Lucene search
+L
UbuntucveRecent

71772 matches found

UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53249

In the Linux kernel, the following vulnerability has been resolved: ipv4: restrict IPOPTSSRR and IPOPTLSRR options This patch restricts setting Loose Source and Record Route LSRR and Strict Source and Record Route SSRR IP options to users with CAPNETRAW capability. This prevents unprivileged...

5.5CVSS6AI score0.00128EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53259

In the Linux kernel, the following vulnerability has been resolved: ipv6: anycast: insert aca into global hash under idev-lock syzbot reported a splat 1: a slab-use-after-free in ipv6chkacastaddr, which walks the global inet6acaddrlst hash under RCU and dereferences a struct ifacaddr6 that has...

7.8CVSS6AI score0.00123EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53233

In the Linux kernel, the following vulnerability has been resolved: netdev: fix double-free in netdevnlbindrxdoit Sashiko flags that genlmsgreply always consumes the skb. The error path calls nlmsgfreersp so we can't jump directly to it. Let's not unbind, just propagate the error to the user. Thi...

7.8CVSS6AI score0.00138EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53263

In the Linux kernel, the following vulnerability has been resolved: 6lowpan: fix off-by-one in multicast context address compression The second memcpy in lowpaniphcmcastctxaddrcompress uses &data1 as destination and &ipaddr-s6addr11 as source, but both should be offset by one: &data2 and...

5.5CVSS6AI score0.00119EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53193

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Forcibly close timer instances at closing When sndtimer object is freed via sndtimerfree and still pending sndtimerinstance objects are assigned to the timer object, it tries to unlink all instances and just set NULL...

7.8CVSS6AI score0.00141EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53245

In the Linux kernel, the following vulnerability has been resolved: net/802/mrp: fix vector attribute parsing in mrppduparsevecattr In mrppduparsevecattr, vector attribute events are encoded three per byte and valen tracks the number of events left to process. The parser decrements valen after...

5.5CVSS6AI score0.00128EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53165

In the Linux kernel, the following vulnerability has been resolved: iomap: avoid potential null folio-mapping deref during error reporting When a buffered read fails, iomapfinishfolioread reports the error with fserrorreportiofolio-mapping-host, .... This is called after ifs-readbytespending has...

7.5CVSS6AI score0.00359EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53243

In the Linux kernel, the following vulnerability has been resolved: rseq: Fix using an uninitialized stack variable in rseqexituserupdate There is an bug in which an uninitialized stack variable is used in rseqexituserupdate as reported by syzbot: BUG: KMSAN: kernel-infoleak in rseqsetidsgetcsadd...

5.5CVSS6AI score0.00112EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53206

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add bounds check for firmware runtime memory Validate that the firmware runtime memory specified in the image header is properly aligned and sized to hold the firmware image. This prevents errors during memory...

5.5CVSS6AI score0.00112EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53273

In the Linux kernel, the following vulnerability has been resolved: tee: optee: prevent use-after-free when the client exits before the supplicant Commit 70b0d6b0a199 "tee: optee: Fix supplicant wait loop" made the client wait as killable so it can be interrupted during shutdown or after a...

7.8CVSS6AI score0.00126EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53152

In the Linux kernel, the following vulnerability has been resolved: mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parsedt...

5.5CVSS6AI score0.00122EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53221

In the Linux kernel, the following vulnerability has been resolved: ip6vti: fix incorrect tunnel matching in vti6tnllookup In vti6tnllookup, when an exact match for a tunnel fails, the code falls back to searching for wildcard tunnels: - Tunnels matching the packet's local address, with any remot...

9.8CVSS6.1AI score0.00559EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53208

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig net/bluetooth/l2capcore.c:l2capsigchannel accepts BR/EDR signaling packets up to the channel MTU and dispatches each command without enforcing the signaling MTU MTUsig...

5.5CVSS6AI score0.00122EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53209

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: reject oversized Broadcast Announcement prepend Existing advertising instances can already hold the maximum extended advertising payload. When hciadvbcastannoucement prepends the Broadcast Announcement service...

7.8CVSS6AI score0.00138EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53228

In the Linux kernel, the following vulnerability has been resolved: ipv6: sit: reload inner IPv6 header after GSO offloads ipip6tunnelxmit caches the inner IPv6 header pointer at function entry and continues using it after iptunnelhandleoffloads. For GSO skbs, iptunnelhandleoffloads calls...

9.8CVSS6AI score0.00559EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53250

In the Linux kernel, the following vulnerability has been resolved: xsk: cache csumstart/csumoffset to fix TOCTOU in xskskbmetadata The TX metadata area resides in the UMEM buffer which is memory-mapped and concurrently writable by userspace. In xskskbmetadata, csumstart and csumoffset are read...

7.8CVSS6AI score0.00112EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•5 views

CVE-2026-53171

In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix arithmetic issues in dmalength dmalength derives DMA region usage from command stream values and updates regionsize: len = len + stride0 size0 + stride1 size1 regionsizeregion = max..., len + dma-offset Several...

