kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...

CVE-2026-41054

A flaw was found in haveged. The sockethandler function, responsible for handling connections to the abstract UNIX socket, incorrectly proceeds with execution even after detecting that a connecting user is not root. This oversight allows a local unprivileged user to bypass security checks and...

kernel: net: af_can: do not leave a dangling sk pointer in can_create()

In the Linux kernel, the following vulnerability has been resolved: net: afcan: do not leave a dangling sk pointer in cancreate On error cancreate frees the allocated sk object, but sockinitdata has already attached it to the provided sock object. This will leave a dangling sk pointer in the sock...

kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...

MAL-2026-4400 Malicious code in @kmmao/happy-coder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4478b22a21a87a37250e86ef25639330f79b779e5793f642eaf7ddaafd975d4 This package is a near-verbatim fork of the upstream happy-coder/happy-cli references to slopus/happy-cli and happy.engineering are retained througho...

SUSE-SU-2026:21737-1 Security update for iproute2

This update for iproute2 fixes the following issue - CVE-2024-58251: denial of service via terminal escape sequences bsc1254324. Changes for iproute2: - support display of bound but unconnected sockets bsc1204562. - avoid spurious cgroup warning bsc1234383. - add post-6.4 follow-up fixes...

kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...

CVE-2026-41054

In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...

ALPINE-CVE-2026-41054

In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...

UBUNTU-CVE-2026-41054

In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...

CVE-2026-41054

In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...

CVE-2026-41054

CVE-2026-41054 affects haveged. In haveged’s source havegecmd.c, socket_handler checks the caller via an abstract UNIX socket and returns a negative acknowledgment for non-root users, but execution is not halted, enabling a local unprivileged user to reach privileged actions (e.g., MAGIC_CHROOT)....

EUVD-2026-31076

In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...

CVE-2026-41054

In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...

CVE-2026-41054 Missing exit out of permission check in haveged could lead to root exploit

In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...

CVE-2026-41054

In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...

Astra Linux - уязвимость в redis

Redis is an in-memory database that persists data on disk. Upon startup, Redis begins listening on Unix sockets before adjusting its permissions according to the user-provided configuration. If a permissive umask value is used, this can create a race condition that allows another process to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: BPF: sockmap: Fixed a use-after-free of sk-sksocket in skpsockverdictdataready. syzbot reported a use-after-free of the UNIX socket’s sk-sksocket in skpsockverdictdataready. 0 In unixstreamsendmsg, the peer’s -skdataready is call...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: Do not access a released socket during error recovery. While the error recovery mechanism is temporarily failing due to reconnect attempts, running the nvme list command causes a kernel NULL pointer derefrence by callin...

Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Do not use timerPending in reqskQueueUnlink. Martin KaFai Lau reported a use-after-free in reqskTimerHandler. We are encountering a use-after-free related to a bpf program attached to traceTCPRetransmitSynack. The progr...