Lucene search
K

417724 matches found

EUVD
EUVD
•added 2026/06/25 8:39 a.m.•3 views

EUVD-2026-39319

In the Linux kernel, the following vulnerability has been resolved: ipv6: sit: reload inner IPv6 header after GSO offloads ipip6tunnelxmit caches the inner IPv6 header pointer at function entry and continues using it after iptunnelhandleoffloads. For GSO skbs, iptunnelhandleoffloads calls...

5.7AI score0.00559EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•6 views

EUVD-2026-39318

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix possible kfreeskb of ERRPTR After the patch in the "Fixes" tag, the allocation of the "reply" skb can happen either before or after locking the ovsmutex. However, error cleanups still follow the classical...

5.8AI score0.00136EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39317

In the Linux kernel, the following vulnerability has been resolved: gpio: rockchip: fix generic IRQ chip leak on remove The driver allocates domain generic chips using irqallocdomaingenericchips during probe. However, on driver remove/teardown, the generic chips are not automatically freed when t...

5.7AI score0.00122EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•4 views

EUVD-2026-39316

In the Linux kernel, the following vulnerability has been resolved: sctp: fix uninit-value in sctprcvasconflookup sctprcvasconflookup in net/sctp/input.c only checks that the ASCONF chunk can hold the ADDIP header and a parameter header, then calls af-fromaddrparam, which reads the full address 1...

5.7AI score0.00544EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39315

In the Linux kernel, the following vulnerability has been resolved: sctp: validate embedded INIT chunk and address list lengths in cookie sctpunpackcookie only checked that the embedded INIT chunk length did not exceed the remaining cookie payload, but did not ensure that the INIT chunk is large...

5.7AI score0.00547EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•3 views

EUVD-2026-39314

In the Linux kernel, the following vulnerability has been resolved: net: guard timestamp cmsgs to real error queue skbs skbiserrqueue treats PACKETOUTGOING as the sole marker for an skb from skerrorqueue. That assumption is not true for AFPACKET sockets: outgoing packet taps are also delivered to...

5.8AI score0.00131EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39312

In the Linux kernel, the following vulnerability has been resolved: ip6vti: fix incorrect tunnel matching in vti6tnllookup In vti6tnllookup, when an exact match for a tunnel fails, the code falls back to searching for wildcard tunnels: - Tunnels matching the packet's local address, with any remot...

5.9AI score0.00559EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39313

In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: fix resource freeing order Commit a60fc3294a37 "ptp: rework ptpclockunregister to disable events" added a call to ptpdisableallevents which changes the configuration of pins if they support EXTTS events. In ptpocpdetach...

5.8AI score0.00107EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•4 views

EUVD-2026-39311

In the Linux kernel, the following vulnerability has been resolved: netfilter: revalidate bridge ports ebtredirecttg dereferences brportgetrcu return without a NULL check, causing a kernel panic when the bridge port has been removed between the original hook invocation and an NFQUEUE reinject. A...

5.7AI score0.00127EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39310

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: avoid leaking percpu counter pointers The native and compat get-entries paths copy the fixed rule entry header from the kernelized rule blob to userspace before overwriting the entry's counter fields with a...

5.7AI score0.00128EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39309

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftexthdr: fix register tracking for FPRESENT flag nftexthdrinit passes user-controlled priv-len to nftparseregisterstore, which marks that many bytes in the register bitmap as initialized. However, when...

5.7AI score0.00128EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39308

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: sync RX data at the hardware packet offset mvpp2 programs the RX queue packet offset, so hardware writes received data at dmaaddr + MVPP2SKBHEADROOM. The current CPU sync starts at dmaaddr and only covers rxbytes +...

5.7AI score0.00401EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•3 views

EUVD-2026-39307

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: limit XDP frame size to the RX buffer mvpp2 has short and long BM pools, and short pool buffers can be smaller than PAGESIZE. The XDP path nevertheless initializes every xdpbuff with PAGESIZE as frame size. XDP helper...

6AI score0.00546EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•4 views

EUVD-2026-39305

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix a potential NPD in cleanupprefixroute addrconfgetprefixroute can return the fib6nullentry sentinel entry which has a NULL fib6table pointer. Therefore, before setting the route's expiration time, check that we are not...

5.8AI score0.00122EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•3 views

EUVD-2026-39306

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: refill RX buffers before XDP or skb use The RX error path returns the current descriptor buffer to the hardware BM pool. That is only valid while the driver still owns the buffer. mvpp2rxrefill can fail after the...

6AI score0.00546EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•3 views

EUVD-2026-39304

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: fix krealloc memory leak Don't just overwrite the original pointer passed to krealloc with its return value without checking latter: MEM = kreallocMEM, SZ, GFP; If krealloc returns NULL, that erases the pointer to the...

