Lucene search
K

417724 matches found

EUVD
EUVD
•added 2026/06/25 8:38 a.m.•5 views

EUVD-2026-39270

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix buffer over-read in rtwupdateprotection rtwupdateprotection is called with a pointer offset into the ies buffer but the full ielength is passed, causing a potential buffer over-read...

6AI score0.00175EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•5 views

EUVD-2026-39268

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix NULL pointer dereference PCIe errors detected by a Root Port or Downstream Port cause error recovery services to run on all subordinate devices regardless of administrative state. The .errordetected callback,...

5.7AI score0.00176EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•5 views

EUVD-2026-39267

In the Linux kernel, the following vulnerability has been resolved: IB/isert: Reject login PDUs shorter than ISERHEADERSLEN In drivers/infiniband/ulp/isert/ibisert.c, isertloginrecvdone computes the login request payload length as wc-bytelen minus ISERHEADERSLEN with no lower bound, and loginreql...

6AI score0.00737EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•17 views

EUVD-2026-39266

In the Linux kernel, the following vulnerability has been resolved: inet: frags: fix use-after-free caused by the fqdirpreexit flush On netns teardown, fqdirpreexit walks the fqdir rhashtable and flushes every fragment queue that is not yet complete using inetfragqueueflush. That helper frees all...

5.8AI score0.00327EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•6 views

EUVD-2026-39265

In the Linux kernel, the following vulnerability has been resolved: ovl: keep err zero after successful ovlcacheget ovliteratemerged stores PTRERRcache in err before checking ISERRcache. On success err holds the truncated cache pointer and can be returned as a bogus non-zero error. The syzbot...

5.7AI score0.00129EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•5 views

EUVD-2026-39263

In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix IFM region index out-of-bounds in command stream parser NPUSETIFMREGION extracts the region index with param & 0x7f, giving a maximum value of 127. However regionsize and outputregion in struct...

5.7AI score0.00129EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•5 views

EUVD-2026-39264

In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix OOB write in ethosugemcmdstreamcopyandvalidate The command stream parsing loop increments the index variable a second time when a 64-bit command word is encountered bit 14 set, but does not re-check the loop bou...

5.9AI score0.00129EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•5 views

EUVD-2026-39262

In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix arithmetic issues in dmalength dmalength derives DMA region usage from command stream values and updates regionsize: len = len + stride0 size0 + stride1 size1 regionsizeregion = max..., len + dma-offset Several...

6AI score0.00137EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•3 views

EUVD-2026-39261

In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: reject DMA commands with uninitialized length cmdstateinit initializes the command state with memset0xff, leaving dma-len at U64MAX to signal missing setup. The only setter is NPUSETDMA0LEN; if userspace omits this...

5.9AI score0.00137EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•3 views

EUVD-2026-39260

In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: reject NPUOPRESIZE commands from userspace NPUOPRESIZE is a U85-only command that the driver does not yet implement. The existing WARNON1 placeholder fires unconditionally whenever userspace submits this command via...

5.8AI score0.00155EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•5 views

EUVD-2026-39259

In the Linux kernel, the following vulnerability has been resolved: fuse: reject fusenotify pagecache ops on directories The operations FUSENOTIFYSTORE and FUSENOTIFYRETRIEVE allow the FUSE daemon to actively write/read pagecache contents. For directories with FOPENCACHEDIR, the pagecache is used...

5.8AI score0.00176EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•5 views

EUVD-2026-39257

In the Linux kernel, the following vulnerability has been resolved: futex/requeue: Prevent NULL pointer dereference in removewaiter on self-deadlock When FUTEXCMPREQUEUEPI requeues a non-top waiter that already owns the target PI futex, taskblocksonrtmutex returns -EDEADLK before setting...

5.8AI score0.00173EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•4 views

EUVD-2026-39258

In the Linux kernel, the following vulnerability has been resolved: fuse: limit FUSENOTIFYRETRIEVE to uptodate folios FUSENOTIFYRETRIEVE must be limited to uptodate folios; !uptodate folios can contain uninitialized data. Since FUSENOTIFYRETRIEVE is intended to only return data that is already in...

5.7AI score0.00176EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•5 views

EUVD-2026-39256

In the Linux kernel, the following vulnerability has been resolved: iomap: avoid potential null folio-mapping deref during error reporting When a buffered read fails, iomapfinishfolioread reports the error with fserrorreportiofolio-mapping-host, .... This is called after ifs-readbytespending has...

