Lucene search
+L

113 matches found

redhatcve
redhatcve
added 2026/06/26 3:10 p.m.8 views

CVE-2026-52962

A flaw was found in the Linux kernel, specifically within the Ceph file system's extended attribute handling. A buffer leak occurs in the cephsetxattr function because a previously allocated buffer oldblob is not properly released. This can lead to resource exhaustion over time, potentially causi...

7.8CVSS5.9AI score0.00138EPSS
Exploits0References4
susecve
susecve
added 2026/06/26 2:14 a.m.8 views

SUSE CVE-2026-52962

In the Linux kernel, the following vulnerability has been resolved: ceph: fix a buffer leak in cephsetxattr The oldblob in cephsetxattr can store ci-ixattrs.preallocblob value during the retry. However, it is never called the cephbufferput for the oldblob object. This patch fixes the issue of the...

3.3CVSS6AI score0.00138EPSS
Exploits0References9
nessus
nessus
added 2026/06/25 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-52962

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ceph: fix a buffer leak in cephsetxattr The oldblob in cephsetxattr can store ci-ixattrs.preallocblob value during the retry. However, it is never called the...

7.8CVSS6.2AI score0.00138EPSS
Exploits0References3
euvd
euvd
added 2026/06/24 6:32 p.m.6 views

EUVD-2026-38830

In the Linux kernel, the following vulnerability has been resolved: ceph: fix a buffer leak in cephsetxattr The oldblob in cephsetxattr can store ci-ixattrs.preallocblob value during the retry. However, it is never called the cephbufferput for the oldblob object. This patch fixes the issue of the...

6AI score0.00138EPSS
Exploits0References9
nvd
nvd
added 2026/06/24 5:17 p.m.11 views

CVE-2026-52962

In the Linux kernel, the following vulnerability has been resolved: ceph: fix a buffer leak in cephsetxattr The oldblob in cephsetxattr can store ci-ixattrs.preallocblob value during the retry. However, it is never called the cephbufferput for the oldblob object. This patch fixes the issue of the...

7.8CVSS0.00138EPSS
Exploits0References8
attackerkb
attackerkb
added 2026/06/24 4:28 p.m.7 views

CVE-2026-52962

In the Linux kernel, the following vulnerability has been resolved: ceph: fix a buffer leak in cephsetxattr The oldblob in cephsetxattr can store ci-ixattrs.preallocblob value during the retry. However, it is never called the cephbufferput for the oldblob object. This patch fixes the issue of the...

5.9AI score0.00138EPSS
Exploits0References9Affected Software1
cve
cve
added 2026/06/24 4:28 p.m.14 views

CVE-2026-52962

The CVE refers to the Linux kernel Ceph driver: in __ceph_setxattr(), old_blob can retain ci->i_xattrs.prealloc_blob during a retry, and ceph_buffer_put() is not called for the old_blob, causing a buffer leak. A patch fixes this leak. Connected SUSE advisories (OSV entries) confirm this CVE (C...

7.8CVSS6AI score0.00138EPSS
Exploits0References8Affected Software1
cvelist
cvelist
added 2026/06/24 4:28 p.m.35 views

CVE-2026-52962 ceph: fix a buffer leak in __ceph_setxattr()

In the Linux kernel, the following vulnerability has been resolved: ceph: fix a buffer leak in cephsetxattr The oldblob in cephsetxattr can store ci-ixattrs.preallocblob value during the retry. However, it is never called the cephbufferput for the oldblob object. This patch fixes the issue of the...

0.00138EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.15 views

PT-2026-51856

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer leak occurs in the ceph module within the ceph setxattr function. During a retry operation, the old blob variable can store the value of ci-i xattrs.prealloc blob, but the ceph...

8.8CVSS6.1AI score0.0038EPSS
Exploits1References422
astralinux
astralinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in linux-astra-modules-5.4, linux-astra-modules-5.10

The vulnerability of the parsechooksetxattr function in the Linux kernel-module astra-modules is related to the lack of checking for the returned value. Exploiting this vulnerability allows a perpetrator to cause a service failure...

7.1CVSS5.8AI score
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed an inode leak in ext4xattrinodecreate, which occurs on an error path. There is a issue when using setxattr with a fault injection: localhost fsck.ext4 -fn /dev/sda e2fsck 1.46.6-rc1 12-Sep-2022 Pass 1: Checking...

6AI score0.00211EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/06 8:46 p.m.10 views

CVE-2026-43187

A flaw was found in the Linux kernel's XFS filesystem. Incorrect handling of freemap entries when deleting attribute leaf freemap entries can lead to a situation where zero-length freemap entries with a non-zero base are left behind. Subsequent setxattr operations can cause these entries to overl...

8.8CVSS5.8AI score0.00469EPSS
Exploits0References4
nessus
nessus
added 2026/01/22 12:0 a.m.4 views

Azure Linux 3.0 Security Update: kernel (CVE-2024-46695)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46695 advisory. - In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions...

4.4CVSS6.3AI score0.00219EPSS
Exploits0References2
nessus
nessus
added 2026/01/16 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001122)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001122 advisory. In the eaget function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two...

7.8CVSS6.4AI score0.02342EPSS
Exploits0References15
nessus
nessus
added 2026/01/16 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004417)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004417 advisory. In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an...

6.5CVSS6.9AI score0.00692EPSS
Exploits1References13
nessus
nessus
added 2026/01/16 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000755)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000755 advisory. The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by...

4.4CVSS6.4AI score0.00377EPSS
Exploits0References20
nessus
nessus
added 2026/01/15 12:0 a.m.4 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003339)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003339 advisory. The simplesetacl function in fs/posixacl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allow...

4.4CVSS6.4AI score0.00404EPSS
Exploits0References11
nessus
nessus
added 2026/01/15 12:0 a.m.6 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002742)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002742 advisory. In the eaget function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two...

7.8CVSS6.4AI score0.02342EPSS
Exploits0References15
nessus
nessus
added 2026/01/15 12:0 a.m.4 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002553)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002553 advisory. In the eaget function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two...

7.8CVSS6.4AI score0.02342EPSS
Exploits0References15
nessus
nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003254)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003254 advisory. The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by...

4.4CVSS6.4AI score0.00377EPSS
Exploits0References20
Rows per page
Query Builder