Lucene search
K

363781 matches found

NVD
NVD
•added 2026/06/24 5:17 p.m.•5 views

CVE-2026-52995

In the Linux kernel, the following vulnerability has been resolved: net/rds: zero per-item info buffer before handing it to visitors rdsforeachconninfo and rdswalkconnpathinfo both hand a caller-allocated on-stack u64 buffer to a per-connection visitor and then copy the full itemlen bytes back to...

0.00176EPSS
Exploits0References8
NVD
NVD
•added 2026/06/24 5:17 p.m.•5 views

CVE-2026-52999

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix out-of-bounds read on option matching In nfosfmatch, the nfosfhdrctx structure is initialized once and passed by reference to nfosfmatchone for each fingerprint checked. During TCP option parsing,...

9.1CVSS0.00521EPSS
Exploits0References8
NVD
NVD
•added 2026/06/24 5:17 p.m.•4 views

CVE-2026-52992

In the Linux kernel, the following vulnerability has been resolved: fs/adfs: validate nzones in adfsvalidatebblk Reject ADFS disc records with a zero zone count during boot block validation, before the disc record is used. When nzones is 0, adfsreadmap passes it to kmallocarray0, ... which return...

0.00184EPSS
Exploits0References8
NVD
NVD
•added 2026/06/24 5:17 p.m.•3 views

CVE-2026-52998

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix potential NULL dereference in ttl check The nfosfttl function accessed skb-dev to perform a local interface address lookup without verifying that the device pointer was valid. Additionally, the...

7.5CVSS0.00508EPSS
Exploits0References8
NVD
NVD
•added 2026/06/24 5:17 p.m.•6 views

CVE-2026-52996

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix durable fd leak on ClientGUID mismatch in durable v2 open ksmbdlookupfdcguid returns a ksmbdfile with its refcount incremented via ksmbdfpget. parsedurablehandlecontext in the DURABLEREQV2 case properly releases this...

0.00188EPSS
Exploits0References5
NVD
NVD
•added 2026/06/24 5:17 p.m.•5 views

CVE-2026-52997

In the Linux kernel, the following vulnerability has been resolved: net/sched: schdualpi2: drain both C-queue and L-queue in dualpi2change Fix dualpi2change to correctly enforce updated limit and memlimit values after a configuration change of the dualpi2 qdisc. Before this patch, dualpi2change...

0.00173EPSS
Exploits0References3
NVD
NVD
•added 2026/06/24 5:17 p.m.•7 views

CVE-2026-52993

In the Linux kernel, the following vulnerability has been resolved: tipc: fix double-free in tipcbufappend tipcmsgvalidate can potentially reallocate the skb it is validating, freeing the old one. In tipcbufappend, it was being called with a pointer to a local variable which was a copy of the...

9.8CVSS0.00351EPSS
Exploits0References11
NVD
NVD
•added 2026/06/24 5:17 p.m.•12 views

CVE-2026-52994

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix MSGZEROCOPY pinned-pages accounting virtiotransportinitzcopyskb uses iter-count as the size argument for msgzerocopyrealloc, which in turn passes it to mmaccountpinnedpages for RLIMITMEMLOCK accounting. However,...

0.00173EPSS
Exploits0References3
NVD
NVD
•added 2026/06/24 5:17 p.m.•4 views

CVE-2026-52985

In the Linux kernel, the following vulnerability has been resolved: netdevsim: zero initialize struct iphdr in dummy skbuff Syzbot reports a KMSAN uninit-value originating from nsimdevtrapskbbuild, with the allocation also being performed in the same function. Fix this by calling skbputzero inste...

0.00176EPSS
Exploits0References8
NVD
NVD
•added 2026/06/24 5:17 p.m.•7 views

CVE-2026-52986

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: don't use simplestrtoul Replace unsafe port parsing in epaddrlen, ctsipparseheaderuri, and ctsipparserequest with a new sipparseport helper that validates each digit against the buffer limit, eliminatin...