5.8AI score0.00359EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•4 views

EUVD-2026-39255

In the Linux kernel, the following vulnerability has been resolved: iommu/dma: Do not try to iommumap a 0 length region in swiotlb iommudmaiovalinkswiotlb processes a mapping that is unaligned in three parts, the head, middle and trailer. If the middle is empty because there are no aligned pages ...

5.8AI score0.00166EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•4 views

EUVD-2026-39254

In the Linux kernel, the following vulnerability has been resolved: locking/rtmutex: Skip removewaiter when waiter is not enqueued syzbot triggered the following splat in removewaiter via FUTEXCMPREQUEUEPI: KASAN: null-ptr-deref in range 0x0000000000000a88-0x0000000000000a8f...

5.7AI score0.0018EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•3 views

EUVD-2026-39253

In the Linux kernel, the following vulnerability has been resolved: memcg: use round-robin victim selection in refillstock Harry Yoo reported that getrandomu32below is not safe to call in the nmi context and memcg charge draining can happen in nmi context. More specifically getrandomu32below is...

5.8AI score0.00136EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•7 views

EUVD-2026-39252

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix use-after-free of fastrpcuser in workqueue context There is a race between fastrpcdevicerelease and the workqueue that processes DSP responses. When the user closes the file descriptor, fastrpcdevicerelease fre...

5.7AI score0.00135EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•5 views

EUVD-2026-39251

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix use-after-free race in fastrpcmapcreate fastrpcmaplookup returns a raw pointer after releasing fl-lock. The caller fastrpcmapcreate then calls fastrpcmapget krefgetunlesszero on this unprotected pointer. A...

5.8AI score0.00125EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•5 views

EUVD-2026-39250

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix DMA address corruption due to findvma misuse fastrpcgetargs uses findvma to look up the VMA for a user-provided pointer and compute a DMA address offset. When the address falls in a gap before the returned VMA,...

5.7AI score0.00176EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•5 views

EUVD-2026-39249

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix NULL pointer dereference in rpmsg callback A NULL pointer dereference was observed on Hawi at boot when the DSP sends a glink message before fastrpcrpmsgprobe has completed initialization: Unable to handle kern...

5.7AI score0.00176EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•5 views

EUVD-2026-39248

In the Linux kernel, the following vulnerability has been resolved: net: phonet: free phonetdevice after RCU grace period phonetdevicedestroy removes a phonetdevice from the per-net device list with listdelrcu, but frees it immediately. RCU readers walking the same list can still hold a pointer t...

5.7AI score0.00184EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•3 views

EUVD-2026-39247

In the Linux kernel, the following vulnerability has been resolved: nvmem: core: fix use-after-free bugs in error paths Fix several instances of error paths in which we call nvmemdeviceput - which may end up freeing the underlying memory and other resources - and then keep on using the nvmem...

5.7AI score0.00168EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•5 views

EUVD-2026-39245

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: restore reservation on error in hugetlb folio copy paths Two sites in mm/hugetlb.c allocate a hugetlb folio via allochugetlbfolio consuming a VMA reservation and then call copyuserlargefolio, which became int-returnin...

5.7AI score0.00168EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•4 views

EUVD-2026-39246

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: use correct flags for device private PMD entry Commit 65edfda6f3f2 "mm/rmap: extend rmap and migration support device-private entries" updated setpmdmigrationentry to use pmdphugegetandclear in the softleaf case, b...

5.4AI score0.00172EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•4 views

EUVD-2026-39244

In the Linux kernel, the following vulnerability has been resolved: mm/listlru: drain before clearing xarray entry on reparent memcgreparentlistlrus clears the dying memcg's xarray entry with xasstore&xas, NULL before reparenting its per-node lists into the parent. This opens a window where a...

5.8AI score0.00102EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•3 views

EUVD-2026-39243

In the Linux kernel, the following vulnerability has been resolved: mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parsedt...

5.8AI score0.00168EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•4 views

EUVD-2026-39242

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix the ACK parser to extract the SACK table for parsing Fix modification of the received skbuff in rxrpcinputsoftacks and a potential incorrect access of the buffer in a fragmented UDP packet the packet would probably hav...

6AI score0.00497EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•4 views

EUVD-2026-39241

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Reject zero-length property entries in validator tbpropertyentryvalid accepts entries with length == 0 for DIRECTORY, DATA, and TEXT types. A zero-length TEXT entry passes validation but causes an underflow in the...

