Lucene search
+L

213 matches found

attackerkb
attackerkb
added 2026/07/06 7:31 p.m.6 views

CVE-2026-42546

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.3.0 and prior to version 4.11.0, a resource leak exists in OP-TEE’s shared memory cleanup logic because the functio...

3.8CVSS6AI score0.00105EPSS
Exploits0References2Affected Software1
nessus
nessus
added 2026/06/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53210

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tee: shm: fix shm leak in registershmhelper registershmhelper allocates shm before calling ioviternpages. If ioviternpages returns 0, the function jumps to...

5.5CVSS6AI score0.00127EPSS
Exploits0References3
osv
osv
added 2026/06/27 12:1 a.m.2 views

RLSA-2023:2786 Moderate: wayland security, bug fix, and enhancement update

Wayland is a protocol for a compositor to talk to its clients, as well as a C library implementation of that protocol. The compositor can be a standalone display server running on Linux kernel modesetting and evdev input devices, an X application, or a wayland client itself. The clients can be...

6.6CVSS6.8AI score0.00297EPSS
Exploits1References2
nvd
nvd
added 2026/06/25 9:16 a.m.7 views

CVE-2026-53210

In the Linux kernel, the following vulnerability has been resolved: tee: shm: fix shm leak in registershmhelper registershmhelper allocates shm before calling ioviternpages. If ioviternpages returns 0, the function jumps to errctxput and leaks shm. This can be triggered by TEEIOCSHMREGISTER with...

5.5CVSS0.00127EPSS
Exploits0References4
osv
osv
added 2026/06/25 9:16 a.m.4 views

UBUNTU-CVE-2026-53210

In the Linux kernel, the following vulnerability has been resolved: tee: shm: fix shm leak in registershmhelper registershmhelper allocates shm before calling ioviternpages. If ioviternpages returns 0, the function jumps to errctxput and leaks shm. This can be triggered by TEEIOCSHMREGISTER with...

6.8CVSS5.7AI score0.00127EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/06/25 8:39 a.m.6 views

CVE-2026-53210

In the Linux kernel, the following vulnerability has been resolved: tee: shm: fix shm leak in registershmhelper registershmhelper allocates shm before calling ioviternpages. If ioviternpages returns 0, the function jumps to errctxput and leaks shm. This can be triggered by TEEIOCSHMREGISTER with...

5.7AI score0.00127EPSS
Exploits0References5Affected Software1
euvd
euvd
added 2026/06/25 8:39 a.m.5 views

EUVD-2026-39301

In the Linux kernel, the following vulnerability has been resolved: tee: shm: fix shm leak in registershmhelper registershmhelper allocates shm before calling ioviternpages. If ioviternpages returns 0, the function jumps to errctxput and leaks shm. This can be triggered by TEEIOCSHMREGISTER with...

5.7AI score0.00127EPSS
Exploits0References4
osv
osv
added 2026/06/25 8:39 a.m.3 views

CVE-2026-53210 tee: shm: fix shm leak in register_shm_helper()

In the Linux kernel, the following vulnerability has been resolved: tee: shm: fix shm leak in registershmhelper registershmhelper allocates shm before calling ioviternpages. If ioviternpages returns 0, the function jumps to errctxput and leaks shm. This can be triggered by TEEIOCSHMREGISTER with...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.8 views

PT-2026-52305

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the register shm helper function. The function allocates shared memory shm before calling iov iter npages. If iov iter npages returns 0, the function incorrectly...

6.8CVSS6AI score0.00127EPSS
Exploits0References12
nvd
nvd
added 2026/06/24 8:16 a.m.16 views

CVE-2026-52930

In the Linux kernel, the following vulnerability has been resolved: ipc/shm: serialize orphan cleanup with shmnattch updates shmdestroyorphaned walks the shm idr under shmidsns.rwsem, but that does not serialize all fields tested by shmmaydestroy. In particular, shmnattch is updated while holding...

