPSS
Exploits15References18
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.16 views

PT-2026-52937

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the airoha qdma init rx queue function when queue entry or DMA descriptor list allocation fails. This happens because the ndesc variable is initializ...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References19
RedHat Linux
RedHat Linux
added 2026/06/25 11:21 p.m.8 views

kernel: RDMA/mana: Validate rx_hash_key_len

A flaw was found in the Linux kernel's RDMA/mana component. A local user could exploit this vulnerability by providing an invalid rxhashkeylen value through a user-space API uAPI structure. This invalid value is then used in a memcpy operation without proper bounds checking, allowing the user to...

7.8CVSS5.8AI score0.00142EPSS
Exploits0References5
NVD
NVD
added 2026/06/25 5:16 p.m.16 views

CVE-2026-13351

Zephyr's IPv6 network stack can be prevented from receiving or processing future incoming packets by sending a small number of maliciously fragmented IPv6 packets. When such a packet is handled by the fragment-header processing path, the associated RX network packet buffer allocated from a memory...

7.5CVSS0.00278EPSS
Exploits1References1
OSV
OSV
added 2026/06/25 12:3 p.m.5 views

RLSA-2026:27789 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: isotp: fix tx.buf use-after-free in isotpsendmsg CVE-2026-31474 kernel: mptcp: fix slab-use-after-free in inetlookupestablished CVE-2026-31669 kernel: xen/privcmd: fix double free vi...

7.8CVSS6.8AI score0.00459EPSS
Exploits11References18
OSV
OSV
added 2026/06/25 11:55 a.m.4 views

SUSE-SU-2026:2630-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-10263: arm64: errata: Mitigate TLBI errata on various Arm CPUs bsc1266290. - CVE-2025-68324: scsi: imm: Fix use-after-free bug caused by unfinished delayed wo...

9.8CVSS7AI score0.0055EPSS
Exploits8References63
NVD
NVD
added 2026/06/25 9:16 a.m.11 views

CVE-2026-53233

In the Linux kernel, the following vulnerability has been resolved: netdev: fix double-free in netdevnlbindrxdoit Sashiko flags that genlmsgreply always consumes the skb. The error path calls nlmsgfreersp so we can't jump directly to it. Let's not unbind, just propagate the error to the user. Thi...

7.8CVSS0.00138EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 9:16 a.m.8 views

CVE-2026-53216

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: limit XDP frame size to the RX buffer mvpp2 has short and long BM pools, and short pool buffers can be smaller than PAGESIZE. The XDP path nevertheless initializes every xdpbuff with PAGESIZE as frame size. XDP helper...

9.8CVSS0.00546EPSS
Exploits0References7
Rows per page
Query Builder