Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
•added 2026/01/26 12:0 a.m.•4 views

CVE-2026-1415

A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gfmediaexportwebvttmetadata of the file src/mediatools/mediaexport.c. The manipulation of the argument Name leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and...

4.8CVSS5.5AI score0.00153EPSS
Exploits1References7
UbuntuCve
UbuntuCve
•added 2026/01/25 3:15 p.m.•5 views

CVE-2026-23009

In the Linux kernel, the following vulnerability has been resolved: xhci: sideband: don't dereference freed ring when removing sideband endpoint xhcisidebandremoveendpoint incorrecly assumes that the endpoint is running and has a valid transfer ring. Lianqin reported a crash during suspend/wake-u...

5.5CVSS5.6AI score0.00135EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/25 3:15 p.m.•2 views

CVE-2026-22996

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't store mlx5epriv in mlx5edev devlink priv mlx5epriv is an unstable structure that can be memset0 if profile attaching fails, mlx5epriv in mlx5edev devlink private is used to reference the netdev and mdev associate...

5.5CVSS5.9AI score0.00155EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2026/01/25 3:15 p.m.•3 views

CVE-2026-23000

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash on profile change rollback failure mlx5enetdevchangeprofile can fail to attach a new profile and can fail to rollback to old profile, in such case, we could end up with a dangling netdev with a fully reset...

5.5CVSS5.9AI score0.0015EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2026/01/25 3:15 p.m.•5 views

CVE-2026-23012

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove callcontrol in inactive contexts If damoncall is executed against a DAMON context that is not running, the function returns error while keeping the damoncallcontrol object linked to the context's callcontrol...

7.8CVSS5.7AI score0.00151EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/25 3:15 p.m.•6 views

CVE-2026-23002

In the Linux kernel, the following vulnerability has been resolved: lib/buildid: use kernelread for sleepable context Prevent a "BUG: unable to handle kernel NULL pointer dereference in filemapreadfolio". For the sleepable context, convert freader to use kernelread instead of direct page cache...

5.5CVSS5.7AI score0.0015EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/01/25 3:15 p.m.•6 views

CVE-2026-23013

In the Linux kernel, the following vulnerability has been resolved: net: octeonepvf: fix freeirq devid mismatch in IRQ rollback octepvfrequestirqs requests MSI-X queue IRQs with devid set to ioqvector. If requestirq fails part-way, the rollback loop calls freeirq with devid set to 'oct', which do...

7.8CVSS5.7AI score0.00152EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/01/25 3:15 p.m.•4 views

CVE-2026-23011

In the Linux kernel, the following vulnerability has been resolved: ipv4: ipgre: make ipgreheader robust Analog to commit db5b4e39c4e6 "ip6gre: make ip6greheader robust" Over the years, syzbot found many ways to crash the kernel in ipgreheader 1. This involves team or bonding drivers ability to...

5.5CVSS5.9AI score0.00187EPSS
Exploits0References24
UbuntuCve
UbuntuCve
•added 2026/01/25 3:15 p.m.•2 views

CVE-2026-23006

In the Linux kernel, the following vulnerability has been resolved: ASoC: tlv320adcx140: fix null pointer The "sndsoccomponent" in "adcx140priv" was only used once but never set. It was only used for reaching "dev" which is already present in "adcx140priv"...

5.5CVSS5.7AI score0.00186EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2026/01/25 3:15 p.m.•3 views

CVE-2026-23007

In the Linux kernel, the following vulnerability has been resolved: block: zero non-PI portion of auto integrity buffer The auto-generated integrity buffer for writes needs to be fully initialized before being passed to the underlying block device, otherwise the uninitialized memory can be read...

5.5CVSS5.8AI score0.00135EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/25 3:15 p.m.•5 views

CVE-2026-23010

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix use-after-free in inet6addrdel. syzbot reported use-after-free of inet6ifaddr in inet6addrdel. 0 The cited commit accidentally moved ipv6deladdr for mngtmpaddr before reading its ifp-flags for temporary addresses in...

7.8CVSS5.7AI score0.00182EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2026/01/25 3:15 p.m.•3 views

CVE-2026-22999

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: do not free existing class in qfqchangeclass Fixes qfqchangeclass error case. cl-qdisc and cl should only be freed if a new class and qdisc were allocated, or we risk various UAF...

7.8CVSS5.9AI score0.00204EPSS
Exploits0References24
UbuntuCve
UbuntuCve
•added 2026/01/25 3:15 p.m.•5 views

CVE-2026-22998

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix NULL pointer dereferences in nvmettcpbuildpduiovec Commit efa56305908b "nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length" added ttag bounds checking and dataoffset validation in...

