CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2 days ago•5 views

kernel: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach()

A flaw was found in the Linux kernel's IPv6 ICMP error generation. A remote attacker could send a specially crafted IPv4 ICMP error packet with a Common Internet Protocol Security Option CIPSO IP option. This could lead to incorrect handling of packet control block data when generating an IPv6 IC...

9.8CVSS5.8AI score0.00076EPSS

Tenable Nessus•added 2 days ago•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-46207

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vsock/virtio: fix empty payload in tap skb for non-linear buffers For non-linear skbs, virtiotransportbuildskb goes through virtiotransportcopynonlinearskb to...

5.9AI score0.00023EPSS

Exploits0References2

SUSE CVE•added 2026/05/29 1:15 a.m.•6 views

SUSE CVE-2026-46207

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix empty payload in tap skb for non-linear buffers For non-linear skbs, virtiotransportbuildskb goes through virtiotransportcopynonlinearskb to copy the original payload in the new skb to be delivered to the vsockm...

3.3CVSS5.8AI score0.00023EPSS

NVD•added 2026/05/28 10:16 a.m.•7 views

CVE-2026-46207

0.00023EPSS

NVD•added 2026/05/28 10:16 a.m.•6 views

CVE-2026-46188

In the Linux kernel, the following vulnerability has been resolved: octeonepvf: add NULL check for napibuildskb napibuildskb can return NULL on allocation failure. In octepvfoqprocessrx, the result is used directly without a NULL check in both the single-buffer and multi-fragment paths, leading t...

0.00023EPSS

NVD•added 2026/05/28 10:16 a.m.•10 views

CVE-2026-46123

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: clamp rx length before skbput virtbtrxwork calls skbputskb, len where len comes directly from virtqueuegetbuf with no validation against the buffer we posted to the device. The RX skb is allocated in...

7.7CVSS0.00016EPSS

Exploits0References7

OSV•added 2026/05/28 10:16 a.m.•3 views

UBUNTU-CVE-2026-46207

5.7AI score0.00023EPSS

Exploits0References7

CVE•added 2026/05/28 9:40 a.m.•15 views

CVE-2026-46207

The CVE-2026-46207 entry describes a Linux kernel fix in vsock/virtio where empty payloads could be copied to the vsockmon tap interface for non-linear skbs due to an uninitialized iov_iter.count in virtio_transport_copy_nonlinear_skb(). The remediation replaces the linear/non-linear split with s...

Cvelist•added 2026/05/28 9:40 a.m.•23 views

CVE-2026-46207 vsock/virtio: fix empty payload in tap skb for non-linear buffers

0.00023EPSS

EUVD•added 2026/05/28 9:36 a.m.•8 views

EUVD-2026-32815

Debian CVE•added 2026/05/28 9:36 a.m.•7 views

CVE-2026-46188

5.7AI score0.00023EPSS

Exploits0

CVE•added 2026/05/28 9:36 a.m.•9 views

CVE-2026-46188

In CVE-2026-46188, the Linux kernel octeon_ep_vf path failed to guard the result of napi_build_skb() against NULL on allocation failure, leading to a NULL pointer dereference in __octep_vf_oq_process_rx() for both single-buffer and multi-fragment paths. The fix adds NULL checks after napi_build_s...

EUVD•added 2026/05/28 9:36 a.m.•5 views

EUVD-2026-32813

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe for every event/ACL/SCO/ISO type, without checking that the remaining...

5.7AI score0.00032EPSS

CVE•added 2026/05/28 9:35 a.m.•8 views

CVE-2026-46123

Summary: CVE-2026-46123 affects the Linux kernel Bluetooth virtio_bt driver. The issue arises when virtbt_rx_work() skb_put(skb, len) uses an unvalidated len sourced from virtqueue_get_buf(), with the device exposing a 1000-byte RX buffer. Since alloc_skb() tailroom can exceed 1000, a malicious/b...

7.7CVSS5.9AI score0.00016EPSS

Exploits0References7

SUSE CVE•added 2026/05/28 3:56 a.m.•5 views

SUSE CVE-2026-45929

In the Linux kernel, the following vulnerability has been resolved: ovpn: fix possible use-after-free in ovpnnetxmit When building the skblist in ovpnnetxmit, skbsharecheck will free the original skb if it is shared. The current implementation continues to use the stale skb pointer for subsequent...

5.8AI score0.00013EPSS

SUSE CVE•added 2026/05/28 3:54 a.m.•4 views

SUSE CVE-2026-45998

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix potential UAF after skbunshare failure If skbunshare fails to unshare a packet due to allocation failure in rxrpcinputpacket, the skb pointer in the parent rxrpciothread will be NULL'd out. This will likely cause the...

5.5CVSS5.8AI score0.00024EPSS

SUSE CVE•added 2026/05/28 3:52 a.m.•6 views

SUSE CVE-2026-46102

In the Linux kernel, the following vulnerability has been resolved: net: strparser: fix skbhead leak in strpabortstrp When the stream parser is aborted, for example after a message assembly timeout, it can still hold a reference to a partially assembled message in strp-skbhead. That skb is not...

7.5CVSS5.8AI score0.00068EPSS

Positive Technologies•added 2026/05/28 12:0 a.m.•5 views

PT-2026-44330

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix empty payload in tap skb for non-linear buffers For non-linear skbs, virtio transport build skb goes through virtio transport copy nonlinear skb to copy the original payload in the new skb to be delivered to the...

Tenable Nessus•added 2026/05/28 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-45998

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix potential UAF after skbunshare failure If skbunshare fails to unshare a packet du...

5.7AI score0.00024EPSS