CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•8 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: cpufreq: amd-pstate: fixed the global sysfs attribute type In commit 3666062b87ec “cpufreq: amd-pstate: moved to use busgetdevroot”, the “amdpstate” attributes were moved from a dedicated kobject to the cpu root kobject. While...

5.5CVSS6.5AI score0.00125EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: GPIO: sysfs: fix the issue where removing a chip with GPIOs exported through sysfs occurs. Currently, if we export a GPIO through sysfs and unbind the parent GPIO controller, the exported attribute will remain under...

5.5CVSS5.4AI score0.00126EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: net-sysfs: added a check to ensure netdevice is present before using speedshow. When disabling the netdevice or during system shutdown, a panic may occur when accessing the sysfs path, because the device has already been removed...

5.5CVSS6.1AI score0.00211EPSS

Tenable Nessus•added 2026/05/20 12:0 a.m.•9 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021588)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021588 advisory. In the Linux kernel, the following vulnerability has been resolved: fbdev: efifb: Register sysfs groups through driver core The driver core can register and cleanup...

5.5CVSS5.8AI score0.00263EPSS

RedHat Linux•added 2026/05/19 1:31 p.m.•9 views

kernel: block: fix resource leak in blk_register_queue() error path

In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blkregisterqueue error path When registering a queue fails after blkmqsysfsregister is successful but the function later encounters an error, we need to clean up the blkmqsysfs resources. Add the missi...

5.5CVSS6.3AI score0.00149EPSS

Exploits0References5

SUSE CVE•added 2026/05/13 3:34 a.m.•9 views

SUSE CVE-2026-43421

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Fix netdevice lifecycle with devicemove The network device outlived its parent gadget device during disconnection, resulting in dangling sysfs links and null pointer dereference problems. A prior attempt to sol...

SUSE CVE•added 2026/05/09 2:42 a.m.•5 views

SUSE CVE-2026-43138

In the Linux kernel, the following vulnerability has been resolved: reset: gpio: suppress bind attributes in sysfs This is a special device that's created dynamically and is supposed to stay in memory forever. We also currently don't have a devlink between it and the actual reset consumer. Suppre...

5.8AI score0.00134EPSS

RedhatCVE•added 2026/05/08 11:15 p.m.•9 views

CVE-2026-43421

A flaw was found in the Linux kernel's USB gadget function for Network Control Model NCM. During device disconnection, a network device could outlive its parent gadget device, leading to dangling system file system sysfs links and null pointer dereference problems. This vulnerability can result i...

Cvelist•added 2026/05/08 2:21 p.m.•27 views

CVE-2026-43421 usb: gadget: f_ncm: Fix net_device lifecycle with device_move

0.00123EPSS

Exploits0References6

CVE•added 2026/05/08 2:21 p.m.•17 views

CVE-2026-43421

The CVE affects the Linux kernel USB gadget for Network Control Model (NCM) where a net_device could outlive its parent gadget during disconnection, causing dangling sysfs links and potential null dereference. The root cause was lifecycle mismanagement of net_device during USB bind/unbind, addres...

Exploits0References6Affected Software1

SUSE CVE•added 2026/05/08 2:20 a.m.•8 views

SUSE CVE-2026-43181

In the Linux kernel, the following vulnerability has been resolved: gpio: sysfs: fix chip removal with GPIOs exported over sysfs Currently if we export a GPIO over sysfs and unbind the parent GPIO controller, the exported attribute will remain under /sys/class/gpio because once we remove the pare...

5.8AI score0.00126EPSS

CNNVD•added 2026/05/08 12:0 a.m.•6 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the usb gadget fncm driver. When the connection is disconnected, the network device’s lifecycle...

SUSE CVE•added 2026/05/07 2:21 a.m.•13 views

Exploits0References1

SUSE CVE-2026-31722

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: frndis: Fix netdevice lifecycle with devicemove The netdevice is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbinds,...

5.5CVSS5.7AI score0.00122EPSS

SUSE CVE•added 2026/05/07 2:21 a.m.•15 views

SUSE CVE-2026-31723

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fsubset: Fix netdevice lifecycle with devicemove The netdevice is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbinds...

5.7AI score0.00122EPSS

SUSE CVE•added 2026/05/07 2:21 a.m.•10 views

SUSE CVE-2026-31741

In the Linux kernel, the following vulnerability has been resolved: counter: rz-mtu3-cnt: prevent counter from being toggled multiple times Runtime PM counter is incremented / decremented each time the sysfs enable file is written to. If user writes 0 to the sysfs enable file multiple times,...

5.5CVSS5.7AI score0.00122EPSS

Tenable Nessus•added 2026/05/07 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-43138

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - reset: gpio: suppress bind attributes in sysfs This is a special device that's created dynamically and is supposed to stay in memory forever. We also currently...

7.8CVSS5.8AI score0.00134EPSS

Tenable Nessus•added 2026/05/07 12:0 a.m.•11 views

Linux Distros Unpatched Vulnerability : CVE-2026-43181

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gpio: sysfs: fix chip removal with GPIOs exported over sysfs Currently if we export a GPIO over sysfs and unbind the parent GPIO controller, the exported...

5.5CVSS5.8AI score0.00126EPSS

RedhatCVE•added 2026/05/06 8:47 p.m.•7 views

CVE-2026-43181

A flaw was found in the Linux kernel's GPIO General Purpose Input/Output and sysfs subsystems. When a GPIO is exported through sysfs and its parent controller is removed, the system fails to properly unexport the GPIO attribute. This oversight prevents the final reference to the GPIO descriptor...

5.5CVSS5.8AI score0.00126EPSS

RedhatCVE•added 2026/05/06 6:27 p.m.•6 views

CVE-2026-43138

A flaw was found in the Linux kernel. A local user could exploit a vulnerability in the GPIO General Purpose Input/Output reset controller by unbinding a dynamically created device through the sysfs a virtual filesystem providing an interface to kernel data structures interface. This improper...

7.8CVSS5.8AI score0.00134EPSS