Lucene search
K

127 matches found

RedhatCVE
RedhatCVE
added last week8 views

CVE-2026-52980

A flaw was found in the Linux kernel's sched/fair scheduler. When a new schedentity is forked, its reldeadline may be unexpectedly set, leading to an abnormally large deadline value. If the task later calls schedyield, this inflated deadline can cause an overflow in vruntime calculations. This ca...

7CVSS5.8AI score0.00168EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 6:32 p.m.6 views

EUVD-2026-38848

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Clear reldeadline when initializing forked entities A yield-triggered crash can happen when a newly forked schedentity enters the fair class with se-reldeadline unexpectedly set. The failing sequence is: 1. A task is...

5.8AI score0.00168EPSS
Exploits0References5
CVE
CVE
added 2026/06/24 4:28 p.m.7 views

CVE-2026-52980

The CVE-2026-52980 issue affects the Linux kernel’s CFS scheduler: when forking a task, rel_deadline may be inherited in sched_entity, causing a relative deadline to be treated as absolute during the first enqueue. This leads to an inflated vruntime after yield_task_fair(), potential overflow of ...

5.8AI score0.00168EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fixed the issue with zerovruntime tracking. John reported that stress-ng-yield could cause his machine to behave abnormally. He managed to bisect the process to commit the change identified as b3d99f43c72b „sched/fair...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/sched: fqpie: Avoid stalls in fqpietimer When setting a high number of flows limit being 65536, fqpietimer currently uses too much time, as reported by syzbot. Add logic to yield the CPU every 2048 flows less than 150...

5.4AI score0.00182EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 9:14 p.m.23 views

EUVD-2026-30086

vm2 Has a Sandbox Breakout Using Async Generator...

9.8CVSS5.8AI score0.00568EPSS
Exploits1References4
OSV
OSV
added 2026/05/14 9:14 p.m.3 views

GHSA-248R-7H7Q-CR24 vm2 Has a Sandbox Breakout Using Async Generator

Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details It is possible to catch a host exception using the yield expression inside an async generator. When the...

9.8CVSS6.2AI score0.00568EPSS
Exploits1References5
Snyk
Snyk
added 2026/05/13 7:16 p.m.8 views

Arbitrary Code Injection

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the yield iterator inside an async generator. An attacker can execute arbitrary commands on the host...

10CVSS6AI score0.00568EPSS
Exploits1References2
NVD
NVD
added 2026/05/13 6:16 p.m.12 views

CVE-2026-45411

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield expression inside an async generator. When the generator is closed using the return function, the value is awaited on and exceptions thrown in the then call will be caught by th...

9.8CVSS0.00568EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/13 5:38 p.m.7 views

CVE-2026-45411 vm2: Sandbox Breakout Using Async Generator

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield expression inside an async generator. When the generator is closed using the return function, the value is awaited on and exceptions thrown in the then call will be caught by th...

9.8CVSS6.1AI score0.00568EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 5:38 p.m.5 views

CVE-2026-45411

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield expression inside an async generator. When the generator is closed using the return function, the value is awaited on and exceptions thrown in the then call will be caught by th...

9.8CVSS6.1AI score0.00568EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/05/13 5:38 p.m.39 views

CVE-2026-45411 vm2: Sandbox Breakout Using Async Generator

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield expression inside an async generator. When the generator is closed using the return function, the value is awaited on and exceptions thrown in the then call will be caught by th...

9.8CVSS0.00568EPSS
Exploits1References1
CVE
CVE
added 2026/05/13 5:38 p.m.39 views

CVE-2026-45411

vm2 is a Node.js sandbox; prior to 3.11.3, an async generator yield* can cause host exceptions to escape the VM when the generator is closed with return, with exceptions from then being routed to the yield* iterator as the next value, enabling arbitrary host commands. This is fixed in 3.11.3. The...

9.8CVSS6.1AI score0.00568EPSS
Exploits1References4Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/13 3:35 a.m.7 views

SUSE CVE-2026-43323

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix zerovruntime tracking fix John reported that stress-ng-yield could make his machine unhappy and managed to bisect it to commit b3d99f43c72b "sched/fair: Fix zerovruntime tracking". The combination of yield and tha...

5.8AI score0.00122EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-43323

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix zerovruntime tracking fix John reported that stress-ng-yield could make his...

5.5CVSS6AI score0.00122EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40731

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.3 Description A sandbox breakout allows attackers to execute arbitrary commands on the host system. This occurs because a host exception can be caught using the yield expression within an async generator. When the...

10CVSS6.1AI score0.00568EPSS
Exploits1References9
EUVD
EUVD
added 2026/05/08 3:31 p.m.12 views

EUVD-2026-28607

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix zerovruntime tracking fix John reported that stress-ng-yield could make his machine unhappy and managed to bisect it to commit b3d99f43c72b "sched/fair: Fix zerovruntime tracking". The combination of yield and tha...

5.8AI score0.00122EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/05/08 2:16 p.m.8 views

CVE-2026-43323

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix zerovruntime tracking fix John reported that stress-ng-yield could make his machine unhappy and managed to bisect it to commit b3d99f43c72b "sched/fair: Fix zerovruntime tracking". The combination of yield and tha...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References6
OSV
OSV
added 2026/05/08 2:16 p.m.11 views

UBUNTU-CVE-2026-43323

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix zerovruntime tracking fix John reported that stress-ng-yield could make his machine unhappy and managed to bisect it to commit b3d99f43c72b "sched/fair: Fix zerovruntime tracking". The combination of yield and tha...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/08 1:31 p.m.46 views

CVE-2026-43323 sched/fair: Fix zero_vruntime tracking fix

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix zerovruntime tracking fix John reported that stress-ng-yield could make his machine unhappy and managed to bisect it to commit b3d99f43c72b "sched/fair: Fix zerovruntime tracking". The combination of yield and tha...

0.00122EPSS
Exploits0References4
Rows per page
Query Builder