9.8CVSS0.00559EPSS
Exploits0References8
NVD
NVD
•added 2026/06/24 5:17 p.m.•6 views

CVE-2026-52984

In the Linux kernel, the following vulnerability has been resolved: net/sched: netem: fix queue limit check to include reordered packets The queue limit check in netemenqueue uses q-tlen which only counts packets in the internal tfifo. Packets placed in sch-q by the reorder path qdiscenqueuehead...

0.00184EPSS
Exploits0References8
NVD
NVD
•added 2026/06/24 5:17 p.m.•7 views

CVE-2026-52990

In the Linux kernel, the following vulnerability has been resolved: fsnotify: fix inode reference leak in fsnotifyrecalcmask fsnotifyrecalcmask fails to handle the return value of fsnotifyrecalcmask, which may return an inode pointer that needs to be released via fsnotifydropobject when the...

0.00175EPSS
Exploits0References4
NVD
NVD
•added 2026/06/24 5:17 p.m.•5 views

CVE-2026-52983

In the Linux kernel, the following vulnerability has been resolved: net: airoha: fix BQL imbalance in TX path Fix a possible BQL imbalance in airohadevxmit, where inflight packets are accounted only for the AIROHANUMTXRING netdev TX queues. The queue index is computed as: qid =...

7.5CVSS0.00451EPSS
Exploits0References3
NVD
NVD
•added 2026/06/24 5:17 p.m.•6 views

CVE-2026-52988

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: join hook list via splicelistrcu in commit phase Publish new hooks in the list into the basechain/flowtable using splicelistrcu to ensure netlink dump list traversal via rcu is safe while concurrent ruleset...

7.1CVSS0.00122EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 5:17 p.m.•6 views

CVE-2026-52989

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: propagate nvmettcpbuildpduiovec errors to its callers Currently, when nvmettcpbuildpduiovec detects an out-of-bounds PDU length or offset, it triggers nvmettcpfatalerrorcmd-queue and returns early. However, because the...

9.8CVSS0.00342EPSS
Exploits0References9
NVD
NVD
•added 2026/06/24 5:17 p.m.•6 views

CVE-2026-52987

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid double drmexecfini in userq validate When newaddition is true, amdgpuuserqvmvalidate calls drmexecfini&exec before iterating over the collected HMM ranges and calling amdgputtmttgetuserpages. If...

7.8CVSS0.00131EPSS
Exploits0References5
NVD
NVD
•added 2026/06/24 5:17 p.m.•6 views

CVE-2026-52991

In the Linux kernel, the following vulnerability has been resolved: sched/psi: fix race between file release and pressure write A potential race condition exists between pressure write and cgroup file release regarding the priv member of struct kernfsopenfile, which triggers the uaf reported in 1...

7.8CVSS0.00104EPSS
Exploits0References6
NVD
NVD
•added 2026/06/24 5:17 p.m.•6 views

CVE-2026-52979

In the Linux kernel, the following vulnerability has been resolved: net: psp: check for device unregister when creating assoc pspassocdevicegetlocked obtains a pspdev reference via pspdevgetforsock which uses pspdevtryget under RCU; it then acquires psd-lock and drops the reference. Before the lo...

0.00166EPSS
Exploits0References3
NVD
NVD
•added 2026/06/24 5:17 p.m.•8 views

CVE-2026-52982

In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix use-after-free in rtl8150startxmit syzbot reported a KASAN slab-use-after-free read in rtl8150startxmit when accessing skb-len for tx statistics after usbsubmiturb has been called: BUG: KASAN:...

9.8CVSS0.00543EPSS
Exploits0References8
NVD
NVD
•added 2026/06/24 5:17 p.m.•6 views

CVE-2026-52977

In the Linux kernel, the following vulnerability has been resolved: futex: Prevent lockup in requeue-PI during signal/ timeout wakeup During wait-requeue-pi task A and requeue-PI task B the following race can happen: Task A Task B futexwaitrequeuepi futexsetuptimer futexdowait futexrequeue CLASSh...