5.5CVSS0.00114EPSS
Exploits0References8
osv
osv
added 2026/06/24 8:16 a.m.4 views

UBUNTU-CVE-2026-52923

In the Linux kernel, the following vulnerability has been resolved: ipc: limit nextid allocation to the valid ID range The checkpoint/restore sysctl path can request the next SysV IPC id through ids-nextid. ipcidralloc currently forwards that request to idralloc with an open-ended upper bound. If...

7.8CVSS5.6AI score0.00127EPSS
Exploits0References11
osv
osv
added 2026/06/24 8:16 a.m.3 views

UBUNTU-CVE-2026-52930

In the Linux kernel, the following vulnerability has been resolved: ipc/shm: serialize orphan cleanup with shmnattch updates shmdestroyorphaned walks the shm idr under shmidsns.rwsem, but that does not serialize all fields tested by shmmaydestroy. In particular, shmnattch is updated while holding...

5.5CVSS5.6AI score0.00114EPSS
Exploits0References11
cve
cve
added 2026/06/24 7:14 a.m.18 views

CVE-2026-52930

CVE-2026-52930 (Linux kernel) : The issue is in ipc/shm: orphan cleanup cleanup of shm segments. shm_nattch was updated while holding shm_perm.lock, but shm_destroy_orphaned() traversed shm_ids(ns).rwsem, leading to a race where an orphaned segment could be considered removable before the destina...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References8Affected Software1
osv
osv
added 2026/06/24 7:14 a.m.2 views

CVE-2026-52930 ipc/shm: serialize orphan cleanup with shm_nattch updates

In the Linux kernel, the following vulnerability has been resolved: ipc/shm: serialize orphan cleanup with shmnattch updates shmdestroyorphaned walks the shm idr under shmidsns.rwsem, but that does not serialize all fields tested by shmmaydestroy. In particular, shmnattch is updated while holding...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References11
cvelist
cvelist
added 2026/06/01 5:9 p.m.37 views

CVE-2026-49121 AI Tensor Engine for ROCm (AITER) 0.1.14 Unauthenticated RCE via MessageQueue.recv() Pickle Deserialization

AI Tensor Engine for ROCm AITER through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv function within shmbroadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket...

9.2CVSS0.01104EPSS
Exploits1References3
cve
cve
added 2026/06/01 5:9 p.m.45 views

CVE-2026-49121

CVE-2026-49121 affects AI Tensor Engine for ROCm (AITER) up to version 0.1.14. The vulnerability exists in the MessageQueue.recv() function in shm_broadcast.py, where an unauthenticated remote attacker can deliver a crafted pickle payload to a ZMQ SUB socket (no authentication, no HMAC, no format...

9.8CVSS6.7AI score0.01104EPSS
Exploits1References6Affected Software1
euvd
euvd
added 2026/06/01 5:9 p.m.19 views

EUVD-2026-33717

AI Tensor Engine for ROCm AITER through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv function within shmbroadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket...

9.2CVSS6.7AI score0.01104EPSS
Exploits1References3
astralinux
astralinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Linux, Linux 5.10

A use-after-free exists in the drivers/tee/teeshm.c file within the TEE subsystem of the Linux kernel, as of version 5.15.11. This issue arises due to a race condition during the teeshmgetfromid function, when attempting to free a shared memory object...

7CVSS6.4AI score0.00694EPSS
Exploits2References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: tee: Fixed the registershmhelper function. In registershmhelper, corrected incorrect error handling for a call to ioviterextractpages. A case was missing for when ioviterextractpages only retrieves some pages and returns a number...

6.6AI score0.00194EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in multipath-tools

Multipath-tools versions 0.7.7 through 0.9.x, prior to 0.9.2, allowed local users to obtain root access. This vulnerability was exploited in conjunction with CVE-2022-41974. Local users who had access to /dev/shm could modify symlinks within multipathd due to incorrect symlink handling. This coul...

7.8CVSS7.1AI score0.00658EPSS
Exploits4References2
Rows per page
Query Builder