345 matches found
CVE-2026-31533 net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption
In the Linux kernel, the following vulnerability has been resolved: net/tls: fix use-after-free in -EBUSY error path of tlsdoencryption The -EBUSY handling in tlsdoencryption, introduced by commit 859054147318 "net: tls: handle backlogging of crypto requests", has a use-after-free due to double...
EUVD-2026-24870
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: clamp SCO altsetting table indices btusbwork maps the number of active SCO links to USB alternate settings through a three-entry lookup table when CVSD traffic uses transparent voice settings. The lookup current...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012997)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012997 advisory. In the Linux kernel, the following vulnerability has been resolved: fuse: fix livelock in synchronous file put from fuseblk workers I observed a hang when running...
Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold
...
CVE-2026-31408
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in scorecvframe due to missing sockhold scorecvframe reads conn-sk under scoconnlock but immediately releases the lock without holding a reference to the socket. A concurrent close can free the...
CVE-2026-23470 drm/imagination: Fix deadlock in soft reset sequence
In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix deadlock in soft reset sequence The soft reset sequence is currently executed from the threaded IRQ handler, hence it cannot call disableirq which internally waits for IRQ handlers, i.e. itself, to complete...
Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape
The async local filesystem memory tool in the Anthropic Python SDK validated that model-supplied paths resolved inside the sandboxed memory directory, but then returned the unresolved path for subsequent file operations. A local attacker able to write to the memory directory could retarget a...
CVE-2026-34450
The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...
CVE-2026-34450
The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...
PT-2026-29380
The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the async local filesystem memory tool in the Anthropic Python SDK validated that model-supplied paths resolved inside the sandboxed memory directory, but then...
EUVD-2026-17170
A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called on a non-array...
EUVD-2026-15317
In the Linux kernel, the following vulnerability has been resolved: cxl: Fix race of nvdimmbus object when creating nvdimm objects Found issue during running of cxl-translate.sh unit test. Adding a 3s sleep right before the test seems to make the issue reproduce fairly consistently. The...
CVE-2026-23348
In the Linux kernel, the following vulnerability has been resolved: cxl: Fix race of nvdimmbus object when creating nvdimm objects Found issue during running of cxl-translate.sh unit test. Adding a 3s sleep right before the test seems to make the issue reproduce fairly consistently. The...
CVE-2026-23281
In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix use-after-free in lbsfreeadapter The lbsfreeadapter function uses timerdelete non-synchronous for both commandtimer and txlockuptimer before the structure is freed. This is incorrect because timerdelete does n...
CVE-2026-23281
In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix use-after-free in lbsfreeadapter The lbsfreeadapter function uses timerdelete non-synchronous for both commandtimer and txlockuptimer before the structure is freed. This is incorrect because timerdelete does n...
UBUNTU-CVE-2026-23348
In the Linux kernel, the following vulnerability has been resolved: cxl: Fix race of nvdimmbus object when creating nvdimm objects Found issue during running of cxl-translate.sh unit test. Adding a 3s sleep right before the test seems to make the issue reproduce fairly consistently. The...
CVE-2026-23348
Summary of a Linux kernel CVE (CVE-2026-23348) : The issue is a race condition in the CXL/NVDIMM subsystem where NVDIMM objects reprobe after cxl_acpi removal can occur with the nvdimm_bus object missing, leading to a NULL pointer dereference and potential system crash (DoS). Affected area center...
CVE-2026-23348 cxl: Fix race of nvdimm_bus object when creating nvdimm objects
In the Linux kernel, the following vulnerability has been resolved: cxl: Fix race of nvdimmbus object when creating nvdimm objects Found issue during running of cxl-translate.sh unit test. Adding a 3s sleep right before the test seems to make the issue reproduce fairly consistently. The...
CVE-2026-23348 cxl: Fix race of nvdimm_bus object when creating nvdimm objects
In the Linux kernel, the following vulnerability has been resolved: cxl: Fix race of nvdimmbus object when creating nvdimm objects Found issue during running of cxl-translate.sh unit test. Adding a 3s sleep right before the test seems to make the issue reproduce fairly consistently. The...
Denial Of Service (DoS)
Tornado is vulnerable to Denial of Service DoS. The vulnerability is due to synchronous parsing of multipart/form-data without limiting the number of parts, allowing attackers to send large requests with many parts that consume excessive CPU and block the main thread...