Lucene search
K

417709 matches found

EUVD
EUVD
•added 2026/06/25 8:39 a.m.•6 views

EUVD-2026-39215

In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: use RCU with deferred freeing for action lifecycle When NEWTFILTER and DELFILTER are run concurrently it is possible to create a race with an associated action. Let's illustrate with CPU0 running NEWTFILTER and...

5.8AI score0.00129EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•6 views

EUVD-2026-39213

In the Linux kernel, the following vulnerability has been resolved: l2tp: pppol2tp: hold reference to session in pppol2tpioctl pppol2tpioctl read sock-sk-skuserdata directly without any locks or reference counting. If a controllable sleep was induced during copyfromuser e.g. via a userfaultfd pag...

5.8AI score0.00125EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•8 views

EUVD-2026-39212

In the Linux kernel, the following vulnerability has been resolved: devlink: Release nested relation on devlink free devlink relation state is normally released from devlunregister, which calls devlinkrelput. This misses devlink instances that get a nested relation before registration and then fa...

5.7AI score0.00163EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39211

In the Linux kernel, the following vulnerability has been resolved: tcp: Add preemptdisable,enablenested in reqskqueuehashreq. syzbot reported a weird reqsk-rskrefcnt underflow in inetcskreqskqueuedrop. The captured reqskput in inetcskreqskqueuedrop is called only when it successfully removes req...

5.7AI score0.00349EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•6 views

EUVD-2026-39210

In the Linux kernel, the following vulnerability has been resolved: ipv6: anycast: insert aca into global hash under idev-lock syzbot reported a splat 1: a slab-use-after-free in ipv6chkacastaddr, which walks the global inet6acaddrlst hash under RCU and dereferences a struct ifacaddr6 that has...

5.7AI score0.00123EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•4 views

EUVD-2026-39208

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: enforce HE/EHT cap/oper consistency Xiang Mei reports that mac80211 could crash if ehtcap is set but ehtoper isn't. Rather than fixing that for the individual users, enforce that both HE/EHT have consistent elemen...

5.8AI score0.00151EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•6 views

EUVD-2026-39209

In the Linux kernel, the following vulnerability has been resolved: wifi: fix leak if split 6 GHz scanning fails rdev-intscanreq is leaked if cfg80211scan fails. Note that it's supposed to be released at cfg80211scandone but this doesn't happen as rdev-scanreq is NULL at that point, too, leading ...

5.7AI score0.00161EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•4 views

EUVD-2026-39207

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: hold listener socket in rfcommconnectind rfcommgetsockbychannel scans rfcommsklist under the list lock, but returns the selected listener after dropping that lock without taking a reference. rfcommconnectind th...

5.7AI score0.00266EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•6 views

EUVD-2026-39206

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate advertising TLV before type checks tlvdataisvalid reads each advertising data field length from datai, then inspects datai + 1 for managed EIR types before checking that the current field still fits insi...

6AI score0.00172EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•7 views

EUVD-2026-39205

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: validate skb length in MCC handlers The RFCOMM MCC handlers cast skb-data to protocol-specific structs without validating skb-len first. A malicious remote device can send truncated MCC frames and trigger...

5.8AI score0.00283EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39204

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: reject short frames before parsing A BNEP peer can send a short BNEP SDU. bneprxframe reads the packet type byte immediately and, for control packets, reads the control opcode and setup UUID-size byte before...

5.7AI score0.00274EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39203

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix memory leak in error path of hciallocdev Early failures in Bluetooth HCI UART configuration leak SRCU percpu memory. When device initialization fails before hciregisterdev completes, the HCIUNREGISTER flag is never...

5.7AI score0.00189EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39202

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not releasing hdev reference on isoconnbigsync hcigetroute returns a reference-counted hcidev pointer via hcidevhold. The function exits normally or with an error without ever releasing it...

5.7AI score0.00175EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39201

In the Linux kernel, the following vulnerability has been resolved: xsk: cache csumstart/csumoffset to fix TOCTOU in xskskbmetadata The TX metadata area resides in the UMEM buffer which is memory-mapped and concurrently writable by userspace. In xskskbmetadata, csumstart and csumoffset are read...

5.9AI score0.00145EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•7 views

EUVD-2026-39199

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Fix use-after-free in metadata dst teardown airohametadatadstfree runs metadatadstfree which frees the metadatadst with kfree immediately, bypassing the RCU grace period. In the RX path, skbdstsetnoref sets a...

5.7AI score0.00391EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•9 views

EUVD-2026-39200

In the Linux kernel, the following vulnerability has been resolved: ipv4: restrict IPOPTSSRR and IPOPTLSRR options This patch restricts setting Loose Source and Record Route LSRR and Strict Source and Record Route SSRR IP options to users with CAPNETRAW capability. This prevents unprivileged...

5.7AI score0.00184EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•6 views

EUVD-2026-39198

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: Fix use-after-free in metadata dst teardown mtkfreedev calls metadatadstfree which frees the metadatadst with kfree immediately, bypassing the RCU grace period. In the RX path, skbdstsetnoref sets a...