0.00172EPSS
Exploits0References6
NVD
NVD
•added 2026/06/24 5:17 p.m.•6 views

CVE-2026-52981

In the Linux kernel, the following vulnerability has been resolved: neigh: let neighxmit take skb ownership neighxmit always releases the skb, except when no neighbour table is found. But even the first added user of neighxmit mpls relied on neighxmit to release the skb or queue it for tx. sashik...

7.5CVSS0.00539EPSS
Exploits0References6
NVD
NVD
•added 2026/06/24 5:17 p.m.•7 views

CVE-2026-52980

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Clear reldeadline when initializing forked entities A yield-triggered crash can happen when a newly forked schedentity enters the fair class with se-reldeadline unexpectedly set. The failing sequence is: 1. A task is...

0.00168EPSS
Exploits0References4
NVD
NVD
•added 2026/06/24 5:17 p.m.•5 views

CVE-2026-52978

In the Linux kernel, the following vulnerability has been resolved: net: psp: require admin permission for dev-set and key-rotate The dev-set and key-rotate netlink operations modify shared device state PSP version configuration and cryptographic key material, respectively but do not require...

0.00173EPSS
Exploits0References3
NVD
NVD
•added 2026/06/24 5:17 p.m.•5 views

CVE-2026-52976

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix error cleanup in xeexecqueuecreateioctl Two error handling issues exist in xeexecqueuecreateioctl: 1. When xehwenginegroupaddexecqueue fails, the error path jumps to putexecqueue which skips xeexecqueuekill. If the VM...

7.8CVSS0.00128EPSS
Exploits0References7
NVD
NVD
•added 2026/06/24 5:17 p.m.•5 views

CVE-2026-52975

In the Linux kernel, the following vulnerability has been resolved: bonding: 3ad: implement proper RCU rules for port-aggregator syzbot found a data-race in bond3adgetactiveagginfo / bond3adstatemachinehandler 1 which hints at lack of proper RCU implementation. Add rcu qualifier to port-aggregato...

7.8CVSS0.00138EPSS
Exploits0References6
NVD
NVD
•added 2026/06/24 5:17 p.m.•8 views

CVE-2026-52968

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: pci: fix GAIT table indexing due to double-scaling pointer arithmetic kvms390pciaifenable, kvms390pciaifdisable, and aenhostforward index the GAIT by manually multiplying the index with sizeofstruct zpcigaite. Since...

0.0018EPSS
Exploits0References6
NVD
NVD
•added 2026/06/24 5:17 p.m.•9 views

CVE-2026-52967

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix possible infinite loop and oob read in symlinkdata On 32-bit architectures, the infinite loop is as follows: len = p-ErrorDataLength == 0xfffffff8 u8 next = p-ErrorContextData + len next == p On 32-bit...

8.1CVSS0.00398EPSS
Exploits0References6
NVD
NVD
•added 2026/06/24 5:17 p.m.•6 views

CVE-2026-52970

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: fix missing expect put in obj eval nftctexpectobjeval allocates an expectation and may call nfctexpectrelated, but never drops its local reference. Add nfctexpectputexp before return to balance allocation...

0.00184EPSS
Exploits0References8
NVD
NVD
•added 2026/06/24 5:17 p.m.•6 views

CVE-2026-52974

In the Linux kernel, the following vulnerability has been resolved: net: tls: fix strparser anchor skb leak on offload RX setup failure When tlssetdeviceoffloadrx fails at tlsdevadd, the error path calls tlsswfreeresourcesrx to clean up the SW context that was initialized by tlssetswoffload. This...