5.8AI score0.00184EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•3 views

EUVD-2026-39239

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Clamp XDomain response data copy to allocation size tbxdppropertiesrequest derives the per-packet copy length from the response header without checking that it fits in the previously allocated data buffer. A maliciou...

5.7AI score0.0014EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•3 views

EUVD-2026-39240

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Bound root directory content to block size tbpropertyparsedir does not check that contentoffset + contentlen fits within blocklen for the root directory case. When rootdir-length equals or exceeds blocklen - 2, the...

5.7AI score0.00176EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•6 views

EUVD-2026-39238

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request packet size before type cast tbxdphandlerequest casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for the target type. A peer...

5.9AI score0.00283EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•3 views

EUVD-2026-39237

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Limit XDomain response copy to actual frame size tbxdomaincopy copies req-responsesize bytes from the received packet buffer regardless of the actual frame size. When a short response arrives, this reads past the val...

6AI score0.00242EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•3 views

EUVD-2026-39236

In the Linux kernel, the following vulnerability has been resolved: drm/gem: Try to fix changehandle ioctl, attempt 4 airlied: just added some comments on how to reenable On-list because the cat is out of the bag and we're clearly not good enough to figure this out in private. The story thus far:...

5.9AI score0.00102EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•4 views

EUVD-2026-39235

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix NULL dereference in getqueueids When usrqueueidarray is NULL and numqueues is non-zero, getqueueids returns NULL. The callers check only ISERR on the return value; since ISERRNULL == false the check passes, and...

5.7AI score0.00168EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•4 views

EUVD-2026-39234

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11 The v11 MQD manager incorrectly assigned the CP-compute variants of checkpointmqd/restoremqd for KFDMQDTYPESDMA queues. These functions use sizeofstruct...

6AI score0.00134EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•5 views

EUVD-2026-39233

In the Linux kernel, the following vulnerability has been resolved: drm/xe/display: fix oops in suspend/shutdown without display The xe driver keeps track of whether to probe display, and whether display hardware is there, using xe-info.probedisplay. It gets set to false if there's no display aft...

5.8AI score0.00168EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•5 views

EUVD-2026-39232

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix global performance monitor reference counting In the SETGLOBAL ioctl, v3dperfmonfind bumps the reference count on the perfmon it returns, but v3dperfmonsetglobalioctl and v3dperfmondelete fail to release that referen...

5.8AI score0.00166EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 8:38 a.m.•3 views

EUVD-2026-39231

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix vaddr leak when indirect CSD has zeroed workgroups v3drewritecsdjobwgcountsfromindirect maps both the indirect buffer and the workgroup buffer and is expected to release them before returning. When any of the workgro...

6AI score0.00168EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/25 5:3 a.m.•4 views

EUVD-2026-39181

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code in the context of...

8.7CVSS6.2AI score0.00231EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 4:48 a.m.•5 views

EUVD-2026-39180

shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...

8.7CVSS6.3AI score0.0036EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 4:35 a.m.•5 views

EUVD-2026-39179

GitLab has remediated an issue in GitLab EE affecting all versions from 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with custom role permissions to view, create, or delete protected environment configuratio...

3.8CVSS5.9AI score0.00201EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 4:34 a.m.•6 views

EUVD-2026-39178

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.8 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to conceal content within a Snippet due to improper input validation...

4.3CVSS5.9AI score0.00223EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 4:34 a.m.•5 views

EUVD-2026-39177

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an unauthenticated user to view confidential issue references on public projects due to improper authorizatio...

5.3CVSS5.9AI score0.00275EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 4:34 a.m.•6 views

EUVD-2026-39176

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with limited permissions to access project information due to insufficient authorization...

3.1CVSS5.9AI score0.00182EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 4:34 a.m.•5 views

EUVD-2026-39175

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to read or modify another group's virtual registry cleanup policy settings without...

5.4CVSS5.9AI score0.00171EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 4:34 a.m.•5 views

EUVD-2026-39174

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with Reporter-level group permissions to view package metadata from projects with the...

4.3CVSS5.9AI score0.00193EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 4:34 a.m.•5 views

EUVD-2026-39173

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to bypass package protection rules and overwrite...

4.3CVSS5.9AI score0.00195EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/25 4:34 a.m.•5 views

EUVD-2026-39172

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed sensitive information to be written to application logs due to insufficient filtering in a CI/CD API endpoint...

4.4CVSS5.8AI score0.0013EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/25 4:33 a.m.•5 views

EUVD-2026-39171

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path...

8CVSS6.1AI score0.00222EPSS
Exploits0References3
Total number of security vulnerabilities417724