EUVD-2026-39301

In the Linux kernel, the following vulnerability has been resolved: tee: shm: fix shm leak in registershmhelper registershmhelper allocates shm before calling ioviternpages. If ioviternpages returns 0, the function jumps to errctxput and leaks shm. This can be triggered by TEEIOCSHMREGISTER with...

CVE-2026-52930

The CVE concerns the Linux kernel’s shared memory (ipc/shm) subsystem, specifically the orphan cleanup path. The vulnerability arises because shm_destroy_orphaned() traverses shm IDs under shm_ids(ns).rwsem but shm_nattch can be updated while holding shm_perm.lock, and attach paths may modify it ...

Astra Linux – Vulnerability in Linux, Linux 5.10

A use-after-free exists in the drivers/tee/teeshm.c file within the TEE subsystem of the Linux kernel, as of version 5.15.11. This issue arises due to a race condition during the teeshmgetfromid function, when attempting to free a shared memory object...

Astra Linux – Vulnerability in multipath-tools

Multipath-tools versions 0.7.7 through 0.9.x, prior to 0.9.2, allowed local users to obtain root access. This vulnerability was exploited in conjunction with CVE-2022-41974. Local users who had access to /dev/shm could modify symlinks within multipathd due to incorrect symlink handling. This coul...

CVE-2026-49121 AI Tensor Engine for ROCm (AITER) 0.1.14 Unauthenticated RCE via MessageQueue.recv() Pickle Deserialization

AI Tensor Engine for ROCm AITER through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv function within shmbroadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket...

CVE-2026-49121

CVE-2026-49121 affects AI Tensor Engine for ROCm (AITER) up to version 0.1.14. The vulnerability exists in the MessageQueue.recv() function in shm_broadcast.py, where an unauthenticated remote attacker can deliver a crafted pickle payload to a ZMQ SUB socket (no authentication, no HMAC, no format...

EUVD-2026-33717

AI Tensor Engine for ROCm AITER through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv function within shmbroadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket...

CLSA-2026-1776941944 tigervnc: Fix of CVE-2026-34352

CVE-2026-34352: fix world-accessible SHM segment in x0vncserver by changing shmget mode from 0777 to 0600 in ShmImage::Init...

CVE-2026-6386

In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shmcreatelargepage3 interface. In particular, it...

CVE-2026-6386 Missing large page handling in pmap_pkru_update_range()

In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shmcreatelargepage3 interface. In particular, it...

FreeBSD 安全漏洞

FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. There is a security vulnerability in FreeBSD, which stems from kernel subroutines that fail to consider the 1GB large-page mappings created using the shmcreatelargepage interface when updating page table entries. This...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006961)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006961 advisory. In the Linux kernel, the following vulnerability has been resolved: tee: fix NULL pointer dereference in teeshmput teeshmput have NULL pointer dereference:...

JLSEC-2026-97

An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wlshm buffer objects, or if it...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006832)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006832 advisory. In the Linux kernel, the following vulnerability has been resolved: tee: fix NULL pointer dereference in teeshmput teeshmput have NULL pointer dereference:...

Siemens SIMATIC S7-1500 Use After Free (CVE-2025-38212)

In the Linux kernel, the following vulnerability has been resolved: ipc: fix to protect IPCS lookups using RCU syzbot reported that it discovered a use-after-free vulnerability, 0 0: https://lore.ke rnel.org/all/[email protected]/ idrforeach is protected by rwsem, but th...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005792)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005792 advisory. In the Linux kernel, the following vulnerability has been resolved: ipc: fix to protect IPCS lookups using RCU syzbot reported that it discovered a use-after-free...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005492)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005492 advisory. In the Linux kernel, the following vulnerability has been resolved: ipc: fix to protect IPCS lookups using RCU syzbot reported that it discovered a use-after-free...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004897)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004897 advisory. In the Linux kernel, the following vulnerability has been resolved: tee: add overflow check in registershmhelper With special lengths supplied by user space,...

MiracleLinux 8 : device-mapper-multipath-0.8.4-37.el8 (AXSA:2023-5860:05)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5860:05 advisory. device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack CVE-2022-41973 Tenable has extracted the preceding...

MiracleLinux 9 : device-mapper-multipath-0.8.7-20.el9 (AXSA:2023-5420:04)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5420:04 advisory. device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack CVE-2022-41973 Tenable has extracted the preceding...