7.5CVSS6.4AI score0.0071EPSS
Exploits0References24
UbuntuCve
UbuntuCve
•added 2026/01/25 3:15 p.m.•4 views

CVE-2026-23004

In the Linux kernel, the following vulnerability has been resolved: dst: fix races in rt6uncachedlistdel and rtdeluncachedlist syzbot was able to crash the kernel in rt6uncachedlistflushdev in an interesting way 1 Crash happens in listdelinit/INITLISTHEAD while writing list-prev, while the prior...

7.8CVSS5.7AI score0.00118EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/25 3:15 p.m.•2 views

CVE-2025-71163

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix device leaks on compat bind and unbind Make sure to drop the reference taken when looking up the idxd device as part of the compat bind and unbind sysfs interface...

5.5CVSS5.9AI score0.00193EPSS
Exploits0References24
UbuntuCve
UbuntuCve
•added 2026/01/25 3:15 p.m.•5 views

CVE-2026-23008

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix KMS with 3D on HW version 10 HW version 10 does not have GB Surfaces so there is no backing buffer for surface backed FBs. This would result in a nullptr dereference and crash the driver causing a black screen...

5.5CVSS5.9AI score0.00135EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/25 3:15 p.m.•4 views

CVE-2026-23005

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in guest XSAVE state whenever XFDi=1 When loading guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, clear XFD-disabled features in the saved or to be restored XSTATEBV...

5.5CVSS5.8AI score0.00198EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2026/01/25 3:15 p.m.•2 views

CVE-2026-23001

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlanforwardsource Add RCU protection on struct macvlansourceentry-vlan. Whenever macvlanhashdelsource is called, we must clear entry-vlan pointer before RCU grace period starts. This allows...

7.8CVSS5.9AI score0.00188EPSS
Exploits0References24
UbuntuCve
UbuntuCve
•added 2026/01/25 3:15 p.m.•4 views

CVE-2026-23003

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: use skbvlaninetprepare in ip6tnlrcv Blamed commit did not take care of VLAN encapsulations as spotted by syzbot 1. Use skbvlaninetprepare instead of pskbinetmaypull. 1 BUG: KMSAN: uninit-value in INETECNdecapsulate...

7.5CVSS5.9AI score0.00468EPSS
Exploits0References24
UbuntuCve
UbuntuCve
•added 2026/01/25 3:15 p.m.•2 views

CVE-2025-71162

In the Linux kernel, the following vulnerability has been resolved: dmaengine: tegra-adma: Fix use-after-free A use-after-free bug exists in the Tegra ADMA driver when audio streams are terminated, particularly during XRUN conditions. The issue occurs when the DMA buffer is freed by...

7.8CVSS5.9AI score0.00189EPSS
Exploits0References24
UbuntuCve
UbuntuCve
•added 2026/01/25 3:15 p.m.•10 views

CVE-2026-22997

In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: j1939xtprxrtssessionactive: deactivate session upon receiving the second rts Since j1939sessiondeactivateactivatenext in j1939tprxtimer is called only when the timer is enabled, we need to call...

7.5CVSS5.9AI score0.00424EPSS
Exploits0References24
UbuntuCve
UbuntuCve
•added 2026/01/24 2:15 a.m.•4 views

CVE-2026-24401

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record, where the alias and canonica...

6.5CVSS5.9AI score0.00252EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/01/23 5:16 p.m.•3 views

CVE-2026-1299

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...

6CVSS7.1AI score0.0056EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/01/23 4:15 p.m.•4 views

CVE-2026-22983

In the Linux kernel, the following vulnerability has been resolved: net: do not write to msggetinq in callee NULL pointer dereference fix. msggetinq is an input field from caller to callee. Don't set it in the callee, as the caller may not clear it on struct reuse. This is a kernel-internal varia...

5.5CVSS5.9AI score0.00103EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/23 4:15 p.m.•2 views

CVE-2025-67125

A signed integer overflow in docopt.cpp v0.6.2 LeafPattern::match in docoptprivate.h when merging occurrence counters e.g., default LONGMAX + first user "-v/--verbose" can cause counter wrap negative/unbounded semantics and lead to logic/policy bypass in applications that rely on occurrence-based...

4.4CVSS5.9AI score0.0021EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2026/01/23 4:15 p.m.•2 views

CVE-2025-71161

In the Linux kernel, the following vulnerability has been resolved: dm-verity: disable recursive forward error correction There are two problems with the recursive correction: 1. It may cause denial-of-service. In fecreadbufs, there is a loop that has 253 iterations. For each iteration, we may ca...

