Lucene search
K

98 matches found

EUVD
EUVD
added 2026/06/24 6:32 p.m.5 views

EUVD-2026-38902

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix afunix null-ptr-deref in proto update unixstreamconnect sets skstate WRITEONCEsk-skstate, TCPESTABLISHED before it assigns a peer unixpeersk = newsk. skstate == TCPESTABLISHED makes sockmapskstateallowed believe...

5.6AI score0.0018EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51927

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the unix stream bpf update proto function within the Linux kernel's sockmap functionality. This issue occurs when a BPF Berkeley Packet Filter iterator program...

7.8CVSS6AI score0.00131EPSS
Exploits0References11
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In the bpf code, there is a fix for a use-after-free of sk-sksocket in skpsockverdictdataready. The syzbot reported a use-after-free of the sk-sksocket of an AFUNIX socket in skpsockverdictdataready. 0 In the unixstreamsendmsg...

7.8CVSS5.7AI score0.00125EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: nbd: restricts sockets to TCP and UDP Recently, syzbot began abusing NBD using various types of sockets. The commit cf1b2326b734 “nbd: verify that sockets are supported during setup” ensured that the socket supported a shutdown...

5.9AI score0.00183EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 3:33 p.m.9 views

EUVD-2026-32353

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix memleak of newsk in unixstreamconnect. When preparepeercred fails in unixstreamconnect, unixreleasesock is not called for newsk, and the memory is leaked. Let's move preparepeercred before unixcreate1...

5.8AI score0.00153EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/27 12:16 p.m.40 views

CVE-2026-45887 af_unix: Fix memleak of newsk in unix_stream_connect().

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix memleak of newsk in unixstreamconnect. When preparepeercred fails in unixstreamconnect, unixreleasesock is not called for newsk, and the memory is leaked. Let's move preparepeercred before unixcreate1...

0.00153EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/27 12:16 p.m.12 views

CVE-2026-45887

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix memleak of newsk in unixstreamconnect. When preparepeercred fails in unixstreamconnect, unixreleasesock is not called for newsk, and the memory is leaked. Let's move preparepeercred before unixcreate1...

5.5CVSS5.7AI score0.00153EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure of the prepare-peercred function in unixstreamconnect, resulting in unmanaged new...

5.8AI score0.00153EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/27 12:0 a.m.9 views

CVE-2026-45887

afunix: Fix memleak of newsk in unixstreamconnect...

5.8AI score0.00153EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.10 views

PT-2026-43754

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the af unix module within the unix stream connect function. The issue arises when the prepare peercred function fails, resulting in the unix release sock function...

5.8AI score0.00153EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/07 2:19 a.m.9 views

SUSE CVE-2026-43016

In the Linux kernel, the following vulnerability has been resolved: bpf: sockmap: Fix use-after-free of sk-sksocket in skpsockverdictdataready. syzbot reported use-after-free of AFUNIX socket's sk-sksocket in skpsockverdictdataready. 0 In unixstreamsendmsg, the peer socket's -skdataready is calle...

7.8CVSS5.7AI score0.00125EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/23 12:0 a.m.10 views

Siemens SIMATIC S7-1500 Use After Free(CVE-2025-38236)

"In the Linux kernel, the following vulnerability has been resolved: afunix: Don't leave consecutive consumed OOB skbs. Jann Horn reported a use-after-free in unixstreamreadgeneric. The following sequences reproduce the issue: $ python3 from socket import s1, s2 = socketpairAFUNIX, SOCKSTREAM...

7.8CVSS6.5AI score0.00247EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/12 10:16 p.m.2 views

CVE-2025-14282

A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's file...

5.4CVSS5.9AI score0.00364EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/02/12 9:37 p.m.5 views

CVE-2025-14282

A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's file...

5.4CVSS5.5AI score0.00364EPSS
Exploits0
OSV
OSV
added 2026/01/23 3:24 p.m.7 views

CVE-2026-22983 net: do not write to msg_get_inq in callee

In the Linux kernel, the following vulnerability has been resolved: net: do not write to msggetinq in callee NULL pointer dereference fix. msggetinq is an input field from caller to callee. Don't set it in the callee, as the caller may not clear it on struct reuse. This is a kernel-internal varia...

5.5CVSS5.4AI score0.00103EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.6 views

Azure Linux 3.0 Security Update: kernel (CVE-2025-38236)

"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38236 advisory. - In the Linux kernel, the following vulnerability has been resolved: afunix: Don't leave consecutive consume...

7.8CVSS5.3AI score0.00247EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003874)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003874 advisory. A flaw was found in the way memory resources were freed in the unixstreamrecvmsg function in the Linux kernel when a signal was pending. This flaw allows an...

5.5CVSS6.7AI score0.00336EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.2 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004253)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004253 advisory. A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unixstreamreadgeneric on the...

7CVSS6.7AI score0.00222EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001761)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001761 advisory. A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unixstreamreadgeneric on the...

7CVSS6.7AI score0.00222EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.6 views

PT-2026-4483

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to handling of msg get inq within the networking subsystem. The issue involves a potential NULL pointer dereference when writing to msg get inq ...

5.4AI score0.00103EPSS
Exploits0References6
Rows per page
Query Builder