Lucene search
K

25 matches found

CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ipmi:si driver failing to restore its state when message allocation fails...

5.8AI score0.00123EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/27 10:9 p.m.14 views

CVE-2026-45987

A flaw was found in the KVM Kernel-based Virtual Machine nSVM component of the Linux kernel. This vulnerability occurs when the interrupt shadow state is not correctly synchronized to the cached Virtual Machine Control Block VMCB after a Level 2 L2 guest virtual machine VM execution. A local...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References4
NVD
NVD
added 2026/05/21 5:16 p.m.15 views

CVE-2026-48207

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

9.8CVSS0.00574EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

Apache Fory 代码问题漏洞

Apache Fory is a serialization framework developed by the Apache Foundation. Versions of Apache Fory prior to 1.0.0 contained code vulnerabilities. These vulnerabilities stemmed from the ReduceSerializer in PyFory, which might bypass the DeserializationPolicy validation hook during state...

9.8CVSS5.9AI score0.00574EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/12 3:30 a.m.8 views

SUSE CVE-2026-43315

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Remove a user-triggerable WARN on nestedsvmloadcr3 succeeding Drop the WARN in svmsetnestedstate on nestedsvmloadcr3 failing as it is trivially easy to trigger from userspace by modifying CPUID after loading CR3. E.g...

5.5CVSS5.8AI score0.0013EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/08 3:31 p.m.9 views

EUVD-2026-28585

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Remove a user-triggerable WARN on nestedsvmloadcr3 succeeding Drop the WARN in svmsetnestedstate on nestedsvmloadcr3 failing as it is trivially easy to trigger from userspace by modifying CPUID after loading CR3. E.g...

5.8AI score0.0013EPSS
Exploits0References8
CVE
CVE
added 2026/05/08 1:11 p.m.24 views

CVE-2026-43315

CVE-2026-43315 involves the Linux kernel KVM nSVM warning path. Technical details across connected docs show that a user-triggerable WARN is raised in svm_set_nested_state() when nested_svm_load_cr3() succeeds, and the patch removes this WARN. The rationale is that userspace can easily trigger th...

5.5CVSS5.8AI score0.0013EPSS
Exploits0References7Affected Software1
RedHat Linux
RedHat Linux
added 2026/01/28 3:14 p.m.6 views

kernel: RDMA/rxe: Fix incomplete state save in rxe_requester

An incorrect state restoration flaw was found in the Linux kernel's RDMA rxe soft-RoCE driver in the requester packet transmission logic. A local user with access to RDMA devices can trigger this issue when network layer packet drops occur during RDMA send operations, causing the work queue eleme...

5.5CVSS7.2AI score0.00146EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/28 3:8 p.m.4 views

kernel: RDMA/rxe: Fix incomplete state save in rxe_requester

An incorrect state restoration flaw was found in the Linux kernel's RDMA rxe soft-RoCE driver in the requester packet transmission logic. A local user with access to RDMA devices can trigger this issue when network layer packet drops occur during RDMA send operations, causing the work queue eleme...

5.5CVSS7.2AI score0.00146EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/28 12:33 a.m.5 views

kernel: RDMA/rxe: Fix incomplete state save in rxe_requester

An incorrect state restoration flaw was found in the Linux kernel's RDMA rxe soft-RoCE driver in the requester packet transmission logic. A local user with access to RDMA devices can trigger this issue when network layer packet drops occur during RDMA send operations, causing the work queue eleme...

5.5CVSS7.2AI score0.00146EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001018)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001018 advisory. arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of...

6.5CVSS6.2AI score0.00563EPSS
Exploits0References22
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.2 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002287)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002287 advisory. arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of...

6.5CVSS6.2AI score0.00563EPSS
Exploits0References22
RedHat Linux
RedHat Linux
added 2026/01/14 12:13 a.m.6 views

kernel: RDMA/rxe: Fix incomplete state save in rxe_requester

An incorrect state restoration flaw was found in the Linux kernel's RDMA rxe soft-RoCE driver in the requester packet transmission logic. A local user with access to RDMA devices can trigger this issue when network layer packet drops occur during RDMA send operations, causing the work queue eleme...

5.5CVSS7.2AI score0.00146EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.3 views

WordPress Profiler - What Slowing Down Your WP plugin <= 1.0.0 - Missing Authentication to Unauthenticated Arbitrary Plugin Reactivation via State Restoration vulnerability

WordPress Profiler - What Slowing Down Your WP plugin = 1.0.0 - Missing Authentication to Unauthenticated Arbitrary Plugin Reactivation via State Restoration vulnerability discovered by ch4r0n - FPT Software in WordPress Plugin Profiler - What Slowing Down Your WP versions = 1.0.0...

5.3CVSS5.5AI score0.00226EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-7434

Malware in sbrugna...

6.5CVSS6.2AI score0.00563EPSS
Exploits0References23
NVD
NVD
added 2025/09/18 11:15 p.m.3 views

CVE-2025-59692

PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the system's existing iptables rules and apply default ACCEPT policies when connecting to a VPN server. This removes firewall rules that may have been configured manually or by other software e.g., UFW,...

3.7CVSS0.00193EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/16 4:44 p.m.2 views

CVE-2025-59161 In Element Web and Element Desktop, a malicious room can hide an unrelated room and cause it to be left when the malicious room is left

Element Web is a Matrix web client built using the Matrix React SDK. Element Web and Element Desktop before version 1.11.112 have insufficient validation of room predecessor links, allowing a remote attacker to attempt to impermanently replace a room's entry in the room list with an unrelated...

6.9CVSS6.6AI score0.0038EPSS
Exploits0References2
CVE
CVE
added 2025/06/18 9:33 a.m.85 views

CVE-2025-38035

CVE-2025-38035 affects the Linux kernel nvmet-tcp path. The vulnerability arises from nvmet-tcp_queue handling where queue-&gt;state_change may be NULL when the TCP connection isn’t established, leading to an unnecessary restoration attempt of sock-&gt;sk-&gt;sk_state_change. The fix ensures that...

5.5CVSS6.2AI score0.00178EPSS
Exploits0References10Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/30 12:0 a.m.9 views

PT-2025-40681

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel’s RDMA/rxe component where incomplete state saving in the rxe requester function can lead to corrupted resent packets under heavy stress testing...

5.5CVSS5.6AI score0.00146EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:14 a.m.3 views

SUSE CVE-2015-7513

arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service divide-by-zero error and host OS crash via a zero value, related to the kvmvmioctlsetpit and kvmvmioctlsetpit2 functions...

6.5CVSS6.4AI score0.00563EPSS
Exploits0References10
Rows per page
Query Builder