Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/06/24 3:36 p.m.5 views

CVE-2026-52940

A flaw was found in the Linux kernel's tun driver. An unprivileged user can exploit this vulnerability by setting the virtual network vnet header size to 24 bytes. This action causes the kernel to copy partially initialized stack memory to userspace when reading non-tunnel packets, leading to the...

7CVSS5.8AI score0.00112EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/24 7:14 a.m.5 views

CVE-2026-52940

In the Linux kernel, the following vulnerability has been resolved: tun: zero the whole vnet header in tunputuser tunputuser declares an on-stack struct virtionethdrv1hashtunnel without zeroing it. For a non-tunnel skb, virtionethdrtnlfromskb only initializes the first 10 bytes sizeofstruct...

5.5CVSS5.7AI score0.00112EPSS
Exploits0
CVE
CVE
added 2026/06/24 7:14 a.m.15 views

CVE-2026-52940

The CVE-2026-52940 issue affects the Linux kernel tun driver. tun_put_user() allocates an on‑stack virtio_net_hdr_v1_hash_tunnel without zeroing, while virtio_net_hdr_tnl_from_skb() only initializes the first 10 bytes for non‑tunnel SKBs. This allows an unprivileged user to set the vnet header to...

5.5CVSS5.8AI score0.00112EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/24 7:14 a.m.3 views

CVE-2026-52940 tun: zero the whole vnet header in tun_put_user()

In the Linux kernel, the following vulnerability has been resolved: tun: zero the whole vnet header in tunputuser tunputuser declares an on-stack struct virtionethdrv1hashtunnel without zeroing it. For a non-tunnel skb, virtionethdrtnlfromskb only initializes the first 10 bytes sizeofstruct...

5.5CVSS5.8AI score0.00112EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.17 views

Linux Distros Unpatched Vulnerability : CVE-2026-52940

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tun: zero the whole vnet header in tunputuser tunputuser declares an on-stack struct virtionethdrv1hashtunnel without zeroing it. For a non-tunnel skb,...

5.5CVSS6AI score0.00112EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51733

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists where the tun put user function declares a virtio net hdr v1 hash tunnel structure on the stack without initializing it to zero. For non-tunnel socket buffers skb, the...

5.5CVSS6AI score0.00112EPSS
Exploits0References21
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-31700

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/packet: fix TOCTOU race on mmap'd vnethdr in tpacketsnd In tpacketsnd, when PACKETVNETHDR is enabled, vnethdr points directly into the mmap'd TX ring buffer...

7.8CVSS6.2AI score0.00103EPSS
Exploits0References3
NVD
NVD
added 2026/05/01 2:16 p.m.8 views

CVE-2026-31700

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix TOCTOU race on mmap'd vnethdr in tpacketsnd In tpacketsnd, when PACKETVNETHDR is enabled, vnethdr points directly into the mmap'd TX ring buffer shared with userspace. The kernel validates the header via...

7.8CVSS0.00103EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/01 1:56 p.m.5 views

CVE-2026-31700

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix TOCTOU race on mmap'd vnethdr in tpacketsnd In tpacketsnd, when PACKETVNETHDR is enabled, vnethdr points directly into the mmap'd TX ring buffer shared with userspace. The kernel validates the header via...

5.9AI score0.00103EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2026/05/01 1:56 p.m.7 views

CVE-2026-31700

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix TOCTOU race on mmap'd vnethdr in tpacketsnd In tpacketsnd, when PACKETVNETHDR is enabled, vnethdr points directly into the mmap'd TX ring buffer shared with userspace. The kernel validates the header via...

7.8CVSS5.8AI score0.00103EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/01 1:56 p.m.34 views

CVE-2026-31700 net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd()

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix TOCTOU race on mmap'd vnethdr in tpacketsnd In tpacketsnd, when PACKETVNETHDR is enabled, vnethdr points directly into the mmap'd TX ring buffer shared with userspace. The kernel validates the header via...

7.8CVSS0.00103EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.13 views

PT-2026-36330

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Time-of-Check to Time-of-Use TOCTOU race condition exists in the tpacket snd function when PACKET VNET HDR is enabled. The vnet hdr points to a memory-mapped TX ring buffer shared with...

7.8CVSS5.9AI score0.00103EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a TOCTOU race condition in the tpacketsnd function’s mmap d vnethdr operation. This vulnerability...

7.8CVSS5.8AI score0.00103EPSS
Exploits0References1
Rows per page
Query Builder