8.8CVSS6.1AI score0.00137EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•5 views

CVE-2026-53218

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftexthdr: fix register tracking for FPRESENT flag nftexthdrinit passes user-controlled priv-len to nftparseregisterstore, which marks that many bytes in the register bitmap as initialized. However, when...

5.5CVSS6AI score0.00128EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•5 views

CVE-2026-53272

In the Linux kernel, the following vulnerability has been resolved: erofs: fix use-after-free on sbi-syncdecompress zerofsdecompresskickoff can race with filesystem unmount, causing a use-after-free on sbi-syncdecompress. When I/O completes, zerofsendio calls zerofsdecompresskickoff to queue...

7.8CVSS6AI score0.00125EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53177

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix NULL pointer dereference PCIe errors detected by a Root Port or Downstream Port cause error recovery services to run on all subordinate devices regardless of administrative state. The .errordetected callback,...

5.5CVSS6AI score0.00122EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53210

In the Linux kernel, the following vulnerability has been resolved: tee: shm: fix shm leak in registershmhelper registershmhelper allocates shm before calling ioviternpages. If ioviternpages returns 0, the function jumps to errctxput and leaks shm. This can be triggered by TEEIOCSHMREGISTER with...

5.5CVSS6AI score0.00127EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53241

In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: dummy: fix UMP event stack overread The dummy sequencer port forwards events by copying an incoming struct sndseqevent into a stack temporary, rewriting source and destination, and dispatching the temporary to...

5.5CVSS6AI score0.00127EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53237

In the Linux kernel, the following vulnerability has been resolved: gpio: mvebu: fix NULL pointer dereference in suspend/resume mvebupwmsuspend and mvebupwmresume are called for all GPIO banks during suspend/resume, but not all banks have PWM functionality. GPIO banks without PWM have mvchip-mvpw...

5.5CVSS6AI score0.00127EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53271

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix NULL-deref of opinfo-conn in oplock/lease break notifiers smb2oplockbreaknoti and smb2leasebreaknoti read opinfo-conn into a local with neither READONCE nor a NULL check. Both run from oplockbreak after opinfogetlist h...

5.5CVSS6AI score0.00119EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•4 views

CVE-2026-53219

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: avoid leaking percpu counter pointers The native and compat get-entries paths copy the fixed rule entry header from the kernelized rule blob to userspace before overwriting the entry's counter fields with a...

5.5CVSS6AI score0.00128EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53145

In the Linux kernel, the following vulnerability has been resolved: drm/gem: Try to fix changehandle ioctl, attempt 4 airlied: just added some comments on how to reenable On-list because the cat is out of the bag and we're clearly not good enough to figure this out in private. The story thus far:...

7.8CVSS6AI score0.00106EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53229

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix DMA and xdpframe leak on XDPTX xmit failure In the XSK branch of mlx5exmitxdpbuff, when sq-xmitxdpframe returns false e.g. XDPSQ is full, the function returns without unmapping the DMA address or freeing the...

7.5CVSS6AI score0.00466EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53149

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Bound root directory content to block size tbpropertyparsedir does not check that contentoffset + contentlen fits within blocklen for the root directory case. When rootdir-length equals or exceeds blocklen - 2, the...

7.1CVSS6AI score0.00126EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53231

In the Linux kernel, the following vulnerability has been resolved: net: phy: don't try to setup PHY-driven SFP cages when using genphy We don't have support for PHY-driver SFP cages with the genphy code. On top of that, it was found by sashiko that running sfpbusaddupstream for genphy deadlocks,...

5.5CVSS6AI score0.00087EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53225

In the Linux kernel, the following vulnerability has been resolved: sctp: fix uninit-value in sctprcvasconflookup sctprcvasconflookup in net/sctp/input.c only checks that the ASCONF chunk can hold the ADDIP header and a parameter header, then calls af-fromaddrparam, which reads the full address 1...

9.1CVSS6AI score0.00544EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53179

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix buffer over-read in rtwupdateprotection rtwupdateprotection is called with a pointer offset into the ies buffer but the full ielength is passed, causing a potential buffer over-read...

7.1CVSS6AI score0.00131EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53242

In the Linux kernel, the following vulnerability has been resolved: ALSA: PCM: Fix wait queue list corruption in sndpcmdrain on linked streams sndpcmdrain uses initwaitqueueentry which does not clear entry.prev/next, and addwaitqueue with a conditional removewaitqueue that is skipped when tocheck...

7.8CVSS6AI score0.00138EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•4 views

CVE-2026-53169

In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: reject NPUOPRESIZE commands from userspace NPUOPRESIZE is a U85-only command that the driver does not yet implement. The existing WARNON1 placeholder fires unconditionally whenever userspace submits this command via...

