1219 matches found
CVE-2026-21384 Out-of-bounds Write in Camera Driver
Memory Corruption when updating prepared commands with invalid port indices based on user space input exceeds supported read client limits...
CVE-2026-21384 Out-of-bounds Write in Camera Driver
Memory Corruption when updating prepared commands with invalid port indices based on user space input exceeds supported read client limits...
kernel: RDMA/rxe: Fix double free in rxe_srq_from_init
A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA subsystem, specifically within the rxe driver. An error in the rxesrqfrominit function's memory management can lead to a double free vulnerability. This occurs when an attempt to copy data to user space fails, causing the sam...
kernel: RDMA/rxe: Fix double free in rxe_srq_from_init
A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA subsystem, specifically within the rxe driver. An error in the rxesrqfrominit function's memory management can lead to a double free vulnerability. This occurs when an attempt to copy data to user space fails, causing the sam...
kernel: RDMA/rxe: Fix double free in rxe_srq_from_init
A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA subsystem, specifically within the rxe driver. An error in the rxesrqfrominit function's memory management can lead to a double free vulnerability. This occurs when an attempt to copy data to user space fails, causing the sam...
kernel: RDMA/mana: Validate rx_hash_key_len
A flaw was found in the Linux kernel's RDMA/mana component. A local user could exploit this vulnerability by providing an invalid rxhashkeylen value through a user-space API uAPI structure. This invalid value is then used in a memcpy operation without proper bounds checking, allowing the user to...
CVE-2026-53274
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix sleep-inside-lock in smcsetsockopt causing local DoS A logic flaw in smcsetsockopt allows a local unprivileged user to cause a Denial of Service DoS by holding the socket lock indefinitely. The function smcsetsockopt...
EUVD-2026-39324
In the Linux kernel, the following vulnerability has been resolved: netdev: fix double-free in netdevnlbindrxdoit Sashiko flags that genlmsgreply always consumes the skb. The error path calls nlmsgfreersp so we can't jump directly to it. Let's not unbind, just propagate the error to the user. Thi...
CVE-2026-53167 fuse: limit FUSE_NOTIFY_RETRIEVE to uptodate folios
In the Linux kernel, the following vulnerability has been resolved: fuse: limit FUSENOTIFYRETRIEVE to uptodate folios FUSENOTIFYRETRIEVE must be limited to uptodate folios; !uptodate folios can contain uninitialized data. Since FUSENOTIFYRETRIEVE is intended to only return data that is already in...
CVE-2026-52995
In the Linux kernel, the following vulnerability has been resolved: net/rds: zero per-item info buffer before handing it to visitors rdsforeachconninfo and rdswalkconnpathinfo both hand a caller-allocated on-stack u64 buffer to a per-connection visitor and then copy the full itemlen bytes back to...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: reset: gpio: Suppressing the bind attributes in sysfs. This is a special device that is created dynamically and is supposed to remain in memory forever. Currently, there is no devlink between this device and the actual reset...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx – The data passed through ioctl is copied to the kernel’s space properly. The UFXIOCTLREPORTDAMAGE ioctl does not copy data from user space to the kernel’s space properly. Instead, it directly references the memory...
CVE-2026-52927
In the Linux kernel, the following vulnerability has been resolved: netfilter: ebtables: fix OOB read in compatmtwfromuser Luxiao Xu says: The function compatmtwfromuser converts ebtables extensions from 32-bit user structures to kernel native structures. However, it lacks proper validation of th...
CVE-2026-52927 netfilter: ebtables: fix OOB read in compat_mtw_from_user
In the Linux kernel, the following vulnerability has been resolved: netfilter: ebtables: fix OOB read in compatmtwfromuser Luxiao Xu says: The function compatmtwfromuser converts ebtables extensions from 32-bit user structures to kernel native structures. However, it lacks proper validation of th...
PT-2026-51889
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel where the functions rds for each conn info and rds walk conn path info pass a caller-allocated on-stack u64 buffer to a per-connection visitor. The...
PT-2026-51720
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the compat mtw from user function within the netfilter ebtables component. The issue occurs because the function fails to properly validate the...
kernel: RDMA/rxe: Fix double free in rxe_srq_from_init
A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA subsystem, specifically within the rxe driver. An error in the rxesrqfrominit function's memory management can lead to a double free vulnerability. This occurs when an attempt to copy data to user space fails, causing the sam...
kernel: RDMA/rxe: Fix double free in rxe_srq_from_init
A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA subsystem, specifically within the rxe driver. An error in the rxesrqfrominit function's memory management can lead to a double free vulnerability. This occurs when an attempt to copy data to user space fails, causing the sam...
kernel: RDMA/rxe: Fix double free in rxe_srq_from_init
A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA subsystem, specifically within the rxe driver. An error in the rxesrqfrominit function's memory management can lead to a double free vulnerability. This occurs when an attempt to copy data to user space fails, causing the sam...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the iouring/waitid operation not clearing the waitid information before copying it to the user...