Lucene search
+L

1031 matches found

osv
osv
added 2026/06/24 4:29 p.m.3 views

CVE-2026-52994 vsock/virtio: fix MSG_ZEROCOPY pinned-pages accounting

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix MSGZEROCOPY pinned-pages accounting virtiotransportinitzcopyskb uses iter-count as the size argument for msgzerocopyrealloc, which in turn passes it to mmaccountpinnedpages for RLIMITMEMLOCK accounting. However,...

5.5CVSS5.8AI score0.00173EPSS
Exploits0References6
cve
cve
added 2026/06/24 4:29 p.m.11 views

CVE-2026-52994

The CVE-2026-52994 vulnerability affects the Linux kernel’s vsock/virtio code, where the MSG_ZEROCOPY pinned-pages accounting could bypass RLIMIT_MEMLOCK on the last skb due to iter->count being consumed earlier. The fix makes pkt_len (the total bytes sent) the parameter to virtio_transport_in...

5.5CVSS5.7AI score0.00173EPSS
Exploits0References3Affected Software1
astralinux
astralinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Fixed a potential underflow in virtiotransportgetcredit. The credit calculation in virtiotransportgetcredit uses unsigned arithmetic: c ret = vvs-peerbufalloc - vvs-txcnt - vvs-peerfwdcnt; If the peer reduces its...

5.5CVSS5.9AI score0.00127EPSS
Exploits0References2
astralinux
astralinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: vsock/virtio: Only linear skb values are coalesced. In vsock/virtio common, attempts to coalesce buffers in the rx queue: if a linear skb with a spare tail room is followed by a small skb whose length is limited by GOODCOPYLEN...

5.9AI score0.00166EPSS
Exploits0References2
astralinux
astralinux
added 2026/06/24 3:11 p.m.1 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: vsock: Ignore signals/timesouts on connect if the socket is already established. During connect, acting on a signal/timesout by disconnecting an already established socket leads to several issues: 1. connect invokes...

6AI score0.00203EPSS
Exploits0References4
astralinux
astralinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: cap TX credit to local buffer size The virtio transport derives its TX credit directly from peerbufalloc, which is set based on the remote endpoint’s SOVMSOCKETSBUFFERSIZE value. On the host side, this means that th...

5.5CVSS6.1AI score0.00142EPSS
Exploits0References2
osv
osv
added 2026/06/23 10:8 a.m.8 views

RHSA-2026:28038 Red Hat Security Advisory: gvisor-tap-vsock security update

Bulletin has no description...

7.8CVSS5.8AI score0.00621EPSS
Exploits0References33
nessus
nessus
added 2026/06/23 12:0 a.m.6 views

RHEL 9 : gvisor-tap-vsock (RHSA-2026:28038)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28038 advisory. A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor. Compared to libslirp, gvisor-tap-vso...

7.5CVSS6AI score0.00621EPSS
Exploits0References10
redhat
redhat
added 2026/06/22 8:40 p.m.10 views

Important: Red Hat Security Advisory: gvisor-tap-vsock security update

An update for gvisor-tap-vsock is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References5
amazon
amazon
added 2026/06/22 12:0 a.m.12 views

Important: kernel6.18

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bpf: fix end-of-list detection in cgroupstoragegetnextkey CVE-2026-45838 In the Linux kernel, the following vulnerability has been resolved: bpf: reject negative CO-RE accessor indices in bpfcoreparsespec...

9.8CVSS6.4AI score0.00559EPSS
Exploits4
nessus
nessus
added 2026/06/18 12:0 a.m.31 views

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-40248)

In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect if already established During connect, acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect invoking vsocktransportcancelpkt -...

5.8AI score0.00203EPSS
Exploits0References3
osv
osv
added 2026/06/05 9:40 p.m.6 views

OPENSUSE-SU-2026:20915-1 Security update for sshfs

This update for sshfs fixes the following issues: Changes in sshfs: - Update to 3.7.6: - Added new maintainer: abhinavagarwal07 Abhinav Agarwal - CVE-2026-47187: Fixed critical vulnerability - Symlink Escape: Rogue SFTP Server to Local File Read/Write, credit to abhinavagarwal07 bsc1267017 - New ...

5.5AI score0.00031EPSS
Exploits0References4
nessus
nessus
added 2026/06/03 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-46207

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vsock/virtio: fix empty payload in tap skb for non-linear buffers For non-linear skbs, virtiotransportbuildskb goes through virtiotransportcopynonlinearskb to...

5.5CVSS6.2AI score0.00127EPSS
Exploits0References3
mscve
mscve
added 2026/05/29 8:5 a.m.9 views

vsock: fix buffer size clamping order

...

7.8CVSS5.4AI score0.00129EPSS
Exploits0
mscve
mscve
added 2026/05/29 8:1 a.m.8 views

vsock/virtio: fix accept queue count leak on transport mismatch

...

5.5CVSS5.4AI score0.00128EPSS
Exploits0
susecve
susecve
added 2026/05/29 1:15 a.m.11 views

SUSE CVE-2026-46207

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix empty payload in tap skb for non-linear buffers For non-linear skbs, virtiotransportbuildskb goes through virtiotransportcopynonlinearskb to copy the original payload in the new skb to be delivered to the vsockm...

3.3CVSS5.8AI score0.00127EPSS
Exploits0References3
susecve
susecve
added 2026/05/29 1:14 a.m.10 views

SUSE CVE-2026-46214

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix accept queue count leak on transport mismatch virtiotransportrecvlisten calls skacceptqadded before vsockassigntransport. If vsockassigntransport fails or selects a different transport, the error path returns...

4.7CVSS5.8AI score0.00128EPSS
Exploits0References9
nessus
nessus
added 2026/05/29 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-46214

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vsock/virtio: fix accept queue count leak on transport mismatch virtiotransportrecvlisten calls skacceptqadded before vsockassigntransport. If...

5.5CVSS6AI score0.00128EPSS
Exploits0References3
nessus
nessus
added 2026/05/29 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-46234

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vsock: fix buffer size clamping order In vsockupdatebuffersize, the buffer size was being clamped to the maximum first, and then to the minimum. If a user sets ...

7.8CVSS6.2AI score0.00129EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/05/28 1:19 p.m.13 views

CVE-2026-46214

A flaw was found in the Linux kernel's vsock/virtio component. This vulnerability occurs when virtiotransportrecvlisten calls skacceptqadded before transport validation, leading to a permanent increment of the skackbacklog counter if transport assignment fails. A remote attacker could exploit thi...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References4
Rows per page
Query Builder