7.5CVSS0.00506EPSS
Exploits0References6
NVD
NVD
•added 2026/06/24 5:17 p.m.•6 views

CVE-2026-52971

In the Linux kernel, the following vulnerability has been resolved: net: ena: PHC: Fix potential use-after-free in gettimestamp Move the phc-active check and resp pointer assignment to after acquiring the spinlock. Previously, phc-active was checked without holding the lock, and resp was cached...

7.8CVSS0.00133EPSS
Exploits0References3
NVD
NVD
•added 2026/06/24 5:17 p.m.•6 views

CVE-2026-52969

In the Linux kernel, the following vulnerability has been resolved: KVM: Reject wrapped offset in kvmresetdirtygfn kvmresetdirtygfn guards the gfn range with if !memslot || offset + flsmask = memslot-npages return; but offset is u64 and the addition is unchecked. The check can be silently bypasse...

7CVSS0.00147EPSS
Exploits0References10
NVD
NVD
•added 2026/06/24 5:17 p.m.•4 views

CVE-2026-52973

In the Linux kernel, the following vulnerability has been resolved: futex: Drop CLONETHREAD requirement for private default hash alloc Currently needfutexhashallocatedefault depends on strict pthread semantics, abusing CLONETHREAD. This breaks the non-concurrency assumptions when doing the...

7.8CVSS0.00128EPSS
Exploits0References6
NVD
NVD
•added 2026/06/24 5:17 p.m.•10 views

CVE-2026-52972

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Cap AEAD AD length to 0x80000000 In order to prevent arithmetic overflows when checking the TX buffer size, cap the associated data length to 0x80000000...

7CVSS0.0014EPSS
Exploits0References11
NVD
NVD
•added 2026/06/24 5:17 p.m.•5 views

CVE-2026-52966

In the Linux kernel, the following vulnerability has been resolved: drm: Replace old pointer to new idr Commit 5e28b7b94408 introduced a logical error by failing to replace the newly generated IDR pointer to old id's pointer at the correct location within the "change handle" logic; this resulted ...

0.00186EPSS
Exploits0References3
NVD
NVD
•added 2026/06/24 5:17 p.m.•5 views

CVE-2026-52958

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in osdmapdecode When decoding osdstate and osdweight from an incoming osdmap in osdmapdecode, both are decoded for each osd, i.e., map-maxosd times. The cephdecodeneed check only accoun...

9.1CVSS0.00544EPSS
Exploits0References8
NVD
NVD
•added 2026/06/24 5:17 p.m.•4 views

CVE-2026-52963

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI endpoint descriptor scans sndusbmidigetmsinfo validates the internal MIDIStreaming endpoint descriptor size before using baAssocJackID, but the descriptor walker can still return a class-specific...

0.00184EPSS
Exploits0References8
NVD
NVD
•added 2026/06/24 5:17 p.m.•6 views

CVE-2026-52961

In the Linux kernel, the following vulnerability has been resolved: ceph: fix BUGON in cephbuildxattrsblob due to stale blob size The generic/642 test-case can reproduce the kernel crash: 40243.605254 ------------ cut here ------------ 40243.605956 kernel BUG at fs/ceph/xattr.c:918! 40243.607142...

0.00198EPSS
Exploits0References4
NVD
NVD
•added 2026/06/24 5:17 p.m.•6 views

CVE-2026-52964

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading...

0.00175EPSS
Exploits0References5
NVD
NVD
•added 2026/06/24 5:17 p.m.•5 views

CVE-2026-52965

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix ttmboswapout infinite LRU walk on swapout failure When ttmttswapout fails, the current code calls ttmresourceaddbulkmove followed by ttmresourcemovetolrutail to restore the resource's bulkmove membership. However,...

0.00167EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 5:17 p.m.•9 views

CVE-2026-52959

In the Linux kernel, the following vulnerability has been resolved: virt: sev-guest: Do not use host-controlled page order in cleanup path When issuing an extended guest request SVMVMGEXITEXTGUESTREQUEST, getextreport allocates a buffer to retrieve a certificate blob from the host, keeping track ...

