344 matches found
dirtyfrag
Dirty Frag Overview Dirty Frag is a class of Linux ke...
-authencesn-poc
authencesn-poc Mrowl made by c0redev https://unitdev.run...
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
Copy Fail — Python PoC CVE-2026-31431 This is a compact Pyt...
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
copy-fail CVE-2026-31431 Copy Fail – a C language PoC,...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: fuse: We are returning to using readaheadfolio for readahead. In commit 3eab9d7bc2f4 “fuse: converting readahead to use folio, the logic was changed to use the new folio version of readahead. This removes the reference to the fol...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Net: TLS – Fix for the WARNING message when using skmsgfree. A splice operation with MSGSPLICEPAGES causes the TLS sendmsg code to use the tlsswsendmsgsplice path to move the user-provided pages from the msg buffer to the msgpl...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fixed the byte count in sendmsg in siwtcpsendpages. Since the commit c2ff29e99a76 “siw: Inline dotcpsendpages”, we have been fixing this issue as follows: c static int siwtcpsendpagesstruct socket s, struct page page, i...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
A memory write flaw that is outside the bounds of the system’s security was discovered in the Linux kernel’s Transport Layer Security functionality. This flaw allows a local user to cause a crash or potentially escalate their privileges on the system...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: iouring/cmdnet: fixed incorrect argument types for skbqueuesplice. If retrying timestamp retrieval is necessary and the local list of SKBs already contains entries, then those entries are spliced back into the socket queue...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: ipv4, ipv6: Fixed the handling of transhdrlen in ip,6appenddata. Including transhdrlen in the packet length is a problem when the packet is partially filled e.g., a sendMSGMORE operation occurred previously when appending to a...
Astra Linux - уязвимость в linux-5.10
There exists a use-after-free vulnerability in the Linux kernel through the iouring mechanism and the IORINGOPSPLICE operation. If the IORINGOPSPLICE operation lacks the IOWQWORKFILES flag, it indicates that the operation will not utilize current-nsproxy. As a result, the reference counter is not...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: nfsd: Do not replace a page in the rqpages array if it is a continuation of the last page. The splice read function calls nfsdspliceactor to place the pages containing file data into the svcrqst-rqpages array. However, it is...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: tls: Fixed a NULL dereference issue in tlsswspliceeof, where an empty plaintext/ciphertext buffer could cause confusion in the send path, as the empty ciphertext buffer did not have enough space for encryption overhead. This led ...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: exfat: fixed the missing shutdown check. The xfstests generic/730 test failed because, after deleting a device that still contained dirty data, the file could still be read without returning an error. The reason is the missing...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Net: Do not write to msggetinq in the callee. This fix addresses the issue of NULL pointer dereferencing. msggetinq is an input field from the caller to the callee. Do not set it in the callee, as the caller may not clear it duri...
Exploit for Write-what-where Condition in Linux Linux_Kernel
Dirty Frag - kernel Linux critical Vulnerability- CVE-2026-432...
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
CVE-2026-31431 - Linux Kernel AFALG "Copy Fail" Local Privile...
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
copyfail — CVE-2026-31431 4-byte page-cache write primitive →...
Copy.Fail Linux Vulnerability
This is the worst Linux vulnerability in years. TL;DR copy.fail is a Linux kernel local privilege escalation, not a browser or clipboard attack. Disclosed by Theori on 29 April 2026 with a working PoC. It abuses the kernel crypto API AFALG sockets plus splice to write four bytes at a time straigh...
EUVD-2026-29037
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpcinputcallevent and the RESPONSE handler in rxrpcverifyresponse copy the skb to a linear one before calling into the security o...