Lucene search
K

748 matches found

RedHat Linux
RedHat Linux
added 2026/07/07 5:55 a.m.3 views

kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr

In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in security.ima and then...

5.8AI score0.00168EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/27 1:54 a.m.8 views

SUSE CVE-2026-53041

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix listxattr handling when the buffer is full BUG If an OCFS2 inode has both inline and block-based xattrs, listxattr can return a size larger than the caller's buffer when the inline names consume that buffer exactly...

7.1CVSS5.9AI score0.00126EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/06/26 4:15 p.m.13 views

CVE-2026-52961

A flaw was found in the Linux kernel's Ceph filesystem component. A race condition exists in the cephbuildxattrsblob function where the required extended attribute xattr blob size is computed before the buildxattrs call. During this window, another process can update the xattr blob, leading to a...

5.5CVSS5.7AI score0.00198EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 5:17 p.m.6 views

CVE-2026-53041

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix listxattr handling when the buffer is full BUG If an OCFS2 inode has both inline and block-based xattrs, listxattr can return a size larger than the caller's buffer when the inline names consume that buffer exactly...

7.1CVSS0.00126EPSS
Exploits0References8
OSV
OSV
added 2026/06/24 4:29 p.m.1 views

CVE-2026-53041 ocfs2: fix listxattr handling when the buffer is full

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix listxattr handling when the buffer is full BUG If an OCFS2 inode has both inline and block-based xattrs, listxattr can return a size larger than the caller's buffer when the inline names consume that buffer exactly...

7.1CVSS6AI score0.00126EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/24 4:29 p.m.6 views

EUVD-2026-38909

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix listxattr handling when the buffer is full BUG If an OCFS2 inode has both inline and block-based xattrs, listxattr can return a size larger than the caller's buffer when the inline names consume that buffer exactly...

6AI score0.00126EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: xfs: fixed a UAF Use-After-Value issue in xattr repair. The xchksetupxattrbuf function can allocate a new value buffer; therefore, any reference to ab-value before the call could become a dangling pointer. This issue was fixed...

6.1AI score0.00166EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ext4: fixed the iloc.bh leak in ext4xattr inodeupdateref The error branch for ext4xattr inodeupdateref forgot to release the refcount for iloc.bh. This issue was discovered during code review...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: orangefs: fixed xattr-related buffer overflow issues… Willy Tarreau forwarded me a message from Disclosure , containing the following warning: The helper function xattrkey uses the pointer variable in the loop condition, rather...

5.9AI score0.00189EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: f2fs: Use global inlinexattrslab instead of per-sb slab cache As Hong Yun reported in the mailing list: loop7: A capacity change from 0 to 131072 was detected. ------------ Cut here ------------ The kmemcache with the name...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51935

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the OCFS2 file system where the listxattr function can return a size larger than the caller's buffer. This occurs when an OCFS2 inode contains both inline and...

9.8CVSS5.9AI score0.00574EPSS
Exploits0References397
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51856

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer leak occurs in the ceph module within the ceph setxattr function. During a retry operation, the old blob variable can store the value of ci-i xattrs.prealloc blob, but the ceph...

9.8CVSS6.1AI score0.93235EPSS
Exploits31References378
RedHat Linux
RedHat Linux
added 2026/06/11 1:41 a.m.8 views

rsync: Rsync: Use-after-free vulnerability in extended attribute handling

A flaw was found in rsync. When rsync is configured to handle extended attributes using the -X or --xattrs option, a remote attacker can exploit a use-after-free vulnerability. This occurs because the receivexattr function incorrectly processes an untrusted length value during a sorting operation...

7.8CVSS5.8AI score0.00393EPSS
Exploits1References7
AstraLinux
AstraLinux
added 2026/06/02 3:27 p.m.4 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: fs/xattr: The fdput function is missing in the fremovexattr error path. In the Linux kernel, the fremovexattr system call calls fdget to obtain a file reference, but returns early without calling fdput when strncpyfromuser fails...

5.5CVSS5.6AI score0.0021EPSS
Exploits1References3
CloudLinux
CloudLinux
added 2026/05/30 10:23 a.m.13 views

rsync: Fix of CVE-2026-41035

CVE-2026-41035: fix use-after-free in receivexattr by using tempxattr.count instead of the stale count in qsort...

7.8CVSS5.5AI score0.00393EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/05/30 12:0 a.m.12 views

RockyLinux 8 : kernel-rt (RLSA-2026:21745)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21745 advisory. kernel: Bluetooth: MGMT: Fix possible UAFs CVE-2025-39981 kernel: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr CVE-2025-68183...

9.4CVSS6AI score0.00514EPSS
Exploits0References37
OSV
OSV
added 2026/05/29 2:28 p.m.8 views

CLSA-2026-1780062671 Fix CVE(s): CVE-2026-41035

SECURITY UPDATE: receiver use-after-free in receivexattr via a wire-supplied xattr count passed to qsort: - debian/patches/els/0007-CVE-2026-41035.patch: sort tempxattr.count stored items instead of the untrusted wire count. - CVE-2026-41035...

7.8CVSS5.8AI score0.00393EPSS
Exploits1References1
OSV
OSV
added 2026/05/29 11:39 a.m.10 views

CLSA-2026-1780054763 Fix CVE(s): CVE-2026-41035

SECURITY UPDATE: use-after-free in receivexattr - debian/patches/CVE-2026-41035.patch: replace stale local 'count' with tempxattr.count in the qsort call inside receivexattr, so the sort uses the live size of the rebuilt xattr items list; victim must run rsync with -X / --xattrs - CVE-2026-41035...

7.8CVSS5.8AI score0.00393EPSS
Exploits1References1
OSV
OSV
added 2026/05/28 11:40 a.m.7 views

SUSE-SU-2026:21841-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-2058: x86/CPU: Fix FPDSS on Zen1 bsc1243603. - CVE-2024-14027: xattr: switch to CLASSfd bsc1259420. - CVE-2025-40181: x86/kvm: Force legacy PCI hole to UC when...

9.8CVSS6.6AI score0.0138EPSS
Exploits19References455
RedHat Linux
RedHat Linux
added 2026/05/28 8:47 a.m.17 views

kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr

In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in security.ima and then...

5.8AI score0.00168EPSS
Exploits0References5
Rows per page
Query Builder