Lucene search
K

364 matches found

RedHat Linux
RedHat Linux
added 2026/04/09 12:37 p.m.2 views

ruby: integer overflow in rb_ary_splice/update/replace() - beg + rlen

Integer overflow in the 1 rbarysplice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and 2 the rbaryreplace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg +...

7.8CVSS6.9AI score0.03759EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/04/09 12:35 p.m.2 views

ruby: integer overflow in rb_ary_splice/update/replace() - REALLOC_N

Integer overflow in the 1 rbarysplice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and 2 the rbaryreplace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the...

7.8CVSS7AI score0.037EPSS
Exploits1References4
NVD
NVD
added 2026/02/14 4:15 p.m.6 views

CVE-2026-23169

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race in mptcppmnlflushaddrsdoit syzbot and Eulgyu Kim reported crashes in mptcppmnlgetlocalid and/or mptcppmnlisbackup Root cause is listspliceinit in mptcppmnlflushaddrsdoit which is not RCU ready. listspliceinitrcu c...

7.8CVSS0.00129EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/14 4:1 p.m.6 views

CVE-2026-23169

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race in mptcppmnlflushaddrsdoit syzbot and Eulgyu Kim reported crashes in mptcppmnlgetlocalid and/or mptcppmnlisbackup Root cause is listspliceinit in mptcppmnlflushaddrsdoit which is not RCU ready. listspliceinitrcu c...

5.1AI score0.00129EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/02/14 4:1 p.m.24 views

CVE-2026-23169

CVE-2026-23169 is a Linux kernel vulnerability where a race in mptcp_pm_nl_flush_addrs_doit() could crash the kernel. Root cause: list_splice_init() is not RCURED and cannot be called while holding pernet->lock spinlock; list_splice_init_rcu() was misusefully invoked in that context. The issue...

7.8CVSS5.2AI score0.00129EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/02/14 4:1 p.m.4 views

CVE-2026-23169 mptcp: fix race in mptcp_pm_nl_flush_addrs_doit()

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race in mptcppmnlflushaddrsdoit syzbot and Eulgyu Kim reported crashes in mptcppmnlgetlocalid and/or mptcppmnlisbackup Root cause is listspliceinit in mptcppmnlflushaddrsdoit which is not RCU ready. listspliceinitrcu c...

7.8CVSS5.2AI score0.00129EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/02/14 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-23169

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mptcp: fix race in mptcppmnlflushaddrsdoit syzbot and Eulgyu Kim reported crashes in mptcppmnlgetlocalid and/or mptcppmnlisbackup Root cause is listspliceinit i...

7.8CVSS7AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/01/28 12:25 a.m.6 views

SUSE CVE-2026-22983

In the Linux kernel, the following vulnerability has been resolved: net: do not write to msggetinq in callee NULL pointer dereference fix. msggetinq is an input field from caller to callee. Don't set it in the callee, as the caller may not clear it on struct reuse. This is a kernel-internal varia...

5.5CVSS5.8AI score0.00103EPSS
Exploits0References3
NVD
NVD
added 2026/01/23 4:15 p.m.9 views

CVE-2026-22983

In the Linux kernel, the following vulnerability has been resolved: net: do not write to msggetinq in callee NULL pointer dereference fix. msggetinq is an input field from caller to callee. Don't set it in the callee, as the caller may not clear it on struct reuse. This is a kernel-internal varia...

5.5CVSS0.00103EPSS
Exploits0References2
OSV
OSV
added 2026/01/23 4:15 p.m.3 views

UBUNTU-CVE-2026-22983

In the Linux kernel, the following vulnerability has been resolved: net: do not write to msggetinq in callee NULL pointer dereference fix. msggetinq is an input field from caller to callee. Don't set it in the callee, as the caller may not clear it on struct reuse. This is a kernel-internal varia...

5.5CVSS5.7AI score0.00103EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/23 3:24 p.m.3 views

CVE-2026-22983

In the Linux kernel, the following vulnerability has been resolved: net: do not write to msggetinq in callee NULL pointer dereference fix. msggetinq is an input field from caller to callee. Don't set it in the callee, as the caller may not clear it on struct reuse. This is a kernel-internal varia...

5.3AI score0.00103EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/01/23 3:24 p.m.30 views

CVE-2026-22983 net: do not write to msg_get_inq in callee

In the Linux kernel, the following vulnerability has been resolved: net: do not write to msggetinq in callee NULL pointer dereference fix. msggetinq is an input field from caller to callee. Don't set it in the callee, as the caller may not clear it on struct reuse. This is a kernel-internal varia...

0.00103EPSS
Exploits0References2
CVE
CVE
added 2026/01/23 3:24 p.m.16 views

CVE-2026-22983

The CVE-2026-22983 entry refers to a Linux kernel issue where msg_get_inq was written in the callee, risking a NULL pointer dereference. The vulnerability is described as a kernel-internal variant of msghdr where callers reinitialize the field; fixing the write is intended to improve robustness a...

5.5CVSS5.3AI score0.00103EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000972)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000972 advisory. The tcpreadsock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of...

5.5CVSS5.4AI score0.00368EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001936)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001936 advisory. The tcpreadsock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of...

5.5CVSS5.4AI score0.00368EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002351)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002351 advisory. The implementation of certain splicewrite file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which...

7.2CVSS6.7AI score0.01176EPSS
Exploits2References24
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003475)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003475 advisory. The tcpspliceread function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service infinite loop and soft lockup via...

7.5CVSS6.9AI score0.04666EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.5 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002128)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002128 advisory. The tcpreadsock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of...

5.5CVSS5.4AI score0.00368EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001619)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001619 advisory. The tcpspliceread function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service infinite loop and soft lockup via...

7.5CVSS6.9AI score0.04666EPSS
Exploits0References14
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.6 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: net/smc: fixed a warning in smcrxsplice, when calling getpage. smcloregisterdmb allocates DMB buffers using kzalloc, which are later passed to getpage in smcrxsplice. Since kmalloc memory is not page-backed, this triggers...

6AI score0.0022EPSS
Exploits0References3
Rows per page
Query Builder