5.7AI score0.00507EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39196

In the Linux kernel, the following vulnerability has been resolved: net/802/mrp: fix vector attribute parsing in mrppduparsevecattr In mrppduparsevecattr, vector attribute events are encoded three per byte and valen tracks the number of events left to process. The parser decrements valen after...

5.8AI score0.00184EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•3 views

EUVD-2026-39197

In the Linux kernel, the following vulnerability has been resolved: sctp: validate cached peer INIT chunk length in COOKIEECHO processing When a listening SCTP server processes a COOKIEECHO chunk, the cached peer INIT chunk embedded after the cookie is parsed and its parameters are later walked b...

6AI score0.00481EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39195

In the Linux kernel, the following vulnerability has been resolved: VFS: fix possible failure to unlock in nfsd4createfile atomiccreate in fs/namei.c drops the reference to the dentry when it returns an error. This behaviour was imported into dentrycreate so that it will drop the reference if an...

5.7AI score0.00359EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39194

In the Linux kernel, the following vulnerability has been resolved: rseq: Fix using an uninitialized stack variable in rseqexituserupdate There is an bug in which an uninitialized stack variable is used in rseqexituserupdate as reported by syzbot: BUG: KMSAN: kernel-infoleak in rseqsetidsgetcsadd...

5.7AI score0.00162EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39193

In the Linux kernel, the following vulnerability has been resolved: ALSA: PCM: Fix wait queue list corruption in sndpcmdrain on linked streams sndpcmdrain uses initwaitqueueentry which does not clear entry.prev/next, and addwaitqueue with a conditional removewaitqueue that is skipped when tocheck...

5.8AI score0.00138EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•6 views

EUVD-2026-39192

In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: dummy: fix UMP event stack overread The dummy sequencer port forwards events by copying an incoming struct sndseqevent into a stack temporary, rewriting source and destination, and dispatching the temporary to...

5.8AI score0.00175EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•4 views

EUVD-2026-39330

In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix use-after-free on inexact bin in xfrmpolicybyselctx Fix the race by pruning the bin while still holding xfrmpolicylock, before dropping it. Use xfrmpolicyinexactprunebin directly since the lock is already held...

5.7AI score0.00135EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•10 views

EUVD-2026-39191

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix use-after-free on firstskb in inputprocesspayload inputprocesspayload stores firstskb into xtfs-ranewskb under droplock when starting partial reassembly, then unlocks and breaks out of the processing loop. The...

5.8AI score0.00418EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•3 views

EUVD-2026-39329

In the Linux kernel, the following vulnerability has been resolved: netlabel: validate unlabeled address and mask attribute lengths netlblunlabeladdrinfoget used the address attribute length to determine whether the attribute data could be read as an IPv4 or IPv6 address, but did not independentl...

5.7AI score0.00184EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39327

In the Linux kernel, the following vulnerability has been resolved: tcp: restrict SOATTACHFILTER to priv users This patch restricts the use of SOATTACHFILTER cBPF on TCP sockets to users with CAPNETADMIN capability. This blocks potential side-channel attack where an unprivileged application...

5.8AI score0.0018EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39328

In the Linux kernel, the following vulnerability has been resolved: gpio: mvebu: fix NULL pointer dereference in suspend/resume mvebupwmsuspend and mvebupwmresume are called for all GPIO banks during suspend/resume, but not all banks have PWM functionality. GPIO banks without PWM have mvchip-mvpw...

5.8AI score0.00175EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39326

In the Linux kernel, the following vulnerability has been resolved: net: add pskbmaypull to skbgroreceivelist skbgroreceivelist calls skbpullskb, skbgrooffsetskb without first ensuring the data is in the linear area via pskbmaypull. When the skb arrives via napigrofrags, skbheadlen can be 0 all...

5.7AI score0.00466EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39325

In the Linux kernel, the following vulnerability has been resolved: net: ibm: emac: Fix use-after-free during device removal The driver was using devmregisternetdev which causes unregisternetdev to be deferred until the devres cleanup phase, which runs after emacremove returns. This creates a...

5.7AI score0.00176EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39324

In the Linux kernel, the following vulnerability has been resolved: netdev: fix double-free in netdevnlbindrxdoit Sashiko flags that genlmsgreply always consumes the skb. The error path calls nlmsgfreersp so we can't jump directly to it. Let's not unbind, just propagate the error to the user. Thi...

5.7AI score0.00175EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39323

In the Linux kernel, the following vulnerability has been resolved: net: phy: clean the sfp upstream if phy probing fails Sashiko reported that we don't call sfpbusdelupstream in the probe failure path, so let's add it, otherwise the sfp-bus is left with a dangling 'upstream' field, that may be...

5.7AI score0.00221EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•3 views

EUVD-2026-39321

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix slab-out-of-bounds in mlx5querynicvportmaclist mlx5querynicvportmaclist sizes its firmware command buffer using the PF's logmaxcurrentuc/mclist capabilities. When querying a VF vport with a larger configured max via...