5.5CVSS5.7AI score0.00165EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/23 4:15 p.m.•5 views

CVE-2026-22994

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix reference count leak in bpfprogtestrunxdp syzbot is reporting unregisternetdevice: waiting for sit0 to become free. Usage count = 2 problem. A debug printk patch found that a refcount is obtained at xdpconvertmdtobuff fr...

5.5CVSS5.9AI score0.00119EPSS
Exploits0References13
UbuntuCve
UbuntuCve
•added 2026/01/23 4:15 p.m.•6 views

CVE-2026-22989

In the Linux kernel, the following vulnerability has been resolved: nfsd: check that server is running in unlockfilesystem If we are trying to unlock the filesystem via an administrative interface and nfsd isn't running, it crashes the server. This happens currently because nfsd4revokestates acce...

5.5CVSS5.9AI score0.00115EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/01/23 4:15 p.m.•4 views

CVE-2025-71159

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free warning in btrfsgetorcreatedelayednode Previously, btrfsgetorcreatedelayednode set the delayednode's refcount before acquiring the root-delayednodes lock. Commit e8513c012de7 "btrfs: implement reftracker...

7.8CVSS6.6AI score0.00113EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/23 4:15 p.m.•9 views

CVE-2026-22978

In the Linux kernel, the following vulnerability has been resolved: wifi: avoid kernel-infoleak from struct iwpoint struct iwpoint has a 32bit hole on 64bit arches. struct iwpoint void user pointer; / Pointer to the data in user space / u16 length; / number of fields or size in bytes / u16 flags;...

3.3CVSS5.8AI score0.00117EPSS
Exploits0References25
UbuntuCve
UbuntuCve
•added 2026/01/23 4:15 p.m.•3 views

CVE-2026-22988

In the Linux kernel, the following vulnerability has been resolved: arp: do not assume devhardheader does not change skb-head arpcreate is the only devhardheader caller making assumption about skb-head being unchanged. A recent commit broke this assumption. Initialize @arp pointer after...

7.8CVSS5.9AI score0.00123EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2026/01/23 4:15 p.m.•5 views

CVE-2026-22986

In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix race condition for gdev-srcu If two drivers were calling gpiochipadddatawithkey, one may be traversing the srcu-protected list in gpionametodesc, meanwhile other has just added its gdev in gpiodevaddtolistunlocked...

4.7CVSS5.8AI score0.00087EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/23 4:15 p.m.•3 views

CVE-2025-71158

In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: ensure worker is torn down When an IRQ worker is running, unplugging the device would cause a crash. The sealevel hardware this driver was written for was not hotpluggable, so I never realized it. This change uses a...

5.5CVSS5.9AI score0.00137EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/23 4:15 p.m.•4 views

CVE-2026-22982

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix crash when adding interface under a lag Commit 15faa1f67ab4 "lan966x: Fix crash when adding interface under a lag" fixed a similar issue in the lan966x driver caused by a NULL pointer dereference. The...

5.5CVSS5.9AI score0.00121EPSS
Exploits0References24
UbuntuCve
UbuntuCve
•added 2026/01/23 4:15 p.m.•4 views

CVE-2026-22985

In the Linux kernel, the following vulnerability has been resolved: idpf: Fix RSS LUT NULL pointer crash on early ethtool operations The RSS LUT is not initialized until the interface comes up, causing the following NULL pointer crash when ethtool operations like rxhash on/off are performed befor...

5.5CVSS5.9AI score0.00115EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/23 4:15 p.m.•3 views

CVE-2026-22981

In the Linux kernel, the following vulnerability has been resolved: idpf: detach and close netdevs while handling a reset Protect the reset path from callbacks by setting the netdevs to detached state and close any netdevs in UP state until the reset handling has completed. During a reset, the...

5.5CVSS5.9AI score0.00115EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/23 4:15 p.m.•4 views

CVE-2026-22987

In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: avoid dereferencing ERRPTR in tcfidrinfodestroy syzbot reported a crash in tcactinhw during netns teardown where tcfidrinfodestroy passed an ERRPTR-EBUSY value as a tcaction pointer, leading to an invalid...

5.5CVSS5.9AI score0.00103EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/23 4:15 p.m.•4 views

CVE-2025-71160

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: avoid chain re-validation if possible Hamza Mahfooz reports cpu soft lock-ups in nftchainvalidate: watchdog: BUG: soft lockup - CPU1 stuck for 27s! iptables-nft-re:37547 .. RIP: 0010:nftchainvalidate+0xcb/0x1...

