dirtyfrag

Dirty Frag Overview Dirty Frag is a class of Linux ke...

-authencesn-poc

authencesn-poc Mrowl made by c0redev https://unitdev.run...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

Copy Fail — Python PoC CVE-2026-31431 This is a compact Pyt...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

copy-fail CVE-2026-31431 Copy Fail – a C language PoC,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/smc: fixed a warning in smcrxsplice, when calling getpage The smcloregisterdmb function allocates DMB buffers using kzalloc, which are later passed to getpage in smcrxsplice. Since kmalloc memory is not page-backed, this...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nfsd: Do not replace a page in the rqpages array if it is a continuation of the last page. The splice read function calls nfsdspliceactor to place the pages containing file data into the svcrqst-rqpages array. However, it is...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/cmdnet: fixed incorrect argument types for skbqueuesplice. If retrying timestamp retrieval is necessary and the local list of SKBs already contains entries, then those entries are spliced back into the socket queue...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Net: Do not write to msggetinq in the callee. This fix addresses the issue of NULL pointer dereferencing. msggetinq is an input field from the caller to the callee. Do not set it in the callee, as the caller may not clear it duri...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: netfs: Fixed error handling for unbuffered writes If all subrequests in an unbuffered write stream fail, the subrequest collector does not update the stream-transferred value, and it retains its initial LONGMAX value...

Exploit for Write-what-where Condition in Linux Linux_Kernel

Dirty Frag - kernel Linux critical Vulnerability- CVE-2026-432...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 - Linux Kernel AFALG "Copy Fail" Local Privile...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

copyfail — CVE-2026-31431 4-byte page-cache write primitive →...

Copy.Fail Linux Vulnerability

This is the worst Linux vulnerability in years. TL;DR copy.fail is a Linux kernel local privilege escalation, not a browser or clipboard attack. Disclosed by Theori on 29 April 2026 with a working PoC. It abuses the kernel crypto API AFALG sockets plus splice to write four bytes at a time straigh...

EUVD-2026-29037

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpcinputcallevent and the RESPONSE handler in rxrpcverifyresponse copy the skb to a linear one before calling into the security o...

CVE-2026-43500 rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpcinputcallevent and the RESPONSE handler in rxrpcverifyresponse copy the skb to a linear one before calling into the security o...

CVE-2026-43500

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpcinputcallevent and the RESPONSE handler in rxrpcverifyresponse copy the skb to a linear one before calling into the security o...

CVE-2026-43500

Summary: CVE-2026-43500 affects the Linux kernel RXRPC path for DATA/RESPONSE packets. The issue occurs when skb fragments are externally owned (e.g., via splice() or frag lists) and the code path decrypts in place, binding frag pages into the AEAD/skcipher SGL. The fix extends the gate to unshar...

VulnCheck KEV: CVE-2026-43500

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpcinputcallevent and the RESPONSE handler in rxrpcverifyresponse copy the skb to a linear one before calling into the security o...

VulnCheck KEV: CVE-2026-43284

In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSGSPLICEPAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFLSHAREDFRAG after skbsplicefromiter, so later paths that may modify packet data ca...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-017400)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017400 advisory. In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSGSPLICEPAGES can attach pages from a pipe...