6AI score0.00131EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•4 views

EUVD-2026-39322

In the Linux kernel, the following vulnerability has been resolved: net: phy: don't try to setup PHY-driven SFP cages when using genphy We don't have support for PHY-driver SFP cages with the genphy code. On top of that, it was found by sashiko that running sfpbusaddupstream for genphy deadlocks,...

5.8AI score0.00087EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•3 views

EUVD-2026-39320

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix DMA and xdpframe leak on XDPTX xmit failure In the XSK branch of mlx5exmitxdpbuff, when sq-xmitxdpframe returns false e.g. XDPSQ is full, the function returns without unmapping the DMA address or freeing the...

5.7AI score0.00466EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•3 views

EUVD-2026-39319

In the Linux kernel, the following vulnerability has been resolved: ipv6: sit: reload inner IPv6 header after GSO offloads ipip6tunnelxmit caches the inner IPv6 header pointer at function entry and continues using it after iptunnelhandleoffloads. For GSO skbs, iptunnelhandleoffloads calls...

5.7AI score0.00559EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•6 views

EUVD-2026-39318

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix possible kfreeskb of ERRPTR After the patch in the "Fixes" tag, the allocation of the "reply" skb can happen either before or after locking the ovsmutex. However, error cleanups still follow the classical...

5.8AI score0.00136EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39317

In the Linux kernel, the following vulnerability has been resolved: gpio: rockchip: fix generic IRQ chip leak on remove The driver allocates domain generic chips using irqallocdomaingenericchips during probe. However, on driver remove/teardown, the generic chips are not automatically freed when t...

5.7AI score0.00122EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•4 views

EUVD-2026-39316

In the Linux kernel, the following vulnerability has been resolved: sctp: fix uninit-value in sctprcvasconflookup sctprcvasconflookup in net/sctp/input.c only checks that the ASCONF chunk can hold the ADDIP header and a parameter header, then calls af-fromaddrparam, which reads the full address 1...

5.7AI score0.00544EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39315

In the Linux kernel, the following vulnerability has been resolved: sctp: validate embedded INIT chunk and address list lengths in cookie sctpunpackcookie only checked that the embedded INIT chunk length did not exceed the remaining cookie payload, but did not ensure that the INIT chunk is large...

5.7AI score0.00547EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•3 views

EUVD-2026-39314

In the Linux kernel, the following vulnerability has been resolved: net: guard timestamp cmsgs to real error queue skbs skbiserrqueue treats PACKETOUTGOING as the sole marker for an skb from skerrorqueue. That assumption is not true for AFPACKET sockets: outgoing packet taps are also delivered to...

5.8AI score0.00131EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39312

In the Linux kernel, the following vulnerability has been resolved: ip6vti: fix incorrect tunnel matching in vti6tnllookup In vti6tnllookup, when an exact match for a tunnel fails, the code falls back to searching for wildcard tunnels: - Tunnels matching the packet's local address, with any remot...

5.9AI score0.00559EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39313

In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: fix resource freeing order Commit a60fc3294a37 "ptp: rework ptpclockunregister to disable events" added a call to ptpdisableallevents which changes the configuration of pins if they support EXTTS events. In ptpocpdetach...

5.8AI score0.00107EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•4 views

EUVD-2026-39311

In the Linux kernel, the following vulnerability has been resolved: netfilter: revalidate bridge ports ebtredirecttg dereferences brportgetrcu return without a NULL check, causing a kernel panic when the bridge port has been removed between the original hook invocation and an NFQUEUE reinject. A...

5.7AI score0.00127EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39310

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: avoid leaking percpu counter pointers The native and compat get-entries paths copy the fixed rule entry header from the kernelized rule blob to userspace before overwriting the entry's counter fields with a...

5.7AI score0.00128EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39309

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftexthdr: fix register tracking for FPRESENT flag nftexthdrinit passes user-controlled priv-len to nftparseregisterstore, which marks that many bytes in the register bitmap as initialized. However, when...

5.7AI score0.00128EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39308

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: sync RX data at the hardware packet offset mvpp2 programs the RX queue packet offset, so hardware writes received data at dmaaddr + MVPP2SKBHEADROOM. The current CPU sync starts at dmaaddr and only covers rxbytes +...

5.7AI score0.00401EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•3 views

EUVD-2026-39307

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: limit XDP frame size to the RX buffer mvpp2 has short and long BM pools, and short pool buffers can be smaller than PAGESIZE. The XDP path nevertheless initializes every xdpbuff with PAGESIZE as frame size. XDP helper...

6AI score0.00546EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•4 views

EUVD-2026-39305

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix a potential NPD in cleanupprefixroute addrconfgetprefixroute can return the fib6nullentry sentinel entry which has a NULL fib6table pointer. Therefore, before setting the route's expiration time, check that we are not...

5.8AI score0.00122EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•3 views

EUVD-2026-39306

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: refill RX buffers before XDP or skb use The RX error path returns the current descriptor buffer to the hardware BM pool. That is only valid while the driver still owns the buffer. mvpp2rxrefill can fail after the...

6AI score0.00546EPSS
Exploits0References7
Total number of security vulnerabilities417709