5.5CVSS6AI score0.00107EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•4 views

CVE-2026-53212

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfttunnel: fix use-after-free on object destroy nfttunnelobjdestroy calls metadatadstfree which directly kfrees the metadatadst, ignoring the dstentry refcount. Packets that took a reference via dsthold in...

7.8CVSS6AI score0.00125EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53204

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL deref on rsusendmsg timeout in probe rsusendmsg can return -ETIMEDOUT when waitforcompletioninterruptibletimeout fires while the SMC call is still pending. In stratix10rsuprobe, the error paths f...

5.5CVSS6AI score0.00107EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53244

In the Linux kernel, the following vulnerability has been resolved: VFS: fix possible failure to unlock in nfsd4createfile atomiccreate in fs/namei.c drops the reference to the dentry when it returns an error. This behaviour was imported into dentrycreate so that it will drop the reference if an...

7.5CVSS6AI score0.00359EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•4 views

CVE-2026-53222

In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: fix resource freeing order Commit a60fc3294a37 "ptp: rework ptpclockunregister to disable events" added a call to ptpdisableallevents which changes the configuration of pins if they support EXTTS events. In ptpocpdetach...

5.5CVSS6AI score0.00107EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53143

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11 The v11 MQD manager incorrectly assigned the CP-compute variants of checkpointmqd/restoremqd for KFDMQDTYPESDMA queues. These functions use sizeofstruct...

7.8CVSS6.1AI score0.00142EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53154

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: restore reservation on error in hugetlb folio copy paths Two sites in mm/hugetlb.c allocate a hugetlb folio via allochugetlbfolio consuming a VMA reservation and then call copyuserlargefolio, which became int-returnin...

5.5CVSS6AI score0.00122EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53264

In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: use RCU with deferred freeing for action lifecycle When NEWTFILTER and DELFILTER are run concurrently it is possible to create a race with an associated action. Let's illustrate with CPU0 running NEWTFILTER and...

7.8CVSS6.1AI score0.00129EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53181

In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: fix skackbacklog leak on failed handshake When vmcitransportrecvconnectingserver returns an error, vmcitransportrecvlisten calls vsockremovepending but never calls skacceptqremoved. This leaves skackbacklog incremente...

5.5CVSS6AI score0.00128EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53270

In the Linux kernel, the following vulnerability has been resolved: ipvs: clear the svc scheduler ptr early on edit ipvseditservice while unbinding the old scheduler clears the svc-scheduler ptr after the scheduler module initiates RCU callbacks. This can cause packets to use the old scheduler at...

7.8CVSS6AI score0.00129EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•5 views

CVE-2026-53238

In the Linux kernel, the following vulnerability has been resolved: netlabel: validate unlabeled address and mask attribute lengths netlblunlabeladdrinfoget used the address attribute length to determine whether the attribute data could be read as an IPv4 or IPv6 address, but did not independentl...

5.5CVSS6AI score0.00128EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53144

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix NULL dereference in getqueueids When usrqueueidarray is NULL and numqueues is non-zero, getqueueids returns NULL. The callers check only ISERR on the return value; since ISERRNULL == false the check passes, and...

5.5CVSS6AI score0.00122EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53266

In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: make ebtsnat ARP rewrite writable The ebtables SNAT target keeps the Ethernet source address rewrite behind skbensurewritableskb, 0. This is intentional: at the bridge ebtables hooks the Ethernet header is...

8.8CVSS6AI score0.00129EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53215

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: refill RX buffers before XDP or skb use The RX error path returns the current descriptor buffer to the hardware BM pool. That is only valid while the driver still owns the buffer. mvpp2rxrefill can fail after the...

9.8CVSS6AI score0.00546EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53230

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix slab-out-of-bounds in mlx5querynicvportmaclist mlx5querynicvportmaclist sizes its firmware command buffer using the PF's logmaxcurrentuc/mclist capabilities. When querying a VF vport with a larger configured max via...

8.7CVSS6.1AI score0.00131EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53217

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: sync RX data at the hardware packet offset mvpp2 programs the RX queue packet offset, so hardware writes received data at dmaaddr + MVPP2SKBHEADROOM. The current CPU sync starts at dmaaddr and only covers rxbytes +...

8.6CVSS6AI score0.00401EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53196

In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in getmanufinfo getmanufinfo reads le16tocpuromdesc-Size bytes from the device I2C EEPROM into a buffer allocated with kmallocobj, which is sizeofstruct edgetimanufdescriptor = 10 bytes. The...

6.8CVSS6.1AI score0.00284EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2026/06/25 9:16 a.m.•3 views

CVE-2026-53265

In the Linux kernel, the following vulnerability has been resolved: dm cache policy smq: check allocation under invalidate lock commit 2d1f7b65f5de "dm cache policy smq: fix missing locks in invalidating cache blocks" added mq-lock around the destructive part of smqinvalidatemapping, but left the...

7.8CVSS6AI score0.00129EPSS
Exploits0References10
Total number of security vulnerabilities71772