Lucene search
+L

490 matches found

astralinux
astralinux
added 2026/07/09 8:12 a.m.4 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fixed a use-after-free in bondxmitbroadcast. bondxmitbroadcast reuses the original skb for the last slave determined by bondislastslave and clones it for others. Concurrent slave enslave/release operations may mutat...

7.8CVSS5.7AI score0.00124EPSS
Exploits0References3
redhat
redhat
added 2026/07/08 4:26 a.m.4 views

kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service

A flaw was found in the Linux kernel's bonding driver. A local attacker with low privileges could exploit a use-after-free vulnerability in the bondxmitbroadcast function. This occurs due to a race condition during concurrent slave enslave/release operations, which can lead to the original socket...

7.8CVSS7AI score0.00124EPSS
Exploits0References5
redhat
redhat
added 2026/07/08 4:21 a.m.4 views

kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service

A flaw was found in the Linux kernel's bonding driver. A local attacker with low privileges could exploit a use-after-free vulnerability in the bondxmitbroadcast function. This occurs due to a race condition during concurrent slave enslave/release operations, which can lead to the original socket...

7.8CVSS7AI score0.00124EPSS
Exploits0References5
redhat
redhat
added 2026/07/07 9:13 a.m.7 views

kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service

A flaw was found in the Linux kernel's bonding driver. A local attacker with low privileges could exploit a use-after-free vulnerability in the bondxmitbroadcast function. This occurs due to a race condition during concurrent slave enslave/release operations, which can lead to the original socket...

7.8CVSS7AI score0.00124EPSS
Exploits0References5
nvd
nvd
added 2026/07/01 2:16 p.m.5 views

CVE-2026-53337

In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL pointer dereference in bonddoioctl In bonddoioctl, slavedev is obtained via devgetbyname which can return NULL if the requested interface name does not exist. However, the subsequent slavedbg call is placed...

0.00164EPSS
Exploits0References8
euvd
euvd
added 2026/07/01 1:32 p.m.8 views

EUVD-2026-40971

In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL pointer dereference in bonddoioctl In bonddoioctl, slavedev is obtained via devgetbyname which can return NULL if the requested interface name does not exist. However, the subsequent slavedbg call is placed...

5.8AI score0.00164EPSS
Exploits0References8
cve
cve
added 2026/07/01 1:32 p.m.16 views

CVE-2026-53337

The CVE concerns the Linux kernel bonding code: in bond_do_ioctl(), slave_dev is fetched via __dev_get_by_name() and then immediately used in a slave_dbg() call before checking for NULL, causing a NULL-pointer dereference when a non-existent slave interface name is provided (e.g., via bonding ioc...

5.8AI score0.00164EPSS
Exploits0References8
nessus
nessus
added 2026/06/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53193

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: timer: Forcibly close timer instances at closing When sndtimer object is freed via sndtimerfree and still pending sndtimerinstance objects are assigned to...

7.8CVSS6.1AI score0.00141EPSS
Exploits0References3
susecve
susecve
added 2026/06/26 2:10 a.m.8 views

SUSE CVE-2026-53193

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Forcibly close timer instances at closing When sndtimer object is freed via sndtimerfree and still pending sndtimerinstance objects are assigned to the timer object, it tries to unlink all instances and just set NULL...

7.8CVSS5.8AI score0.00141EPSS
Exploits0References3
nvd
nvd
added 2026/06/25 9:16 a.m.8 views

CVE-2026-53193

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Forcibly close timer instances at closing When sndtimer object is freed via sndtimerfree and still pending sndtimerinstance objects are assigned to the timer object, it tries to unlink all instances and just set NULL...

7.8CVSS0.00141EPSS
Exploits0References4
osv
osv
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53193

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Forcibly close timer instances at closing When sndtimer object is freed via sndtimerfree and still pending sndtimerinstance objects are assigned to the timer object, it tries to unlink all instances and just set NULL...

8.5CVSS5.7AI score0.00141EPSS
Exploits0References7
osv
osv
added 2026/06/25 8:39 a.m.3 views

CVE-2026-53193 ALSA: timer: Forcibly close timer instances at closing

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Forcibly close timer instances at closing When sndtimer object is freed via sndtimerfree and still pending sndtimerinstance objects are assigned to the timer object, it tries to unlink all instances and just set NULL...

7.8CVSS5.8AI score0.00141EPSS
Exploits0References7
cve
cve
added 2026/06/25 8:39 a.m.35 views

CVE-2026-53193

CVE-2026-53193 concerns the Linux kernel ALSA timer component. When a snd_timer object is freed via snd_timer_free() while there are still pending snd_timer_instance entries linked to it, slave instances may continue to point at the freed timer, creating a use-after-free condition. The vulnerabil...

7.8CVSS5.7AI score0.00141EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2026/06/25 8:39 a.m.32 views

CVE-2026-53193 ALSA: timer: Forcibly close timer instances at closing

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Forcibly close timer instances at closing When sndtimer object is freed via sndtimerfree and still pending sndtimerinstance objects are assigned to the timer object, it tries to unlink all instances and just set NULL...

7.8CVSS0.00141EPSS
Exploits0References4
euvd
euvd
added 2026/06/25 8:39 a.m.6 views

EUVD-2026-39284

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Forcibly close timer instances at closing When sndtimer object is freed via sndtimerfree and still pending sndtimerinstance objects are assigned to the timer object, it tries to unlink all instances and just set NULL...

5.7AI score0.00141EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.13 views

PT-2026-52289

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the ALSA timer component. When a snd timer object is freed using the snd timer free function while snd timer instance objects are still assigned, the...

8.5CVSS6AI score0.00141EPSS
Exploits0References18
astralinux
astralinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: Bonding: Annotate the data races around slave-lastrx. slave-lastrx and slave-targetlastarprx... can be read and written without locking. Add READONCE and WRITEONCE annotations. syzbot reported: BUG: KCSAN: Data race in...

4.7CVSS5.8AI score0.00086EPSS
Exploits0References2
astralinux
astralinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: dm: removed the fake timeout to avoid leaking requests. Since commit 15f73f5b3e59 “blk-mq: moved failure injection out of blkmqcompleterequest”, drivers are responsible for calling blkshouldfaketimeout at appropriate code paths a...

5.5CVSS5.9AI score0.00138EPSS
Exploits0References2
euvd
euvd
added 2026/06/24 7:14 a.m.8 views

EUVD-2026-38728

In the Linux kernel, the following vulnerability has been resolved: vrf: Fix a potential NPD when removing a port from a VRF RCU readers that identified a net device as a VRF port using netifisl3slave assume that a subsequent call to netdevmasterupperdevgetrcu will return a VRF device. They then...

5.8AI score0.00114EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.12 views

PT-2026-51718

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Null Pointer Dereference NPD can occur when removing a port from a Virtual Routing and Forwarding VRF instance. RCU readers using netif is l3 slave may incorrectly assume that netdev...

6AI score0.00114EPSS
Exploits0References19
Rows per page
Query Builder