CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2 days ago•7 views

CVE-2026-53277

The CVE-2026-53277 issue affects the Linux kernel KVM arm64 path. walk_s1() and kvm_walk_nested_s2() are expected to run with kvm->srcu held to guard memslot changes, but __kvm_at_s12() and __kvm_find_s1_desc_level() invoke these walkers without acquiring SRCU. The fix adds acquiring kvm->s...

5.7AI score0.00174EPSS

Debian CVE•added 2 days ago•3 views

CVE-2026-53277

5.6AI score0.00174EPSS

Exploits0

EUVD•added 2 days ago•5 views

EUVD-2026-39221

In the Linux kernel, the following vulnerability has been resolved: ipvs: clear the svc scheduler ptr early on edit ipvseditservice while unbinding the old scheduler clears the svc-scheduler ptr after the scheduler module initiates RCU callbacks. This can cause packets to use the old scheduler at...

CVE-2026-53270

CVE-2026-53270 in the Linux kernel's IPVS path is resolved by clearing the svc->scheduler pointer early during unbind and edit operations. Specifically, in ip_vs_unbind_scheduler(), the scheduler pointer is cleared before the done_service method schedules any RCU callbacks, preventing packets ...

CVE-2026-53264

CVE-2026-53264 (Linux kernel net/sched: act_api) describes a race between NEWTFILTER and DELFILTER that could cause use-after-free when freeing an action. The root cause is timing around IDR removal and immediate kfree(p) without deferral. The documented fix defers final kfree() via RCU, adding a...

EUVD•added 2 days ago•4 views

EUVD-2026-39215

In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: use RCU with deferred freeing for action lifecycle When NEWTFILTER and DELFILTER are run concurrently it is possible to create a race with an associated action. Let's illustrate with CPU0 running NEWTFILTER and...

Debian CVE•added 2 days ago•3 views

CVE-2026-53264

5.7AI score0.00172EPSS

Exploits0

CVE•added 2 days ago•4 views

CVE-2026-53260

The CVE-2026-53260 issue affects the Linux kernel TCP request-sk queue handling (inet_connection_sock.c). The root cause was a potential refcount underflow in reqsk_queue_hash_req due to a race where a preemption could occur between mod_timer() and refcount_set(), followed by a timer-triggered cl...

5.7AI score0.00154EPSS

Exploits0References2

CVE-2026-53259

CVE-2026-53259 describes a Linux kernel slab-use-after-free in ipv6_acaddr handling. The bug occurs in the ipv6 anycast path where an aca (ipv6_acaddr) is published to idev->ac_list under idev->lock but inserted into the global inet6_acaddr_lst hash after unlock, allowing a concurrent teard...

5.7AI score0.00161EPSS

EUVD•added 2 days ago•5 views

EUVD-2026-39203

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix memory leak in error path of hciallocdev Early failures in Bluetooth HCI UART configuration leak SRCU percpu memory. When device initialization fails before hciregisterdev completes, the HCIUNREGISTER flag is never...

5.7AI score0.00189EPSS

Exploits0References7

RedHat Linux•added 2 days ago•5 views

CVE-2026-53247

CVE-2026-53247 affects the Linux kernel’s MTK Ethernet subsystem (net: ethernet: mtk_eth_soc). The vulnerability arises in the RX path when using non-refcounted pointers to a metadata_dst; mtk_free_dev() frees the metadata_dst with kfree(), bypassing the RCU grace period, creating a potential use...

5.7AI score0.00184EPSS

Exploits0References5

Critical: Red Hat Security Advisory: OpenShift Container Platform 4.12.92 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.92 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

9.8CVSS6.1AI score0.00514EPSS

Exploits1References5

EUVD•added 2 days ago•4 views

EUVD-2026-39194

In the Linux kernel, the following vulnerability has been resolved: rseq: Fix using an uninitialized stack variable in rseqexituserupdate There is an bug in which an uninitialized stack variable is used in rseqexituserupdate as reported by syzbot: BUG: KMSAN: kernel-infoleak in rseqsetidsgetcsadd...

5.7AI score0.00162EPSS

Exploits0References2

Debian CVE•added 2 days ago•3 views

CVE-2026-53204

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL deref on rsusendmsg timeout in probe rsusendmsg can return -ETIMEDOUT when waitforcompletioninterruptibletimeout fires while the SMC call is still pending. In stratix10rsuprobe, the error paths f...

5.7AI score0.00155EPSS

Exploits0

CVE•added 2 days ago•6 views

CVE-2026-53189

In Linux kernel CVE-2026-53189, the issue is in mm/huge_memory where __split_huge_pmd_locked() updates the file/shmem RSS counter after dropping the PMD mapping’s folio reference. If folio_put() drops the last reference, mm_counter_file() can read freed folio state via folio_test_swapbacked(). Th...

5.7AI score0.00184EPSS

EUVD•added 2 days ago•3 views

EUVD-2026-39270

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix buffer over-read in rtwupdateprotection rtwupdateprotection is called with a pointer offset into the ies buffer but the full ielength is passed, causing a potential buffer over-read...

6AI score0.00173EPSS

EUVD•added 2 days ago•3 views

EUVD-2026-39248

In the Linux kernel, the following vulnerability has been resolved: net: phonet: free phonetdevice after RCU grace period phonetdevicedestroy removes a phonetdevice from the per-net device list with listdelrcu, but frees it immediately. RCU readers walking the same list can still hold a pointer t...

5.7AI score0.00173EPSS

CVE-2026-53157

Summary of CVE-2026-53157 (Linux kernel, phonet): The vulnerability occurs in the phonet device teardown where phonet_device_destroy() removes the device from the per-net list with list_del_rcu(), but frees it immediately instead of after the RCU grace period. This allows RCU readers traversing t...

5.7AI score0.00173EPSS