5.8AI score0.00128EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•4 views

EUVD-2026-39303

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfttunnel: fix use-after-free on object destroy nfttunnelobjdestroy calls metadatadstfree which directly kfrees the metadatadst, ignoring the dstentry refcount. Packets that took a reference via dsthold in...

5.7AI score0.00125EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•7 views

EUVD-2026-39302

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftmetabridge: fix stale stack leak via IIFHWADDR register NFTMETABRIIIFHWADDR declares its destination register with len = ETHALEN 6 bytes, which the register-init tracking rounds up to two 32-bit registers 8 bytes...

5.7AI score0.00126EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•3 views

EUVD-2026-39301

In the Linux kernel, the following vulnerability has been resolved: tee: shm: fix shm leak in registershmhelper registershmhelper allocates shm before calling ioviternpages. If ioviternpages returns 0, the function jumps to errctxput and leaks shm. This can be triggered by TEEIOCSHMREGISTER with...

5.7AI score0.00127EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•4 views

EUVD-2026-39300

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: reject oversized Broadcast Announcement prepend Existing advertising instances can already hold the maximum extended advertising payload. When hciadvbcastannoucement prepends the Broadcast Announcement service...

6AI score0.00138EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•4 views

EUVD-2026-39299

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig net/bluetooth/l2capcore.c:l2capsigchannel accepts BR/EDR signaling packets up to the channel MTU and dispatches each command without enforcing the signaling MTU MTUsig...

5.8AI score0.00122EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•4 views

EUVD-2026-39298

In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix hugetlblock AA deadlock in gethugepageforhwpoison Two concurrent madviseMADVHWPOISON calls on the same hugetlb page can trigger a recursive spinlock self-deadlock AA deadlock on hugetlblock when racing with...

5.8AI score0.00099EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•3 views

EUVD-2026-39297

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add bounds check for firmware runtime memory Validate that the firmware runtime memory specified in the image header is properly aligned and sized to hold the firmware image. This prevents errors during memory...

5.7AI score0.00112EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•3 views

EUVD-2026-39296

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add bounds checks for firmware log indices Add validation that read and write indices in the firmware log buffer are within valid bounds datasize before using them. If out-of-bounds indices are encountered from...

6AI score0.00131EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39295

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL deref on rsusendmsg timeout in probe rsusendmsg can return -ETIMEDOUT when waitforcompletioninterruptibletimeout fires while the SMC call is still pending. In stratix10rsuprobe, the error paths f...

5.8AI score0.00107EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•4 views

EUVD-2026-39293

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix signed integer truncation in IPC receive Fix potential buffer overflow where firmware-supplied datasize is cast to signed int before being used in mint. Large unsigned values = 0x80000000 become negative, causing...

6AI score0.00153EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•3 views

EUVD-2026-39294

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add buffer overflow check in MS getinfoioctl Add validation that the info size returned from the metric stream info query is not exceeded when checked against the allocated buffer size. If the firmware returns a size...

6AI score0.00153EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39292

In the Linux kernel, the following vulnerability has been resolved: Revert "drm/xe: Skip exec queue schedule toggle if queue is idle during suspend" This reverts commit 8533051ce92015e9cc6f75e0d52119b9d91610b6. The idle-skip optimization bypasses GuC suspend, so the GPU may not perform the contex...

5.7AI score0.00137EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•3 views

EUVD-2026-39290

In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: use kmaplocalpage in netvsccopytosendbuf netvsccopytosendbuf copies page buffer entries into the VMBus send buffer using phystovirt on the entry PFN. Entries for the RNDIS header and the skb linear data come from...

6AI score0.0053EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39291

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: nv: Fix handling of XN0 when !FEATXNX XN has already been extracted from its bitfield position so using FIELDPREP on the mask that clears XN0 is completely broken, having the effect of unconditionally granting execute...

5.8AI score0.00129EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39289

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of a deferred filelock on double SMB2CANCEL A deferred byte-range lock an SMB2LOCK that blocks registers an async work on conn-asyncrequests via setupasyncwork, with cancelfn = smb2removeblockedlock and...

5.7AI score0.00466EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•3 views

EUVD-2026-39288

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix ABBA deadlock in iptfsdestroystate iptfsdestroystate calls hrtimercancel while holding a spinlock that the timer callback also acquires, leading to an ABBA deadlock on SMP systems. For the output timer iptfstimer...

5.8AI score0.00173EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39287

In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in getmanufinfo getmanufinfo reads le16tocpuromdesc-Size bytes from the device I2C EEPROM into a buffer allocated with kmallocobj, which is sizeofstruct edgetimanufdescriptor = 10 bytes. The...

6AI score0.00282EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•3 views

EUVD-2026-39285

In the Linux kernel, the following vulnerability has been resolved: USB: serial: kl5kusb105: fix bulk-out buffer overflow klsi105preparewritebuffer is called by the generic write path with the bulk-out buffer and its size bulkoutsize, 64 bytes. It stores a two-byte length header at the start of t...