5.5CVSS5.7AI score0.00164EPSS
Exploits0References12
UbuntuCve
UbuntuCve
•added 2026/01/23 4:15 p.m.•3 views

CVE-2026-22995

In the Linux kernel, the following vulnerability has been resolved: ublk: fix use-after-free in ublkpartitionscanwork A race condition exists between the async partition scan work and device teardown that can lead to a use-after-free of ub-ubdisk: 1. ublkctrlstartdev schedules partitionscanwork...

7.8CVSS6.6AI score0.00115EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/23 4:15 p.m.•3 views

CVE-2026-22979

In the Linux kernel, the following vulnerability has been resolved: net: fix memory leak in skbsegmentlist for GRO packets When skbsegmentlist is called during packet forwarding, it handles packets that were aggregated by the GRO engine. Historically, the segmentation logic in skbsegmentlist...

5.5CVSS5.9AI score0.0012EPSS
Exploits0References13
UbuntuCve
UbuntuCve
•added 2026/01/23 4:15 p.m.•4 views

CVE-2026-22980

In the Linux kernel, the following vulnerability has been resolved: nfsd: provide locking for v4endgrace Writing to v4endgrace can race with server shutdown and result in memory being accessed after it was freed - reclaimstrhashtbl in particularly. We cannot hold nfsdmutex across the nfsd4endgrac...

7.8CVSS6.3AI score0.0013EPSS
Exploits0References25
UbuntuCve
UbuntuCve
•added 2026/01/23 4:15 p.m.•5 views

CVE-2026-22993

In the Linux kernel, the following vulnerability has been resolved: idpf: Fix RSS LUT NULL ptr issue after soft reset During soft reset, the RSS LUT is freed and not restored unless the interface is up. If an ethtool command that accesses the rss lut is attempted immediately after reset, it will...

5.5CVSS5.9AI score0.00115EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/23 4:15 p.m.•5 views

CVE-2026-22984

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handleauthdone Perform an explicit bounds check on payloadlen to avoid a possible out-of-bounds access in the callout. idryomov: changelog...

9.8CVSS6.3AI score0.00351EPSS
Exploits0References24
UbuntuCve
UbuntuCve
•added 2026/01/23 4:15 p.m.•5 views

CVE-2026-22992

In the Linux kernel, the following vulnerability has been resolved: libceph: return the handler error from monhandleauthdone Currently any error from cephauthhandlereplydone is propagated via finishauth but isn't returned from monhandleauthdone. This results in higher layers learning that despite...

7.5CVSS5.9AI score0.00268EPSS
Exploits0References24
UbuntuCve
UbuntuCve
•added 2026/01/23 4:15 p.m.•4 views

CVE-2026-22991

In the Linux kernel, the following vulnerability has been resolved: libceph: make freechooseargmap resilient to partial allocation freechooseargmap may dereference a NULL pointer if its caller fails after a partial allocation. For example, in decodechooseargs, if allocation of argmap-args fails,...

7.5CVSS6.1AI score0.00395EPSS
Exploits0References25
UbuntuCve
UbuntuCve
•added 2026/01/23 4:15 p.m.•2 views

CVE-2026-22990

In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUGON in osdmapapplyincremental If the osdmap is maliciously corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. Instead, just declare the...

7.5CVSS5.9AI score0.00341EPSS
Exploits0References25
UbuntuCve
UbuntuCve
•added 2026/01/23 3:16 p.m.•3 views

CVE-2025-71150

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2SESSIONVALID, It indicates that no valid session was found, but it is missing to decrement the reference...

5.5CVSS5.9AI score0.00118EPSS
Exploits0References26
UbuntuCve
UbuntuCve
•added 2026/01/23 3:16 p.m.•7 views

CVE-2026-0994

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

8.2CVSS6.7AI score0.00613EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2026/01/23 3:16 p.m.•2 views

CVE-2025-71154

In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix memory leak on usbsubmiturb failure In asyncsetregisters, when usbsubmiturb fails, the allocated asyncreq structure and URB are not freed, causing a memory leak. The completion callback asyncsetregcb is...

5.5CVSS5.9AI score0.00114EPSS
Exploits0References38
UbuntuCve
UbuntuCve
•added 2026/01/23 3:16 p.m.•3 views

CVE-2025-71151

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3reconfigure In smb3reconfigure, if smb3syncsessionctxpasswords fails, the function returns immediately without freeing and erasing the newly allocated newpassword and newpassword2. Thi...

5.5CVSS5.9AI score0.00114EPSS
Exploits0References25
Total number of security vulnerabilities68528