Lucene search
+L

94 matches found

OSV
OSV
added 3 days ago3 views

CVE-2026-10669 Xtensa MPU `arch_buffer_validate()` integer-overflow lets a user thread bypass syscall pointer validation

On Xtensa SoCs built with CONFIGXTENSAMPU and CONFIGUSERSPACE, archbuffervalidate in arch/xtensa/core/mpu.c — the architecture hook that verifies a user-mode-supplied buffer is accessible to the calling user thread with the requested permission — defaulted its return value to 0 access permitted a...

7.8CVSS6.1AI score0.00114EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-10669 Xtensa MPU `arch_buffer_validate()` integer-overflow lets a user thread bypass syscall pointer validation

On Xtensa SoCs built with CONFIGXTENSAMPU and CONFIGUSERSPACE, archbuffervalidate in arch/xtensa/core/mpu.c — the architecture hook that verifies a user-mode-supplied buffer is accessible to the calling user thread with the requested permission — defaulted its return value to 0 access permitted a...

7.8CVSS6.1AI score0.00114EPSS
Exploits0References2
CVE
CVE
added 3 days ago6 views

CVE-2026-10669

Summary (CVE-2026-10669) : On Xtensa SoCs with CONFIG_XTENSA_MPU and CONFIG_USERSPACE, arch_buffer_validate() erroneously permits access when the buffer size rounds to a wrap of the 32-bit address space, bypassing MPU checks. This can let an unprivileged user-thread validate or copy memory it sho...

7.8CVSS6.1AI score0.00114EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 6:16 a.m.13 views

CVE-2026-10635

On Xtensa targets with CONFIGUSERSPACE and CONFIGXTENSAMMU, the page-table code arch/xtensa/core/ptables.c maintains a global list, xtensadomainlist, of active memory domains using a list node embedded inside the caller-owned struct kmemdomain. When a domain is destroyed via kmemdomaindeinit -...

6.3CVSS0.00164EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/16 5:19 a.m.11 views

EUVD-2026-37036

On Xtensa targets with CONFIGUSERSPACE and CONFIGXTENSAMMU, the page-table code arch/xtensa/core/ptables.c maintains a global list, xtensadomainlist, of active memory domains using a list node embedded inside the caller-owned struct kmemdomain. When a domain is destroyed via kmemdomaindeinit -...

6.3CVSS5.5AI score0.00164EPSS
Exploits1References2
CVE
CVE
added 2026/06/16 5:19 a.m.24 views

CVE-2026-10635

CVE-2026-10635 affects Zephyr v4.4.0 on Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU. The bug arises when destroying a memory domain via k_mem_domain_deinit(): the page-table code keeps a global xtensa_domain_list entry for the domain, but the node is not removed, leaving a dangling...

6.3CVSS6.1AI score0.00164EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/16 5:19 a.m.45 views

CVE-2026-10635 Dangling memory-domain pointer (use-after-free) in Xtensa MMU page-table code on memory-domain de-init

On Xtensa targets with CONFIGUSERSPACE and CONFIGXTENSAMMU, the page-table code arch/xtensa/core/ptables.c maintains a global list, xtensadomainlist, of active memory domains using a list node embedded inside the caller-owned struct kmemdomain. When a domain is destroyed via kmemdomaindeinit -...

6.3CVSS0.00164EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/16 5:19 a.m.8 views

CVE-2026-10635 Dangling memory-domain pointer (use-after-free) in Xtensa MMU page-table code on memory-domain de-init

On Xtensa targets with CONFIGUSERSPACE and CONFIGXTENSAMMU, the page-table code arch/xtensa/core/ptables.c maintains a global list, xtensadomainlist, of active memory domains using a list node embedded inside the caller-owned struct kmemdomain. When a domain is destroyed via kmemdomaindeinit -...

6.3CVSS6.1AI score0.00164EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49610

On Xtensa targets with CONFIG USERSPACE and CONFIG XTENSA MMU, the page-table code arch/xtensa/core/ptables.c maintains a global list, xtensa domain list, of active memory domains using a list node embedded inside the caller-owned struct k mem domain. When a domain is destroyed via k mem domain...

6.3CVSS5.5AI score0.00164EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: xtensa: xtfpga: Fixed a refcount leak bug in setup. In machinesetup, offindcompatiblenode will return a node pointer with the refcount incremented. We should use ofnodeput when it is no longer needed...

5.5CVSS6.1AI score0.00243EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: xtensa: Fixed the refcount leak issue in the time.c file. In calibccount, the offindcompatiblenode function will return a node pointer with the refcount incremented. We should use ofnodeput when this function is no longer need...

5.5CVSS6AI score0.00243EPSS
Exploits0References2
OSV
OSV
added 2026/03/16 2:3 p.m.23 views

USN-8095-1 linux, linux-aws, linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-ibm-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oracle, linux-oracle-6.8 vulnerabilities

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...

7.8CVSS6.8AI score0.00519EPSS
Exploits7References425
AstraLinux
AstraLinux
added 2026/03/03 9:29 a.m.7 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: xtensa: simdisk: added input size checking in procwritesimdisk A malicious user could potentially enter an arbitrarily bad value into memdupusernul, which might cause the kernel to crash. This follows the same pattern as the patc...

6.1AI score0.00187EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2026/02/24 11:20 a.m.18 views

USN-8029-3: Linux kernel (Azure) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - Nios II architecture; - PA-RISC architecture; - RISC-V architecture; -...

7.8CVSS7.7AI score0.00519EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.19 views

Ubuntu 24.04 LTS : Linux kernel (OEM) vulnerabilities (USN-8048-1)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8048-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

7.8CVSS6AI score0.00519EPSS
Exploits4References367
OSV
OSV
added 2026/02/17 3:24 p.m.12 views

USN-8048-1 linux-oem-6.17 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - Nios II architecture; - PA-RISC architecture; - RISC-V architecture; -...

7.8CVSS6.7AI score0.00519EPSS
Exploits4References367
Ubuntu
Ubuntu
added 2026/02/17 3:24 p.m.22 views

USN-8048-1: Linux kernel (OEM) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - Nios II architecture; - PA-RISC architecture; - RISC-V architecture; -...

7.8CVSS7.4AI score0.00519EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2026/02/13 12:0 a.m.11 views

Ubuntu 25.10 : Linux kernel (GCP) vulnerabilities (USN-8030-1)

The remote Ubuntu 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8030-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the...

7.8CVSS8.6AI score0.00519EPSS
Exploits4References367
OSV
OSV
added 2026/02/12 9:39 a.m.10 views

USN-8030-1 linux-gcp vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - Nios II architecture; - PA-RISC architecture; - RISC-V architecture; -...

7.8CVSS6.5AI score0.00519EPSS
Exploits4References367
Ubuntu
Ubuntu
added 2026/02/12 9:15 a.m.13 views

USN-8029-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - Nios II architecture; - PA-RISC architecture; - RISC-V architecture; -...

7.8CVSS5.7AI score0.00519EPSS
Exploits4
Rows per page
Query Builder