7.8CVSS0.00093EPSS
Exploits0References3
NVD
NVD
•added 2026/06/24 5:17 p.m.•8 views

CVE-2026-52960

In the Linux kernel, the following vulnerability has been resolved: ceph: put folios not suitable for writeback The batch holds references to the folios see filemapgetfolios, foliobatchrelease, so we need to folioput the folios we remove. Tested on v6.18...

7.5CVSS0.00359EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 5:17 p.m.•8 views

CVE-2026-52962

In the Linux kernel, the following vulnerability has been resolved: ceph: fix a buffer leak in cephsetxattr The oldblob in cephsetxattr can store ci-ixattrs.preallocblob value during the retry. However, it is never called the cephbufferput for the oldblob object. This patch fixes the issue of the...

0.00184EPSS
Exploits0References8
NVD
NVD
•added 2026/06/24 5:17 p.m.•6 views

CVE-2026-52949

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix ttmboshrink infinite LRU walk on backup failure Apply the same fix as b2ed01e7ad "drm/ttm: Fix ttmboswapout infinite LRU walk on swapout failure" to the ttmboshrink path. Move delbulkmove from before the backup to...

0.00162EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 5:17 p.m.•9 views

CVE-2026-52953

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix oops due to out of scope access Below oops triggers when kill QEMU process: Oops: general protection fault, probably for non-canonical address 0x7fffffff844eaaa7: 0000 1 SMP NOPTI Call Trace: dorawspinlock+0xaa/0x...

7.1CVSS0.00133EPSS
Exploits0References3
NVD
NVD
•added 2026/06/24 5:17 p.m.•7 views

CVE-2026-52950

In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: fix UAF with retry loop Retry doesn't work here, since bo will be freed on error, leading to UAF. However, now that we do the alloc & init before the attach, we can now combine this as one unit and have the init d...

7.8CVSS0.00132EPSS
Exploits0References6
NVD
NVD
•added 2026/06/24 5:17 p.m.•7 views

CVE-2026-52951

In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: handle empty bo and UAF races There look to be some nasty races here when triggering the invalidatemappings hook: 1 We do xeboalloc followed by the attach, before the actual full bo init step in xedmabufinitobj...

7.8CVSS0.00132EPSS
Exploits0References7
NVD
NVD
•added 2026/06/24 5:17 p.m.•7 views

CVE-2026-52954

In the Linux kernel, the following vulnerability has been resolved: libceph: handle rbtree insertion error in decodechooseargs A message of type CEPHMSGOSDMAP contains an OSD map that itself contains a CRUSH map. The received CRUSH map may optionally contain chooseargs that get decoded in...

7.5CVSS0.0053EPSS
Exploits0References8
NVD
NVD
•added 2026/06/24 5:17 p.m.•7 views

CVE-2026-52952

In the Linux kernel, the following vulnerability has been resolved: iommu: Fix WARNON in iommugroupsetdomainnofail due to reset In iommugroupsetdomaininternal, concurrent domain attachments are rejected when any device in the group is recovering. This is necessary to fence concurrent attachments ...

8.8CVSS0.00131EPSS
Exploits0References5
NVD
NVD
•added 2026/06/24 5:17 p.m.•8 views

CVE-2026-52957

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential null-ptr-deref in decodechooseargs A message of type CEPHMSGOSDMAP contains an OSD map that itself contains a CRUSH map. When decoding this CRUSH map in crushdecode, an array of maxbuckets CRUSH buckets is...

7.5CVSS0.0053EPSS
Exploits0References8
NVD
NVD
•added 2026/06/24 5:17 p.m.•9 views

CVE-2026-52955

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in crushdecode A message of type CEPHMSGOSDMAP containing a crush map with at least one bucket has two fields holding the bucket algorithm. If the values in these two fields differ, an...

9.8CVSS0.00377EPSS
Exploits0References11
Total number of security vulnerabilities363781