6AI score0.00146EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•3 views

EUVD-2026-39286

In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in buildi2cfwhdr buildi2cfwhdr allocates a fixed-size buffer of 161024 - 512 + sizeofstruct tii2cfirmwarerec bytes, then copies le16tocpuimgheader-Length bytes into it without validating that...

6AI score0.00203EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•3 views

EUVD-2026-39284

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Forcibly close timer instances at closing When sndtimer object is freed via sndtimerfree and still pending sndtimerinstance objects are assigned to the timer object, it tries to unlink all instances and just set NULL...

5.7AI score0.00141EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•4 views

EUVD-2026-39282

In the Linux kernel, the following vulnerability has been resolved: iouring/net: inherit IORINGCQEFBUFMORE across bundle recv retries When a bundle recv retries inside iorecvfinish, the merge logic OR the saved cflags from the previous iteration with the cflags returned by the new iteration: cfla...

6AI score0.00138EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•4 views

EUVD-2026-39283

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Fix UAF at sndtimeruserparams At releasing a timer object, e.g. when a userspace timer CONFIGSNDUTIMER gets closed and sndtimerfree is called, it tries to detach the timer instances and release the resources. However...

5.8AI score0.00134EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•4 views

EUVD-2026-39281

In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix dmafence refcount leak on error in virtiogpudmafencewait dmafenceunwrapforeach internally calls dmafenceunwrapfirst which does cursor-chain = dmafencegethead, taking an extra reference. On normal loop completion,...

5.7AI score0.00175EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•5 views

EUVD-2026-39280

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: update file PMD counter before folioput splithugepmdlocked updates the file/shmem RSS counter after dropping the PMD mapping's folio reference. If folioput drops the last reference, mmcounterfile can later read fre...

5.7AI score0.00138EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•3 views

EUVD-2026-39278

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Validate cpuid against nrcpuids in DMAH alloc The cpuid attribute supplied by user space through UVERBSATTRALLOCDMAHCPUID is passed directly to cpumasktestcpu without first verifying that the value is within the valid...

5.7AI score0.00129EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 8:39 a.m.•4 views

EUVD-2026-39279

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Validate the passed in fops for ibgetucaps Sashiko pointed out it is not safe to rely only on the devt because char/block alias so if the user finds a block device with the same devt it can masquerade as a ucap cdev fd...

5.8AI score0.00136EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•4 views

EUVD-2026-39277

In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: bound SRPRSP sense copy by the received length srpprocessrsp copies sense data from rsp-data + respdatalen, where respdatalen is the full 32-bit value supplied by the SRP target and is never checked against the number o...

6AI score0.00544EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•5 views

EUVD-2026-39276

In the Linux kernel, the following vulnerability has been resolved: zram: fix use-after-free in zrambvecwritepartial zramreadpage picks the sync or async backing device read path based on whether the parent bio is NULL. zrambvecwritepartial passes its parent bio down, so for ZRAMWB slots the read...

5.8AI score0.00099EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•5 views

EUVD-2026-39275

In the Linux kernel, the following vulnerability has been resolved: udp: clear skb-dev before running a sockmap verdict On the UDP receive path skb-dev is repurposed as devscratch the truesize/state cache set by udpsetdevscratch, through the union struct netdevice dev; unsigned long devscratch; i...

5.7AI score0.00506EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•4 views

EUVD-2026-39274

In the Linux kernel, the following vulnerability has been resolved: mptcp: allow subflow rcv wnd to shrink In MPTCP connection, the window field in the TCP header refers to the MPTCP-level rcvnxt and it's right edge should not move backward. Such constraint is enforced at DSS option generation...

5.7AI score0.00506EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•4 views

EUVD-2026-39273

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject oversized EMA RNR lists nl80211parsernrelems stores the parsed element count in a u8-backed cfg80211rnrelems::cnt field and uses that count to size the flexible array allocation. Reject nested...

5.7AI score0.00138EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•5 views

EUVD-2026-39271

In the Linux kernel, the following vulnerability has been resolved: timers/migration: Fix livelock in tmigrhandleremoteup tmigrhandleremotecpu skips timerexpireremote when cpu == smpprocessorid, assuming the local softirq path already handled this CPU's timers. This assumption is wrong because...

5.8AI score0.00466EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•5 views

EUVD-2026-39272

In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: fix skackbacklog leak on failed handshake When vmcitransportrecvconnectingserver returns an error, vmcitransportrecvlisten calls vsockremovepending but never calls skacceptqremoved. This leaves skackbacklog incremente...

5.8AI score0.00184EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•4 views

EUVD-2026-39269

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: rtwmlme: add bounds checks before ielength subtraction Add guards to ensure ielength is large enough before subtracting fixed IE offsets to prevent unsigned integer underflow...

5.7AI score0.00214EPSS
Exploits0References2
Total number of security vulnerabilities417724